Update design + do not ask for confirmation for valid certs

Signed-off-by: Grigorii K. Shartsev <me@shgk.me>

Author: ShGKme

src/app/certificate.service.ts

@@ -3,17 +3,13 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
-import type { BrowserWindow, Certificate } from 'electron'
+import type { BrowserWindow, Request } from 'electron'
 
 import { session } from 'electron'
 import { showCertificateTrustDialog } from '../certificate/certificate.window.ts'
 import { getAppConfig, setAppConfig } from './AppConfig.ts'
 
-export type UntrustedCertificateDetails = {
-	host: string
-	certificate: Certificate
-	error: string
-}
+export type UntrustedCertificateDetails = Pick<Request, 'hostname' | 'certificate' | 'verificationResult'>
 
 /**
  * Pending showCertificateTrustDialog prompts per fingerprint to prevent duplicated dialogs
@@ -83,11 +79,7 @@ export async function verifyCertificate(window: BrowserWindow, url: string): Pro
 		// Use original result, failing the request
 		callback(-3)
 
-		const isAccepted = await promptCertificateTrust(window, {
-			host: request.hostname,
-			certificate: request.certificate,
-			error: request.verificationResult,
-		})
+		const isAccepted = request.errorCode === 0 || await promptCertificateTrust(window, request)
 		verificationResolvers.resolve(isAccepted)
 	})
 
@@ -100,7 +92,7 @@ export async function verifyCertificate(window: BrowserWindow, url: string): Pro
 		if (verificationResolvers) {
 			return verificationResolvers.promise
 		}
-		// Some unexpected network error
-		return false
+		// Some unexpected network error - not a certificate error
+		return true
 	}
 }

src/authentication/renderer/AuthenticationApp.vue

@@ -86,7 +86,7 @@ async function login() {
 
 	// Check the certificate before actually sending a request
 	if (!await window.TALK_DESKTOP.verifyCertificate(serverUrl.value)) {
-		return setError(t('talk_desktop', 'Untrusted certificate'))
+		return setError(t('talk_desktop', 'SSL certificate error'))
 	}
 
 	// Prepare to request the server

src/certificate/renderer/CertificateApp.vue

@@ -17,9 +17,9 @@ import CertificateInfo from './components/CertificateInfo.vue'
 
 useHotKey('Escape', () => window.close())
 
-const { host, certificate, error } = JSON.parse(decodeURIComponent(location.hash.slice(1))) as UntrustedCertificateDetails
+const { hostname, certificate, verificationResult } = JSON.parse(decodeURIComponent(location.hash.slice(1))) as UntrustedCertificateDetails
 const urlParam = {
-	value: `<strong>${host}</strong>`,
+	value: `<strong>${hostname}</strong>`,
 	escape: false,
 }
 
@@ -31,49 +31,53 @@ const isAdvanced = ref(false)
 <template>
 	<div class="certificate">
 		<h2 class="certificate__heading">
-			<IconAlert :size="30" class="certificate__alert-icon" />
 			{{ t('talk_desktop', 'Warning: potential security risk') }}
 		</h2>
 
 		<NcNoteCard type="error" class="certificate__note">
 			<template #icon>
-				<IconShieldOffOutline :size="24" class="certificate__alert-icon" />
+				<IconShieldOffOutline :size="24" class="certificate__note-icon" />
 			</template>
 			<!-- eslint-disable-next-line -->
 			<p v-html="t('talk_desktop', 'Connection to {url} is not private.', { url: urlParam })"/>
-			<p>{{ t('talk-desktop', 'If you are unsure to proceed contact your system administrator.') }}</p>
 		</NcNoteCard>
 
-		<NcButton
-			v-if="!isAdvanced"
-			aria-expanded="false"
-			variant="error"
-			@click="isAdvanced = true">
-			{{ t('talk_desktop', 'Advanced') }}
-		</NcButton>
+		<div class="certificate__content" :class="{ 'certificate__content--empty': !isAdvanced }">
+			<template v-if="!isAdvanced">
+				<IconAlert :size="128" class="certificate__alert-icon" />
+				<p id="advanced-description">
+					{{ t('talk-desktop', 'If you are unsure how to proceed contact your system administrator.') }}
+				</p>
+				<NcButton
+					aria-describedby="advanced-description"
+					variant="secondary"
+					@click="isAdvanced = true">
+					{{ t('talk_desktop', 'Advanced') }}
+				</NcButton>
+			</template>
 
