fix: workaround token rotation during cross-signing setup

TheOneWithTheBraid · TheOneWithTheBraid · commit ff732a4d4061 · 2025-02-11T14:59:54.000+01:00
Signed-off-by: The one with the braid &lt;info@braid.business&gt;
diff --git a/lib/encryption/cross_signing.dart b/lib/encryption/cross_signing.dart
@@ -205,6 +205,7 @@ class CrossSigning {
         }
       }
 
+      await client.ensureNotSoftLoggedOut();
       await client.uploadCrossSigningSignatures(payload);
     }
   }
diff --git a/lib/encryption/key_manager.dart b/lib/encryption/key_manager.dart
@@ -276,6 +276,7 @@ class KeyManager {
       }
       return sess; // nothing to do
     }
+    await client.ensureNotSoftLoggedOut();
     final session =
         await client.database?.getInboundGroupSession(roomId, sessionId);
     if (session == null) return null;
@@ -460,6 +461,7 @@ class KeyManager {
               room.id,
               sess.outboundGroupSession!.session_id(),
             );
+            await client.ensureNotSoftLoggedOut();
             // send out the key
             await client.sendToDeviceEncryptedChunked(
               devicesToReceive,
@@ -591,6 +593,7 @@ class KeyManager {
       key: userID,
     );
     try {
+      await client.ensureNotSoftLoggedOut();
       await client.sendToDeviceEncryptedChunked(
         deviceKeys,
         EventTypes.RoomKey,
@@ -659,6 +662,7 @@ class KeyManager {
             .isBefore(_roomKeysVersionCacheDate!)) {
       return _roomKeysVersionCache!;
     }
+    await client.ensureNotSoftLoggedOut();
     _roomKeysVersionCache = await client.getRoomKeysVersionCurrent();
     _roomKeysVersionCacheDate = DateTime.now();
     return _roomKeysVersionCache!;
@@ -725,6 +729,7 @@ class KeyManager {
   /// while for older and big accounts.
   Future<void> loadAllKeys() async {
     final info = await getRoomKeysBackupInfo();
+    await client.ensureNotSoftLoggedOut();
     final ret = await client.getRoomKeys(info.version);
     await loadFromResponse(ret);
   }
@@ -733,6 +738,7 @@ class KeyManager {
   /// while for older and big rooms.
   Future<void> loadAllKeysFromRoom(String roomId) async {
     final info = await getRoomKeysBackupInfo();
+    await client.ensureNotSoftLoggedOut();
     final ret = await client.getRoomKeysByRoomId(roomId, info.version);
     final keys = RoomKeys.fromJson({
       'rooms': {
@@ -748,6 +754,7 @@ class KeyManager {
   /// and stores it.
   Future<void> loadSingleKey(String roomId, String sessionId) async {
     final info = await getRoomKeysBackupInfo();
+    await client.ensureNotSoftLoggedOut();
     final ret =
         await client.getRoomKeyBySessionId(roomId, sessionId, info.version);
     final keys = RoomKeys.fromJson({
@@ -809,6 +816,7 @@ class KeyManager {
         sessionId: sessionId,
       );
       final userList = await room.requestParticipants();
+      await client.ensureNotSoftLoggedOut();
       await client.sendToDevicesOfUserIds(
         userList.map<String>((u) => u.id).toSet(),
         EventTypes.RoomKeyRequest,
@@ -916,6 +924,7 @@ class KeyManager {
               await client.nativeImplementations.generateUploadKeys(args);
           Logs().i('[Key Manager] Uploading ${dbSessions.length} room keys...');
           // upload the payload...
+          await client.ensureNotSoftLoggedOut();
           await client.putRoomKeys(info.version, roomKeys);
           // and now finally mark all the keys as uploaded
           // no need to optimze this, as we only run it so seldomly and almost never with many keys at once
@@ -1119,6 +1128,7 @@ class KeyManager {
         final userData = data[device.userId] ??= {};
         userData[device.deviceId!] = sendToDeviceMessage;
       }
+      await client.ensureNotSoftLoggedOut();
       await client.sendToDevice(
         EventTypes.RoomKeyRequest,
         client.generateUniqueTransactionId(),
diff --git a/lib/encryption/ssss.dart b/lib/encryption/ssss.dart
@@ -207,6 +207,7 @@ class SSSS {
       .key;
 
   Future<void> setDefaultKeyId(String keyId) async {
+    await client.ensureNotSoftLoggedOut();
     await client.setAccountData(
       client.userID!,
       EventTypes.SecretStorageDefaultKey,
@@ -264,6 +265,9 @@ class SSSS {
         .firstWhere((keyId) => getKey(keyId) == null);
 
     final accountDataTypeKeyId = EventTypes.secretStorageKey(keyId);
+
+    await client.ensureNotSoftLoggedOut();
+
     // noooow we set the account data
 
