Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: encrypt notification tokens #6239

Merged
merged 1 commit into from
Dec 3, 2024
Merged

feat: encrypt notification tokens #6239

merged 1 commit into from
Dec 3, 2024

Conversation

link2xt
Copy link
Collaborator

@link2xt link2xt commented Nov 20, 2024
edited
Loading

Closes #6218

Corresponding decryption side:
deltachat/notifiers#41

@link2xt link2xt force-pushed the link2xt/device-token-encryption branch from 479af38 to 713d2d5 Compare November 20, 2024 21:43
@link2xt link2xt mentioned this pull request Nov 20, 2024
Closed
@link2xt link2xt force-pushed the link2xt/device-token-encryption branch 2 times, most recently from 55344c4 to 66c93ce Compare November 21, 2024 16:27
@link2xt link2xt force-pushed the link2xt/device-token-encryption branch 4 times, most recently from 5344332 to 799ff33 Compare November 30, 2024 06:48
@link2xt link2xt mentioned this pull request Nov 30, 2024
Merged
@link2xt link2xt force-pushed the link2xt/device-token-encryption branch 2 times, most recently from 7dbba6d to fe7c4f8 Compare December 3, 2024 09:03
@link2xt
Copy link
Collaborator Author

link2xt commented Dec 3, 2024
edited
Loading

Now on the server metadata looks like this:

{"devicetoken": ["openpgp:wV0GIQZErtwEO31W8g8V7/EP7v3PIdULmshEuE0Gx+29ifBRsxkN2Yb96jPT7PTsTcdgpPmgLSiiNDZnQxTcSTHhTRVscxi+SWVK+HMybZeen21GGfykAU1LewKg/Y3SwY0CBwII9zI8nSn16Ax0v5f+2uUk0o23JtcV4ma+KxVvuupuNhX9AZyD/kst6xzS0TdVT9figctFHPdOYkJnUNgsC4vvQCdsDCVseK8nsGI+369bxqvLxmvJwnFZdQG4Hrr3suNPfw16f5xsOlhwQ6QxX2vmVmBn8GOT4flL2OQ1MMlWpEYAhcHj3uHXR6zDTWVBRtu35JPg1uhTmIJ8C+qp7NDj34QU77IFgT2EwDLtvFdAk0AQ/y4hqho/sNRfHbAb4mFItColO5XNvLN5UX4V+P5zx9Z/Dr3Th2rMYw5OMx1JBjFRWsH8DfEZUlBfGxg/ty+sElY5ln3Rm0Iu/OJVL4Elt+3CSWvip/XjJ2plM4kvIuBkhR3H542YAI4HXfY9l+bBFpsr+6ZvSJWOA6kEXmtGkJiNuwwwpx78aNRs6YNRrYyaw4ocpp0JJkzxJht9iTePKM8O9R6xob+SnmRTprMfamuwcYRHwcm/NXwRx6ClQZ35OLSKQVWrlqDr7lxLfKlrRKltPyEkKZHGRpyqRE9mUpPXO+AG8UMKsHREKQHcHOBXRbSbRJqilmTiDWbhnYQ7ZM7hl6fv/A6IXTcqEbpznOH0fYGSiew7Qsvnsle+WVJeH3h6Jtc2TazS1lVqVwk+4CA1keCNL3VdpP4ZGeWov8YVmdB99SN97iUQnOl+8joRvfOWv5GZOsB09eqROOv3//FwsSyU5aGwK5CwpvyQdNhi3mNHdRKKCvU3aOCw84AAyQL0eKBQbXWeNrI2lgulWthuS7lhnE0G"]}

@link2xt link2xt force-pushed the link2xt/device-token-encryption branch 2 times, most recently from 038868d to f8c110f Compare December 3, 2024 12:11
@link2xt link2xt marked this pull request as ready for review December 3, 2024 13:08
@link2xt link2xt force-pushed the link2xt/device-token-encryption branch from f8c110f to 3a72e09 Compare December 3, 2024 13:08
@link2xt link2xt requested review from Hocuri and iequidoo December 3, 2024 13:08
link2xt
link2xt commented Dec 3, 2024
View reviewed changes
src/config.rs
///
/// If it has not changed, we do not store
/// the device token again.
DeviceToken,
Copy link
Collaborator Author

@link2xt link2xt Dec 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can also store EncryptedDeviceToken and set this every time unconditionally even if device token has not changed just to make it more robust in case the token is lost from chatmail server for whatever reason, but normally this should not happen unless FCM or Apple randomly say that valid token is not valid anymore. On network errors etc. we don't remove tokens from chatmail.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*is not valid anymore?

Septias
Septias approved these changes Dec 3, 2024
View reviewed changes
src/config.rs
///
/// If it has not changed, we do not store
/// the device token again.
DeviceToken,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*is not valid anymore?

Hocuri
Hocuri approved these changes Dec 3, 2024
View reviewed changes
Copy link
Collaborator

@Hocuri Hocuri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not my area of expertise since I wasn't involved with notification tokens so far, but AFAICT looks good 👍

src/push.rs Show resolved Hide resolved
@link2xt link2xt force-pushed the link2xt/device-token-encryption branch from 3a72e09 to 53b8971 Compare December 3, 2024 13:54
@link2xt link2xt force-pushed the link2xt/device-token-encryption branch from 53b8971 to 4d3c97e Compare December 3, 2024 13:54
@link2xt link2xt merged commit 6dd8f44 into main Dec 3, 2024
37 checks passed
@link2xt link2xt deleted the link2xt/device-token-encryption branch December 3, 2024 14:40
@r10s r10s mentioned this pull request Dec 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Septias Septias Septias approved these changes

@Hocuri Hocuri Hocuri approved these changes

@iequidoo iequidoo Awaiting requested review from iequidoo

Assignees
No one assigned
Labels
None yet
Projects
Webxdc PUSH M2/M3
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

encrypt device tokens between core and the notifier server (M2)
3 participants
@link2xt @Hocuri @Septias