Merge branch 'develop' into dbkr/really_force_verification

.eslintrc.js

@@ -92,6 +92,8 @@ module.exports = {
                             "!matrix-js-sdk/src/crypto-api",
                             "!matrix-js-sdk/src/types",
                             "!matrix-js-sdk/src/testing",
+                            "!matrix-js-sdk/src/utils/**",
+                            "matrix-js-sdk/src/utils/internal/**",
                             "matrix-js-sdk/lib",
                             "matrix-js-sdk/lib/",
                             "matrix-js-sdk/lib/**",
@@ -119,7 +121,6 @@ module.exports = {
                             "!matrix-js-sdk/src/extensible_events_v1/PollEndEvent",
                             "!matrix-js-sdk/src/extensible_events_v1/InvalidEventError",
                             "!matrix-js-sdk/src/crypto",
-                            "!matrix-js-sdk/src/crypto/aes",
                             "!matrix-js-sdk/src/crypto/keybackup",
                             "!matrix-js-sdk/src/crypto/deviceinfo",
                             "!matrix-js-sdk/src/crypto/dehydration",

.github/labels.yml

@@ -1,28 +1,28 @@
 - name: "A-Timesheet-1"
   description: "Log any time spent on this into the A-Timesheet-1 project"
-  color: "#5319E7"
+  color: "5319E7"
 - name: "backport staging"
   description: "Label to automatically backport PR to staging branch"
-  color: "#B60205"
+  color: "B60205"
 - name: "Dependencies"
   description: "Pull requests that update a dependency file"
-  color: "#0366d6"
+  color: "0366d6"
 - name: "Sponsored"
-  color: "#b506d8"
+  color: "b506d8"
 - name: "T-Deprecation"
   description: "A pull request that makes something deprecated"
-  color: "#98e6ae"
+  color: "98e6ae"
 - name: "X-Blocked"
   description: "The PR cannot move forward in any capacity until an action is made"
   color: "ff7979"
 - name: "X-Breaking-Change"
-  color: "#ff7979"
+  color: "ff7979"
 - name: "X-Upcoming-Release-Blocker"
   description: "This does not affect the current release cycle but will affect the next one"
-  color: "#e99695"
+  color: "e99695"
 - name: "Z-Community-PR"
   description: "Issue is solved by a community member's PR"
-  color: "#ededed"
+  color: "ededed"
 - name: "Z-Experiment"
   description: "Experimental PR, primarily up for its Netlify build, high likelihood of never making it beyond here."
-  color: "#b60205"
+  color: "b60205"

.github/workflows/tests.yml

@@ -89,13 +89,17 @@ jobs:
                       coverage
                       !coverage/lcov-report
 
-    skip_sonar:
-        name: Skip SonarCloud in merge queue
-        if: github.event_name == 'merge_group' || inputs.disable_coverage == 'true'
-        runs-on: ubuntu-latest
+    complete:
+        name: jest-tests
         needs: jest
+        if: always()
+        runs-on: ubuntu-latest
         steps:
-            - name: Skip SonarCloud
+            - if: needs.jest.result != 'skipped' && needs.jest.result != 'success'
+              run: exit 1
+
+            - name: Skip SonarCloud in merge queue
+              if: github.event_name == 'merge_group' || inputs.disable_coverage == 'true'
               uses: Sibz/github-status-action@faaa4d96fecf273bd762985e0e7f9f933c774918 # v1
               with:
                   authToken: ${{ secrets.GITHUB_TOKEN }}

package.json

@@ -171,7 +171,7 @@
         "@types/css-tree": "^2.3.8",
         "@types/diff-match-patch": "^1.0.32",
         "@types/escape-html": "^1.0.1",
-        "@types/express": "^4.17.21",
+        "@types/express": "^5.0.0",
         "@types/file-saver": "^2.0.3",
         "@types/fs-extra": "^11.0.0",
         "@types/glob-to-regexp": "^0.4.1",
@@ -236,7 +236,7 @@
         "stylelint-config-standard": "^36.0.0",
         "stylelint-scss": "^6.0.0",
         "ts-node": "^10.9.1",
-        "typescript": "5.5.4",
+        "typescript": "5.6.2",
         "web-streams-polyfill": "^4.0.0"
     },
     "peerDependencies": {

playwright/e2e/crypto/event-shields.spec.ts

@@ -6,12 +6,16 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
 Please see LICENSE files in the repository root for full details.
 */
 
