* Log SyncMessage destination, even if it's a group
* Remove disappearing message even if deleted during fetch
This change fixes a potential race condition with disappearing message
removal from the UI. If the UI is in the middle of making a database
request for messages to display, then we need to wait for that to
complete before removing the newly-deleted expired message.
* api.js: HttpError now preserves more of original error info
* Allow invalid conversation to be added to ConversationController
If a number we don't believe is valid comes in as part of a group, we
fall apart. We event prevent display of that conversation. Because we
have 'isValid()' protections in place for the places we create contacts
from user input in desktop (the search bar), we can temporarily add an
invalid contact to our collection (not saving it to the database) to
unblock this group scenario.
Still investigating what kind of phone number is valid in a mobile app
but not valid for us.
* Finish the debuggable error support
* Fix logging in the case of an invalid number
* Revamp issue and pull request templates, other docs tweaks
`yarn test` now runs all of our tests.
* Remove generated files from the repository
* Update to new Signal support URL
* Prevent the 'Test failed 2 == 1' from test-release in CI
* Another attempt to fix grunt test-release on Appveyor
* grunt test-release: Fail build if test fails
* Lint fix, and move jshint earlier in CI process
No more errors like this in the logs!
```
INFO 2018-01-05T18:33:15.942Z Message.saveErrors: null Error
at file:///C:/Users/Test/AppData/Local/Programs/signal-desktop/resources/app.asar/js/libtextsecure.js:30:33
at file:///C:/Users/Test/AppData/Local/Programs/signal-desktop/resources/app.asar/js/libtextsecure.js:138:3
at file:///C:/Users/Test/AppData/Local/Programs/signal-desktop/resources/app.asar/js/libtextsecure.js:40718:3
```
It has no information in the title, and then the callstack points to
the `new Error()` line in the old `errors.js`.
This change will include the actual error name and message details in
the stack, and will include the original http error stack as well if
provided.
We've simplified; HTTPS_PROXY or https_proxy is used for all requests.
We also require that only our self-signed certificates are used for
secure traffic. That rules out all SSL-terminating MITM proxies, since
we don't trust their root certificate.
Once we're sure that this system works for people, we'll improve config
on MacOS and Windows.
We pull proxy settings from environment variables:
- HTTPS_PROXY for sending, profile pulls, and attachment download/upload
- WSS_PROXY for connecting to the websocket for receiving messages
- ALL_PROXY to provide one server for both
More details on our proxy handling:
- https://github.com/Rob--W/proxy-from-env#environment-variables
- https://github.com/TooTallNate/node-proxy-agent
This is the natural way of things for Linux. My understanding is that
most proxies on MacOS are system-wide and transparent, so it's not so
urgent. But Windows will likely require further UI for configuration.
Will need to do some testing with Windows users.
* Re-enable libtextsecure unit tests, get passing, run in CI
* Save prekeys optimistically, track confirmed, new clean behavior
* Eliminate potential conflicts when rotating on startup
* Remove last symlink: get libtextsecure tests running on windows
* Log when we get a blocked numbers sync message
* Save three old signed keys in addition to the current active
* Remove the mystery from all the error-related log messages
* Log successful load of signed key - to help debug prekey errors
* removeSignedPreKey: Don't hang or crash in error cases
* Log on top-level unhandled promise rejection
* Remove trailing comma in param list, Electron 1.6 does not like
* Harden top-level error handler for strange object shapes
* Retry failed signed key rotation; start rotation when registered (#1772)
* rotateSignedPrekeys: Fix 'res is not defined' error
* If the server rejects key rotation, don't retry immediately
* Force a signed key rotation on launch of any new version
* web requests: Don't fail if JSON not well-formed in error cases
Turns out that before our move to node-fetch, we ignored JSON.parse()
failures: https://github.com/WhisperSystems/Signal-Desktop/pull/1552/files#diff-1103a6aff0f28b6066715c6994278767L37518
* Update to libsignal v1.2.0, delete sessions on reset session
Previously we only archived sessions when sending or receiving a
'reset secure session, which didn't match up with the mobile apps.
