Fix key backup cached event ordering

spec/unit/rust-crypto/backup.spec.ts

@@ -54,6 +54,7 @@ describe("Upload keys to backup", () => {
             backupRoomKeys: vi.fn(),
             isBackupEnabled: vi.fn().mockResolvedValue(true),
             enableBackupV1: vi.fn(),
+            saveBackupDecryptionKey: vi.fn(),
             verifyBackup: vi.fn().mockResolvedValue({
                 trusted: vi.fn().mockResolvedValue(true),
             } as unknown as RustSdkCryptoJs.SignatureVerification),
@@ -140,4 +141,74 @@ describe("Upload keys to backup", () => {
         expect(outgoingRequestProcessor.makeOutgoingRequest).toHaveBeenCalledTimes(1);
         expect(mockOlmMachine.roomKeyCounts).toHaveBeenCalledTimes(0);
     });
+
+    it("Should not emit key cached while creating a new backup", async () => {
+        fetchMock.hardReset();
+        fetchMock.mockGlobal();
+        fetchMock.get("path:/_matrix/client/v3/room_keys/version", {
+            status: 404,
+            body: {
+                errcode: "M_NOT_FOUND",
+                error: "No backup found",
+            },
+        });
+        fetchMock.post("path:/_matrix/client/v3/room_keys/version", { version: "42" });
+
+        await rustBackupManager.checkKeyBackupAndEnable(false);
+
+        const keyCachedListener = vi.fn();
+        rustBackupManager.on(CryptoEvent.KeyBackupDecryptionKeyCached, keyCachedListener);
+
+        await rustBackupManager.setupKeyBackup(async () => {});
+
+        expect(mockOlmMachine.saveBackupDecryptionKey).toHaveBeenCalledWith(expect.anything(), "42");
+        expect(mockOlmMachine.enableBackupV1).not.toHaveBeenCalled();
+        expect(keyCachedListener).not.toHaveBeenCalled();
+    });
+
+    it("Should emit a received backup key after caching the current backup info", async () => {
+        const keyBackupStatusState = Promise.withResolvers<{
+            enabled: boolean;
+            serverBackupVersion: string | undefined;
+        }>();
+        rustBackupManager.on(CryptoEvent.KeyBackupStatus, async (enabled) => {
+            const serverBackupInfo = await rustBackupManager.getServerBackupInfo();
+            keyBackupStatusState.resolve({
+                enabled,
+                serverBackupVersion: serverBackupInfo?.version,
+            });
+        });
+
+        const keyCachedEventState = Promise.withResolvers<{
+            activeBackupVersion: string | null;
+            eventVersion: string;
+            serverBackupVersion: string | undefined;
+        }>();
+        rustBackupManager.on(CryptoEvent.KeyBackupDecryptionKeyCached, async (eventVersion) => {
+            const [activeBackupVersion, serverBackupInfo] = await Promise.all([
+                rustBackupManager.getActiveBackupVersion(),
+                rustBackupManager.getServerBackupInfo(),
+            ]);
+            keyCachedEventState.resolve({
+                activeBackupVersion,
+                eventVersion,
+                serverBackupVersion: serverBackupInfo?.version,
+            });
+        });
+
+        await expect(rustBackupManager.handleBackupSecretReceived(TestData.BACKUP_DECRYPTION_KEY_BASE64)).resolves.toBe(
+            true,
+        );
+
+        await expect(keyBackupStatusState.promise).resolves.toEqual({
+            enabled: true,
+            serverBackupVersion: "1",
+        });
+        await expect(keyCachedEventState.promise).resolves.toEqual({
+            activeBackupVersion: "1",
+            eventVersion: "1",
+            serverBackupVersion: "1",
+        });
+        expect(mockOlmMachine.enableBackupV1).toHaveBeenCalledTimes(1);
+    });
 });

spec/unit/rust-crypto/rust-crypto.spec.ts

@@ -811,13 +811,51 @@ describe("RustCrypto", () => {
             expect(storeSpy).toHaveBeenCalledWith("m.megolm_backup.v1", expect.anything());
         });
 
+        it("resetKeyBackup emits key cached with coherent backup state after a stale no-backup check", async () => {
+            const rustCrypto = await makeTestRustCrypto(
+                fetchMock as unknown as MatrixHttpApi<any>,
+                testData.TEST_USER_ID,
+                undefined,
+                secretStorage,
+            );
+
+            await expect(rustCrypto.getKeyBackupInfo()).resolves.toBeNull();
+
+            const keyBackupIsCached = new Promise<{
+                activeBackupVersion: string | null;
+                eventVersion: string;
+                serverBackupVersion: string | undefined;
+            }>((resolve) => {
+                rustCrypto.on(CryptoEvent.KeyBackupDecryptionKeyCached, async (eventVersion) => {
+                    const [activeBackupVersion, serverBackupInfo] = await Promise.all([
+                        rustCrypto.getActiveSessionBackupVersion(),
+                        rustCrypto.getKeyBackupInfo(),
+                    ]);
+                    resolve({
+                        activeBackupVersion,
+                        eventVersion,
+                        serverBackupVersion: serverBackupInfo?.version,
+                    });
+                });
+            });
+
+            await rustCrypto.resetKeyBackup();
+
+            await expect(keyBackupIsCached).resolves.toEqual({
+                activeBackupVersion: "1",
+                eventVersion: "1",
+                serverBackupVersion: "1",
+            });
+        });
+
         it("bootstrapSecretStorage doesn't try to save megolm backup key not in cache", async () => {
             const mockOlmMachine = {
                 isBackupEnabled: vi.fn().mockResolvedValue(false),
                 sign: vi.fn().mockResolvedValue({
                     asJSON: vi.fn().mockReturnValue("{}"),
                 }),
                 saveBackupDecryptionKey: vi.fn(),
+                enableBackupV1: vi.fn(),
                 exportCrossSigningKeys: vi.fn().mockResolvedValue({
                     masterKey: "sosecret",
                     userSigningKey: "secrets",

