Identity: Recompute hashes after M_INVALID_PEPPER

When a new pepper is retrieved after an M_INVALID_PEPPER response,
recompute hashes with that pepper, and send those new hashes in the next
lookup attempt instead of reusing the original hashes.

Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
This commit is contained in:
Andrew Ferrazzutti 2021-01-05 00:58:55 -05:00
parent 618d1f5de6
commit daf019b288
2 changed files with 27 additions and 22 deletions

View File

@ -10,6 +10,7 @@ Improvements 🙌:
Bugfix 🐛:
- Fix clear cache issue: sometimes, after a clear cache, there is still a token, so the init sync service is not started.
- Sidebar too large in horizontal orientation or tablets (#475)
- When receiving a new pepper from identity server, use it on the next hash lookup (#2708)
Translations 🗣:
-

View File

@ -46,6 +46,17 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
@UserId private val userId: String
) : IdentityBulkLookupTask {
private fun getHashedAddresses(threePids: List<ThreePid>, pepper: String): List<String> {
return withOlmUtility { olmUtility ->
threePids.map { threePid ->
base64ToBase64Url(
olmUtility.sha256(threePid.value.toLowerCase(Locale.ROOT)
+ " " + threePid.toMedium() + " " + pepper)
)
}
}
}
override suspend fun execute(params: IdentityBulkLookupTask.Params): List<FoundThreePid> {
val identityAPI = getIdentityApiAndEnsureTerms(identityApiProvider, userId)
val identityData = identityStore.getIdentityData() ?: throw IdentityServiceError.NoIdentityServerConfigured
@ -63,33 +74,26 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
throw IdentityServiceError.BulkLookupSha256NotSupported
}
val hashedAddresses = withOlmUtility { olmUtility ->
params.threePids.map { threePid ->
base64ToBase64Url(
olmUtility.sha256(threePid.value.toLowerCase(Locale.ROOT)
+ " " + threePid.toMedium() + " " + hashDetailResponse.pepper)
)
}
}
val identityLookUpV2Response = lookUpInternal(identityAPI, hashedAddresses, hashDetailResponse, true)
val lookupResult = lookUpInternal(identityAPI, params.threePids, hashDetailResponse, true)
// Convert back to List<FoundThreePid>
return handleSuccess(params.threePids, hashedAddresses, identityLookUpV2Response)
return handleSuccess(params.threePids, lookupResult.first, lookupResult.second)
}
private suspend fun lookUpInternal(identityAPI: IdentityAPI,
hashedAddresses: List<String>,
threePids: List<ThreePid>,
hashDetailResponse: IdentityHashDetailResponse,
canRetry: Boolean): IdentityLookUpResponse {
canRetry: Boolean): Pair<List<String>, IdentityLookUpResponse> {
val hashedAddresses = getHashedAddresses(threePids, hashDetailResponse.pepper)
return try {
executeRequest(null) {
apiCall = identityAPI.lookup(IdentityLookUpParams(
hashedAddresses,
IdentityHashDetailResponse.ALGORITHM_SHA256,
hashDetailResponse.pepper
))
}
Pair(hashedAddresses,
executeRequest(null) {
apiCall = identityAPI.lookup(IdentityLookUpParams(
hashedAddresses,
IdentityHashDetailResponse.ALGORITHM_SHA256,
hashDetailResponse.pepper
))
})
} catch (failure: Throwable) {
// Catch invalid hash pepper and retry
if (canRetry && failure is Failure.ServerError && failure.error.code == MatrixError.M_INVALID_PEPPER) {
@ -98,7 +102,7 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
// Store it and use it right now
hashDetailResponse.copy(pepper = failure.error.newLookupPepper)
.also { identityStore.setHashDetails(it) }
.let { lookUpInternal(identityAPI, hashedAddresses, it, false /* Avoid infinite loop */) }
.let { lookUpInternal(identityAPI, threePids, it, false /* Avoid infinite loop */) }
} else {
// Retrieve the new hash details
val newHashDetailResponse = fetchAndStoreHashDetails(identityAPI)
@ -109,7 +113,7 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
throw IdentityServiceError.BulkLookupSha256NotSupported
}
lookUpInternal(identityAPI, hashedAddresses, newHashDetailResponse, false /* Avoid infinite loop */)
lookUpInternal(identityAPI, threePids, newHashDetailResponse, false /* Avoid infinite loop */)
}
} else {
// Other error