Merge tag 'v3.75.0' into sc

* Remove `feature_favourite_messages` as it is has been abandoned for now ([\matrix-org#11097](matrix-org#11097)). Fixes element-hq/element-web#25555.
* Don't setup keys on login when encryption is force disabled ([\matrix-org#11125](matrix-org#11125)). Contributed by @kerryarchibald.
* OIDC: attempt dynamic client registration ([\matrix-org#11074](matrix-org#11074)). Fixes element-hq/element-web#25468 and element-hq/element-web#25467. Contributed by @kerryarchibald.
* OIDC: Check static client registration and add login flow ([\matrix-org#11088](matrix-org#11088)). Fixes element-hq/element-web#25467. Contributed by @kerryarchibald.
* Improve message body output from plain text editor ([\matrix-org#11124](matrix-org#11124)). Contributed by @alunturner.
* Disable encryption toggle in room settings when force disabled ([\matrix-org#11122](matrix-org#11122)). Contributed by @kerryarchibald.
* Add .well-known config option to force disable encryption on room creation ([\matrix-org#11120](matrix-org#11120)). Contributed by @kerryarchibald.
* Handle permalinks in room topic ([\matrix-org#11115](matrix-org#11115)). Fixes element-hq/element-web#23395.
* Add at room avatar for RTE ([\matrix-org#11106](matrix-org#11106)). Contributed by @alunturner.
* Remove new room breadcrumbs ([\matrix-org#11104](matrix-org#11104)).
* Update rich text editor dependency and associated changes ([\matrix-org#11098](matrix-org#11098)). Contributed by @alunturner.
* Implement new model, hooks and reconcilation code for new GYU notification settings ([\matrix-org#11089](matrix-org#11089)). Contributed by @justjanne.
* Allow maintaining a different right panel width for thread panels ([\matrix-org#11064](matrix-org#11064)). Fixes element-hq/element-web#25487.
* Make AppPermission pane scrollable ([\matrix-org#10954](matrix-org#10954)). Fixes element-hq/element-web#25438 and element-hq/element-web#25511. Contributed by @luixxiul.
* Integrate compound design tokens ([\matrix-org#11091](matrix-org#11091)). Fixes vector-im/internal-planning#450.
* Don't warn about the effects of redacting state events when redacting non-state-events ([\matrix-org#11071](matrix-org#11071)). Fixes element-hq/element-web#8478.
* Allow specifying help URLs in config.json ([\matrix-org#11070](matrix-org#11070)). Fixes element-hq/element-web#15268.
* Fix spurious notifications on non-live events ([\matrix-org#11133](matrix-org#11133)). Fixes element-hq/element-web#24336.
* Prevent auto-translation within composer ([\matrix-org#11114](matrix-org#11114)). Fixes element-hq/element-web#25624.
* Fix caret jump when backspacing into empty line at beginning of editor ([\matrix-org#11128](matrix-org#11128)). Fixes element-hq/element-web#22335.
* Fix server picker not allowing you to switch from custom to default ([\matrix-org#11127](matrix-org#11127)). Fixes element-hq/element-web#25650.
* Consider the unthreaded read receipt for Unread dot state ([\matrix-org#11117](matrix-org#11117)). Fixes element-hq/element-web#24229.
* Increase RTE resilience ([\matrix-org#11111](matrix-org#11111)). Fixes element-hq/element-web#25277. Contributed by @alunturner.
* Fix RoomView ignoring alias lookup errors due to them not knowing the roomId ([\matrix-org#11099](matrix-org#11099)). Fixes element-hq/element-web#24783 and element-hq/element-web#25562.
* Fix style inconsistencies on SecureBackupPanel ([\matrix-org#11102](matrix-org#11102)). Fixes element-hq/element-web#25615. Contributed by @luixxiul.
* Remove unknown MXIDs from invite suggestions ([\matrix-org#11055](matrix-org#11055)). Fixes element-hq/element-web#25446.
* Reduce volume of ring sounds to normalised levels ([\matrix-org#9143](matrix-org#9143)). Contributed by @JMoVS.
* Fix slash commands not being enabled in certain cases ([\matrix-org#11090](matrix-org#11090)). Fixes element-hq/element-web#25572.
* Prevent escape in threads from sending focus to main timeline composer ([\matrix-org#11061](matrix-org#11061)). Fixes element-hq/element-web#23397.

