-
-
Notifications
You must be signed in to change notification settings - Fork 828
Conversation
Step 1 - change CreateSecretStorageDialog to just give a recovery key rather than a passphrase.
Only show passphrase options at all if the user has a passphrase on their SSSS key.
…_over_passphrases
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm with comments. The tests also seem angry, presumably because the signup flow tries to mash buttons until it gets into the app and those buttons are missing.
src/async-components/views/dialogs/secretstorage/CreateSecretStorageDialog.js
Outdated
Show resolved
Hide resolved
src/async-components/views/dialogs/secretstorage/CreateSecretStorageDialog.js
Outdated
Show resolved
Hide resolved
@dbkr this screen doesn't make sense to me: What's the user context exactly?
Oh I see. Is it a user inputting their previous key backup key, to then upgrade to an SSSS key? |
Yeah, this is the user either logging in or using a session on an account that has not yet set up SSSS, has a key backup but that key backup is not trusted, so we need to establish trust in the key backup and then convert it into a SSSS store. |
…_over_passphrases
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Apparently I don't know how to use the internet. Ignore this.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, this is the user either logging in or using a session on an account that has not yet set up SSSS, has a key backup but that key backup is not trusted, so we need to establish trust in the key backup and then convert it into a SSSS store.
Got it. In that case, as the key is converted, can we update the copy on this screen to:
Upgrade your Recovery Key
Upgrade your Recovery Key to store encryption keys & secrets with your account data. If you lose access to this login you'll need it to unlock your data.
[Skip] [Upload]
& then instead of showing the key again, we just show the end/success screen?
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Very weird as |
This comment has been minimized.
This comment has been minimized.
…_over_passphrases
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm code-wise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Give new users (or any newly set-up encryption) recovery keys and only recovery keys, and support passphrases as a secondary option for users whose accounts already have them.
This is the first step in a larger process of splitting up cross-signing and SSSS setup, but this is just the initial work to switch the priority of recovery keys and passphrases at the UI level.
Things not included in this PR:
I've split these out into separate issues, as indicated
How it looks currently:
After registering / logging into an account with no cross-signing:
Logging in to an account with key backup:
Logging in to an account with cross-signing (note added reset link):
On clicking reset link:
On clicking 'use recovery key':
Apologies for the sizeable PR: the alternative was landing it in chunks and having develop be in a weird, half-passphrase, half-recovery key state.
Fixes element-hq/element-web#13825