Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can not decrypt message in chrome in v2.5.2 #1766

Open
hoangdat opened this issue May 15, 2024 · 18 comments
Open

Can not decrypt message in chrome in v2.5.2 #1766

hoangdat opened this issue May 15, 2024 · 18 comments
Assignees
@rezk2ll @Te-Z @sherlockvn
Labels
bug Something isn't working QA failed WEB

Comments

@hoangdat
Copy link
Member

hoangdat commented May 15, 2024
edited by Te-Z
Loading

Desc:

  • Web (Chrome and Safari at least), we can not execute all the backup process after sign in

DoD:

  • Should work as normal
@Te-Z Te-Z assigned Te-Z and unassigned Te-Z May 30, 2024
@Te-Z Te-Z assigned nqhhdev and unassigned Te-Z Jun 18, 2024
@Te-Z Te-Z added WEB bug Something isn't working labels Jun 19, 2024
@tprudentova
Copy link
Collaborator

Screenshot 2024-06-19 at 12 03 34

Safari as well

@Te-Z Te-Z assigned sherlockvn and unassigned nqhhdev Jun 19, 2024
@sherlockvn
Copy link
Contributor

sherlockvn commented Jun 20, 2024
edited
Loading

  • Spend 2 points for testing and reproduce it

@tprudentova tprudentova mentioned this issue Jun 21, 2024
Closed
@sherlockvn
Copy link
Contributor

The recoveryWords API in both matrix.linagora.com and matrix.lin-saas.com have 404 status

Image

Image

Image

@sherlockvn
Copy link
Contributor

i need to have the recoveryKey so that, i can continue debug about the message can't be decrypted. As the error message suggests, i guess that the recoverykey is deleted in database

@tjiho
Copy link

tjiho commented Jul 4, 2024

On firefox there is the same issue.
When I login, I have a 500 error on https://tom.linagora.com/_twake/recoveryWords with {"error":"duplicate key value violates unique constraint \"recoverywords_pkey\""}

@AudranBert
Copy link

On firefox there is the same issue. When I login, I have a 500 error on https://tom.linagora.com/_twake/recoveryWords with {"error":"duplicate key value violates unique constraint \"recoverywords_pkey\""}

Same issue here on firefox

@guimard guimard mentioned this issue Jul 9, 2024
Closed
@guimard
Copy link
Member

guimard commented Jul 9, 2024
edited
Loading

Hi, the real issue is "why Chrome wants to replace recoveryWords which exists ? Does it means that it failed to get it previously or is it a wanted replacement ?

Anyway @rezk2ll is going to accept such replacement but the logical way should be to accept such replacement with a "PUT" request, not a "POST"

@rezk2ll
Copy link
Member

rezk2ll commented Jul 9, 2024

Hi, the real issue is "why Chrome wants to replace recoveryWords which exists ? Does it means that it failed to get it previously or is it a wanted replacement ?

Anyway @rezk2ll is going to accept such replacement but the logical way should be to accept such replacement with a "PUT" request, not a "POST"

after debugging at first it fetches the recovery words and then it sends a POST request to insert a different set of recovery words

@Te-Z Te-Z mentioned this issue Jul 9, 2024
Open
@guimard
Copy link
Member

guimard commented Jul 9, 2024

@hoangdat @Te-Z , any advice ?

@guimard
Copy link
Member

guimard commented Jul 9, 2024

Hi, the real issue is "why Chrome wants to replace recoveryWords which exists ? Does it means that it failed to get it previously or is it a wanted replacement ?
Anyway @rezk2ll is going to accept such replacement but the logical way should be to accept such replacement with a "PUT" request, not a "POST"

after debugging at first it fetches the recovery words and then it sends a POST request to insert a different set of recovery words

@rezk2ll: Looking at screnshots, the browser received a 404, that's why it wanted to post. The issue seems to be in the GET

@sherlockvn
Copy link
Contributor

@guimard, I tried using a different homeserver, matrix.stg.lin-saas.com. I created a new account, and after uploading the recovery key successfully, I was able to retrieve the recovery words from the server with a 200 status. This indicates that the GET API is working correctly, but it appears that the database does not contain the key.

@hoangdat
Copy link
Member Author

Hi @guimard ,
Front-end dev is investigating more, why after GET frontend call again POST?.
Maybe sth wrong in the new backup process.

@hoangdat
Copy link
Member Author

Hi @tjiho , @AudranBert , can you show me your app version which has the problem?
Settings -> About

@Te-Z
Copy link
Contributor

Te-Z commented Jul 10, 2024

@sherlockvn @guimard @hoangdat when there's a failure when retrieving backup key and the user wants to have a new one, the app tries to wipe the previous key.

twake-on-matrix/lib/pages/bootstrap/tom_bootstrap_dialog.dart

Lines 176 to 180 in 4fb3d41

case UploadRecoveryKeyState.wipeRecovery:
WidgetsBinding.instance.addPostFrameCallback((_) {
_wipeRecoveryWord();
});
break;

But this fail, IMO because there not existing key yet (but didn't had clear log about the error yet). The result is that UploadRecoveryKeyState 's new state is UploadRecoveryKeyState.wipeRecoveryFailed . Which triggers this:

twake-on-matrix/lib/pages/bootstrap/tom_bootstrap_dialog.dart

Lines 181 to 186 in 4fb3d41

case UploadRecoveryKeyState.wipeRecoveryFailed:
WidgetsBinding.instance.addPostFrameCallback((_) {
TwakeSnackBar.show(context, L10n.of(context)!.cannotEnableKeyBackup);
Navigator.of(context, rootNavigator: false).pop<bool>();
});
break;

I think the problem is that is this case, there's no new recovery key created because this part of the code is never called:

twake-on-matrix/lib/pages/bootstrap/tom_bootstrap_dialog.dart

Lines 313 to 320 in 4fb3d41

case BootstrapState.askNewSsss:
WidgetsBinding.instance.addPostFrameCallback(
(_) => bootstrap?.newSsss().then(
(_) =>
_uploadRecoveryKeyState = UploadRecoveryKeyState.created,
),
);
break;

@sherlockvn @hoangdat WDYT ?

@sherlockvn sherlockvn mentioned this issue Jul 11, 2024
Merged
@Te-Z Te-Z self-assigned this Jul 12, 2024
@sherlockvn
Copy link
Contributor

I confirmed that the 500 error is caused by the front-end team, and we have take care of that.

@guimard
Copy link
Member

guimard commented Jul 12, 2024

I confirmed that the 500 error is caused by the front-end team, and we have take care of that.

@rezk2ll prepared an MR to allow POST request to override existing key, I didn't merge it until you agree with this potentially dangerous behavior. Let us know what to do on backend part

@AudranBert
Copy link

Hi @tjiho , @AudranBert , can you show me your app version which has the problem? Settings -> About

Version: 2.5.9

@tprudentova
Copy link
Collaborator

Screenshot 2024-09-26 at 17 36 47

Still happens on Chrome

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rezk2ll rezk2ll

@Te-Z Te-Z

@sherlockvn sherlockvn

Labels
bug Something isn't working QA failed WEB
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@guimard @hoangdat @rezk2ll @tjiho @Te-Z @sherlockvn @AudranBert @tprudentova @nqhhdev