v1.0.1 release.

Merge branch 'clearnet'

.github/workflows/build-binaries.yml

@@ -0,0 +1,85 @@
+# This script will build session production binaries anytime a branch is updated
+name: Session Build Binaries
+
+on:
+  push:
+    branches:
+      - master
+      - development
+      - clearnet
+      - github-actions
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [windows-2016, macos-latest, ubuntu-latest]
+    env:
+      SIGNAL_ENV: production
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v1
+
+      - name: Install node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 10.13.0
+
+      - name: Setup node for windows
+        if: runner.os == 'Windows'
+        run: |
+          npm install --global --production windows-build-tools@4.0.0
+          npm install --global node-gyp@latest
+          npm config set python python2.7
+          npm config set msvs_version 2015
+
+      - name: Install yarn
+        run: npm install yarn --no-save
+
+      - name: Install Dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Generate and concat files
+        run: yarn generate
+
+      - name: Lint Files
+        run: yarn lint-full
+
+      - name: Build windows production binaries
+        if: runner.os == 'Windows'
+        run: node_modules\.bin\electron-builder --config.extraMetadata.environment=%SIGNAL_ENV% --publish=never --config.directories.output=release
+
+      - name: Build mac production binaries
+        if: runner.os == 'macOS'
+        run: $(yarn bin)/electron-builder --config.extraMetadata.environment=$SIGNAL_ENV --config.mac.bundleVersion=${{ github.ref }} --publish=never --config.directories.output=release
+        env:
+          CSC_LINK: ${{ secrets.MAC_CERTIFICATE }}
+          CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
+          SIGNING_APPLE_ID: ${{ secrets.SIGNING_APPLE_ID }}
+          SIGNING_APP_PASSWORD: ${{ secrets.SIGNING_APP_PASSWORD }}
+          SIGNING_TEAM_ID: ${{ secrets.SIGNING_TEAM_ID }}
+
+      - name: Build linux production binaries
+        if: runner.os == 'Linux'
+        run: $(yarn bin)/electron-builder --config.extraMetadata.environment=$SIGNAL_ENV --publish=never --config.directories.output=release
+
+      - name: Remove unpacked files
+        run: |
+          ls -d -- */ | xargs -I{} echo "Removing {}"
+          ls -d -- */ | xargs -I{} rm -rf {}
+        shell: bash
+        working-directory: ./release/
+
+      - name: Remaining files
+        run: ls .
+        shell: bash
+        working-directory: ./release/
+
+      - name: Upload Production Artifacts
+        uses: actions/upload-artifact@v1
+        with:
+          name: ${{ runner.OS }}-production
+          path: release

.github/workflows/release.yml

@@ -0,0 +1,64 @@
+# This script will build binaries and publish a draft on github release page with the the tag v[package-version]
+name: Session Draft Release
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [windows-2016, macos-latest, ubuntu-latest]
+    env:
+      SIGNAL_ENV: production
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v1
+
+      - name: Install node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 10.13.0
+
+      - name: Setup node for windows
+        if: runner.os == 'Windows'
+        run: |
+          npm install --global --production windows-build-tools@4.0.0
+          npm install --global node-gyp@latest
+          npm config set python python2.7
+          npm config set msvs_version 2015
+
+      - name: Install yarn
+        run: npm install yarn --no-save
+
+      - name: Install Dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Generate and concat files
+        run: yarn generate
+
+      - name: Lint Files
+        run: yarn lint-full
+
+      - name: Build windows production binaries
+        if: runner.os == 'Windows'
+        run: node_modules\.bin\electron-builder --config.extraMetadata.environment=%SIGNAL_ENV% --publish=always
+
+      - name: Build mac production binaries
+        if: runner.os == 'macOS'
+        run: $(yarn bin)/electron-builder --config.extraMetadata.environment=$SIGNAL_ENV --config.mac.bundleVersion=${{ github.ref }} --publish=always
+        env:
+          CSC_LINK: ${{ secrets.MAC_CERTIFICATE }}
+          CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
+          SIGNING_APPLE_ID: ${{ secrets.SIGNING_APPLE_ID }}
+          SIGNING_APP_PASSWORD: ${{ secrets.SIGNING_APP_PASSWORD }}
+          SIGNING_TEAM_ID: ${{ secrets.SIGNING_TEAM_ID }}
+
+      - name: Build linux production binaries
+        if: runner.os == 'Linux'
+        run: $(yarn bin)/electron-builder --config.extraMetadata.environment=$SIGNAL_ENV --publish=always

