Fix SSSS overwrite if user never enters their SSSS key #4087
Conversation
|
@foldleft can this PR get a title that makes sense in a changelog please? |
foldleft
changed the title
| @@ -128,7 +128,6 @@ export default class CrossSigningPanel extends React.PureComponent { | |||
| } | |||
|
|
|||
| const enabled = ( | |||
| crossSigningPublicKeysOnDevice && | |||
There was a problem hiding this comment.
Isn't this going to cause the summarisedStatus status to say it's enabled when it isn't?
There was a problem hiding this comment.
weirdly, crossSigningPublicKeysOnDevice seems to only be true if the private keys are also on the device. Even if the device doesn't have keys, the cross-signing can be initialised.
There was a problem hiding this comment.
Yeah, crossSigningPublicKeysOnDevice is whether the public key is trusted or not. My point was that in the if block just below, we'll now only hit the second case if crossSigningPrivateKeysInStorage is true but secretStorageKeyInAccount is false. So this corrects the second if block but breaks the first?
|
@foldleft Please also use title case on PRs for the changelog. |
foldleft
changed the title
foldleft
changed the title
fixes: element-hq/element-web#12352
This bug caused the cross-signing panel to indicate that there were no cross-signing keys available if the user did not provide any keys, even though cross-signing is set up. This allowed the user to re-initialize the cross-signing store, destroying whatever was there previously.
Before giving keys to the client
After giving keys to the client
