wireapp · elland · Nov 28, 2022 · Nov 23, 2022 · Nov 23, 2022 · Nov 24, 2022
diff --git a/libs/wire-api/src/Wire/API/Error/Galley.hs b/libs/wire-api/src/Wire/API/Error/Galley.hs
@@ -84,6 +84,7 @@ data GalleyError
   | MLSWelcomeMismatch
   | MLSMissingGroupInfo
   | MLSMissingSenderClient
+  | MLSUnexpectedSenderClient
   | --
     NoBindingTeamMembers
   | NoBindingTeam
@@ -203,6 +204,8 @@ type instance MapError 'MLSGroupConversationMismatch = 'StaticError 400 "mls-gro
 
 type instance MapError 'MLSClientSenderUserMismatch = 'StaticError 400 "mls-client-sender-user-mismatch" "User ID resolved from Client ID does not match message's sender user ID"
 
+type instance MapError 'MLSUnexpectedSenderClient = 'StaticError 422 "mls-unexpected-sender-client-found" "Unexpected creator client set. This is a newly created conversation and it expected exactly one client."
+
 type instance MapError 'MLSWelcomeMismatch = 'StaticError 400 "mls-welcome-mismatch" "The list of targets of a welcome message does not match the list of new clients in a group"
 
 type instance MapError 'MLSMissingGroupInfo = 'StaticError 404 "mls-missing-group-info" "The conversation has no group information"

diff --git a/libs/wire-api/src/Wire/API/Routes/Public/Galley/MLS.hs b/libs/wire-api/src/Wire/API/Routes/Public/Galley/MLS.hs
@@ -60,6 +60,7 @@ type MLSMessagingAPI =
                :> CanThrow 'MLSStaleMessage
                :> CanThrow 'MLSUnsupportedMessage
                :> CanThrow 'MLSUnsupportedProposal
+               :> CanThrow 'MLSUnexpectedSenderClient
                :> CanThrow 'MLSClientSenderUserMismatch
                :> CanThrow 'MLSGroupConversationMismatch
                :> CanThrow 'MLSMissingSenderClient
@@ -88,6 +89,7 @@ type MLSMessagingAPI =
                :> CanThrow 'MLSStaleMessage
                :> CanThrow 'MLSUnsupportedMessage
                :> CanThrow 'MLSUnsupportedProposal
+               :> CanThrow 'MLSUnexpectedSenderClient
                :> CanThrow 'MLSClientSenderUserMismatch
                :> CanThrow 'MLSGroupConversationMismatch
                :> CanThrow 'MLSMissingSenderClient
@@ -116,6 +118,7 @@ type MLSMessagingAPI =
                :> CanThrow 'MLSStaleMessage
                :> CanThrow 'MLSUnsupportedMessage
                :> CanThrow 'MLSUnsupportedProposal
+               :> CanThrow 'MLSUnexpectedSenderClient
                :> CanThrow 'MLSClientSenderUserMismatch
                :> CanThrow 'MLSGroupConversationMismatch
                :> CanThrow 'MLSMissingSenderClient

diff --git a/services/galley/src/Galley/API/Action.hs b/services/galley/src/Galley/API/Action.hs
@@ -52,7 +52,6 @@ import Data.Singletons
 import Data.Time.Clock
 import Galley.API.Error
 import Galley.API.MLS.Removal
-import Galley.API.MLS.Util (globalTeamConvToConversation)
 import Galley.API.Util
 import Galley.App
 import Galley.Data.Conversation
@@ -90,7 +89,6 @@ import Wire.API.Event.Conversation
 import Wire.API.Federation.API (Component (Galley), fedClient)
 import Wire.API.Federation.API.Galley
 import Wire.API.Federation.Error
-import Wire.API.MLS.GlobalTeamConversation
 import Wire.API.Team.LegalHold
 import Wire.API.Team.Member
 import qualified Wire.API.User as User
@@ -597,17 +595,7 @@ updateLocalConversation lcnv qusr con action = do
   let tag = sing @tag
 
   -- retrieve conversation
-  conv <- do
-    -- Check if global or not, if global, map it to conversation
-    E.getGlobalTeamConversationById lcnv >>= \case
-      Just gtc ->
-        let c = gtcCreator gtc
-         in case c of
-              Nothing ->
-                throwS @'ConvNotFound
-              Just creator ->
-                pure $ globalTeamConvToConversation gtc creator mempty
-      Nothing -> getConversationWithError lcnv
+  conv <- getConversationWithError lcnv (qUnqualified qusr)
 