CHANGELOG.md

@@ -1,3 +1,41 @@
+Changes in [3.75.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.75.0) (2023-07-04)
+=====================================================================================================
+
+## 🦖 Deprecations
+ * Remove `feature_favourite_messages` as it is has been abandoned for now ([\#11097](https://github.com/matrix-org/matrix-react-sdk/pull/11097)). Fixes vector-im/element-web#25555.
+
+## ✨ Features
+ * Don't setup keys on login when encryption is force disabled ([\#11125](https://github.com/matrix-org/matrix-react-sdk/pull/11125)). Contributed by @kerryarchibald.
+ * OIDC: attempt dynamic client registration ([\#11074](https://github.com/matrix-org/matrix-react-sdk/pull/11074)). Fixes vector-im/element-web#25468 and vector-im/element-web#25467. Contributed by @kerryarchibald.
+ * OIDC: Check static client registration and add login flow ([\#11088](https://github.com/matrix-org/matrix-react-sdk/pull/11088)). Fixes vector-im/element-web#25467. Contributed by @kerryarchibald.
+ * Improve message body output from plain text editor ([\#11124](https://github.com/matrix-org/matrix-react-sdk/pull/11124)). Contributed by @alunturner.
+ * Disable encryption toggle in room settings when force disabled ([\#11122](https://github.com/matrix-org/matrix-react-sdk/pull/11122)). Contributed by @kerryarchibald.
+ * Add .well-known config option to force disable encryption on room creation ([\#11120](https://github.com/matrix-org/matrix-react-sdk/pull/11120)). Contributed by @kerryarchibald.
+ * Handle permalinks in room topic ([\#11115](https://github.com/matrix-org/matrix-react-sdk/pull/11115)). Fixes vector-im/element-web#23395.
+ * Add at room avatar for RTE ([\#11106](https://github.com/matrix-org/matrix-react-sdk/pull/11106)). Contributed by @alunturner.
+ * Remove new room breadcrumbs ([\#11104](https://github.com/matrix-org/matrix-react-sdk/pull/11104)).
+ * Update rich text editor dependency and associated changes ([\#11098](https://github.com/matrix-org/matrix-react-sdk/pull/11098)). Contributed by @alunturner.
+ * Implement new model, hooks and reconcilation code for new GYU notification settings ([\#11089](https://github.com/matrix-org/matrix-react-sdk/pull/11089)). Contributed by @justjanne.
+ * Allow maintaining a different right panel width for thread panels ([\#11064](https://github.com/matrix-org/matrix-react-sdk/pull/11064)). Fixes vector-im/element-web#25487.
+ * Make AppPermission pane scrollable ([\#10954](https://github.com/matrix-org/matrix-react-sdk/pull/10954)). Fixes vector-im/element-web#25438 and vector-im/element-web#25511. Contributed by @luixxiul.
