Fix too-aggressive verification notifications on startup by starting a
conversation with the right initial verified state, and then making sure
to fetch() before setting a new verified state.
FREEBIE
On every click, even when sub-panes were open, we were calling
markRead(), which would save the conversation model with the new
unreadCount. The KeyVerificationPanelView was wired up to the change
event on conversation, so it would render with the results of that
update, then finally the user's intended update.
FREEBIE
This removes our support for the New Key/DEFAULT case, which iOS will
sync to us. Why? Because it ensures that in out of date scenarios, we
don't lose the higher-security state we were in previously.
FREEBIE
Tabbing right after entering the view would cause everythign to go crazy
as focus went back to the pane you were just on. This change both sets
the proper focus on load of that view (on the cancel button) and hides
other panes when they aren't active, only making them visible again when
they are once again the 'top' pane.
FREEBIE
New experience in the Message Detail view when outgoing identity key
errors happen, matching the Android View.
'View' button is only shown on outgoing key errors right now.
When a contact with an outgoing identity key error is clicked, they are
taken to a view like the popup that comes up on Android: an explanation
of what happened and three options: 'Show Safety Number', 'Send Anyway',
and 'Cancel'
Contacts are now sorted alphabetically, with the set of contacts with
errors coming before the rest.
FREEBIE
If the key has changed, saveIdentity will archive sibling sessions, but not the
session for the device it was called on. Therefore we have to archive that one
by hand.
Also switch from saving the identity of an OutgoingIdentityKeyError to just
triggering a profile fetch, mostly for consistency, simplicity, and DRYness.
// FREEBIE
This can happen with unknown groups, where we don't know the list of
members but we're receiving messages. It's generally not a good
experience, but we shouldn't crash.
FREEBIE
These were failing because ByteBuffers from the protobufs need to be converted
to ArrayBuffers. Fixed by useing the existing handler in MessageReceiver to
process verified messages from contact sync messages and dispatch them as their
own events, reducing some complexity on the application side.
// FREEBIE
In some cases, due to promise chaining and error propagation, we were
calling registerError more than once for a given error. This would then
cause the overall callback for the send operation to be called with a
partial set of errors, as well as duplicates.
Note: we do need to find a way to attach identityKey to the
OutgoingIdentityKeyError in the case where it comes directly from the
encrypt() instead of our pre-key operations.
FREEBIE
First construct a null message of random size and contents and send it to the
destination. Then include that same padding in the verification sync.
Note that the sync message is additionally randomly padded like all other sync
messages.
This lets Verified sync messages appear the same as normal sync message traffic.
// FREEBIE
Just log em for debugging. Also update the error messge thrown when we get a
content message with no supported properties. It may be empty or may just have
an unrecognized field.
// FREEBIE
Sessions established with the previous identity should no longer be used for
sending, so we should close them.
Since we've added this call to saveIdentity, we can omit the call to it after
profile fetches.
// FREEBIE
processVerifiedMessage checks the current state of the database against the
identity key from an incoming verification sync message to determine whether or
how to update our local record.
When syncing a DEFAULT status and we have no local record, it's a no-op, but
we'll log it.
When syncing a DEFAULT status and we have non-default record with the same key,
mark it as default.
When syncing a VERIFIED status and either:
1. we have no key on record,
2. we have have a different key on record, or
3. we have the same key on record, but not verified
mark it as verified.
Otherwise do nothing.
References: https://github.com/WhisperSystems/Signal-Android/blob/master/src/org/thoughtcrime/securesms/util/IdentityUtil.java#L129
// FREEBIE
Ensure processVerified resolves
The shield matches the Android app's key change notification, and the
clock icon was easy to do and makes it easier to visually distinguish
those items in the conversation history.
FREEBIE
This adds a new method to message sender for sending verification sync messages
and a new event to message receiver representing incoming verification sync
messages. Currently the event handler just logs the message.
// FREEBIE
We also show more errors than we used to in the MessageDetail screen
to help make it clear what is happening, and why the user would need to
re-send.
FREEBIE
It doesn't run today - it depends on RecipientsInputView, which depends
on Backbone.TypeaheadCollection which doesn't currently exist in the
product.
FREEBIE
Not yet using the new APIs, but ready to. Still to do:
- Send sync messages on trust decisions
- Respond to received trust decision sync messages
- Show trust decisions in the conversation history
- In that rare situation where a sent message ends up with a key error
make it easy to retry the send.
FREEBIE
Also:
- All the necessary wire-up to update things in real time. If you have
a safety number page up via a group member view as well as via a 1:1
conversation with that contact, they'll both be updated as the
underlying model changes. Similarly, the overall group will update
in real-time as members change.
- A bit of special-casing for yourself in a group conversation - you're
shown as 'me' and are not clickable, where normally that would take you
to the Safety Number screen for that contact. You are also not included
in the trust calculations for a given group.
