Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WPB-10772] Make it impossible for a user under legalhold to join an MLS conversation #4242

Merged
merged 8 commits into from
Sep 18, 2024
Merged

[WPB-10772] Make it impossible for a user under legalhold to join an MLS conversation #4242

merged 8 commits into from
Sep 18, 2024

Conversation

MangoIV
Copy link
Collaborator

@MangoIV MangoIV commented Sep 16, 2024
edited
Loading

Two things to do:

  • prevent a third party from fetching key packages from a user under legalhold
  • prevent a user under legalhold to add itself to a group

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@MangoIV MangoIV changed the title Wpb 10772 [WPB-10772] make it impossible for a user under legalhold to join an MLS conversation Sep 16, 2024
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Sep 16, 2024
@echoes-hq echoes-hq bot added the echoes/initiative: federation-wire-cloud Activate Federation with MLS on Wire Cloud label Sep 16, 2024
@MangoIV
[feat] don't allow claiming keypackages of users under legalhold
11b2e19 
- new client error which returns 409 if someone (client or federating
  backend) tries to claim a keypackage of a user under legalhold
  (including pending)
- add Fail effect to Brig and interpret to IO Error (server error 500)
@MangoIV
[fix] fix test scenario and error message
f841f73
@MangoIV
[feat] cater for the scenario when a user doesn't claim keypackages
ef1b0da 
- if a user doens't claim keypackages (because they create the group by
  themselves) the local backend checks whether that user is legalholded
  and rejects the commit in that case
- also adds some utilities (e.g. pattern synonyms fo Local and Remote)
  and propagates the Fail constraint
@MangoIV
Copy link
Collaborator Author

MangoIV commented Sep 17, 2024 

-- ---------
-- WPB-10783
-- ---------
testMLSThenLegalhold :: (HasCallStack) => App ()
testMLSThenLegalhold = do
  -- scenario 1:
  -- if charlie is in any MLS conversation, he cannot approve to be put under legalhold
  (charlie, tid, []) <- createTeam OwnDomain 1
  [charlie1] <- traverse (createMLSClient def) [charlie]
  void $ createNewGroup charlie1
  void $ createAddCommit charlie1 [charlie] >>= sendAndConsumeCommitBundle

  legalholdWhitelistTeam tid charlie >>= assertStatus 200
  withMockServer def lhMockApp \lhDomAndPort _chan -> do
    postLegalHoldSettings tid charlie (mkLegalHoldSettings lhDomAndPort) >>= assertStatus 201
    requestLegalHoldDevice tid charlie charlie >>= assertSuccess
    approveLegalHoldDevice tid (charlie %. "qualified_id") defPassword
      `bindResponse` assertLabel 409 "mls-legalhold-not-allowed"

@MangoIV MangoIV marked this pull request as ready for review September 17, 2024 12:33
pcapriotti
pcapriotti approved these changes Sep 17, 2024
View reviewed changes
Copy link
Contributor

@pcapriotti pcapriotti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

changelog.d/2-features/WPB-10772 Outdated Show resolved Hide resolved
libs/types-common/src/Data/Qualified.hs Outdated Show resolved Hide resolved
libs/types-common/src/Data/Qualified.hs Outdated Show resolved Hide resolved
services/galley/src/Galley/API/MLS/Commit/InternalCommit.hs Outdated Show resolved Hide resolved
@MangoIV
[chore] apply changes as requested by @pcapriotty
1ce6612 
- introduce new type RelativeTo
- remove leftovers
- adjust changelog
@akshaymankar akshaymankar changed the title [WPB-10772] make it impossible for a user under legalhold to join an MLS conversation [WPB-10772] Make it impossible for a user under legalhold to join an MLS conversation Sep 18, 2024
@akshaymankar akshaymankar merged commit f046608 into develop Sep 18, 2024
10 checks passed
@akshaymankar akshaymankar deleted the wpb-10772 branch September 18, 2024 11:38
@zebot zebot mentioned this pull request Oct 9, 2024
Closed
This was referenced Oct 23, 2024
Closed
Closed
@zebot zebot mentioned this pull request Oct 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcapriotti pcapriotti pcapriotti approved these changes

Assignees
No one assigned
Labels
echoes/initiative: federation-wire-cloud Activate Federation with MLS on Wire Cloud ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MangoIV @pcapriotti @akshaymankar @zebot