Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

E2EE. Do not generate keypair without user request. #5067

Merged
merged 1 commit into from
Nov 1, 2022
Merged

E2EE. Do not generate keypair without user request. #5067

merged 1 commit into from
Nov 1, 2022

Conversation

allexzander
Copy link
Contributor

@allexzander allexzander commented Oct 18, 2022
edited
Loading

Signed-off-by: allexzander blackslayer4@gmail.com

Mnemonic is now displayed in mono font and text can't be typed in the dialog (readonly).
Keys are not generated automatically (see the video), but only after the user clicks "Enable encryption".

e2ee_mnemonic_display_monofont

e2ee_enable_display_mnemonic_reconnect.mp4

@allexzander allexzander force-pushed the bugfix/e2e-do-not-generate-keys-without-request branch 3 times, most recently from de07d0f to 38e722a Compare October 19, 2022 10:51
@allexzander allexzander marked this pull request as ready for review October 19, 2022 10:58
@allexzander
Copy link
Contributor Author

@jancborchardt see the description for the screenshot, video, and explanation of how this now works. Does it look good?

@jancborchardt
Copy link
Member

jancborchardt commented Oct 19, 2022
edited by allexzander
Loading

Nice! Some feedback:

  • The dialog takes a bit long to appear after clicking "Enable encryption", can that be sped up?
  • Can the dialog be a child of the settings dialog, like a modal overlay centered on top instead of yet another dialog?
  • The input still looks editable, is there no default grey background or " disabled" style?
  • The input is too high, can it be sized according to content?

@allexzander allexzander force-pushed the bugfix/e2e-do-not-generate-keys-without-request branch from ea3d469 to 06c350c Compare October 20, 2022 10:11
@allexzander
Copy link
Contributor Author

@jancborchardt I have fixed the 3-rd and 4-th remarks.

Regarding the first too.

The dialog takes a bit long to appear after clicking "Enable encryption", can that be sped up?

I can't control this as this is not a UI-caused delay. The desktop clients talk to the server and then to a Windows credentials store to generate, validate and store new keypair. Before, we had this happening in the background because it was always being triggered automatically, without the user clicking that "Enable encryption button". Now, as the user initiates the E2E keys generation, the delay is visible.

Can the dialog be a child of the settings dialog, like a modal overlay centered on top instead of yet another dialog?

It is already modal. You can't close the Settings dialog or, otherwise, interact with it without closing the mnemonic dialog.

@jancborchardt
Copy link
Member

I can't control this as this is not a UI-caused delay. The desktop clients talk to the server and then to a Windows credentials store to generate, validate and store new keypair.

Thank you for the explanation! :) So could we show the dialog already, but show a spinner / loading message inside the input saying "Generating mnemonic"?

@allexzander allexzander force-pushed the bugfix/e2e-do-not-generate-keys-without-request branch from 42b4134 to 8e4d58f Compare October 28, 2022 14:18
@codecov
Copy link

codecov bot commented Oct 28, 2022
edited
Loading

Codecov Report

Merging #5067 (7ad4c72) into master (1dbdd88) will decrease coverage by 0.13%.
The diff coverage is 0.00%.

❗ Current head 7ad4c72 differs from pull request most recent head 9ab89da. Consider uploading reports for the commit 9ab89da to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5067      +/-   ##
==========================================
- Coverage   57.22%   57.09%   -0.14%     
==========================================
  Files         138      138              
  Lines       17441    17444       +3     
==========================================
- Hits         9980     9959      -21     
- Misses       7461     7485      +24
Impacted Files Coverage Δ
src/libsync/account.cpp 37.15% <0.00%> (-0.44%) ⬇️
src/libsync/account.h 33.33% <ø> (ø)
src/libsync/clientsideencryption.cpp 26.40% <0.00%> (+0.07%) ⬆️
src/libsync/clientsideencryption.h 38.46% <ø> (ø)
src/libsync/vfs/cfapi/hydrationjob.cpp 52.38% <0.00%> (-3.71%) ⬇️
src/libsync/vfs/cfapi/vfs_cfapi.cpp 83.00% <0.00%> (-2.38%) ⬇️
src/libsync/vfs/cfapi/cfapiwrapper.cpp 72.50% <0.00%> (-1.82%) ⬇️
src/libsync/syncengine.cpp 83.71% <0.00%> (-0.46%) ⬇️
src/libsync/discovery.cpp 84.05% <0.00%> (+0.28%) ⬆️

