keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity

avoid no pubkey with guards, make sure primary and secondary authorization match

Browse Source
pull/539/head
Ryan Tharp 6 years ago
parent 9ba641c8c1
commit 206d29b033
1 changed files with 94 additions and 68 deletions
Show Stats Download Patch File Download Diff File

28
js/modules/loki_app_dot_net_api.js
Unescape Escape View File

@ -860,6 +860,7 @@ class LokiPublicChannelAPI {
if (pendingMessages.length) { if (pendingMessages.length) {
const newSlavePrimaryMap = {}; const newSlavePrimaryMap = {};
const checkSigs = {};
// console.log('premultiDeviceResults', pubKeys) // console.log('premultiDeviceResults', pubKeys)
if (pubKeys.length) { if (pubKeys.length) {
@ -878,6 +879,10 @@ class LokiPublicChannelAPI {
const { authorisations } = note.value; const { authorisations } = note.value;
if (Array.isArray(authorisations)) { if (Array.isArray(authorisations)) {
authorisations.forEach(auth => { authorisations.forEach(auth => {
if (auth.secondaryDevicePubKey !== user.username) {
// this is not the authorization we're looking for
return;
}
// console.log('auth', auth); // console.log('auth', auth);
try { try {
// request (secondary wants to be paired with this primary) // request (secondary wants to be paired with this primary)
@ -907,6 +912,7 @@ class LokiPublicChannelAPI {
); );
return; return;
} }
checkSigs[user.username] = auth;
newSlavePrimaryMap[user.username] = newSlavePrimaryMap[user.username] =
auth.primaryDevicePubKey; auth.primaryDevicePubKey;
} catch (e) { } catch (e) {
@ -956,6 +962,7 @@ class LokiPublicChannelAPI {
pendingMessages = []; // free memory pendingMessages = []; // free memory
const verifiedPrimaryPKs = []; const verifiedPrimaryPKs = [];
if (primaryPubKeys.length) {
// get a list of all of primary pubKeys to verify the secondaryDevice // get a list of all of primary pubKeys to verify the secondaryDevice
const primaryDeviceResults = await lokiFileServerAPI.getDeviceMappingForUsers( const primaryDeviceResults = await lokiFileServerAPI.getDeviceMappingForUsers(
primaryPubKeys primaryPubKeys
@ -991,6 +998,21 @@ class LokiPublicChannelAPI {
`@${auth.primaryDevicePubKey}` `@${auth.primaryDevicePubKey}`
); );
} }
// assuming both are ordered
// make sure our secondary and primary authorization match
if (
JSON.stringify(
checkSigs[auth.secondaryDevicePubKey]
) !== JSON.stringify(auth)
) {
// should hopefully never happen
log.warn(
`Valid authorizations from ${
auth.secondaryDevicePubKey
} does not match ${auth.primaryDevicePubKey}`
);
return;
}
found = true; found = true;
} catch (e) { } catch (e) {
log.warn( log.warn(
@ -1018,6 +1040,7 @@ class LokiPublicChannelAPI {
} }
}); });
}); });
}
// update this.slavePrimaryMap live with updated map // update this.slavePrimaryMap live with updated map
this.slavePrimaryMap = newSlavePrimaryMap; this.slavePrimaryMap = newSlavePrimaryMap;
@ -1025,9 +1048,11 @@ class LokiPublicChannelAPI {
`Updated device mappings ${JSON.stringify(this.slavePrimaryMap)}` `Updated device mappings ${JSON.stringify(this.slavePrimaryMap)}`
); );
// if we have verified primaryKeys then update them
if (verifiedPrimaryPKs.length) {
// get final list of verified chat server profile names // get final list of verified chat server profile names
const verifiedDeviceResults = await this.serverAPI.getUsersAnnotations( const verifiedDeviceResults = await this.serverAPI.getUsersAnnotations(
pubKeys verifiedPrimaryPKs
); );
// console.log('verifiedDeviceResults', verifiedDeviceResults) // console.log('verifiedDeviceResults', verifiedDeviceResults)
@ -1038,6 +1063,7 @@ class LokiPublicChannelAPI {
}); });
// replace whole // replace whole
this.primaryUserProfileName = newPrimaryUserProfileName; this.primaryUserProfileName = newPrimaryUserProfileName;
}
// process remaining messages // process remaining messages
const ourNumber = textsecure.storage.user.getNumber(); const ourNumber = textsecure.storage.user.getNumber();

Write Preview
Loading…
Cancel
Save