From 08b37eb7c52eea1b7c4360dcd77ca1eea993465f Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Wed, 18 Aug 2021 19:22:42 +0100
Subject: [PATCH] Fix cross sisgning setup from settings screen

We previously called bootstrap without the cache callbacks set up
which meant it prompted you for you password once for each of the
three keys it fished out of SSSS. Instead, display the same dialog
we display from the verify toast.

Also, in the case where you hadn't verified yet, the button didn't
do anything at all, so make it trigger a verification & change the
caption appropriately.

Add a state to reflect when cross signing is set up but SSSS isn't
(ie. user hasn't yet set up backup / set a passphrase).
---
 .../views/settings/CrossSigningPanel.tsx      | 25 ++++++++++++++++---
 src/i18n/strings/en_EN.json                   |  3 ++-
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/src/components/views/settings/CrossSigningPanel.tsx b/src/components/views/settings/CrossSigningPanel.tsx
index 21e38a762ae..3fd67d6b5d2 100644
--- a/src/components/views/settings/CrossSigningPanel.tsx
+++ b/src/components/views/settings/CrossSigningPanel.tsx
@@ -25,6 +25,8 @@ import InteractiveAuthDialog from '../dialogs/InteractiveAuthDialog';
 import ConfirmDestroyCrossSigningDialog from '../dialogs/security/ConfirmDestroyCrossSigningDialog';
 import { replaceableComponent } from "../../../utils/replaceableComponent";
 import { MatrixEvent } from 'matrix-js-sdk/src';
+import SetupEncryptionDialog from '../dialogs/security/SetupEncryptionDialog';
+import { accessSecretStorage } from '../../../SecurityManager';
 
 interface IState {
     error?: Error;
@@ -72,7 +74,16 @@ export default class CrossSigningPanel extends React.PureComponent<{}, IState> {
     };
 
     private onBootstrapClick = () => {
-        this.bootstrapCrossSigning({ forceReset: false });
+        if (this.state.crossSigningPrivateKeysInStorage) {
+            Modal.createTrackedDialog(
+                "Verify session", "Verify session", SetupEncryptionDialog,
+                {}, null, /* priority = */ false, /* static = */ true,
+            );
+        } else {
+            // Trigger the flow to set up secure backup, which is what this will do when in
+            // the appropriate state.
+            accessSecretStorage();
+        }
     };
 
     private onStatusChanged = () => {
@@ -176,10 +187,14 @@ export default class CrossSigningPanel extends React.PureComponent<{}, IState> {
             summarisedStatus = <p>{ _t(
                 "Your homeserver does not support cross-signing.",
             ) }</p>;
-        } else if (crossSigningReady) {
+        } else if (crossSigningReady && crossSigningPrivateKeysInStorage) {
             summarisedStatus = <p>✅ { _t(
                 "Cross-signing is ready for use.",
             ) }</p>;
+        } else if (crossSigningReady && !crossSigningPrivateKeysInStorage) {
+            summarisedStatus = <p>⚠️ { _t(
+                "Cross-signing is ready but keys are not backed up.",
+            ) }</p>;
         } else if (crossSigningPrivateKeysInStorage) {
             summarisedStatus = <p>{ _t(
                 "Your account has a cross-signing identity in secret storage, " +
@@ -210,9 +225,13 @@ export default class CrossSigningPanel extends React.PureComponent<{}, IState> {
 
         // TODO: determine how better to expose this to users in addition to prompts at login/toast
         if (!keysExistEverywhere && homeserverSupportsCrossSigning) {
+            let buttonCaption = _t("Set up Secure Backup");
+            if (crossSigningPrivateKeysInStorage) {
+                buttonCaption = _t("Verify this session");
+            }
             actions.push(
                 <AccessibleButton key="setup" kind="primary" onClick={this.onBootstrapClick}>
-                    { _t("Set up") }
+                    { buttonCaption }
                 </AccessibleButton>,
             );
         }
diff --git a/src/i18n/strings/en_EN.json b/src/i18n/strings/en_EN.json
index e3b1978bee8..9de0554f506 100644
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@@ -1102,9 +1102,9 @@
     "Change Password": "Change Password",
     "Your homeserver does not support cross-signing.": "Your homeserver does not support cross-signing.",
     "Cross-signing is ready for use.": "Cross-signing is ready for use.",
+    "Cross-signing is ready but keys are not backed up.": "Cross-signing is ready but keys are not backed up.",
     "Your account has a cross-signing identity in secret storage, but it is not yet trusted by this session.": "Your account has a cross-signing identity in secret storage, but it is not yet trusted by this session.",
     "Cross-signing is not set up.": "Cross-signing is not set up.",
-    "Set up": "Set up",
     "Reset": "Reset",
     "Cross-signing public keys:": "Cross-signing public keys:",
     "in memory": "in memory",
@@ -1202,6 +1202,7 @@
     "Algorithm:": "Algorithm:",
     "Your keys are <b>not being backed up from this session</b>.": "Your keys are <b>not being backed up from this session</b>.",
     "Back up your keys before signing out to avoid losing them.": "Back up your keys before signing out to avoid losing them.",
+    "Set up": "Set up",
     "well formed": "well formed",
     "unexpected type": "unexpected type",
     "Back up your encryption keys with your account data in case you lose access to your sessions. Your keys will be secured with a unique Security Key.": "Back up your encryption keys with your account data in case you lose access to your sessions. Your keys will be secured with a unique Security Key.",