I got a 413 (Rate limit exceeded) error from the server while fetching prekeys.
The client tried to parse the response as json since we expect json from the
prekey endpoint, which threw an exception because the response was not json.
This change prevents us from treating the response as json unless it has the
Content-Type header set accordingly.
If for some reason, the client and server disagree on whether the response
should be or is json, we'll default to treating it as text.
// FREEBIE
* Online/offline: Always stop timer, don't connect if closed
* Sockets: Send our own close event faster, shutdown only on close
Seems that we were too-aggressively disconnecting from all socket
events. Also, we should be able to send our own close event a lot
faster with no ill effects.
* Catch-up libtextsecure changes
* Use node-fetch instead of xhr
* Remove XMLHttpRequest.js
// FREEBIE
* Avoid calling json() on non json responses
Previously we would catch and swallow JSON parsing errors resulting from an
empty response, though empty responses are normal from a few endpoints, like
requesting sms or voice registration codes.
Since the JSON parsing call is now handled internally by node-fetch, we have to
keep closer track of our expected response type to avoid throwing an exception.
// FREEBIE
* Update to the latest version of autosize.js
* gitignore: Restrict 'dist' matches to the root dist folder
The global search for 'dist' caused problems when updateing bower
components.
* A couple minor version updates: ByteBuffer, filesize, intlTel
moment-with-localse, ProtoBuf
* Ensure that our preload.js setImmediate call finds right function
FREEBIE
* Our own socket close event, better logging, unregistration
FREEBIE
* Return CLOSED for NetworkStatusView if we've fully disconnected
* background.js: Remove messageReceiver = null, log in connect()
A null messageReciever makes the NetworkStatusView think we're online.
FREEBIE
* Refactor delivery receipt event handler
* Rename the delivery receipt event
For less ambiguity with read receipts.
* Rename synced read event
For less ambiguity with read receipts from other Signal users.
* Add support for incoming receipt messages
Handle ReceiptMessages, which may include encrypted delivery receipts or read
receipts from recipients of our sent messages.
// FREEBIE
* Rename ReadReceipts to ReadSyncs
* Render read messages with blue double checks
* Send read receipts to senders of incoming messages
// FREEBIE
* Move ReadSyncs to their own file
// FREEBIE
* Fixup old comments on read receipts (now read syncs)
And some variable renaming for extra clarity.
// FREEBIE
* Add global setting for read receipts
Don't send read receipt messages unless the setting is enabled.
Don't process read receipts if the setting is disabled.
// FREEBIE
* Sync read receipt setting from mobile
Toggling this setting on your mobile device should sync it to Desktop. When
linking, use the setting in the provisioning message.
// FREEBIE
* Send receipt messages silently
Avoid generating phantom messages on ios
// FREEBIE
* Save recipients on the outgoing message models
For accurate tracking and display of sent/delivered/read state, even if group
membership changes later.
// FREEBIE
* Fix conversation type in profile key update handling
// FREEBIE
* Set recipients on synced sent messages
* Render saved recipients in message detail if available
For older messages, where we did not save the intended set of recipients at the
time of sending, fall back to the current group membership.
// FREEBIE
* Record who has been successfully sent to
// FREEBIE
* Record who a message has been delivered to
* Invert the not-clickable class
* Fix readReceipt setting sync when linking
* Render per recipient sent/delivered/read status
In the message detail view for outgoing messages, render each recipient's
individual sent/delivered/read status with respect to this message, as long as
there are no errors associated with the recipient (ie, safety number changes,
user not registered, etc...) since the error icon is displayed in that case.
*Messages sent before this change may not have per-recipient status lists
and will simply show no status icon.
// FREEBIE
* Add configuration sync request
Send these requests in a one-off fashion when:
1. We have just setup from a chrome app import
2. We have just upgraded to read-receipt support
// FREEBIE
* Expose sendRequestConfigurationSyncMessage
// FREEBIE
* Fix handling of incoming delivery receipts - union with array
FREEBIE
* Disconnect from socket faster on complete loss of network access
Today we wait for a keepalive request to fail; this change forces
disconnect in the case that the browser tells us that we're now offline.