BUILDING.md

@@ -0,0 +1,42 @@
+# Building
+
+Building session binaries is done using github actions. Windows and linux binaries will build right out of the box but there are some extra steps needed for Mac OS
+
+## Mac OS
+
+The build script for Mac OS requires you to have a valid `Developer ID Application` certificate. Without this the build script cannot sign and notarize the mac binary which is needed for Catalina 10.15 and above.
+If you would like to disable this then comment out `"afterSign": "build/notarize.js",` in package.json.
+
+You will also need an [App-specific password](https://support.apple.com/en-al/HT204397) for the apple account you wish to notarize with
+
+### Setup
+
+Once you have your `Developer ID Application` you need to export it into a `.p12` file. Keep a note of the password used to encrypt this file as it will be needed later.
+
+We need to Base64 encode this file, so run the following command:
+
+```
+base64 -i certificate.p12 -o encoded.txt
+```
+
+#### On GitHub:
+
+1.  Navigate to the main page of the repository.
+2.  Under your repository name, click **Settings**.
+3.  In the left sidebar, click **Secrets**.
+4.  Add the following secrets:
+    1.  Certificate
+        * Name: `MAC_CERTIFICATE`
+        * Value: The encoded Base64 certificate
+    2.  Certificate password
+        * Name: `MAC_CERTIFICATE_PASSWORD`
+        * Value: The password that was set when the certificate was exported.
+    3.  Apple ID
+        * Name: `SIGNING_APPLE_ID`
+        * Value: The apple id (email) to use for signing
+    4.  Apple Password
+        * Name: `SIGNING_APP_PASSWORD`
+        * Value: The app-specific password that was generated for the apple id
+    5.  Team ID (Optional)
+        * Name: `SIGNING_TEAM_ID`
+        * Value: The apple team id if you're sigining the application for a team

README.md

@@ -2,15 +2,11 @@
 
 [![Build Status](https://travis-ci.org/loki-project/loki-messenger.svg?branch=development)](https://travis-ci.org/loki-project/loki-messenger)
 
-Session allows for truly decentralized, end to end, and private encrypted chats. Session is built to handle both online and fully Asynchronous offline messages. Session implements the Signal protocol for message encryption. Our Client interface is a fork of [Signal Messenger](https://signal.org/). All communication that passes through Session is routed through [Lokinet](https://github.com/loki-project/loki-network).
+Session allows for truly decentralized, end to end, and private encrypted chats. Session is built to handle both online and fully Asynchronous offline messages. Session implements the Signal protocol for message encryption. Our Client interface is a fork of [Signal Messenger](https://signal.org/).
 
 ## Summary
 
-Session integrates directly with Loki [Service Nodes](https://lokidocs.com/ServiceNodes/SNOverview/), which are a set of distributed, decentralized and Sybil resistant nodes. Service Nodes act as both federated servers which store messages offline, and a set of nodes which allow for onion routing functionality obfuscating users IP Addresses. For a full understanding of how Session works, read the [Loki whitepaper](https://loki.network/whitepaper).
-
-**Online Messages**
-
-If Alice and Bob are both online they can simply resolve each others public keys, to introduction sets, this functionality is handled by interfacing with [Lokinet](https://github.com/loki-project/loki-network). With the appropriate introduction sets Alice and Bob can create a path and using onion routing pass messages through the Loki network without giving away personally identifiable information like their IP address.
+Session integrates directly with Loki [Service Nodes](https://lokidocs.com/ServiceNodes/SNOverview/), which are a set of distributed, decentralized and Sybil resistant nodes. Service Nodes act as servers which store messages offline, and a set of nodes which allow for onion routing functionality obfuscating users IP Addresses. For a full understanding of how Session works, read the [Loki whitepaper](https://loki.network/whitepaper).
 
 **Offline messages**
 

_locales/en/messages.json

@@ -2162,6 +2162,11 @@
     "message": "Leave Closed Group",
     "description": "Button action that the user can click to leave the group"
   },
+  "leaveClosedGroupConfirmation": {
+    "message": "Leave this Closed Group?",
+    "description":
+      "Confirmation dialog text that tells the user what will happen if they leave the closed group."
+  },
   "leaveGroupDialogTitle": {
     "message": "Are you sure you want to leave this group?",
     "description":

app/sql.js

@@ -901,7 +901,7 @@ async function updateToLokiSchemaVersion1(currentVersion, instance) {
     id: 'rss://loki.network/feed/',
     rssFeed: 'https://loki.network/feed/',
     closable: true,
-    name: 'Loki.network News',
+    name: 'Loki News',
     profileAvatar: 'images/session/session_chat_icon.png',
   };
 
@@ -910,7 +910,7 @@ async function updateToLokiSchemaVersion1(currentVersion, instance) {
     id: 'rss://loki.network/category/messenger-updates/feed/',
     rssFeed: 'https://loki.network/category/messenger-updates/feed/',
     closable: false,
-    name: 'Messenger updates',
+    name: 'Session Updates',
     profileAvatar: 'images/session/session_chat_icon.png',
   };
 

build/notarize.js

@@ -10,19 +10,36 @@ const { notarize } = require('electron-notarize');
   Notarizing: https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/
 */
 