src/rust-crypto/backup.ts

@@ -205,7 +205,7 @@ export class RustBackupManager extends TypedEventEmitter<RustBackupCryptoEvents,
             this.logger.info(
                 `handleBackupSecretReceived: Valid decryption key for the current server-side backup version (${latestBackupInfo.version}) received`,
             );
-            await this.saveBackupDecryptionKey(backupDecryptionKey, latestBackupInfo.version);
+            await this.saveBackupDecryptionKeyForCurrentBackup(backupDecryptionKey, latestBackupInfo);
             return true;
         } catch (e) {
             this.logger.warn("handleBackupSecretReceived: Unable to validate backup decryption key", e);
@@ -214,16 +214,88 @@ export class RustBackupManager extends TypedEventEmitter<RustBackupCryptoEvents,
         return false;
     }
 
-    public async saveBackupDecryptionKey(
+    private async storeBackupDecryptionKey(
         backupDecryptionKey: RustSdkCryptoJs.BackupDecryptionKey,
         version: string,
     ): Promise<void> {
         await this.olmMachine.saveBackupDecryptionKey(backupDecryptionKey, version);
+    }
+
+    public async saveBackupDecryptionKey(
+        backupDecryptionKey: RustSdkCryptoJs.BackupDecryptionKey,
+        version: string,
+    ): Promise<void> {
+        await this.storeBackupDecryptionKey(backupDecryptionKey, version);
         // Emit an event that we have a new backup decryption key, so that the sdk can start
         // importing keys from backup if needed.
+        this.emitBackupDecryptionKeyCached(version);
+    }
+
+    private emitBackupDecryptionKeyCached(version: string): void {
         this.emit(CryptoEvent.KeyBackupDecryptionKeyCached, version);
     }
 
+    /**
+     * Mark a newly-created backup as the current usable backup.
+     *
+     * The server has already accepted this backup, so this uses the creation
+     * response to update local backup state instead of racing a follow-up GET
+     * against eventual consistency.
+     *
+     * @param backupInfo - The newly-created backup details.
+     */
+    public async enableKeyBackupFromCreation(backupInfo: KeyBackupCreationInfo): Promise<void> {
+        await this.enableKeyBackupFromInfo({
+            algorithm: backupInfo.algorithm,
+            auth_data: backupInfo.authData,
+            version: backupInfo.version,
+        });
+
+        this.emitBackupDecryptionKeyCached(backupInfo.version);
+    }
+
+    private async enableKeyBackupFromInfo(backupInfo: KeyBackupInfo): Promise<void> {
+        const version = backupInfo.version;
+        if (!version) {
+            throw new Error("Cannot enable key backup without version");
+        }
+
+        const previousServerBackupInfo = this.serverBackupInfo;
+        const previousCheckedForBackup = this.checkedForBackup;
+        this.serverBackupInfo = backupInfo;
+        this.checkedForBackup = true;
+
+        try {
+            const activeVersion = await this.getActiveBackupVersion();
+            if (activeVersion === null) {
+                await this.enableKeyBackup(backupInfo);
+            } else if (activeVersion !== version) {
+                await this.disableKeyBackup();
+                await this.enableKeyBackup(backupInfo);
+            }
+        } catch (e) {
+            this.serverBackupInfo = previousServerBackupInfo;
+            this.checkedForBackup = previousCheckedForBackup;
+            throw e;
+        }
+    }
+
+    private async saveBackupDecryptionKeyForCurrentBackup(
+        backupDecryptionKey: RustSdkCryptoJs.BackupDecryptionKey,
+        backupInfo: KeyBackupInfo,
+    ): Promise<void> {
+        const version = backupInfo.version;
+        if (!version) {
+            throw new Error("Cannot save backup decryption key for backup without version");
+        }
+
+        await this.storeBackupDecryptionKey(backupDecryptionKey, version);
+        await this.enableKeyBackupFromInfo(backupInfo);
+
+        // Emit after the backup is configured so listeners can immediately use the new backup.
+        this.emitBackupDecryptionKeyCached(version);
+    }
+
     /**
      * Import a list of room keys previously exported by exportRoomKeys
      *
@@ -568,7 +640,7 @@ export class RustBackupManager extends TypedEventEmitter<RustBackupCryptoEvents,
             },
         );
 
-        await this.saveBackupDecryptionKey(randomKey, res.version);
+        await this.storeBackupDecryptionKey(randomKey, res.version);
 
         return {
             version: res.version,

src/rust-crypto/rust-crypto.ts

@@ -1382,8 +1382,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
             await this.secretStorage.store("m.megolm_backup.v1", backupInfo.decryptionKey.toBase64());
         }
 
-        // we can check and start async
-        this.checkKeyBackupAndEnable();
+        await this.backupManager.enableKeyBackupFromCreation(backupInfo);
     }
 
     /**