   -- check that the action does not bypass the underlying protocol
   unless (protocolValidAction (convProtocol conv) (fromSing tag)) $

diff --git a/services/galley/src/Galley/API/MLS/Message.hs b/services/galley/src/Galley/API/MLS/Message.hs
@@ -105,6 +105,7 @@ type MLSMessageStaticErrors =
      ErrorS 'MLSCommitMissingReferences,
      ErrorS 'MLSSelfRemovalNotAllowed,
      ErrorS 'MLSClientSenderUserMismatch,
+     ErrorS 'MLSUnexpectedSenderClient,
      ErrorS 'MLSGroupConversationMismatch,
      ErrorS 'MLSMissingSenderClient
    ]
@@ -122,15 +123,16 @@ postMLSMessageFromLocalUserV1 ::
          ErrorS 'ConvAccessDenied,
          ErrorS 'ConvMemberNotFound,
          ErrorS 'ConvNotFound,
-         ErrorS 'MissingLegalholdConsent,
          ErrorS 'MLSClientSenderUserMismatch,
          ErrorS 'MLSCommitMissingReferences,
          ErrorS 'MLSGroupConversationMismatch,
          ErrorS 'MLSMissingSenderClient,
          ErrorS 'MLSProposalNotFound,
          ErrorS 'MLSSelfRemovalNotAllowed,
          ErrorS 'MLSStaleMessage,
+         ErrorS 'MLSUnexpectedSenderClient,
          ErrorS 'MLSUnsupportedMessage,
+         ErrorS 'MissingLegalholdConsent,
          Input (Local ()),
          ProposalStore,
          Resource,
@@ -157,15 +159,16 @@ postMLSMessageFromLocalUser ::
          ErrorS 'ConvAccessDenied,
          ErrorS 'ConvMemberNotFound,
          ErrorS 'ConvNotFound,
-         ErrorS 'MissingLegalholdConsent,
          ErrorS 'MLSClientSenderUserMismatch,
          ErrorS 'MLSCommitMissingReferences,
          ErrorS 'MLSGroupConversationMismatch,
          ErrorS 'MLSMissingSenderClient,
          ErrorS 'MLSProposalNotFound,
          ErrorS 'MLSSelfRemovalNotAllowed,
          ErrorS 'MLSStaleMessage,
+         ErrorS 'MLSUnexpectedSenderClient,
          ErrorS 'MLSUnsupportedMessage,
+         ErrorS 'MissingLegalholdConsent,
          Input (Local ()),
          ProposalStore,
          Resource,
@@ -367,15 +370,16 @@ postMLSMessage ::
          ErrorS 'ConvAccessDenied,
          ErrorS 'ConvMemberNotFound,
          ErrorS 'ConvNotFound,
-         ErrorS 'MissingLegalholdConsent,
          ErrorS 'MLSClientSenderUserMismatch,
          ErrorS 'MLSCommitMissingReferences,
          ErrorS 'MLSGroupConversationMismatch,
          ErrorS 'MLSMissingSenderClient,
          ErrorS 'MLSProposalNotFound,
          ErrorS 'MLSSelfRemovalNotAllowed,
          ErrorS 'MLSStaleMessage,
+         ErrorS 'MLSUnexpectedSenderClient,
          ErrorS 'MLSUnsupportedMessage,
+         ErrorS 'MissingLegalholdConsent,
          Input (Local ()),
          ProposalStore,
          Resource,
@@ -455,14 +459,15 @@ postMLSMessageToLocalConv ::
       '[ Error FederationError,
          Error InternalError,
          ErrorS 'ConvNotFound,
-         ErrorS 'MissingLegalholdConsent,
          ErrorS 'MLSClientSenderUserMismatch,
          ErrorS 'MLSCommitMissingReferences,
          ErrorS 'MLSMissingSenderClient,
          ErrorS 'MLSProposalNotFound,
          ErrorS 'MLSSelfRemovalNotAllowed,
          ErrorS 'MLSStaleMessage,
+         ErrorS 'MLSUnexpectedSenderClient,
          ErrorS 'MLSUnsupportedMessage,
+         ErrorS 'MissingLegalholdConsent,
          ProposalStore,
          Resource,
          TinyLog
@@ -539,26 +544,29 @@ postMLSMessageToRemoteConv loc qusr _senderClient con smsg rcnv = do
     pure (LocalConversationUpdate e update)
 
