Merge tag 'v3.69.1' into sc

* Fix detection of encryption for all users in a room ([\matrix-org#10487](matrix-org#10487)). Fixes element-hq/element-web#24995.
SchildiChat · Apr 1, 2023 · 192110d · 192110d
2 parents 1be51f0 + af3e57f
commit 192110d
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 33 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,15 @@
-Changes in [3.69.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.69.0) (2023-03-28)
+Changes in [3.69.1](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.69.1) (2023-03-31)
 =====================================================================================================
 
 ## 🐛 Bug Fixes
- * Changes for matrix-js-sdk v24.0.0
- * Changes for matrix-react-sdk v3.69.0
+ * Fix detection of encryption for all users in a room ([\#10487](https://github.com/matrix-org/matrix-react-sdk/pull/10487)). Fixes vector-im/element-web#24995.
+
+Changes in [3.69.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.69.0) (2023-03-28)
+=====================================================================================================
+
+## 🔒 Security
+ * Fixes for [CVE-2023-28427](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-28427) / GHSA-mwq8-fjpf-c2gr
+ * Fixes for [CVE-2023-28103](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-28103) / GHSA-6g43-88cp-w5gv
 
 Changes in [3.68.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.68.0) (2023-03-15)
 =====================================================================================================

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "matrix-react-sdk",
-    "version": "3.69.0",
+    "version": "3.69.1",
     "description": "SDK for matrix.org using React",
     "author": "matrix.org",
     "repository": {

diff --git a/src/createRoom.ts b/src/createRoom.ts
@@ -398,16 +398,21 @@ export default async function createRoom(opts: IOpts): Promise<string | null> {
 export async function canEncryptToAllUsers(client: MatrixClient, userIds: string[]): Promise<boolean> {
     try {
         const usersDeviceMap = await client.downloadKeys(userIds);
-        // { "@user:host": { "DEVICE": {...}, ... }, ... }
-        return Object.values(usersDeviceMap).every(
-            (userDevices) =>
-                // { "DEVICE": {...}, ... }
-                Object.keys(userDevices).length > 0,
-        );
+
+        // There are no devices at all.
+        if (usersDeviceMap.size === 0) return false;
+
+        for (const devices of usersDeviceMap.values()) {
+            if (devices.size === 0) {
+                return false;
+            }
+        }
     } catch (e) {
         logger.error("Error determining if it's possible to encrypt to all users: ", e);
         return false; // assume not
     }
+
+    return true;
 }
 
 // Similar to ensureDMExists but also adds creation content

diff --git a/test/createRoom-test.ts b/test/createRoom-test.ts
@@ -147,35 +147,56 @@ describe("createRoom", () => {
 });
 
 describe("canEncryptToAllUsers", () => {
-    const trueUser = new Map([
-        [
-            "@goodUser:localhost",
-            new Map([
-                ["DEV1", {} as unknown as DeviceInfo],
-                ["DEV2", {} as unknown as DeviceInfo],
-            ]),
-        ],
-    ]);
+    const user1Id = "@user1:example.com";
+    const user2Id = "@user2:example.com";
 
-    const falseUser = {
-        "@badUser:localhost": {},
-    };
+    const devices = new Map([
+        ["DEV1", {} as unknown as DeviceInfo],
+        ["DEV2", {} as unknown as DeviceInfo],
+    ]);
 
     let client: Mocked<MatrixClient>;
-    beforeEach(() => {
-        stubClient();
-        client = mocked(MatrixClientPeg.get());
+
+    beforeAll(() => {
+        client = mocked(stubClient());
     });
 
-    it("returns true if all devices have crypto", async () => {
-        client.downloadKeys.mockResolvedValue(trueUser);
-        const response = await canEncryptToAllUsers(client, ["@goodUser:localhost"]);
-        expect(response).toBe(true);
+    it("should return false if download keys does not return any user", async () => {
+        client.downloadKeys.mockResolvedValue(new Map());
+        const result = await canEncryptToAllUsers(client, [user1Id, user2Id]);
+        expect(result).toBe(false);
     });
 
-    it("returns false if not all users have crypto", async () => {
-        client.downloadKeys.mockResolvedValue({ ...trueUser, ...falseUser });
-        const response = await canEncryptToAllUsers(client, ["@goodUser:localhost", "@badUser:localhost"]);
-        expect(response).toBe(false);
+    it("should return false if none of the users has a device", async () => {
+        client.downloadKeys.mockResolvedValue(
+            new Map([
+                [user1Id, new Map()],
+                [user2Id, new Map()],
+            ]),
+        );
+        const result = await canEncryptToAllUsers(client, [user1Id, user2Id]);
+        expect(result).toBe(false);
+    });
+
+    it("should return false if some of the users don't have a device", async () => {
+        client.downloadKeys.mockResolvedValue(
+            new Map([
+                [user1Id, new Map()],
+                [user2Id, devices],
+            ]),
+        );
+        const result = await canEncryptToAllUsers(client, [user1Id, user2Id]);
+        expect(result).toBe(false);
+    });
+
+    it("should return true if all users have a device", async () => {
+        client.downloadKeys.mockResolvedValue(
+            new Map([
+                [user1Id, devices],
+                [user2Id, devices],
+            ]),
+        );
+        const result = await canEncryptToAllUsers(client, [user1Id, user2Id]);
+        expect(result).toBe(true);
     });
 });