FREEBIE
* MessageReceiver: don't react to errors after explicit close()
FREEBIE
Rather than throw an error, just log call messages and drop them. This way we
distinguish them from incorrectly encoded content messages or new types of
messages we don't support yet, and don't insert unnecessary red flags and
stacktraces in debug logs.
// FREEBIE
* Add AES-GCM encryption for profiles
With tests.
* Add profileKey to DataMessage protobuf
// FREEBIE
* Decrypt and save profile names
// FREEBIE
* Save incoming profile keys
* Move pad/unpad to crypto module
// FREEBIE
* Support fetching avatars from the cdn
// FREEBIE
* Translate failed authentication errors
When AES-GCM authentication fails, webcrypto returns a very generic error. The
same error is thrown for invalid length inputs, but our earlier checks in
decryptProfile should rule out those failure modes and leave us safe to assume
that we either had bad ciphertext or the wrong key.
// FREEBIE
* Handle profile avatars (wip) and log decrypt errors
// FREEBIE
* Display profile avatars
Synced contact avatars will still override profile avatars.
* Display profile names in convo list
Only if we don't have a synced contact name.
// FREEBIE
* Make cdn url an environment config
Use different ones for staging and production
// FREEBIE
* Display profile name in conversation header
* Display profile name in group messages
* Update conversation header if profile avatar changes
// FREEBIE
* Style profile names small with ~
* Save profileKeys from contact sync messages
// FREEBIE
* Save profile keys from provisioning messages
For standalone accounts, generate a random profile key.
// FREEBIE
* Special case for one-time sync of our profile key
Android will use a contact sync message to sync a profile key from Android
clients who have just upgraded and generated their profile key. Normally we
should receive this data in a provisioning message.
// FREEBIE
* Infer profile sharing from synced data messages
* Populate profile keys on outgoing messages
Requires that `profileSharing` be set on the conversation.
// FREEBIE
* Support for the profile key update flag
When receiving a message with this flag, don't init a message record, just
process the profile key and move on.
// FREEBIE
* Display profile names in group member list
* Refresh contact's profile on profile key changes
// FREEBIE
* Catch errors on profile save
// FREEBIE
* Save our own synced contact info
Don't return early if we get a contact sync for our own number
// FREEBIE
* Add certificate pinning on https service requests
Make https requests to the server using node apis instead of browser apis, so we
can specify our own CA list, which contains only our own CA.
This protects us from MITM by a rogue CA.
As a bonus, this let's us drop the use of non-standard ports and just use good
ol' default 443 all the time, at least for http requests.
// FREEBIE
* Make certificateAuthorities an option on requests
Modify node-based xhr implementation based on driverdan/node-XMLHttpRequest,
adding support for setting certificate authorities on each request.
This allows us to pin our master CA for requests to the server and cdn but not
to the s3 attachment server, for instance. Also fix an exception when sending
binary data in a request: it is submitted as an array buffer, and must be
converted to a node Buffer since we are now using a node based request api.
// FREEBIE
* Import node-based xhr implementation
Add a copy of https://github.com/driverdan/node-XMLHttpRequest@86ff70e, and
expose it to the renderer in the preload script.
In later commits this module will be extended to support custom certificate
authorities.
// FREEBIE
* Support "arraybuffer" responseType on requests
When fetching attachments, we want the result as binary data rather than a utf8
string. This lets our node-based XMLHttpRequest honor the responseType property
if it is set on the xhr.
Note that naively using the raw `.buffer` from a node Buffer won't work, since
it is a reuseable backing buffer that is often much larger than the actual
content defined by the Buffer's offset and length.
Instead, we'll prepare a return buffer based on the response's content length
header, and incrementally write chunks of data into it as they arrive.
// FREEBIE
* Switch to self-signed server endpoint
* Log more error info on failed requests
With the node-based xhr, relevant error info are stored in statusText and
responseText when a request fails.
// FREEBIE
* Add node-based websocket w/ support for custom CA
// FREEBIE
* Support handling array buffers instead of blobs
Our node-based websocket calls onmessage with an arraybuffer instead of a blob.
For robustness (on the off chance we switch or update the socket implementation
agian) I've kept the machinery for converting blobs to array buffers.
// FREEBIE
* Destroy all wacky server ports
// FREEBIE
On a recent trip through a CPU profile taken while Signal Desktop
churned through a large backlog of messages, it was clear that
console.log was a major source of time spent, primarily the sort
operation required after every new entry is added to the Backbone
collection. So, three different techniques to combat this:
1) Reduce the maximum number of entries in the collection from 5k to 2k
2) No more logging of add/update/remove queue in MessageReceiver
3) No more log entries in Message.handleDataMessage main codepath
FREEBIE
When processing a contact sync with embedded identity key verification info, we
were running overlapping async fetch/save operations on the same conversation
model, causing a race that tends to clobber updates to the contact info.
In this change we extend the application-level contact info handler to block on
a subsequent call to the verification handler, which effectively serializes the
fetch/save calls, and relieves the need for the message receiver to trigger a
seperate event concerning the verification info on contact sync messages.
Fixes#1408
// FREEBIE
* Add support for backup and restore
This first pass works for all stores except messages, pending some scaling
improvements.
// FREEBIE
* Import of messages and attachments
Properly sanitize filenames. Logging information that will help with
debugging but won't threaten privacy (no contact or group names),
where the on-disk directories have this information to make things
human-readable
FREEBIE
* First fully operational single-action export and import!
FREEBIE
* Add migration export flow
A banner alert leads to a blocking ui for the migration. We close the socket and
wait for incoming messages to drain before starting the export.
FREEBIE
* A number of updates for the export flow
1. We don't immediately pop the directory selection dialog box, instead
showing an explicit 'choose directory' button after explaining what is
about to happen
2. We show a 'submit debug log' button on most steps of the process
3. We handle export errors and encourage the user to double-check their
filesystem then submit their log
4. We are resilient to restarts during the process
5. We handle the user cancelling out of the directory selection dialog
differently from other errors.
6. The export process is now serialized: non-messages, then messages.
7. After successful export, show where the data is on disk
FREEBUE
* Put migration behind a flag
FREEBIE
* Shut down websocket before proceeding with export
FREEBIE
* Add MigrationView to test/index.html to fix test
FREEBIE
* Remove 'Submit Debug Log' button when the export process is complete
FREEBIE
* Create a 'Signal Export' directory below user-chosen dir
This cleans things up a bit so we don't litter the user's target
directory with lots of stuff.
FREEBIE
* Clarify MessageReceiver.drain() method comments
FREEBIE
* A couple updates for clarity - event names, else handling
Also the removal of wait(), which wasn't used anywhere.
FREEBIE
* A number of wording updates for the export flow
FREEBIE
* Export complete: put dir on its own line, make text selectable
FREEBIE
There's really no reason to retry encryption errors again if they've
already been made user-visible in a conversation.
Also, refactor e->error in background.js onError(), since both e and ev
in this method made it too easy to make a mistake.
These were failing because ByteBuffers from the protobufs need to be converted
to ArrayBuffers. Fixed by useing the existing handler in MessageReceiver to
process verified messages from contact sync messages and dispatch them as their
own events, reducing some complexity on the application side.
// FREEBIE
In some cases, due to promise chaining and error propagation, we were
calling registerError more than once for a given error. This would then
cause the overall callback for the send operation to be called with a
partial set of errors, as well as duplicates.
Note: we do need to find a way to attach identityKey to the
OutgoingIdentityKeyError in the case where it comes directly from the
encrypt() instead of our pre-key operations.
FREEBIE
First construct a null message of random size and contents and send it to the
destination. Then include that same padding in the verification sync.
Note that the sync message is additionally randomly padded like all other sync
messages.
This lets Verified sync messages appear the same as normal sync message traffic.
