Don't allow Olm unwedging rate-limiting to race #3549
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
richvdh
reviewed
Jul 6, 2023
src/crypto/index.ts
Outdated
Comment on lines
3605
to
3610
| "New session already forced with device " + | ||
| sender + | ||
| ":" + | ||
| deviceKey + | ||
| " at " + | ||
| lastNewSessionForced + | ||
| ": not forcing another", | ||
| ": not forcing another until at least ", | ||
| forceNewSessionRetryTime |
There was a problem hiding this comment.
suggest updating this to backtick interpolation while you are here
`New session already forced with device ${sender} ...`
etc
There was a problem hiding this comment.
also suggest new Date(forceNewSessionRetryTime).toUTCString() to make the timestamp readable
src/crypto/index.ts
Outdated
| const MIN_FORCE_SESSION_INTERVAL_MS = 60 * 60 * 1000; | ||
| // minimum time between attempting to unwedge an Olm session, if we failed | ||
| // to create a new session | ||
| const FORCE_SESSION_RETRY_INTERVAL_MS = 5 * 60 * 1000; |
There was a problem hiding this comment.
Suggested change
| const FORCE_SESSION_RETRY_INTERVAL_MS = 5 * 60 * 1000; | |
| const FORCE_SESSION_RETRY_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes |
su-ex
added a commit
to SchildiChat/matrix-js-sdk
that referenced
this pull request
Feb 24, 2024
* Drop support for Node 16 ([\matrix-org#3533](matrix-org#3533)). * Improve types around login, registration, UIA and identity servers ([\matrix-org#3537](matrix-org#3537)). * **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (matrix-org#3189)** * Simplify `MatrixClient::setPowerLevel` API ([\matrix-org#3570](matrix-org#3570)). Fixes element-hq/element-web#13900 and matrix-org#1844. * Deprecate `VerificationRequest.getQRCodeBytes` and replace it with the asynchronous `generateQRCode`. ([\matrix-org#3562](matrix-org#3562)). * Deprecate `VerificationRequest.beginKeyVerification()` in favour of `VerificationRequest.startVerification()`. ([\matrix-org#3528](matrix-org#3528)). * Deprecate `Crypto.VerificationRequest` application event, replacing it with `Crypto.VerificationRequestReceived`. ([\matrix-org#3514](matrix-org#3514)). * Throw saner error when peeking has its room pulled out from under it ([\matrix-org#3577](matrix-org#3577)). Fixes element-hq/element-web#18679. * OIDC: Log in ([\matrix-org#3554](matrix-org#3554)). Contributed by @kerryarchibald. * Prevent threads code from making identical simultaneous API hits ([\matrix-org#3541](matrix-org#3541)). Fixes element-hq/element-web#25395. * Update IUnsigned type to be extensible ([\matrix-org#3547](matrix-org#3547)). * add stop() api to BackupManager for clean shutdown ([\matrix-org#3553](matrix-org#3553)). * Log the message ID of any undecryptable to-device messages ([\matrix-org#3543](matrix-org#3543)). * Ignore thread relations on state events for consistency with edits ([\matrix-org#3540](matrix-org#3540)). * OIDC: validate id token ([\matrix-org#3531](matrix-org#3531)). Contributed by @kerryarchibald. * Fix read receipt sending behaviour around thread roots ([\matrix-org#3600](matrix-org#3600)). * Fix `TypedEventEmitter::removeAllListeners(void)` not working ([\matrix-org#3561](matrix-org#3561)). * Don't allow Olm unwedging rate-limiting to race ([\matrix-org#3549](matrix-org#3549)). Fixes element-hq/element-web#25716. * Fix an instance of failed to decrypt error when an in flight `/keys/query` fails. ([\matrix-org#3486](matrix-org#3486)). * Use the right anchor emoji for SAS verification ([\matrix-org#3534](matrix-org#3534)). * fix a bug which caused the wrong emoji to be shown during SAS device verification. ([\matrix-org#3523](matrix-org#3523)).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously, we only marked the time that we re-created an Olm session after the session was created. So if we try to unwedge while we're in the middle of unwedging, it won't be rate-limited, and we end up creating multiple new sessions. This patch sets up rate limiting before any
awaits, with a delay of 5 minutes, so it doesn't race any more.Fixes element-hq/element-web#25716
No tests yet because I'm not sure how to test this. Suggestions welcome.
Checklist
Here's what your changelog entry will look like:
🐛 Bug Fixes