Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Soft logout disables encryption when logging back in #20648

Closed
turt2live opened this issue Jan 20, 2022 · 2 comments · Fixed by matrix-org/matrix-react-sdk#7802
Closed

Soft logout disables encryption when logging back in #20648

turt2live opened this issue Jan 20, 2022 · 2 comments · Fixed by matrix-org/matrix-react-sdk#7802
Assignees
Labels
A-E2EE A-Soft-Logout https://github.com/element-hq/element-web/issues/10224 O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Critical Prevents work, causes data loss and/or has no workaround Sponsored

Comments

@turt2live
Copy link
Member

turt2live commented Jan 20, 2022

Soft logout is when the server logs the user out but intends for them to reauthenticate to keep their encryption state. Usually this is associated with the session_lifetime in Synapse (for example).

When the server issues a soft logout, we're supposed to let the user restore their encryption state by logging back in. However, when the user logs back in after a soft logout we fail to set up crypto properly and permanently break it for that session - the user needs to log out and back in fully to recover.

This screen is not commonly encountered by regular users, but is seen often by enterprise-style usecases.

@turt2live turt2live added A-E2EE A-Soft-Logout https://github.com/element-hq/element-web/issues/10224 O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Critical Prevents work, causes data loss and/or has no workaround labels Jan 20, 2022
@turt2live turt2live changed the title Soft logout disables encryption when logging back in without reload Soft logout disables encryption when logging back in Jan 20, 2022
@turt2live turt2live self-assigned this Jan 20, 2022
@kittykat kittykat added the X-Needs-Info This issue is blocked awaiting information from the reporter label Jan 20, 2022
@turt2live turt2live added Sponsored and removed X-Needs-Info This issue is blocked awaiting information from the reporter labels Jan 21, 2022
@blaa
Copy link

blaa commented Jan 23, 2022

Is the "soft logout" visible at all? I'm considering creating a bug for an issue, and this might be related:

  • I've got 3 logged in accounts (2x android, 1x desktop/flatpak).
  • Own server.
  • Talking with a friend using mobile element on android.

Suddently one of androids starts sending UNENCRYPTED messages (also: dropped info about channel title, doesn't recognize itself as channel administrator, still decrypts other devices).

This seems quite fatal because the user is not informed at all that he suddently dropped out of e2e and starts sending unencrypted messages. Only other sessions (mine, and my friend's) started showing the messages as unencrypted.

Logging out and relogin on the broken device fixed the issue, but e2e in element is unusable like that. Can't be trusted.

@turt2live
Copy link
Member Author

Soft logout is a very visible flow to the user. It sounds like the issue you're facing isn't related to Web at all though, so would be best placed in another issue tracker.

turt2live added a commit to matrix-org/matrix-react-sdk that referenced this issue Feb 15, 2022
MSC: matrix-org/matrix-spec-proposals#2918
Fixes element-hq/element-web#18698
Fixes element-hq/element-web#20648
**Requires matrix-org/matrix-js-sdk#2178

**Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date).

----

This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens.

If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again.

This additionally contains a change to fix soft logout not working, per the issue links above.

Of interest may be the IPC approach which was ultimately declined in favour of this change instead: #7803
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-E2EE A-Soft-Logout https://github.com/element-hq/element-web/issues/10224 O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Critical Prevents work, causes data loss and/or has no workaround Sponsored
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants