From ed38b9038e70408c738208608571bf3b0bdf0bd8 Mon Sep 17 00:00:00 2001 From: Hocuri Date: Wed, 22 Oct 2025 23:06:04 +0200 Subject: [PATCH 1/2] feat: Be more generous with marking contacts as verified for now Context: PR #7116 is backwards-incompatible with versions older than v2.20, and since the release hasn't reached all users yet, we currently can't release from main; for details see #7326. Issue #7326 explains how we can make this less breaking, but this only works if many contacts are verified. So, this PR here proposes to postpone the stricter rules for who is verified a bit: - Set verification timeout for invite codes to 1 week (this is still stricter than no timeout at all, which we had in the past) - Don't reset indirect verifications yet (we should reset them in a few months then, but this is just so that we can release from main again, and release e.g. channels). --- src/securejoin.rs | 13 +++++++++++-- src/sql/migrations.rs | 10 +--------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/securejoin.rs b/src/securejoin.rs index 92cfd89986..2d806d1a60 100644 --- a/src/securejoin.rs +++ b/src/securejoin.rs @@ -33,6 +33,15 @@ pub(crate) use qrinvite::QrInvite; use crate::token::Namespace; +/// Only new QR codes cause a verification on Alice's side. +/// When a QR code is too old, it is assumed that there was no direct QR scan, +/// and that the QR code was potentially published on a website, +/// so, Alice doesn't mark Bob as verified. +// TODO For backwards compatibility reasons, this is still using a rather large value. +// Set this to a lower value (e.g. 10 minutes) +// when Delta Chat v2.21.0 is sufficiently rolled out +const VERIFICATION_TIMEOUT_SECONDS: i64 = 7 * 24 * 3600; + fn inviter_progress( context: &Context, contact_id: ContactId, @@ -465,8 +474,8 @@ pub(crate) async fn handle_securejoin_handshake( } info!(context, "Fingerprint verified via Auth code.",); - // Mark the contact as verified if auth code is 600 seconds old. - if time() < timestamp + 600 { + // Mark the contact as verified if auth code is less than VERIFICATION_TIMEOUT_SECONDS seconds old. + if time() < timestamp + VERIFICATION_TIMEOUT_SECONDS { mark_contact_id_as_verified(context, contact_id, Some(ContactId::SELF)).await?; } contact_id.regossip_keys(context).await?; diff --git a/src/sql/migrations.rs b/src/sql/migrations.rs index 851fec670d..5b2c88ccaf 100644 --- a/src/sql/migrations.rs +++ b/src/sql/migrations.rs @@ -1261,15 +1261,7 @@ CREATE INDEX gossip_timestamp_index ON gossip_timestamp (chat_id, fingerprint); .await?; } - inc_and_check(&mut migration_version, 134)?; - if dbversion < migration_version { - // Reset all indirect verifications. - sql.execute_migration( - "UPDATE contacts SET verifier=0 WHERE verifier!=1", - migration_version, - ) - .await?; - } + inc_and_check(&mut migration_version, 134)?; // Migration 134 was removed inc_and_check(&mut migration_version, 135)?; if dbversion < migration_version { From 061f4c8ea9124078786f01acbd7a11b0bfadd55f Mon Sep 17 00:00:00 2001 From: Hocuri Date: Thu, 23 Oct 2025 10:47:21 +0200 Subject: [PATCH 2/2] Update src/securejoin.rs Co-authored-by: l --- src/securejoin.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/securejoin.rs b/src/securejoin.rs index 2d806d1a60..96b410a6f9 100644 --- a/src/securejoin.rs +++ b/src/securejoin.rs @@ -39,7 +39,7 @@ use crate::token::Namespace; /// so, Alice doesn't mark Bob as verified. // TODO For backwards compatibility reasons, this is still using a rather large value. // Set this to a lower value (e.g. 10 minutes) -// when Delta Chat v2.21.0 is sufficiently rolled out +// when Delta Chat v2.22.0 is sufficiently rolled out const VERIFICATION_TIMEOUT_SECONDS: i64 = 7 * 24 * 3600; fn inviter_progress(