+const log = msg => console.log(`\n${msg}`);
+const isEmpty = v => !v || v.length === 0;
+
 exports.default = async function notarizing(context) {
   const { electronPlatformName, appOutDir } = context;
   if (electronPlatformName !== 'darwin') {
     return;
   }
+  log('Notarizing mac application');
 
   const appName = context.packager.appInfo.productFilename;
+  const {
+    SIGNING_APPLE_ID,
+    SIGNING_APP_PASSWORD,
+    SIGNING_TEAM_ID,
+  } = process.env;
+
+  if (isEmpty(SIGNING_APPLE_ID) || isEmpty(SIGNING_APP_PASSWORD)) {
+    log(
+      'SIGNING_APPLE_ID or SIGNING_APP_PASSWORD not set.\nTerminating noratization.'
+    );
+    return;
+  }
 
-  return notarize({
-    appBundleId: 'com.loki-project.messenger-desktop',
+  const options = {
+    appBundleId: 'org.getsession.desktop',
     appPath: `${appOutDir}/${appName}.app`,
-    appleId: process.env.SIGNING_APPLE_ID,
-    appleIdPassword: process.env.SIGNING_APP_PASSWORD,
-    ascProvider: process.env.SIGNING_TEAM_ID,
-  });
+    appleId: SIGNING_APPLE_ID,
+    appleIdPassword: SIGNING_APP_PASSWORD,
+  };
+  if (!isEmpty(SIGNING_TEAM_ID)) options.ascProvider = SIGNING_TEAM_ID;
+  return notarize(options);
 };

js/background.js

@@ -763,9 +763,10 @@
 
       const ev = new Event('group');
 
-      const ourKey = textsecure.storage.user.getNumber();
-
-      const allMembers = [ourKey, ...members];
+      const primaryDeviceKey =
+        window.storage.get('primaryDevicePubKey') ||
+        textsecure.storage.user.getNumber();
+      const allMembers = [primaryDeviceKey, ...members];
 
       ev.groupDetails = {
         id: groupId,
@@ -794,7 +795,7 @@
         window.friends.friendRequestStatusEnum.friends
       );
 
-      convo.updateGroupAdmins([ourKey]);
+      convo.updateGroupAdmins([primaryDeviceKey]);
 
       appView.openConversation(groupId, {});
     };
@@ -1059,6 +1060,7 @@
       window.setMediaPermissions(!mediaPermissions);
     };
 
+    // attempts a connection to an open group server
     window.attemptConnection = async (serverURL, channelId) => {
       let rawserverURL = serverURL
         .replace(/^https?:\/\//i, '')
@@ -2187,9 +2189,7 @@
           },
         });
       } else {
-        window.log.verbose(
-          `Already seen session restore for pubkey: ${pubkey}`
-        );
+        window.log.debug(`Already seen session restore for pubkey: ${pubkey}`);
         if (ev.confirm) {
           ev.confirm();
         }

js/conversation_controller.js

@@ -161,26 +161,32 @@
       if (!conversation) {
         return;
       }
-      if (conversation.isPublic()) {
+
+      // Close group leaving
+      if (conversation.isClosedGroup()) {
+        await conversation.leaveGroup();
+      } else if (conversation.isPublic()) {
         const channelAPI = await conversation.getPublicSendData();
         if (channelAPI === null) {
           log.warn(`Could not get API for public conversation ${id}`);
         } else {
           channelAPI.serverAPI.partChannel(channelAPI.channelId);
         }
+      } else if (conversation.isPrivate()) {
+        const deviceIds = await textsecure.storage.protocol.getDeviceIds(id);
+        await Promise.all(
+          deviceIds.map(deviceId => {
+            const address = new libsignal.SignalProtocolAddress(id, deviceId);
+            const sessionCipher = new libsignal.SessionCipher(
+              textsecure.storage.protocol,
+              address
+            );
+            return sessionCipher.deleteAllSessionsForDevice();
+          })
+        );
       }
+
       await conversation.destroyMessages();
-      const deviceIds = await textsecure.storage.protocol.getDeviceIds(id);
-      await Promise.all(
-        deviceIds.map(deviceId => {
-          const address = new libsignal.SignalProtocolAddress(id, deviceId);
-          const sessionCipher = new libsignal.SessionCipher(
-            textsecure.storage.protocol,
-            address
-          );
-          return sessionCipher.deleteAllSessionsForDevice();
-        })
-      );
       await window.Signal.Data.removeConversation(id, {
         Conversation: Whisper.Conversation,
       });

js/expire.js

@@ -10,6 +10,8 @@
     '', // no pubkey needed
     window.getDefaultFileServer()
   );
+  // use the anonymous access token
+  window.tokenlessFileServerAdnAPI.token = 'loki';
   window.tokenlessFileServerAdnAPI.pubKey = window.Signal.Crypto.base64ToArrayBuffer(
     LokiFileServerAPI.secureRpcPubKey
   );