From 4b19245379331f842e5f00afcd2f9550fe1dddf2 Mon Sep 17 00:00:00 2001 From: Kegan Dougal <7190048+kegsay@users.noreply.github.com> Date: Tue, 21 Nov 2023 16:07:18 +0000 Subject: [PATCH] Comment out final acl test --- README.md | 1 - tests/membership_acls_test.go | 75 +++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 00034fc..0ce7eeb 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,6 @@ Membership ACLs: - [x] In a public, `shared` history visibility room, a new user Bob cannot decrypt earlier messages prior to his join, despite being able to see the events. Subsequent messages are decryptable. - [x] Bob leaves the room. Some messages are sent. Bob rejoins and cannot decrypt the messages sent whilst he was gone (ensuring we cycle keys). - [x] Bob cannot decrypt older messages when logging in on a new device. When the device is logged out and in again, Bob cannot decrypt messages sent whilst he was logged out. -- [ ] Alice invites Bob, Bob changes their device, then Bob joins. Bob should be able to see Alice's message. Key backups: - [ ] New device for Alice cannot decrypt previous messages. diff --git a/tests/membership_acls_test.go b/tests/membership_acls_test.go index d29a400..182fe61 100644 --- a/tests/membership_acls_test.go +++ b/tests/membership_acls_test.go @@ -451,3 +451,78 @@ func TestOnNewDeviceBobCanSeeButNotDecryptHistoryInPublicRoom(t *testing.T) { must.Equal(t, undecryptableEvent.FailedToDecrypt, true, "bob's new device was able to decrypt a message sent after he had logged out") }) } + +/* TODO: unclear when Alice should send msg, need clarification 21/11/2023 +// Alice invites Bob, Bob changes their device, then Bob joins. Bob should be able to see Alice's message. +func TestChangingDeviceAfterInviteReEncrypts(t *testing.T) { + ClientTypeMatrix(t, func(t *testing.T, clientTypeA, clientTypeB api.ClientType) { + // Setup Code + // ---------- + deployment := Deploy(t) + // pre-register alice and bob + csapiAlice := deployment.Register(t, clientTypeA.HS, helpers.RegistrationOpts{ + LocalpartSuffix: "alice", + Password: "complement-crypto-password", + }) + csapiBob := deployment.Register(t, clientTypeB.HS, helpers.RegistrationOpts{ + LocalpartSuffix: "bob", + Password: "complement-crypto-password", + }) + roomID := csapiAlice.MustCreateRoom(t, map[string]interface{}{ + "name": "TestChangingDeviceAfterInviteReEncrypts", + "preset": "public_chat", // shared history visibility + "initial_state": []map[string]interface{}{ + { + "type": "m.room.encryption", + "state_key": "", + "content": map[string]interface{}{ + "algorithm": "m.megolm.v1.aes-sha2", + }, + }, + }, + }) + ss := deployment.SlidingSyncURL(t) + + // SDK testing below + // ----------------- + + // login both clients first, so OTKs etc are uploaded. + // Similarly to TestAliceBobEncryptionWorks, log Bob in first. + bob := MustLoginClient(t, clientTypeB, api.FromComplementClient(csapiBob, "complement-crypto-password"), ss) + defer bob.Close(t) + alice := MustLoginClient(t, clientTypeA, api.FromComplementClient(csapiAlice, "complement-crypto-password"), ss) + defer alice.Close(t) + + // Alice and Bob start syncing. Alice is in her own room. + aliceStopSyncing := alice.StartSyncing(t) + defer aliceStopSyncing() + bobStopSyncing := bob.StartSyncing(t) + defer bobStopSyncing() + + // Alice invites Bob and then she sends an event + csapiAlice.MustInviteRoom(t, roomID, csapiBob.UserID) + time.Sleep(time.Second) // let device keys propagate + body := "Alice should re-encrypt this message for bob's new device" + evID := alice.SendMessage(t, roomID, body) + + // now Bob logs in on a different device and accepts the invite. The different device should be able to decrypt the message. + csapiBob2 := deployment.Login(t, clientTypeB.HS, csapiBob, helpers.LoginOpts{ + DeviceID: "NEW_DEVICE", + Password: "complement-crypto-password", + }) + bob2 := MustLoginClient(t, clientTypeB, api.FromComplementClient(csapiBob2, "complement-crypto-password"), ss) + bob2StopSyncing := bob2.StartSyncing(t) + defer bob2StopSyncing() + + time.Sleep(time.Second) // let device keys propagate + + csapiBob.MustJoinRoom(t, roomID, []string{clientTypeA.HS}) + + time.Sleep(time.Second) // let the client load the events + bob2.MustBackpaginate(t, roomID, 5) + event := bob2.MustGetEvent(t, roomID, evID) + must.Equal(t, event.FailedToDecrypt, false, "bob2 was not able to decrypt the message") + must.Equal(t, event.Text, body, "bob2 failed to decrypt body") + }) +} +*/