Merge remote-tracking branch 'origin/develop' into staging

Author: RiotRobot

.eslintrc.js

@@ -122,8 +122,6 @@ module.exports = {
                             "!matrix-js-sdk/src/crypto/aes",
                             "!matrix-js-sdk/src/crypto/keybackup",
                             "!matrix-js-sdk/src/crypto/deviceinfo",
-                            "!matrix-js-sdk/src/crypto/key_passphrase",
-                            "!matrix-js-sdk/src/crypto/recoverykey",
                             "!matrix-js-sdk/src/crypto/dehydration",
                             "!matrix-js-sdk/src/oidc",
                             "!matrix-js-sdk/src/oidc/discovery",

.github/labels.yml

@@ -1,28 +1,28 @@
 - name: "A-Timesheet-1"
   description: "Log any time spent on this into the A-Timesheet-1 project"
-  color: "#5319E7"
+  color: "5319E7"
 - name: "backport staging"
   description: "Label to automatically backport PR to staging branch"
-  color: "#B60205"
+  color: "B60205"
 - name: "Dependencies"
   description: "Pull requests that update a dependency file"
-  color: "#0366d6"
+  color: "0366d6"
 - name: "Sponsored"
-  color: "#b506d8"
+  color: "b506d8"
 - name: "T-Deprecation"
   description: "A pull request that makes something deprecated"
-  color: "#98e6ae"
+  color: "98e6ae"
 - name: "X-Blocked"
   description: "The PR cannot move forward in any capacity until an action is made"
   color: "ff7979"
 - name: "X-Breaking-Change"
-  color: "#ff7979"
+  color: "ff7979"
 - name: "X-Upcoming-Release-Blocker"
   description: "This does not affect the current release cycle but will affect the next one"
-  color: "#e99695"
+  color: "e99695"
 - name: "Z-Community-PR"
   description: "Issue is solved by a community member's PR"
-  color: "#ededed"
+  color: "ededed"
 - name: "Z-Experiment"
   description: "Experimental PR, primarily up for its Netlify build, high likelihood of never making it beyond here."
-  color: "#b60205"
+  color: "b60205"

.github/workflows/notify-element-web.yml

@@ -9,7 +9,7 @@ jobs:
         name: "Notify Element Web"
         runs-on: ubuntu-latest
         # Only respect triggers from our develop branch, ignore that of forks
-        if: github.repository == 'matrix-org/matrix-react-sdk'
+        if: github.repository == 'element-hq/matrix-react-sdk'
         steps:
             - name: Notify element-web repo that a new SDK build is on develop
               uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3

.github/workflows/playwright-image-updates.yaml

@@ -20,7 +20,7 @@ jobs:
 
             - name: Create Pull Request
               id: cpr
-              uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79 # v7
+              uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7
               with:
                   token: ${{ secrets.ELEMENT_BOT_TOKEN }}
                   branch: actions/playwright-image-updates

.github/workflows/release.yml

@@ -19,7 +19,9 @@ concurrency: ${{ github.workflow }}
 jobs:
     release:
         uses: matrix-org/matrix-js-sdk/.github/workflows/release-make.yml@develop
-        secrets: inherit
+        secrets:
+            ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
+            NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         with:
             final: ${{ inputs.mode == 'final' }}
             npm: ${{ inputs.npm }}

.github/workflows/tests.yml

@@ -39,7 +39,7 @@ jobs:
             - name: Checkout code
               uses: actions/checkout@v4
               with:
-                  repository: ${{ inputs.matrix-js-sdk-sha && 'matrix-org/matrix-react-sdk' || github.repository }}
+                  repository: ${{ inputs.matrix-js-sdk-sha && 'element-hq/matrix-react-sdk' || github.repository }}
 
             - name: Yarn cache
               uses: actions/setup-node@v4
@@ -89,14 +89,18 @@ jobs:
                       coverage
                       !coverage/lcov-report
 
-    skip_sonar:
-        name: Skip SonarCloud in merge queue
-        if: github.event_name == 'merge_group' || inputs.disable_coverage == 'true'
-        runs-on: ubuntu-latest
+    complete:
+        name: jest-tests
         needs: jest
+        if: always()
+        runs-on: ubuntu-latest
         steps:
-            - name: Skip SonarCloud
-              uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
+            - if: needs.jest.result != 'skipped' && needs.jest.result != 'success'
+              run: exit 1
+
+            - name: Skip SonarCloud in merge queue
+              if: github.event_name == 'merge_group' || inputs.disable_coverage == 'true'
+              uses: Sibz/github-status-action@faaa4d96fecf273bd762985e0e7f9f933c774918 # v1
               with:
                   authToken: ${{ secrets.GITHUB_TOKEN }}
                   state: success
@@ -111,7 +115,7 @@ jobs:
         steps:
             - uses: actions/checkout@v4
               with:
-                  repository: ${{ inputs.matrix-js-sdk-sha && 'matrix-org/matrix-react-sdk' || github.repository }}
+                  repository: ${{ inputs.matrix-js-sdk-sha && 'element-hq/matrix-react-sdk' || github.repository }}
 