 type HasProposalEffects r =
-  ( Member BrigAccess r,
-    Member ConversationStore r,
-    Member (Error InternalError) r,
-    Member (Error MLSProposalFailure) r,
-    Member (Error MLSProtocolError) r,
-    Member (ErrorS 'MLSClientMismatch) r,
-    Member (ErrorS 'MLSKeyPackageRefNotFound) r,
-    Member (ErrorS 'MLSUnsupportedProposal) r,
-    Member ExternalAccess r,
-    Member FederatorAccess r,
-    Member GundeckAccess r,
-    Member (Input Env) r,
-    Member (Input (Local ())) r,
-    Member (Input Opts) r,
-    Member (Input UTCTime) r,
-    Member LegalHoldStore r,
-    Member MemberStore r,
-    Member ProposalStore r,
-    Member TeamStore r,
-    Member TinyLog r
+  ( Members
+      '[ BrigAccess,
+         ConversationStore,
+         Error InternalError,
+         Error MLSProposalFailure,
+         Error MLSProtocolError,
+         ErrorS 'MLSClientMismatch,
+         ErrorS 'MLSKeyPackageRefNotFound,
+         ErrorS 'MLSUnsupportedProposal,
+         ExternalAccess,
+         FederatorAccess,
+         GundeckAccess,
+         Input Env,
+         Input (Local ()),
+         Input Opts,
+         Input UTCTime,
+         LegalHoldStore,
+         MemberStore,
+         ProposalStore,
+         TeamStore,
+         TinyLog
+       ]
+      r
   )
 
 data ProposalAction = ProposalAction
@@ -616,20 +624,24 @@ getCommitData lconv mlsMeta epoch commit = do
 
