Merge pull request #4303 from matrix-org/jryans/id-change-red

Show red shield for users that become unverified

src/components/views/right_panel/UserInfo.js

@@ -68,8 +68,10 @@ export const getE2EStatus = (cli, userId, devices) => {
         return hasUnverifiedDevice ? "warning" : "verified";
     }
     const isMe = userId === cli.getUserId();
-    const userVerified = cli.checkUserTrust(userId).isCrossSigningVerified();
-    if (!userVerified) return "normal";
+    const userTrust = cli.checkUserTrust(userId);
+    if (!userTrust.isCrossSigningVerified()) {
+        return userTrust.wasCrossSigningVerified() ? "warning" : "normal";
+    }
 
     const anyDeviceUnverified = devices.some(device => {
         const { deviceId } = device;

src/components/views/rooms/MemberTile.js

@@ -121,10 +121,10 @@ export default createReactClass({
         const cli = MatrixClientPeg.get();
         const { userId } = this.props.member;
         const isMe = userId === cli.getUserId();
-        const userVerified = cli.checkUserTrust(userId).isCrossSigningVerified();
-        if (!userVerified) {
+        const userTrust = cli.checkUserTrust(userId);
+        if (!userTrust.isCrossSigningVerified()) {
             this.setState({
-                e2eStatus: "normal",
+                e2eStatus: userTrust.wasCrossSigningVerified() ? "warning" : "normal",
             });
             return;
         }

src/utils/ShieldUtils.ts

@@ -5,6 +5,7 @@ interface Client {
     getUserId: () => string;
     checkUserTrust: (userId: string) => {
         isCrossSigningVerified: () => boolean
+        wasCrossSigningVerified: () => boolean
     };
     getStoredDevicesForUser: (userId: string) => Promise<[{ deviceId: string }]>;
     checkDeviceTrust: (userId: string, deviceId: string) => {
@@ -29,6 +30,13 @@ export async function shieldStatusForRoom(client: Client, room: Room): Promise<s
             verified : unverified).push(userId);
         });
 
+    /* Alarm if any unverified users were verified before. */
+    for (const userId of unverified) {
+        if (client.checkUserTrust(userId).wasCrossSigningVerified()) {
+            return "warning";
+        }
+    }
+
     /* Check all verified user devices. */
     /* Don't alarm if no other users are verified  */
     const includeUser = (verified.length > 0) &&    // Don't alarm for self in rooms where nobody else is verified

test/utils/ShieldUtils-test.js

@@ -6,6 +6,7 @@ function mkClient(selfTrust) {
         getUserId: () => "@self:localhost",
         checkUserTrust: (userId) => ({
             isCrossSigningVerified: () => userId[1] == "T",
+            wasCrossSigningVerified: () => userId[1] == "T" || userId[1] == "W",
         }),
         checkDeviceTrust: (userId, deviceId) => ({
             isVerified: () => userId === "@self:localhost" ? selfTrust : userId[2] == "T",
@@ -150,7 +151,7 @@ describe("shieldStatusForMembership other-trust behaviour", function() {
         const client = mkClient(true);
         const room = {
             roomId: dm ? "DM" : "other",
-            getEncryptionTargetMembers: () => ["@self:localhost", "@TF:h", "@TT: h"].map((userId) => ({userId})),
+            getEncryptionTargetMembers: () => ["@self:localhost", "@TF:h", "@TT:h"].map((userId) => ({userId})),
         };
         const status = await shieldStatusForRoom(client, room);
         expect(status).toEqual(result);
@@ -162,7 +163,19 @@ describe("shieldStatusForMembership other-trust behaviour", function() {
         const client = mkClient(true);
         const room = {
             roomId: dm ? "DM" : "other",
-            getEncryptionTargetMembers: () => ["@self:localhost", "@FF:h", "@FT: h"].map((userId) => ({userId})),
+            getEncryptionTargetMembers: () => ["@self:localhost", "@FF:h", "@FT:h"].map((userId) => ({userId})),
+        };
+        const status = await shieldStatusForRoom(client, room);
+        expect(status).toEqual(result);
+    });
+
+    it.each(
+        [["warning", true], ["warning", false]],
+    )("2 was verified: returns '%s', DM = %s", async (result, dm) => {
+        const client = mkClient(true);
+        const room = {
+            roomId: dm ? "DM" : "other",
+            getEncryptionTargetMembers: () => ["@self:localhost", "@WF:h", "@FT:h"].map((userId) => ({userId})),
         };
         const status = await shieldStatusForRoom(client, room);
         expect(status).toEqual(result);