     await client.setAccountData(
@@ -395,6 +399,7 @@ class SSSS {
       'ciphertext': encrypted.ciphertext,
       'mac': encrypted.mac,
     };
+    await client.ensureNotSoftLoggedOut();
     // store the thing in your account data
     await client.setAccountData(client.userID!, type, content);
     final db = client.database;
@@ -434,6 +439,8 @@ class SSSS {
     if (await getStored(type, keyId, key) != secret) {
       throw Exception('Secrets do not match up!');
     }
+
+    await client.ensureNotSoftLoggedOut();
     // store the thing in your account data
     await client.setAccountData(client.userID!, type, content);
     if (cacheTypes.contains(type)) {
@@ -502,6 +509,7 @@ class SSSS {
       devices: devices,
     );
     pendingShareRequests[requestId] = request;
+    await client.ensureNotSoftLoggedOut();
     await client.sendToDeviceEncrypted(devices, EventTypes.SecretRequest, {
       'action': 'request',
       'requesting_device_id': client.deviceID,
@@ -565,6 +573,7 @@ class SSSS {
       }
       // okay, all checks out...time to share this secret!
       Logs().i('[SSSS] Replying with secret for $type');
+      await client.ensureNotSoftLoggedOut();
       await client.sendToDeviceEncrypted(
           [device],
           EventTypes.SecretSend,
diff --git a/lib/encryption/utils/bootstrap.dart b/lib/encryption/utils/bootstrap.dart
@@ -475,6 +475,7 @@ class Bootstrap {
       // upload the keys!
       state = BootstrapState.loading;
       Logs().v('Upload device signing keys.');
+      await client.ensureNotSoftLoggedOut();
       await client.uiaRequestBackground(
         (AuthenticationData? auth) => client.uploadCrossSigningKeys(
           masterKey: masterKey,
@@ -494,6 +495,7 @@ class Bootstrap {
         }
       }
       if (newSsssKey != null) {
+        await client.ensureNotSoftLoggedOut();
         final storeFutures = <Future<void>>[];
         for (final entry in secretsToStore.entries) {
           storeFutures.add(newSsssKey!.store(entry.key, entry.value));
@@ -510,6 +512,7 @@ class Bootstrap {
             'ERROR: New master key does not match up!',
           );
         }
+        await client.ensureNotSoftLoggedOut();
         Logs().v('Set own master key to verified...');
         await client.userDeviceKeys[client.userID]!.masterKey!
             .setVerified(true, false);
@@ -520,6 +523,7 @@ class Bootstrap {
           client.userDeviceKeys[client.userID]!.deviceKeys[client.deviceID]!,
         );
       }
+      await client.ensureNotSoftLoggedOut();
       Logs().v('Sign ourself...');
       await encryption.crossSigning.sign(keysToSign);
     } catch (e, s) {
@@ -570,6 +574,7 @@ class Bootstrap {
       } finally {
         keyObj.free();
       }
+      await client.ensureNotSoftLoggedOut();
       Logs().v('Create the new backup version...');
       await client.postRoomKeysVersion(
         BackupAlgorithm.mMegolmBackupV1Curve25519AesSha2,
@@ -585,6 +590,7 @@ class Bootstrap {
       );
       await client.database?.markInboundGroupSessionsAsNeedingUpload();
       Logs().v('And uploading keys...');
+      await client.ensureNotSoftLoggedOut();
       await client.encryption?.keyManager.uploadInboundGroupSessions();
     } catch (e, s) {
       Logs().e('[Bootstrapping] Error setting up online key backup', e, s);
diff --git a/lib/encryption/utils/key_verification.dart b/lib/encryption/utils/key_verification.dart
@@ -437,6 +437,7 @@ class KeyVerification {
               'code': 'm.accepted',
             };
             makePayload(cancelPayload);
+            await client.ensureNotSoftLoggedOut();
             await client.sendToDeviceEncrypted(
               devices,
               EventTypes.KeyVerificationCancel,
@@ -957,6 +958,7 @@ class KeyVerification {
           );
 
           if (deviceKeys != null) {
+            await client.ensureNotSoftLoggedOut();
             await client.sendToDeviceEncrypted(
               deviceKeys.toList(),
               type,
@@ -970,6 +972,7 @@ class KeyVerification {
         }
       } else {
         if (client.userDeviceKeys[userId]?.deviceKeys[deviceId] != null) {
+          await client.ensureNotSoftLoggedOut();
           await client.sendToDeviceEncrypted(
             [client.userDeviceKeys[userId]!.deviceKeys[deviceId]!],
             type,
diff --git a/lib/src/client.dart b/lib/src/client.dart
@@ -3252,6 +3252,7 @@ class Client extends MatrixApi {
       }
 
       if (outdatedLists.isNotEmpty) {
+        await ensureNotSoftLoggedOut();
         // Request the missing device key lists from the server.
         final response = await queryKeys(outdatedLists, timeout: 10000);
         if (!isLogged()) return;

Original file line number	Diff line number	Diff line change
`@@ -205,6 +205,7 @@ class CrossSigning {`
`205`	`205`	`}`
`206`	`206`	`}`
`207`	`207`
	`208`	`+ await client.ensureNotSoftLoggedOut();`
`208`	`209`	`await client.uploadCrossSigningSignatures(payload);`
`209`	`210`	`}`
`210`	`211`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3252,6 +3252,7 @@ class Client extends MatrixApi {`
`3252`	`3252`	`}`
`3253`	`3253`
`3254`	`3254`	`if (outdatedLists.isNotEmpty) {`
	`3255`	`+ await ensureNotSoftLoggedOut();`
`3255`	`3256`	`// Request the missing device key lists from the server.`
`3256`	`3257`	`final response = await queryKeys(outdatedLists, timeout: 10000);`
`3257`	`3258`	`if (!isLogged()) return;`