// FREEBIE
Just log em for debugging. Also update the error messge thrown when we get a
content message with no supported properties. It may be empty or may just have
an unrecognized field.
// FREEBIE
This adds a new method to message sender for sending verification sync messages
and a new event to message receiver representing incoming verification sync
messages. Currently the event handler just logs the message.
// FREEBIE
saveIdentityWithAtttributes allows directly setting all properties of an
identity key record. In AccountManager we use it to save our own identity
key after a new registration.
Previously we would remove the existing key first in order to coerce firstUse to
true, but now we can simply set it explicitly, along with a VERIFIED status.
// FREEBIE
Previously we only expected these errors to occur when decrypting prekey
messages, so we need to add handling for them in the case of a normal message.
// FREEBIE
Multiple cases here:
1. setting our own key on registration
1. changing identities from a safety number change dialog
Note that removeIdentityKey runs before saveIdentity, so we'll always end up
with firstUse: true on our own key.
// FREEBIE
We can use the same padded plaintext across multiple numbers or attempts rather
than re-creating it every time we encrypt to a particular number.
// FREEBIE
This test is out of date with respect to the latest signed key rotation rules
implemented in b92dd45 and 536dd7b. Previously we would only keep the last two
signed keys, but now we keep at least three as well as requiring a minimum
retention period. As a result, this test should be failing, but we haven't
noticed because it's not using the `done` parameter to signal its asynchronous
nature.
// FREEBIE
This was supposed to solve the problem of losing group state after a reinstall
by inspecting member registration ids and pre-emptively sending group updates to
those who appear newly re-registered, but it has been unused since 6123c419.
Nowadays there's a protocol for requesting lost group state from other members.
// FREEBIE
There may come a day when we may need to change this url from the server
side. On that day, clients should continue to operate normally. The
service should be able to change attachment server locations without
requiring a client update.
// FREEBIE
Previously, updateNumbers would throw an Error, so the whole group
update was discarded.
Signal-Android handles this the same way in
GroupMessageProcessor.handleGroupUpdate().
Closes#1056
If a user has no groups, no group sync message is sent. This is a normal
result that should result in a success event rather than a timeout.
// FREEBIE
* libsignal.Curve is now a synchronous interface.
* libsignal.Curve.async is now the asynchronous interface.
* Fixes bugs in session management.
// FREEBIE
The getDeviceObjectsForNumber method returns device objects that contain
nothing but the encodedNumber property. Instead, just deal in deviceIds
until a SignalProtocolAddress is constructed to manage both the number
and deviceId.
// FREEBIE
Now that we simply establish and save a session via SessionBuilder
rather than saving the keys to pass in during encrypt, we can stop
caching them in memory in between the identity key check and the
encryption step.
// FREEBIE
Prevent races between encrypt and decrypt calls, and other read/write
operations on the session store by serializing session io ops per
device.
Possible fix for #535
// FREEBIE
Because remote clients will delete all sessions in response to an end
session message, regardless of which device it came from, when our
linked device sends an end session message, we must also end all
sessions with the destination.
This change moves the end session flag processing to processDecrypted,
which is shared between handlers of sent messages, data messages, and
messages which are re-tried after resolving identity conflicts.
// FREEBIE
Help debug bad session errors by logging some envelope info about the
message we are about to decrypt. With this, if there is a decryption
error (e.g., bad mac or no session) it is clear from the logs what
number and device message sent the bad message.
Also log when we send and receive end session messages and when we close
sessions for certain devices.
// FREEBIE
Previously we would delete our own key from the trust store when
re-linking, in case it changed. We can also immediately take one step
further and store the new key. Typically this happens in the course of
requesting sync info from the master device, except in the case of
standalone clients.
Closes#596
// FREEBIE
Sometimes an error is thrown while processing groups from a group sync
message. We still want to fire the groupsync event when we're done
handling all the data, even if some of it was bad.
Similar in function to an xhr request, a textsecure.SyncRequest object
is initialized from a message sender and receiver pair and initiates a
request for sync from the master device. It later fires a success event
when both contacts and groups are done syncing, or a timeout event after
one minute.