@allexzander allexzander force-pushed the bugfix/e2e-do-not-generate-keys-without-request branch from 8e4d58f to fbe05e2 Compare October 28, 2022 14:50
@allexzander
Copy link
Contributor Author

I can't control this as this is not a UI-caused delay. The desktop clients talk to the server and then to a Windows credentials store to generate, validate and store new keypair.

Thank you for the explanation! :) So could we show the dialog already, but show a spinner / loading message inside the input saying "Generating mnemonic"?

So, we've discussed that with Tobias and this thing is turning into a new feature and is a bit out of the scope of this PR. There is also a plan to enhance the UX of E2E, and then this can be done alongside.

@allexzander allexzander mentioned this pull request Oct 29, 2022
Closed
@allexzander allexzander force-pushed the bugfix/e2e-do-not-generate-keys-without-request branch from 7ad4c72 to f8463c2 Compare October 29, 2022 14:30
mgallien
mgallien reviewed Oct 31, 2022
View reviewed changes
src/libsync/account.h
@@ -355,6 +358,8 @@ protected Q_SLOTS:

bool _trustCertificates = false;

bool _e2eEncryptionKeysGenerationAllowed = false;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you make it a property registered to Qt metaobject system ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please fix this and clean history of commits if needed
that said, I approve it works fine !
congratulations

@allexzander allexzander force-pushed the bugfix/e2e-do-not-generate-keys-without-request branch 2 times, most recently from a2c4b77 to 39fe9b8 Compare October 31, 2022 19:39
@allexzander
E2EE. Do not generate keypair without user request.
9ab89da 
Signed-off-by: allexzander <blackslayer4@gmail.com>
@allexzander allexzander force-pushed the bugfix/e2e-do-not-generate-keys-without-request branch from 39fe9b8 to 9ab89da Compare November 1, 2022 08:18
@nextcloud-desktop-bot
Copy link

AppImage file: nextcloud-PR-5067-9ab89daedd867465e6c86fd420994f54a03fbee4-x86_64.AppImage

To test this change/fix you can simply download above AppImage file and test it.

Please make sure to quit your existing Nextcloud app and backup your data.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 1, 2022

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 17 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@allexzander allexzander merged commit 3755914 into master Nov 1, 2022
@allexzander allexzander deleted the bugfix/e2e-do-not-generate-keys-without-request branch November 1, 2022 09:41
@mgallien mgallien added this to the 3.7.0 milestone Nov 8, 2022
@allexzander
Copy link
Contributor Author

/backport to stable-3.6

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Nov 9, 2022
Closed
1 task
allexzander added a commit that referenced this pull request Nov 9, 2022
@allexzander
Merge pull request #5067 from nextcloud/bugfix/e2e-do-not-generate-ke…
43d8ce6 
…ys-without-request

E2EE. Do not generate keypair without user request.
@allexzander allexzander mentioned this pull request Nov 9, 2022
Closed
allexzander added a commit that referenced this pull request Nov 9, 2022
@allexzander
Merge pull request #5067 from nextcloud/bugfix/e2e-do-not-generate-ke…
284cb25 
…ys-without-request

E2EE. Do not generate keypair without user request.

Signed-off-by: alex-z <blackslayer4@gmail.com>
This was referenced Nov 9, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mgallien mgallien mgallien approved these changes

@claucambra claucambra claucambra approved these changes

@jancborchardt jancborchardt Awaiting requested review from jancborchardt

@camilasan camilasan Awaiting requested review from camilasan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.7.0
Development

Successfully merging this pull request may close these issues.
5 participants
@allexzander @jancborchardt @nextcloud-desktop-bot @mgallien @claucambra