feat: do not mark Bob as verified if auth token is old

link2xt · link2xt · commit 29e39a708a45 · 2025-08-31T20:28:43.000Z
diff --git a/src/securejoin.rs b/src/securejoin.rs
@@ -23,6 +23,7 @@ use crate::qr::check_qr;
 use crate::securejoin::bob::JoinerProgress;
 use crate::sync::Sync::*;
 use crate::token;
+use crate::tools::time;
 
 mod bob;
 mod qrinvite;
@@ -364,7 +365,19 @@ pub(crate) async fn handle_securejoin_handshake(
                 );
                 return Ok(HandshakeMessage::Ignore);
             };
-            let Some(grpid) = token::auth_foreign_key(context, auth).await? else {
+            let Some((grpid, timestamp)) = context
+                .sql
+                .query_row_optional(
+                    "SELECT foreign_key, timestamp FROM tokens WHERE namespc=? AND token=?",
+                    (Namespace::Auth, auth),
+                    |row| {
+                        let foreign_key: String = row.get(0)?;
+                        let timestamp: i64 = row.get(1)?;
+                        Ok((foreign_key, timestamp))
+                    },
+                )
+                .await?
+            else {
                 warn!(
                     context,
                     "Ignoring {step} message because of invalid auth code."
@@ -382,14 +395,23 @@ pub(crate) async fn handle_securejoin_handshake(
                 }
             };
 
-            if !verify_sender_by_fingerprint(context, &fingerprint, contact_id).await? {
+            let sender_contact = Contact::get_by_id(context, contact_id).await?;
+            let sender_is_verified = sender_contact
+                .fingerprint()
+                .is_some_and(|fp| fp == fingerprint);
+            if !sender_is_verified {
                 warn!(
                     context,
                     "Ignoring {step} message because of fingerprint mismatch."
                 );
                 return Ok(HandshakeMessage::Ignore);
             }
             info!(context, "Fingerprint verified via Auth code.",);
+
+            // Mark the contact as verified if auth code is 600 second old.
+            if time() < timestamp + 600 {
+                mark_contact_id_as_verified(context, contact_id, ContactId::SELF).await?;
+            }
             contact_id.regossip_keys(context).await?;
             ContactId::scaleup_origin(context, &[contact_id], Origin::SecurejoinInvited).await?;
             // for setup-contact, make Alice's one-to-one chat with Bob visible
diff --git a/src/token.rs b/src/token.rs
@@ -86,24 +86,6 @@ pub async fn exists(context: &Context, namespace: Namespace, token: &str) -> Res
     Ok(exists)
 }
 
-/// Looks up foreign key by auth token.
-///
-/// Returns None if auth token is not valid.
-/// Returns an empty string if the token corresponds to "setup contact" rather than group join.
-pub async fn auth_foreign_key(context: &Context, token: &str) -> Result<Option<String>> {
-    context
-        .sql
-        .query_row_optional(
-            "SELECT foreign_key FROM tokens WHERE namespc=? AND token=?",
-            (Namespace::Auth, token),
-            |row| {
-                let foreign_key: String = row.get(0)?;
-                Ok(foreign_key)
-            },
-        )
-        .await
-}
-
 pub async fn delete(context: &Context, namespace: Namespace, token: &str) -> Result<()> {
     context
         .sql