// FREEBIE
We should not ack envelope protobufs that fail to decode correctly. If
the server happens to send us such a thing it probably indicates a
protocol mismatch between it and the client, in which case the client
needs to update and re-receive the failed message.
// FREEBIE
This line was never being hit due to the duplicate one above (#L166).
Peeking at the server code shows that 403 is only given in response to
registration attempts, where it does in fact indicate an invalid code.
// FREEBIE
Fix bug where resending due to failed network connection would fail
silently.
Broken in 7b6820 refactor which changed arguments to transmitMessage
// FREEBIE
Previously, libtextsecure would send a sync message automatically
when appropriate. This fails if any recipient has a key conflict
or if our network connection fails mid-send.
Instead, when appropriate, return a the DataMessage encoded as an array
buffer for later syncing. This lets the application choose when to send
it, which we now do after any successful send to a recipient, rather
than after all recipients are successfully sent to.
Eventually we should move the DataMessage protobuf construction and
group sending logic to the application layer entirely, in which case
we wouldn't need libtextsecure to construct the sync message either.
Fixes#408
Fix bug where re-installing would cause sync messages to fail and
produce unresolvable error indicators on messages that were actually
sent.
// FREEBIE
encryptMessageFor now requires an array buffer instead of a protobuf.
By converting the message to an array buffer outside the Promise.all, we
avoid allocating a new copy for each device.
// FREEBIE
Follow up to b0da4910. When inferring membership of the sender in an
unknown group, remember to save and return the group members.
Generally, this should only effect standalone clients unless someone
managed to clear their groups db table, since linked clients get group
info synced at registration.
// FREEBIE
If you're the last member of the group, it doesn't make sense to send
messages to it. Previously, we would wait forever for a callback,
causing a stuck pending state indicator.
// FREEBIE
When we re-register, our deviceId might change, which makes our sessions
are no longer valid since the recipient will see us as a new device.
Fixes#388
Fix a bad loop scope bug in getKeysForNumber by using forEach.
Refactor the initial process of establishing key material for devices
that do not have open sessions.
// FREEBIE
These functions accept an array buffer and extract an AES and MAC key
from it without verifying it has the appropriate length. Ciphertext
messages are similarly dissected. The slice function does not raise an
error on out of bounds accesses but instead returns an empty or
partially-filled array. Empty or short arrays will be passed through to
the window.crypto.subtle API, where they will raise an error. We should
not rely on the Web Crypto API to validate key lengths or for MAC checks
to fail. Instead, validate the lengths of given parameters before
extracting their components.
// FREEBIE
This may increase processing latency a bit, particularly with large
attachments, but will ensure that messages are dispatched in the order
they are received.
It would be nice to enforce ordering on only the dispatch step, so that
we could, for example, decrypt the next websocket message while waiting
for an attachment to download, but that will require a more complicated
refactor. Will stick with the quick fix for now and revisit later.
Fixes#342
// FREEBIE
It's rare that we get in a state where we have a device record without a
session, but we should handle errors gracefully in that case. Catch them
and register them, except for identity key errors which are registered
in handleResult.
// FREEBIE
fixup error handling // FREEBIE
This function dynamically declares a bunch of functions which bind to
its input arguments. Instead, use a new prototypal class to define
these functions within the context of a particular message.
// FREEBIE
Add a pendingMessages object to MessageSender. This object holds
one promise per recipient number. We init this promise with
Promise.resolve(), and chain on promises for message sending, replacing
the previous promise with the newly chained promise each time. If the
current promise resolves and finds that it is still the last promise
in the chain, it removes itself.
Websocket resources should have their keepalive timers reset whenever a
message comes in. This is a nicety that slightly reduces the amount of
traffic we send when actively messaging.
Previously this was handled by MessageReceiver, but it's a bit cleaner
to just have the WebsocketResource add an extra 'message' event handler.