 processCommit ::
   ( HasProposalEffects r,
-    Member (Error FederationError) r,
-    Member (Error InternalError) r,
-    Member (ErrorS 'ConvNotFound) r,
-    Member (ErrorS 'MLSClientSenderUserMismatch) r,
-    Member (ErrorS 'MLSCommitMissingReferences) r,
-    Member (ErrorS 'MLSMissingSenderClient) r,
-    Member (ErrorS 'MLSProposalNotFound) r,
-    Member (ErrorS 'MLSSelfRemovalNotAllowed) r,
-    Member (ErrorS 'MLSStaleMessage) r,
-    Member (ErrorS 'MissingLegalholdConsent) r,
-    Member (Input (Local ())) r,
-    Member ProposalStore r,
-    Member BrigAccess r,
-    Member Resource r
+    Members
+      '[ Error FederationError,
+         Error InternalError,
+         ErrorS 'ConvNotFound,
+         ErrorS 'MLSClientSenderUserMismatch,
+         ErrorS 'MLSCommitMissingReferences,
+         ErrorS 'MLSMissingSenderClient,
+         ErrorS 'MLSProposalNotFound,
+         ErrorS 'MLSSelfRemovalNotAllowed,
+         ErrorS 'MLSStaleMessage,
+         ErrorS 'MLSUnexpectedSenderClient,
+         ErrorS 'MissingLegalholdConsent,
+         Input (Local ()),
+         ProposalStore,
+         BrigAccess,
+         Resource
+       ]
+      r
   ) =>
   Qualified UserId ->
   Maybe ClientId ->
@@ -758,20 +770,24 @@ processExternalCommit qusr mSenderClient lconv mlsMeta cm epoch action updatePat
 processCommitWithAction ::
   forall r.
   ( HasProposalEffects r,
-    Member (Error FederationError) r,
-    Member (Error InternalError) r,
-    Member (ErrorS 'ConvNotFound) r,
-    Member (ErrorS 'MLSClientSenderUserMismatch) r,
-    Member (ErrorS 'MLSCommitMissingReferences) r,
-    Member (ErrorS 'MLSMissingSenderClient) r,
-    Member (ErrorS 'MLSProposalNotFound) r,
-    Member (ErrorS 'MLSSelfRemovalNotAllowed) r,
-    Member (ErrorS 'MLSStaleMessage) r,
-    Member (ErrorS 'MissingLegalholdConsent) r,
-    Member (Input (Local ())) r,
-    Member ProposalStore r,
-    Member BrigAccess r,
-    Member Resource r
+    Members
+      '[ Error FederationError,
+         Error InternalError,
+         ErrorS 'ConvNotFound,
+         ErrorS 'MLSClientSenderUserMismatch,
+         ErrorS 'MLSCommitMissingReferences,
+         ErrorS 'MLSMissingSenderClient,
+         ErrorS 'MLSProposalNotFound,
+         ErrorS 'MLSSelfRemovalNotAllowed,
+         ErrorS 'MLSStaleMessage,
+         ErrorS 'MLSUnexpectedSenderClient,
+         ErrorS 'MissingLegalholdConsent,
+         Input (Local ()),
+         ProposalStore,
+         BrigAccess,
+         Resource
+       ]
+      r
   ) =>
   Qualified UserId ->
   Maybe ClientId ->
@@ -793,20 +809,24 @@ processCommitWithAction qusr senderClient con lconv mlsMeta cm epoch action send
 processInternalCommit ::
   forall r.
   ( HasProposalEffects r,
-    Member (Error FederationError) r,
-    Member (Error InternalError) r,
-    Member (ErrorS 'ConvNotFound) r,
-    Member (ErrorS 'MLSClientSenderUserMismatch) r,
-    Member (ErrorS 'MLSCommitMissingReferences) r,
-    Member (ErrorS 'MLSMissingSenderClient) r,
-    Member (ErrorS 'MLSProposalNotFound) r,
-    Member (ErrorS 'MLSSelfRemovalNotAllowed) r,
-    Member (ErrorS 'MLSStaleMessage) r,
-    Member (ErrorS 'MissingLegalholdConsent) r,
-    Member (Input (Local ())) r,
-    Member ProposalStore r,
-    Member BrigAccess r,
-    Member Resource r
+    Members
+      [ Error FederationError,
+        Error InternalError,
+        ErrorS 'ConvNotFound,
+        ErrorS 'MLSClientSenderUserMismatch,
+        ErrorS 'MLSCommitMissingReferences,
+        ErrorS 'MLSMissingSenderClient,
+        ErrorS 'MLSProposalNotFound,
+        ErrorS 'MLSSelfRemovalNotAllowed,
+        ErrorS 'MLSStaleMessage,
+        ErrorS 'MLSUnexpectedSenderClient,
+        ErrorS 'MissingLegalholdConsent,
+        Input (Local ()),
+        ProposalStore,
+        BrigAccess,
+        Resource
+      ]
+      r
   ) =>
   Qualified UserId ->
   Maybe ClientId ->
@@ -843,11 +863,9 @@ processInternalCommit qusr senderClient con lconv mlsMeta cm epoch action sender
                 qusr
                 (Set.singleton (creatorClient, creatorRef))
             (Left _, SelfConv, _) ->
-              throw . InternalErrorWithDescription $
-                "Unexpected creator client set in a self-conversation"
-            -- this is a newly created conversation, and it should contain exactly one
-            -- client (the creator)
-
+              -- this is a newly created conversation, and it should contain exactly one
+              -- client (the creator)
+              throwS @'MLSUnexpectedSenderClient
             (Left _, GlobalTeamConv, []) -> do
               creatorClient <- noteS @'MLSMissingSenderClient senderClient
               creatorRef <-
@@ -858,13 +876,15 @@ processInternalCommit qusr senderClient con lconv mlsMeta cm epoch action sender
                       . upLeaf
                   )
                   $ cPath commit
+              -- add user to global conv as a member as well
+              lusr <- qualifyLocal (qUnqualified qusr)
+              void $ createMember (convId <$> lconv) lusr
               addMLSClients
                 (cnvmlsGroupId mlsMeta)
                 qusr
                 (Set.singleton (creatorClient, creatorRef))
             (Left _, GlobalTeamConv, _) ->
-              throw . InternalErrorWithDescription $
-                "Unexpected creator client set in a global teamconversation"
+              throwS @'MLSUnexpectedSenderClient
             (Left lm, _, [(qu, (creatorClient, _))])
               | qu == qUntagged (qualifyAs lconv (lmId lm)) -> do
                   -- use update path as sender reference and if not existing fall back to sender