-import { Page } from "@playwright/test";
-
 import { expect, test } from "../../element-web-test";
-import { autoJoin, createSharedRoomWithUser, enableKeyBackup, logIntoElement, logOutOfElement, verify } from "./utils";
-import { Bot } from "../../pages/bot";
-import { HomeserverInstance } from "../../plugins/homeserver";
+import {
+    autoJoin,
+    createSecondBotDevice,
+    createSharedRoomWithUser,
+    enableKeyBackup,
+    logIntoElement,
+    logOutOfElement,
+    verify,
+} from "./utils";
 
 test.describe("Cryptography", function () {
     test.use({
@@ -296,13 +300,3 @@ test.describe("Cryptography", function () {
         });
     });
 });
-
-async function createSecondBotDevice(page: Page, homeserver: HomeserverInstance, bob: Bot) {
-    const bobSecondDevice = new Bot(page, homeserver, {
-        bootstrapSecretStorage: false,
-        bootstrapCrossSigning: false,
-    });
-    bobSecondDevice.setCredentials(await homeserver.loginUser(bob.credentials.userId, bob.credentials.password));
-    await bobSecondDevice.prepareClient();
-    return bobSecondDevice;
-}

playwright/e2e/crypto/invisible-crypto.spec.ts

@@ -0,0 +1,56 @@
+/*
+Copyright 2024 New Vector Ltd.
+
+SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
+Please see LICENSE files in the repository root for full details.
+*/
+
+import { expect, test } from "../../element-web-test";
+import { autoJoin, createSecondBotDevice, createSharedRoomWithUser, verify } from "./utils";
+import { bootstrapCrossSigningForClient } from "../../pages/client.ts";
+
+/** Tests for the "invisible crypto" behaviour -- i.e., when the "exclude insecure devices" setting is enabled */
+test.describe("Invisible cryptography", () => {
+    test.use({
+        displayName: "Alice",
+        botCreateOpts: { displayName: "Bob" },
+        labsFlags: ["feature_exclude_insecure_devices"],
+    });
+
+    test("Messages fail to decrypt when sender is previously verified", async ({
+        page,
+        bot: bob,
+        user: aliceCredentials,
+        app,
+        homeserver,
+    }) => {
+        await app.client.bootstrapCrossSigning(aliceCredentials);
+        await autoJoin(bob);
+
+        // create an encrypted room
+        const testRoomId = await createSharedRoomWithUser(app, bob.credentials.userId, {
+            name: "TestRoom",
+            initial_state: [
+                {
+                    type: "m.room.encryption",
+                    state_key: "",
+                    content: {
+                        algorithm: "m.megolm.v1.aes-sha2",
+                    },
+                },
+            ],
+        });
+
+        // Verify Bob
+        await verify(app, bob);
+
+        // Bob logs in a new device and resets cross-signing
+        const bobSecondDevice = await createSecondBotDevice(page, homeserver, bob);
+        await bootstrapCrossSigningForClient(await bobSecondDevice.prepareClient(), bob.credentials, true);
+
+        /* should show an error for a message from a previously verified device */
+        await bobSecondDevice.sendMessage(testRoomId, "test encrypted from user that was previously verified");
+        const lastTile = page.locator(".mx_EventTile_last");
+        await expect(lastTile).toContainText("Verified identity has changed");
+    });
+});

playwright/e2e/crypto/utils.ts

@@ -377,3 +377,14 @@ export async function awaitVerifier(
         return verificationRequest.verifier;
     });
 }
+
+/** Log in a second device for the given bot user */
+export async function createSecondBotDevice(page: Page, homeserver: HomeserverInstance, bob: Bot) {
+    const bobSecondDevice = new Bot(page, homeserver, {
+        bootstrapSecretStorage: false,
+        bootstrapCrossSigning: false,
+    });
+    bobSecondDevice.setCredentials(await homeserver.loginUser(bob.credentials.userId, bob.credentials.password));
+    await bobSecondDevice.prepareClient();
+    return bobSecondDevice;
+}

playwright/e2e/oidc/oidc-native.spec.ts

@@ -8,6 +8,7 @@ Please see LICENSE files in the repository root for full details.
 
 import { test, expect, registerAccountMas } from ".";
 import { isDendrite } from "../../plugins/homeserver/dendrite";
+import { ElementAppPage } from "../../pages/ElementAppPage.ts";
 
 test.describe("OIDC Native", () => {
     test.skip(isDendrite, "does not yet support MAS");
@@ -17,7 +18,7 @@ test.describe("OIDC Native", () => {
         labsFlags: ["feature_oidc_native_flow"],
     });
 
