feat: expire authentication tokens

link2xt · link2xt · commit 312c7c8c7d98 · 2025-09-02T23:19:58.000Z
diff --git a/src/securejoin.rs b/src/securejoin.rs
@@ -23,6 +23,7 @@ use crate::qr::check_qr;
 use crate::securejoin::bob::JoinerProgress;
 use crate::sync::Sync::*;
 use crate::token;
+use crate::tools::create_id;
 use crate::tools::time;
 
 mod bob;
@@ -76,10 +77,21 @@ pub async fn get_securejoin_qr(context: &Context, group: Option<ChatId>) -> Resu
     let sync_token = token::lookup(context, Namespace::InviteNumber, grpid)
         .await?
         .is_none();
-    // invitenumber will be used to allow starting the handshake,
-    // auth will be used to verify the fingerprint
+    // Invite number is used to request the inviter key.
     let invitenumber = token::lookup_or_new(context, Namespace::InviteNumber, grpid).await?;
-    let auth = token::lookup_or_new(context, Namespace::Auth, grpid).await?;
+
+    // Auth token is used to verify the key-contact
+    // if the token is not old
+    // and add the contact to the group
+    // if there is an associated group ID.
+    //
+    // We always generate a new auth token
+    // because auth tokens "expire"
+    // and can only be used to join groups
+    // without verification afterwards.
+    let auth = create_id();
+    token::save(context, Namespace::Auth, grpid, &auth).await?;
+
     let self_addr = context.get_primary_self_addr().await?;
     let self_name = context
         .get_config(Config::Displayname)
diff --git a/src/securejoin/securejoin_tests.rs b/src/securejoin/securejoin_tests.rs
@@ -1,3 +1,5 @@
+use std::time::Duration;
+
 use deltachat_contact_tools::EmailAddress;
 
 use super::*;
@@ -11,6 +13,7 @@ use crate::stock_str::{self, messages_e2e_encrypted};
 use crate::test_utils::{
     TestContext, TestContextManager, TimeShiftFalsePositiveNote, get_chat_msg,
 };
+use crate::tools::SystemTime;
 
 #[derive(PartialEq)]
 enum SetupContactCase {
@@ -800,3 +803,37 @@ async fn test_wrong_auth_token() -> Result<()> {
 
     Ok(())
 }
+
+/// Tests that scanning a QR code week later
+/// allows Bob to establish a contact with Alice,
+/// but does not mark Bob as verified for Alice.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_expired_auth_token() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    // Alice creates a QR code.
+    let alice_qr = get_securejoin_qr(alice, None).await?;
+
+    // One week passes, QR code expires.
+    SystemTime::shift(Duration::from_secs(7 * 24 * 3600));
+
+    // Bob scans the QR code.
+    join_securejoin(bob, &alice_qr).await?;
+
+    // vc-request
+    alice.recv_msg_trash(&bob.pop_sent_msg().await).await;
+
+    // vc-auth-requried
+    bob.recv_msg_trash(&alice.pop_sent_msg().await).await;
+
+    // vc-request-with-auth
+    alice.recv_msg_trash(&bob.pop_sent_msg().await).await;
+
+    // Bob should not be verified for Alice.
+    let contact_bob = alice.add_or_lookup_contact_no_key(&bob).await;
+    assert_eq!(contact_bob.is_verified(&alice).await.unwrap(), false);
+
+    Ok(())
+}
