feat(sdk): Add a tasks that listens for historic room keys if they arrive out of order #5322
+247
−19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rive out of order Historic room key bundles are uploaded as an encrypted file to the media repo and the key to decrypt the file is sent as a to-device message to the recipient device. In the nominal case, the invite and this to-device message should arrive at the same time and accepting the invite would download and import the bundle. If the to-device message arrives after the invite has already been accepted we would never download and import the bundle. To mitigate this problem, this patch introduces a task that listens for bundles that arrive. If the bundle is for a room that we have joined we will consider importing the bundle.
Codecov ReportAttention: Patch coverage is
✅ All tests successful. No failed tests found.
Additional details and impacted files@@ Coverage Diff @@
## main #5322 +/- ##
=======================================
Coverage 88.76% 88.77%
=======================================
Files 333 333
Lines 90228 90280 +52
Branches 90228 90280 +52
=======================================
+ Hits 80093 80147 +54
+ Misses 6309 6305 -4
- Partials 3826 3828 +2 ☔ View full report in Codecov by Sentry. |
poljar
force-pushed
the
poljar/shared-history/out-of-order
branch
from
f258ada to
bc5afce
Compare
andybalaam
approved these changes
Jul 1, 2025
| #[instrument(skip(room), fields(room_id = %room.room_id()))] | ||
| async fn handle_bundle(room: &Room, bundle_info: &RoomKeyBundleInfo) { | ||
| if Self::should_accept_bundle(room, bundle_info) { | ||
| info!("Accepting an out of order key bundle."); |
There was a problem hiding this comment.
Not really "out of order", right? More "late-arriving".
1 task
…they arrive out of order
|
I think we'll want to rebase this on top of #5333. We should at least restrict this behavior to accept such bundles only if the user explicitly accepted the invite, so the homeserver can't join you into a room. |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Historic room key bundles are uploaded as an encrypted file to the media repo and the key to decrypt the file is sent as a to-device message to the recipient device.
In the nominal case, the invite and this to-device message should arrive at the same time and accepting the invite would download and import the bundle. If the to-device message arrives after the invite has already been accepted we would never download and import the bundle.
To mitigate this problem, this patch introduces a task that listens for bundles that arrive. If the bundle is for a room that we have joined we will consider importing the bundle.
Note: that the acceptance rules aren't yet decided and this PR needs to be updated with some better acceptance rules before it gets merged.
This closes: #4926.