+ * Integrate compound design tokens ([\#11091](https://github.com/matrix-org/matrix-react-sdk/pull/11091)). Fixes vector-im/internal-planning#450.
+ * Don't warn about the effects of redacting state events when redacting non-state-events ([\#11071](https://github.com/matrix-org/matrix-react-sdk/pull/11071)). Fixes vector-im/element-web#8478.
+ * Allow specifying help URLs in config.json ([\#11070](https://github.com/matrix-org/matrix-react-sdk/pull/11070)). Fixes vector-im/element-web#15268.
+
+## 🐛 Bug Fixes
+ * Fix spurious notifications on non-live events ([\#11133](https://github.com/matrix-org/matrix-react-sdk/pull/11133)). Fixes vector-im/element-web#24336.
+ * Prevent auto-translation within composer ([\#11114](https://github.com/matrix-org/matrix-react-sdk/pull/11114)). Fixes vector-im/element-web#25624.
+ * Fix caret jump when backspacing into empty line at beginning of editor ([\#11128](https://github.com/matrix-org/matrix-react-sdk/pull/11128)). Fixes vector-im/element-web#22335.
+ * Fix server picker not allowing you to switch from custom to default ([\#11127](https://github.com/matrix-org/matrix-react-sdk/pull/11127)). Fixes vector-im/element-web#25650.
+ * Consider the unthreaded read receipt for Unread dot state ([\#11117](https://github.com/matrix-org/matrix-react-sdk/pull/11117)). Fixes vector-im/element-web#24229.
+ * Increase RTE resilience ([\#11111](https://github.com/matrix-org/matrix-react-sdk/pull/11111)). Fixes vector-im/element-web#25277. Contributed by @alunturner.
+ * Fix RoomView ignoring alias lookup errors due to them not knowing the roomId ([\#11099](https://github.com/matrix-org/matrix-react-sdk/pull/11099)). Fixes vector-im/element-web#24783 and vector-im/element-web#25562.
+ * Fix style inconsistencies on SecureBackupPanel ([\#11102](https://github.com/matrix-org/matrix-react-sdk/pull/11102)). Fixes vector-im/element-web#25615. Contributed by @luixxiul.
+ * Remove unknown MXIDs from invite suggestions ([\#11055](https://github.com/matrix-org/matrix-react-sdk/pull/11055)). Fixes vector-im/element-web#25446.
+ * Reduce volume of ring sounds to normalised levels ([\#9143](https://github.com/matrix-org/matrix-react-sdk/pull/9143)). Contributed by @JMoVS.
+ * Fix slash commands not being enabled in certain cases ([\#11090](https://github.com/matrix-org/matrix-react-sdk/pull/11090)). Fixes vector-im/element-web#25572.
+ * Prevent escape in threads from sending focus to main timeline composer ([\#11061](https://github.com/matrix-org/matrix-react-sdk/pull/11061)). Fixes vector-im/element-web#23397.
+
 Changes in [3.74.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.74.0) (2023-06-20)
 =====================================================================================================
 

cypress/e2e/crypto/complete-security.spec.ts

@@ -14,11 +14,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import type { VerificationRequest } from "matrix-js-sdk/src/crypto/verification/request/VerificationRequest";
 import { HomeserverInstance } from "../../plugins/utils/homeserver";
-import { handleVerificationRequest, logIntoElement, waitForVerificationRequest } from "./utils";
-import { CypressBot } from "../../support/bot";
-import { skipIfRustCrypto } from "../../support/util";
+import { logIntoElement } from "./utils";
 
 describe("Complete security", () => {
  let homeserver: HomeserverInstance;
@@ -46,39 +43,5 @@ describe("Complete security", () => {
  cy.findByText("Welcome Jeff");
  });
 
- it("should walk through device verification if we have a signed device", () => {
- skipIfRustCrypto();
-
- // create a new user, and have it bootstrap cross-signing
- let botClient: CypressBot;
- cy.getBot(homeserver, { displayName: "Jeff" })
- .then(async (bot) => {
- botClient = bot;
- await bot.bootstrapCrossSigning({});
- })
- .then(() => {
- // now log in, in Element. We go in through the login page because otherwise the device setup flow
- // doesn't get triggered
- console.log("%cAccount set up; logging in user", "font-weight: bold; font-size:x-large");
- logIntoElement(homeserver.baseUrl, botClient.getSafeUserId(), botClient.__cypress_password);
-
- // we should see a prompt for a device verification
- cy.findByRole("heading", { name: "Verify this device" });
- const botVerificationRequestPromise = waitForVerificationRequest(botClient);
- cy.findByRole("button", { name: "Verify with another device" }).click();
-
- // accept the verification request on the "bot" side
- cy.wrap(botVerificationRequestPromise).then(async (verificationRequest: VerificationRequest) => {
- await handleVerificationRequest(verificationRequest);
- });
-
- // confirm that the emojis match
- cy.findByRole("button", { name: "They match" }).click();
-
- // we should get the confirmation box
- cy.findByText(/You've successfully verified/);
-
- cy.findByRole("button", { name: "Got it" }).click();
- });
- });
+ // see also "Verify device during login with SAS" in `verifiction.spec.ts`.
 });

cypress/e2e/crypto/crypto.spec.ts

@@ -15,17 +15,11 @@ limitations under the License.
 */
 
 import type { ISendEventResponse, MatrixClient, Room } from "matrix-js-sdk/src/matrix";
-import type { VerificationRequest } from "matrix-js-sdk/src/crypto/verification/request/VerificationRequest";
+import type { VerificationRequest } from "matrix-js-sdk/src/crypto-api";
 import type { CypressBot } from "../../support/bot";
 import { HomeserverInstance } from "../../plugins/utils/homeserver";
 import { UserCredentials } from "../../support/login";
-import {
- checkDeviceIsCrossSigned,
- EmojiMapping,
- handleVerificationRequest,
- logIntoElement,
- waitForVerificationRequest,
-} from "./utils";
+import { doTwoWaySasVerification, waitForVerificationRequest } from "./utils";
 import { skipIfRustCrypto } from "../../support/util";
 
 interface CryptoTestContext extends Mocha.Context {
@@ -110,27 +104,6 @@ function autoJoin(client: MatrixClient) {
  });
 }
 
-/**
- * Given a VerificationRequest in a bot client, add cypress commands to:
- * - wait for the bot to receive a 'verify by emoji' notification
- * - check that the bot sees the same emoji as the application
- *
- * @param botVerificationRequest - a verification request in a bot client
- */
-function doTwoWaySasVerification(botVerificationRequest: VerificationRequest): void {
- // on the bot side, wait for the emojis, confirm they match, and return them
- const emojiPromise = handleVerificationRequest(botVerificationRequest);
-
- // then, check that our application shows an emoji panel with the same emojis.
- cy.wrap(emojiPromise).then((emojis: EmojiMapping[]) => {
- cy.get(".mx_VerificationShowSas_emojiSas_block").then((emojiBlocks) => {
- emojis.forEach((emoji: EmojiMapping, index: number) => {
- expect(emojiBlocks[index].textContent.toLowerCase()).to.eq(emoji[0] + emoji[1]);
- });
- });
- });
-}
-
 const verify = function (this: CryptoTestContext) {
  const bobsVerificationRequestPromise = waitForVerificationRequest(this.bob);
 
@@ -139,9 +112,14 @@ const verify = function (this: CryptoTestContext) {
  cy.findByText("Bob").click();
  cy.findByRole("button", { name: "Verify" }).click();
  cy.findByRole("button", { name: "Start Verification" }).click();
- cy.findByRole("button", { name: "Verify by emoji" }).click();
+
+ // this requires creating a DM, so can take a while. Give it a longer timeout.
+ cy.findByRole("button", { name: "Verify by emoji", timeout: 30000 }).click();
+
  cy.wrap(bobsVerificationRequestPromise).then((request: VerificationRequest) => {
- doTwoWaySasVerification(request);
+ // the bot user races with the Element user to hit the "verify by emoji" button
+ const verifier = request.beginKeyVerification("m.sas.v1");
+ doTwoWaySasVerification(verifier);
  });
  cy.findByRole("button", { name: "They match" }).click();
  cy.findByText("You've successfully verified Bob!").should("exist");
@@ -171,29 +149,110 @@ describe("Cryptography", function () {
  cy.stopHomeserver(this.homeserver);
  });
 
- it("setting up secure key backup should work", () => {
- skipIfRustCrypto();
- cy.openUserSettings("Security & Privacy");
- cy.findByRole("button", { name: "Set up Secure Backup" }).click();
- cy.get(".mx_Dialog").within(() => {
- cy.findByRole("button", { name: "Continue" }).click();
- cy.get(".mx_CreateSecretStorageDialog_recoveryKey code").invoke("text").as("securityKey");
- // Clicking download instead of Copy because of https://github.com/cypress-io/cypress/issues/2851
- cy.findByRole("button", { name: "Download" }).click();
- cy.contains(".mx_Dialog_primary:not([disabled])", "Continue").click();
- cy.get(".mx_InteractiveAuthDialog").within(() => {
- cy.get(".mx_Dialog_title").within(() => {
- cy.findByText("Setting up keys").should("exist");
- cy.findByText("Setting up keys").should("not.exist");
+ describe.each([{ isDeviceVerified: true }, { isDeviceVerified: false }])(
+ "setting up secure key backup should work %j",
+ ({ isDeviceVerified }) => {
+ /**
+ * Verify that the `m.cross_signing.${keyType}` key is available on the account data on the server
+ * @param keyType
+ */
+ function verifyKey(keyType: string) {
+ return cy
+ .getClient()
+ .then((cli) => cy.wrap(cli.getAccountDataFromServer(`m.cross_signing.${keyType}`)))
+ .then((accountData: { encrypted: Record<string, Record<string, string>> }) => {
+ expect(accountData.encrypted).to.exist;
+ const keys = Object.keys(accountData.encrypted);
+ const key = accountData.encrypted[keys[0]];
+ expect(key.ciphertext).to.exist;
+ expect(key.iv).to.exist;
+ expect(key.mac).to.exist;
+ });
+ }
+
+ /**
+ * Click on download button and continue
+ */
+ function downloadKey() {
+ // Clicking download instead of Copy because of https://github.com/cypress-io/cypress/issues/2851
+ cy.findByRole("button", { name: "Download" }).click();
+ cy.contains(".mx_Dialog_primary:not([disabled])", "Continue").click();
+ }
+
+ it("by recovery code", () => {
+ skipIfRustCrypto();
+
+ // Verified the device
+ if (isDeviceVerified) {
+ cy.bootstrapCrossSigning(aliceCredentials);
+ }
+
+ cy.openUserSettings("Security & Privacy");
+ cy.findByRole("button", { name: "Set up Secure Backup" }).click();
+ cy.get(".mx_Dialog").within(() => {
+ // Recovery key is selected by default
+ cy.findByRole("button", { name: "Continue" }).click();
+ cy.get(".mx_CreateSecretStorageDialog_recoveryKey code").invoke("text").as("securityKey");
+
+ downloadKey();
+
+ // When the device is verified, the `Setting up keys` step is skipped
+ if (!isDeviceVerified) {
+ cy.get(".mx_InteractiveAuthDialog").within(() => {
+ cy.get(".mx_Dialog_title").within(() => {
+ cy.findByText("Setting up keys").should("exist");
+ cy.findByText("Setting up keys").should("not.exist");
+ });
+ });
+ }
+
+ cy.findByText("Secure Backup successful").should("exist");
+ cy.findByRole("button", { name: "Done" }).click();
+ cy.findByText("Secure Backup successful").should("not.exist");
  });
+
+ // Verify that the SSSS keys are in the account data stored in the server
+ verifyKey("master");
+ verifyKey("self_signing");
+ verifyKey("user_signing");
  });
 
- cy.findByText("Secure Backup successful").should("exist");
- cy.findByRole("button", { name: "Done" }).click();
- cy.findByText("Secure Backup successful").should("not.exist");
- });
- return;
- });
+ it("by passphrase", () => {
+ skipIfRustCrypto();
+
+ // Verified the device
+ if (isDeviceVerified) {
+ cy.bootstrapCrossSigning(aliceCredentials);
+ }
+
+ cy.openUserSettings("Security & Privacy");
+ cy.findByRole("button", { name: "Set up Secure Backup" }).click();
+ cy.get(".mx_Dialog").within(() => {
+ // Select passphrase option
+ cy.findByText("Enter a Security Phrase").click();
+ cy.findByRole("button", { name: "Continue" }).click();
+
+ // Fill passphrase input
+ cy.get("input").type("new passphrase for setting up a secure key backup");
+ cy.contains(".mx_Dialog_primary:not([disabled])", "Continue").click();
+ // Confirm passphrase
+ cy.get("input").type("new passphrase for setting up a secure key backup");
+ cy.contains(".mx_Dialog_primary:not([disabled])", "Continue").click();
+
+ downloadKey();
+
+ cy.findByText("Secure Backup successful").should("exist");
+ cy.findByRole("button", { name: "Done" }).click();
+ cy.findByText("Secure Backup successful").should("not.exist");
+ });
+
+ // Verify that the SSSS keys are in the account data stored in the server
+ verifyKey("master");
+ verifyKey("self_signing");
+ verifyKey("user_signing");
+ });
+ },
+ );
 
  it("creating a DM should work, being e2e-encrypted / user verification", function (this: CryptoTestContext) {
  skipIfRustCrypto();
@@ -324,68 +383,3 @@ describe("Cryptography", function () {
  });
  });
 });
-
-describe("Verify own device", () => {
- let aliceBotClient: CypressBot;
- let homeserver: HomeserverInstance;
-
- beforeEach(() => {
- skipIfRustCrypto();
- cy.startHomeserver("default").then((data: HomeserverInstance) => {
- homeserver = data;
-
- // Visit the login page of the app, to load the matrix sdk
- cy.visit("/#/login");
-
- // wait for the page to load
- cy.window({ log: false }).should("have.property", "matrixcs");
-
- // Create a new device for alice
- cy.getBot(homeserver, { bootstrapCrossSigning: true }).then((bot) => {
- aliceBotClient = bot;
- });
- });
- });
-
- afterEach(() => {
- cy.stopHomeserver(homeserver);
- });
-
- /* Click the "Verify with another device" button, and have the bot client auto-accept it.
- *
- * Stores the incoming `VerificationRequest` on the bot client as `@verificationRequest`.
- */
- function initiateAliceVerificationRequest() {
- // alice bot waits for verification request
- const promiseVerificationRequest = waitForVerificationRequest(aliceBotClient);
-
- // Click on "Verify with another device"
- cy.get(".mx_AuthPage").within(() => {
- cy.findByRole("button", { name: "Verify with another device" }).click();
- });
-
- // alice bot responds yes to verification request from alice
- cy.wrap(promiseVerificationRequest).as("verificationRequest");
- }
-
- it("with SAS", function (this: CryptoTestContext) {
- logIntoElement(homeserver.baseUrl, aliceBotClient.getUserId(), aliceBotClient.__cypress_password);
-
- // Launch the verification request between alice and the bot
- initiateAliceVerificationRequest();
-
- // Handle emoji SAS verification
- cy.get(".mx_InfoDialog").within(() => {
- cy.get<VerificationRequest>("@verificationRequest").then((request: VerificationRequest) => {
- // Handle emoji request and check that emojis are matching
- doTwoWaySasVerification(request);
- });
-
- cy.findByRole("button", { name: "They match" }).click();
- cy.findByRole("button", { name: "Got it" }).click();
- });
-
- // Check that our device is now cross-signed
- checkDeviceIsCrossSigned();
- });
-});