             - uses: actions/setup-node@v4
               with:

package.json

@@ -62,7 +62,7 @@
     },
     "resolutions": {
         "@types/react-dom": "17.0.25",
-        "@types/react": "17.0.80",
+        "@types/react": "17.0.82",
         "@types/seedrandom": "3.0.8",
         "oidc-client-ts": "3.0.1",
         "jwt-decode": "4.0.0",
@@ -91,7 +91,7 @@
         "classnames": "^2.2.6",
         "commonmark": "^0.31.0",
         "counterpart": "^0.18.6",
-        "css-tree": "^2.3.1",
+        "css-tree": "^3.0.0",
         "diff-dom": "^5.0.0",
         "diff-match-patch": "^1.0.5",
         "emojibase-regex": "15.3.2",
@@ -183,7 +183,7 @@
         "@types/node-fetch": "^2.6.2",
         "@types/pako": "^2.0.0",
         "@types/qrcode": "^1.3.5",
-        "@types/react": "17.0.80",
+        "@types/react": "17.0.82",
         "@types/react-beautiful-dnd": "^13.0.0",
         "@types/react-dom": "17.0.25",
         "@types/react-transition-group": "^4.4.0",
@@ -198,7 +198,7 @@
         "axe-core": "4.10.0",
         "babel-jest": "^29.0.0",
         "blob-polyfill": "^9.0.0",
-        "eslint": "8.57.0",
+        "eslint": "8.57.1",
         "eslint-config-google": "^0.14.0",
         "eslint-config-prettier": "^9.0.0",
         "eslint-plugin-deprecate": "0.8.5",
@@ -235,7 +235,7 @@
         "stylelint-config-standard": "^36.0.0",
         "stylelint-scss": "^6.0.0",
         "ts-node": "^10.9.1",
-        "typescript": "5.5.4",
+        "typescript": "5.6.2",
         "web-streams-polyfill": "^4.0.0"
     },
     "peerDependencies": {

playwright/e2e/crypto/event-shields.spec.ts

@@ -6,12 +6,16 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
 Please see LICENSE files in the repository root for full details.
 */
 
-import { Page } from "@playwright/test";
-
 import { expect, test } from "../../element-web-test";
-import { autoJoin, createSharedRoomWithUser, enableKeyBackup, logIntoElement, logOutOfElement, verify } from "./utils";
-import { Bot } from "../../pages/bot";
-import { HomeserverInstance } from "../../plugins/homeserver";
+import {
+    autoJoin,
+    createSecondBotDevice,
+    createSharedRoomWithUser,
+    enableKeyBackup,
+    logIntoElement,
+    logOutOfElement,
+    verify,
+} from "./utils";
 
 test.describe("Cryptography", function () {
     test.use({
@@ -296,13 +300,3 @@ test.describe("Cryptography", function () {
         });
     });
 });
-
-async function createSecondBotDevice(page: Page, homeserver: HomeserverInstance, bob: Bot) {
-    const bobSecondDevice = new Bot(page, homeserver, {
-        bootstrapSecretStorage: false,
-        bootstrapCrossSigning: false,
-    });
-    bobSecondDevice.setCredentials(await homeserver.loginUser(bob.credentials.userId, bob.credentials.password));
-    await bobSecondDevice.prepareClient();
-    return bobSecondDevice;
-}

playwright/e2e/crypto/invisible-crypto.spec.ts

@@ -0,0 +1,56 @@
+/*
+Copyright 2024 New Vector Ltd.
+
+SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
+Please see LICENSE files in the repository root for full details.
+*/
+
+import { expect, test } from "../../element-web-test";
+import { autoJoin, createSecondBotDevice, createSharedRoomWithUser, verify } from "./utils";
+import { bootstrapCrossSigningForClient } from "../../pages/client.ts";
+
+/** Tests for the "invisible crypto" behaviour -- i.e., when the "exclude insecure devices" setting is enabled */
+test.describe("Invisible cryptography", () => {
+    test.use({
+        displayName: "Alice",
+        botCreateOpts: { displayName: "Bob" },
+        labsFlags: ["feature_exclude_insecure_devices"],
+    });
+
+    test("Messages fail to decrypt when sender is previously verified", async ({
+        page,
+        bot: bob,
+        user: aliceCredentials,
+        app,
+        homeserver,
+    }) => {
+        await app.client.bootstrapCrossSigning(aliceCredentials);
+        await autoJoin(bob);
+
+        // create an encrypted room
+        const testRoomId = await createSharedRoomWithUser(app, bob.credentials.userId, {
+            name: "TestRoom",
+            initial_state: [
+                {
+                    type: "m.room.encryption",
+                    state_key: "",
+                    content: {
+                        algorithm: "m.megolm.v1.aes-sha2",
+                    },
+                },
+            ],
+        });
+
+        // Verify Bob
+        await verify(app, bob);
+
+        // Bob logs in a new device and resets cross-signing
+        const bobSecondDevice = await createSecondBotDevice(page, homeserver, bob);
+        await bootstrapCrossSigningForClient(await bobSecondDevice.prepareClient(), bob.credentials, true);
+
+        /* should show an error for a message from a previously verified device */
+        await bobSecondDevice.sendMessage(testRoomId, "test encrypted from user that was previously verified");
+        const lastTile = page.locator(".mx_EventTile_last");
+        await expect(lastTile).toContainText("Verified identity has changed");
+    });
+});

playwright/e2e/crypto/utils.ts

@@ -377,3 +377,14 @@ export async function awaitVerifier(
         return verificationRequest.verifier;
     });
 }
+
+/** Log in a second device for the given bot user */
+export async function createSecondBotDevice(page: Page, homeserver: HomeserverInstance, bob: Bot) {
+    const bobSecondDevice = new Bot(page, homeserver, {
+        bootstrapSecretStorage: false,
+        bootstrapCrossSigning: false,
+    });
+    bobSecondDevice.setCredentials(await homeserver.loginUser(bob.credentials.userId, bob.credentials.password));
+    await bobSecondDevice.prepareClient();
+    return bobSecondDevice;
+}