-    test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhog, app, mas }) => {
+    test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhog, mas }) => {
         const tokenUri = `http://localhost:${mas.port}/oauth2/token`;
         const tokenApiPromise = page.waitForRequest(
             (request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code",
@@ -36,6 +37,7 @@ test.describe("OIDC Native", () => {
 
         const deviceId = await page.evaluate<string>(() => window.localStorage.mx_device_id);
 
+        const app = new ElementAppPage(page);
         await app.settings.openUserSettings("Account");
         const newPagePromise = context.waitForEvent("page");
         await page.getByRole("button", { name: "Manage account" }).click();

playwright/e2e/read-receipts/index.ts

@@ -395,6 +395,9 @@ class Helpers {
      */
     async closeThreadsPanel() {
         await this.page.locator(".mx_RoomHeader").getByLabel("Threads").click();
+        if (await this.page.locator("#thread-panel").isVisible()) {
+            await this.page.locator(".mx_RoomHeader").getByLabel("Threads").click();
+        }
         await expect(this.page.locator(".mx_RightPanel")).not.toBeVisible();
     }
 

playwright/e2e/room/room-header.spec.ts

@@ -45,8 +45,8 @@ test.describe("Room Header", () => {
             await expect(header.getByRole("button", { name: "Threads" })).toBeVisible();
             await expect(header.getByRole("button", { name: "Notifications" })).toBeVisible();
 
-            // Assert that there are six buttons in total
-            await expect(header.getByRole("button")).toHaveCount(7);
+            // Assert that there are eight buttons in total
+            await expect(header.getByRole("button")).toHaveCount(8);
 
             await expect(header).toMatchScreenshot("room-header.png");
         });
@@ -119,7 +119,7 @@ test.describe("Room Header", () => {
                 await expect(header.getByRole("button", { name: "Notifications" })).toBeVisible();
 
                 // Assert that there is not a button except those buttons
-                await expect(header.getByRole("button")).toHaveCount(6);
+                await expect(header.getByRole("button")).toHaveCount(7);
 
                 await expect(header).toMatchScreenshot("room-header-video-room.png");
             });

playwright/element-web-test.ts

@@ -345,6 +345,7 @@ export const expect = baseExpect.extend({
 
         if (!options?.showTooltips) {
             css += `
+                [role="tooltip"],
                 .mx_Tooltip_visible {
                     visibility: hidden !important;
                 }

res/css/_components.pcss

@@ -12,7 +12,6 @@
 @import "./components/views/beacon/_LeftPanelLiveShareWarning.pcss";
 @import "./components/views/beacon/_LiveTimeRemaining.pcss";
 @import "./components/views/beacon/_OwnBeaconStatus.pcss";
-@import "./components/views/beacon/_RoomLiveShareWarning.pcss";
 @import "./components/views/beacon/_ShareLatestLocation.pcss";
 @import "./components/views/beacon/_StyledLiveBeaconIcon.pcss";
 @import "./components/views/context_menus/_KebabContextMenu.pcss";

res/css/components/views/beacon/_DialogSidebar.pcss

@@ -34,7 +34,6 @@ Please see LICENSE files in the repository root for full details.
 
         .mx_DialogSidebar_closeButtonIcon {
             color: $tertiary-content;
-            height: 12px;
         }
     }
 

res/css/structures/_RoomSearch.pcss

@@ -35,7 +35,7 @@ Please see LICENSE files in the repository root for full details.
     }
 
     .mx_RoomSearch_spotlightTriggerText {
-        color: $tertiary-content;
+        color: var(--cpd-color-text-secondary);
         flex: 1;
         min-width: 0;
         /* the following rules are to match that of a real input field */

res/css/structures/_SearchBox.pcss

@@ -16,11 +16,13 @@ Please see LICENSE files in the repository root for full details.
 
     .mx_SearchBox_closeButton {
         cursor: pointer;
-        background-image: url("$(res)/img/icons-close.svg");
-        background-repeat: no-repeat;
+        mask-image: url("@vector-im/compound-design-tokens/icons/close.svg");
+        mask-repeat: no-repeat;
+        mask-position: center;
+        mask-size: 16px;
         width: 16px;
         height: 16px;
-        background-position: center;
         padding: 9px;
+        background-color: var(--cpd-color-icon-secondary);
     }
 }

res/css/structures/_UploadBar.pcss

@@ -55,5 +55,5 @@ Please see LICENSE files in the repository root for full details.
     mask-repeat: no-repeat;
     mask-position: center;
     background-color: $muted-fg-color;
-    mask-image: url("$(res)/img/icons-close.svg");
+    mask-image: url("@vector-im/compound-design-tokens/icons/close.svg");
 }