// FREEBIE
These are failing because MockSocket doesn't implement an EventTarget
interface like an actual WebSocket does, so we get an exception when
trying to call addEventListener on it. :(
// FREEBIE
Split into separate encrypt and transmit functions. Let the encryption
function also handle all wire formatting (ie, jsonification and base64
encoding), which simplifes TextSecureServer.sendMessages, removes a
TODO, and lets us save fewer params to make network errors replayable.
// FREEBIE
This ensures that the containing promise is rejected without triggering
the side effects of an uncaught exception, such as causing the debugger
to pause.
// FREEBIE
Previously would fail to register keys by using the wrong username.
The username should be <number>.<deviceid> once we've confirmed our
account and received a deviceId from the server.
// FREEBIE
`tryMessageAgain` is the routine called when re-trying a message that
failed to decrypt due to an IncomingIdentityKeyError. This handling
needs to move to MessageReceiver because it depends on
`processDecrypted` to handle incoming message protos, which depends
on a server instance in order to download attachments.
// FREEBIE
textsecure.MessageSender takes server url and credentials and returns
a message sending interface configured for that server.
Used a wrapper function to insert a TextSecureServer instance into
sendmessage.js code at runtime. This will result in function duplication
between different MessageSender objects, pending further refactoring to
use prototypal inheritence.
// FREEBIE
Following the pattern from previous commit, let the server class accept
a url and login credentials from the caller. Then integrate into
MessageReceiver and AccountManager.
// FREEBIE
Fix inconsistency in error format, where we sometimes get an unexpected
Error object and sometimes get a wrapper object containing an Error.
Also start saving network errors.
// FREEBIE
1. This is nonstandard behavior, not supported by any other clients. It
may help sometimes but will also cause bugs (see 2)
2. iOS doesn't handle group updates with missing fields. all fields must
be populated, and libtextsecure doesn't have any knowledge of the group
name or avatar, so these updates will clobber group state on iOS.
// FREEBIE
This one's been around since forever, but only manifests when someone
leaves the group and comes back. In that case we fail to reinit their
numberRegistrationId object, which causes a npe when we try to send
send them group messages.
Affected parties must ask their fickle friends to leave/join again.
// FREEBIE
Rather than asking for a global target, the message receiver implements
the EventTarget interface itself. It does not expose the dispatchEvent
method, however. This ensures that events can only be triggered from
within the internal MessageReceiver class, which means we no longer need
to namespace them.
// FREEBIE
Let the libtextsecure consumer pass in their own server url, username,
password, and signaling key, as with libtextsecure-java.
Also brings reconnect logic up into the MessageReceiver class, which
is the only place it should apply.
Forgot to bind the socket event handler, and the then() handler should
come before the catch() handler or else it will execute every time the
catch handler executes.
// FREEBIE
Always test connectivity with an http request after a websocket closes,
regardless of what code/error it closed with. If that request succeeds,
automatically reconnect the socket.
// FREEBIE
Start by requesting keys for only the master device, then handle 410 as
needed. Single-device users are the more common case and this strategy
lets us avoid requesting/expending one of our own device keys when
establishing a session with sibling devices.
// FREEBIE
After setting a new identity key as trusted, we retry decryption on all
pending conflicts for that contact. If their identity changed twice in a
row, we can still get a conflict the second time, and should handle it
appropriately.
This new endpoint should always issue a response to a provisioning
socket so if we don't receive one we should assume the connection has
been lost.
Closes#318
By default, automatically disconnect if no response. This is preferable
because we can sometimes lose connectivity without receiving a close
event from the socket, but it's also possible that the endpoint may not
support responses.
// FREEBIE
saveKeysToDeviceObject is the detector of outgoing identity key errors.
Catch these key errors closer to the source by pulling the
getKeysForNumber into the context of sendMessageToDevices, which lets
it access registerError and the message protobuf.
Previously identity key errors would be uncaught if all existing
sessions with a recipient were closed/deleted, since we would
preemptively fetch the new identity key. The old error handling only
kicked in after a 409/410 response from the server when posting a
message encrypted for a stale session.
// FREEBIE
Scott Nonnenberg
Lilia
haffenloher
Karel Bilek
Matt Corallo
codedust