-		<div class="certificate__content">
-			<div v-if="isAdvanced" class="certificate__advanced">
+			<template v-else>
 				<!-- eslint-disable-next-line -->
-				<p v-html="t('talk_desktop', 'This server could not prove that it is {url}.', { url: urlParam })"/>
+        <p v-html="t('talk_desktop', 'This server could not prove that it is {url}.', { url: urlParam })"/>
 				<p>
 					{{ t('talk_desktop', 'It has untrusted SSL certificate. This might be caused by an attacker intercepting your connection or server misconfiguration.') }}
 				</p>
 				<p>
-					<code>{{ error }}</code>
+					{{ t('talk-desktop', 'If you are unsure how to proceed contact your system administrator.') }}
 				</p>
 				<p>
-					<NcButton variant="error" @click="acceptCertificate(true)">
-						{{ t('talk_desktop', 'Proceed') }}
-					</NcButton>
+					<code>{{ verificationResult }}</code>
 				</p>
+				<NcButton variant="error" @click="acceptCertificate(true)">
+					{{ t('talk_desktop', 'Proceed') }}
+				</NcButton>
 				<details>
 					<summary>
 						{{ t('talk_desktop', 'View certificate') }}
 					</summary>
 					<CertificateInfo :certificate="certificate" />
 				</details>
-			</div>
+			</template>
 		</div>
 
 		<div class="certificate__actions">
@@ -96,53 +100,53 @@ const isAdvanced = ref(false)
 	flex-direction: column;
 	align-items: stretch;
 	gap: calc(4 * var(--default-grid-baseline));
-	padding: calc(4 * var(--default-grid-baseline));
 	height: 100%;
+	padding: calc(4 * var(--default-grid-baseline));
 	background: var(--color-main-background);
 }
 
 .certificate__heading {
-	margin-block: 0;
 	display: flex;
 	align-items: baseline;
 	justify-content: center;
 	gap: 1ch;
+	margin-block: 0;
 	font-size: 1.5em;
 	text-transform: capitalize;
 }
 
 .certificate__alert-icon {
-	color: var(--color-error);
+  color: var(--color-placeholder-dark);
 }
 
-.certificate__content {
-	flex: 1;
-	margin-inline: calc(-4 * var(--default-grid-baseline));
-	padding-inline: calc(4 * var(--default-grid-baseline));
-	display: flex;
-	flex-direction: column;
-	gap: calc(4 * var(--default-grid-baseline));
-	overflow: auto;
+.certificate__note {
+  /* Override default component styles */
+  margin: 0;
 }
 
-.certificate__advanced {
-	border: 1px solid var(--color-border);
-	border-radius: var(--border-radius-small);
-	padding: calc(2 * var(--default-grid-baseline));
-	display: flex;
-	flex-direction: column;
-	gap: 1em;
-	background-color: var(--color-background-dark);
+.certificate__note-icon {
+  color: var(--color-error);
 }
 
-.certificate__note {
-	/* Override default component styles */
-	margin: 0;
+.certificate__content {
+  background-color: var(--color-background-dark);
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  gap: calc(2 * var(--default-grid-baseline));
+  padding: calc(2 * var(--default-grid-baseline));
+  border-radius: var(--border-radius-small);
+  overflow: auto;
+}
+
+.certificate__content--empty {
+  align-items: center;
+  justify-content: center;
 }
 
 .certificate__actions {
 	display: flex;
-	gap: calc(2 * var(--default-grid-baseline));
 	align-items: flex-end;
+	gap: calc(2 * var(--default-grid-baseline));
 }
 </style>

src/main.js

@@ -234,16 +234,14 @@ app.whenReady().then(async () => {
 	// Note: the result of this verification is cached by domain in Electron
 	// There is no way to clean the cache except by restarting the app
 	session.defaultSession.setCertificateVerifyProc(async (request, callback) => {
-		const isAccepted = await promptCertificateTrust(mainWindow, { host: request.hostname, certificate: request.certificate, error: request.verificationResult })
-		// See: https://source.chromium.org/chromium/chromium/src/+/main:net/base/net_error_list.h
-		const SSL_PROTOCOL_ERROR_CODE = -107
-		callback(isAccepted ? 0 : SSL_PROTOCOL_ERROR_CODE)
+		const isAccepted = request.errorCode === 0 || await promptCertificateTrust(mainWindow, request)
+		callback(isAccepted ? 0 : -3)
 	})
 
 	// Allow web-view with accepted untrusted certificate (Login Flow)
 	app.on('certificate-error', async (event, webContents, url, error, certificate, callback) => {
 		event.preventDefault()
-		const isAccepted = await promptCertificateTrust(mainWindow, { host: new URL(url).host, certificate, error })
+		const isAccepted = await promptCertificateTrust(mainWindow, { hostname: new URL(url).hostname, certificate, verificationResult: error })
 		callback(isAccepted)
 	})