FREEBIE
Reduce ambiguity in between the record itself, which now stores other
information besides the public key, and its `publicKey` attribute, which
contains an ArrayBuffer of key material.
This model is internal to SignalProtocolStore.
// FREEBIE
Previously we would only clear the publicKey since that was the only attribute,
but now we should delete the entire record. This method is currently only called
from tests.
// FREEBIE
saveIdentityWithAtttributes allows directly setting all properties of an
identity key record. In AccountManager we use it to save our own identity
key after a new registration.
Previously we would remove the existing key first in order to coerce firstUse to
true, but now we can simply set it explicitly, along with a VERIFIED status.
// FREEBIE
This will enforce that all identity record attributes are valid and present
before allowing the record to be saved. This is necessary since we will be
exposing a lower-level method to save an identity with explicit values for
firstUse, nonblockingApproval, and verified status.
Previously we only expected these errors to occur when decrypting prekey
messages, so we need to add handling for them in the case of a normal message.
// FREEBIE
Multiple cases here:
1. setting our own key on registration
1. changing identities from a safety number change dialog
Note that removeIdentityKey runs before saveIdentity, so we'll always end up
with firstUse: true on our own key.
// FREEBIE
saveIdentity is now reponsible for determining firstUse, so we must not remove
the existing key before updating it.
Previously, the implementation provided an extra check against overwritting an
existing key, but that should be done via isTrustedIdentity instead.
// FREEBIE
We can use the same padded plaintext across multiple numbers or attempts rather
than re-creating it every time we encrypt to a particular number.
// FREEBIE
We will now always attempt to mark things unread if this method. If the
conversation's unreadCount gets out of date, set to zero, we will still
do it. If we go through the motions, and nothing is newly marked read,
we will still set the unreadCount to zero.
We queue the job because we often get a whole lot of read receipts at
once, and their markRead calls could very easily overlap given the async
pull from DB.
We also disable read receipts for any message marked read due to a read
receipt. That's a notification explosion we don't need.
FREEBIE
We mark as read everything older than this message - to clean up old
stuff still marked unread in the database. If the user generally doesn't
read in the desktop app, so the desktop app only gets read receipts, we
can very easily end up with messages never marked as read (our previous
early read receipt handling, read receipts never sent because app was
offline).
FREEBIE
Because we only attach AttachmentViews to the DOM when they fire their
'update' event, we were subject to a race condition. If that event fired
after the final Message.render(), then it would be properly attached to
the final DOM node. If it fired early, it would end up missing from
the visible DOM entirely, attached to the old, discarded version of
the message.
This change updates our handling of a second call to loadAttachments().
Instead of bailing out if we've been called before, we attempt to
re-add our child AttachmentViews to the current DOM. But only if the
'update' event has been fired, and if their current parent node is not
what is in the DOM.
FREEBIE
To handle the same 'not quite at the bottom' case that our 30px buffer
gives us for marking messages read, we use the same atBottom() method to
determine whether we should mark everything unread. Saves the effort and
potential missed messages (due to partial pixels, etc.).
FREEBIE
This is no longer guaranteed to be true. If you're scrolled up in a
conversation, you may not have read all messages. Setting the
unreadCount to zero will prevent the user from marking any of their
existing messages as unread until something else happens, like receiving
a read receipt or new message.
FREEBIE
- initialize doesn't need to call update because
MessageView.renderExpiring() calls it immediately
- we don't need the className because that's already present on
the el it attaches to, part of the MessageView's template.
FREEBIE
- Only mark messages read when scrolling if in focus and visible
- Remove last seen indicator when scrolling to the bottom with scroll
down button
- Update last seen indicator when we don't already have one and we're
scrolled up.
FREEBIE
It can be moved if you're not scrolled to the bottom of of the window
or the window doesn't have focus when a new message comes in. Other than
that, it marches up the window until you close and reopen the
conversation, or send a message.
Note that we do NOT mark messages as read if they come in when you are
scrolled up. But we do mark the entire conversation as read if you
switch away from the app and back.
FREEBIE
Re-renders happen when we re-fetch messages from the database, and our
previous technique for loading attachments resulted in a new attachment
view added for every call to render()
This change ensures that a second call to render() does not add any more
attachment views.
FREEBIE
* Remove increment behavior
* Dismiss when new messages arrive but the window is focused
* Update the indicator when window becomes focused.
// FREEBIE
This is to ensure that when there are a lot of unread messages, the user
is given the chance to see all of them by being scrolled to the oldest
new message.
When a new message comes in, the indicator will be incremented.
When the user sends a message or switches away from the conversation,
the last seen indicator will be removed.
FREEBIE
This was supposed to solve the problem of losing group state after a reinstall
by inspecting member registration ids and pre-emptively sending group updates to
those who appear newly re-registered, but it has been unused since 6123c419.
Nowadays there's a protocol for requesting lost group state from other members.
// FREEBIE
Add names and sizes for all attachments except images, and (as with
arbitrary attachments), clicking on the text will open a save dialog.
In the absence of a filename, choose something that makes sense.
Display different icons for different media types, including distinct icons
for voice notes and audio files.
In iOS theme, audio, video, voice, and files are all encapsulated in bubbles.
Closes#804Closes#842Closes#836
// FREEBIE
Check for early read receipts for an incoming messages *after*
processing the expireTimer on that message. Then we can set
expirationStartTime appropriately if an early receipt is found.
Closes#950
// FREEBIE
Bind a single listener to keychange events from the storage interface,
which then looks up relevant conversations and adds notices to them,
with tests.
Previously we would need to instantiate a conversation model in order to
start listening to its key change events. In practice this usually
happens at startup but we shouldn't rely on it, and it incurs higher
overhead since it creates a different listener for each conversation.
// FREEBIE
Sometimes .mov files arrive with content type video/quicktime, but must
be saved to .mov in order for osx to recognize them as videos and open
the appropriate default program, display thumbnails, etc...
// FREEBIE
Make arbitrary files look nicer and display the filename.
If an audio or video element fails to load for any reason, timeout after
a few seconds and render it as an arbitrary file. Also short circuit to
this treatment for common audio and video file types that we know are
going to fail, e.g., proprietary formats from apple.
// FREEBIE
Let install view manage the connection to the provisioning socket as
well as cleaning up the window on completion, simplifying options.js.
Call `remove` so that the view stops listening when the window closes.
Move view script and template to background page.
Adds ability to hide nav if this isn't our first run.
// FREEBIE
Listen for reconnectTimer to display reconnection info. Listen for
unauthorized to update network status immediately after a failed login,
rather than waiting for the normal 5s interval to time out.
// FREEBIE
When we can't connect due to being unlinked, network status indicator
will show an appropriate informational message and a button to open the
installer window to relink.
// FREEBIE
Now that the InboxView is initialized in the background page context, we
can manipulate it more directly, without going through a global function
on the foreground window.
// FREEBIE
Don't wait for background init before rendering inbox.
If the client detects that it has become unlinked, it will not call
`init()`, never fire the deferredInit, and never render the inbox,
but we want to allow users access to their local messages even if they
have (perhaps temporarily) unlinked the desktop client.
Also, prefer not to extend Backbone.Model until/unless we really need
it.
// FREEBIE
This makes the "x" in the search bar always visible when there is
text in the search box, even if the mouse is not hovering, hopefully
making for a clearer UI around search and resolving issue #741
The implementation adds the "x.svg" as a background image to the search
box when it is classed with .active, in addition to the
-webkit-search-cancel-button, which is still there for the actual
functionality but only appears on mouse hover (one tiny snag is that
coloring appears slightly different on hover, at least on my screen -
don't know if this is a problem).
I accounted for both ltr and rtl text-direction by using
getComputedStyle(...).direction to detect from the input's dir="auto"
- if there's a more elegant way to do this, please suggest. An ideal
solution would use the :dir pseudo-class but it's not implemented
in Chrome yet - https://developer.mozilla.org/en-US/docs/Web/CSS/:dir
For now, I added the direction-checking to inbox_view.js. I see that
input.search is also used in new_group_update_view.js and
recipient_input_view.js but neither of these views seem to be in use (?)
and they don't set the .active class anyway, so I ignored them.
Update: Amended version a few hours later - fixed and manually tested
color and spacing for iOS and Android Dark themes. Also made some new
SASS variables to make things DRYer and fixed my tab size.
There may come a day when we may need to change this url from the server
side. On that day, clients should continue to operate normally. The
service should be able to change attachment server locations without
requiring a client update.
// FREEBIE
Expiring messages received before 0.31.0 may not have an expires_at time
populated. Loading these messages once will update their expires_at if
it wasn't already set. To avoid loading too many messages into memory,
add them individually, and remove them from the collection as soon as
they are added, allowing them to be garbage collected immediately.
// FREEBIE
Previously if there was no session to remove, the promise returned from
removeSession would never resolve, potentially blocking sending for that
recipient until restart.
// FREEBIE
This reverts commit a768b94471.
d2ddfc7 was enough to fix#989. Removing unregistered members from the
group (as opposed to silently ignorning them) creates greater potential
for getting out of sync with the member lists on other devices.
// FREEBIE
Rotate signed prekey every 48hrs, waiting for online access if
necessary. After a rotation attempt is made, schedule the next run for
48hrs in the future.
We use a timeout to "wake up" and handle the rotation. This timeout gets
set on startup and whenever the next rotation time is changed. For
paranoia's sake, always clear the current timeout before setting the
next one.
Since new registrations necessarily upload new signed keys, we reset the
scheduled time to T+48hrs on `registration_done` events.
// FREEBIE
Scott Nonnenberg
lilia
Ikarulus
r-clancy
Sam Vevang
alecglassford