Display a warning when an unverified user's identity changes

[uhoreg]

Fixes element-hq/element-meta#2513

Checklist

• Tests written for new code (and old code if feasible).
• New or updated public/exported symbols have accurate TSDoc documentation.
• Linter and other CI checks pass.
• I have licensed the changes to Element by completing the Contributor License Agreement (CLA)

[CLAassistant]

All committers have signed the CLA.

[florianduros]

In a first time, we should move UserIdentifyWarning into a functional component and break down its behaviour into multiple hooks. Let me know if you need help to do it

There are differences with the figma design too.

[uhoreg]

I think that I've addressed all of @florianduros 's concerns. The test failure looks like possible flakiness, since it's testing components that I haven't touched.

[florianduros]

You are in the right direction! Now, we can refactor this hook into multiple custom hooks seperate by logic concern et will be ready to go.

About the test failure, yes it's a flackiness which has been adresse in another PR

[florianduros]

It's looking better! Now we can move theses hooks and their logic into separate custom hooks in order to encapsulate their behaviour and make the component easier to maintain.

In test:

• use jest.spyOn in test to handle the mocking of the client or the crypto api.
• use https://testing-library.com/docs/queries/about/ to get the dom element. We want to favour the role query in order to make it sure that we are also accessible
• In case of async behaviour when we need to wait for a rerender, waitFor is doing for us the retry/waiting.

[uhoreg]

@florianduros ping

[florianduros]

Sorry for the delay.
I think it's in a good state to be merged.
One comment about room.hasEncryptionStateEvent.

[uhoreg]

I've addressed all of Florian's concerns. @richvdh can you give this a crypto team review?

[richvdh]

Looks mostly ok to me; a couple of bugs though.

It would be good to get at least one playwright test of this behaviour. Could be a followup PR though.

[richvdh]

Suggested change

	(event.getContent().membership === KnownMembership.Join && room.shouldEncryptForInvitedMembers())
	(event.getContent().membership === KnownMembership.Invite && room.shouldEncryptForInvitedMembers())

I'd feel happier if we had a unit test that picked this up...

[uhoreg]

I managed to find another race condition while writing a test, so I need to investigate and fix it.

[richvdh]

Why do we catch on the loadMembers() call at line 241, but not here? Any errors thrown here will get lost.

[richvdh]

Suppose we see a member join and leave in quick succession (potentially, in the same /sync response)

The join will trigger a call to addMemberIfNeedsApproval, which will start a call to userNeedsApproval.
The leave will run removeMemberNeedingApproval, which won't do much.
userNeedsApproval will complete, and the user may be added to the list of approvals needed. We now have a non-member in the list of approvals.

[uhoreg]

Right. Similar thing if someone leaves while we're still processing the initial room membership. Will have to think about how to solve this. I think that setting the flag in gotVerificationStatusUpdate might fix the join-then-leave issue, but not the leave-while-initialising problem.

[richvdh]

Suggested change

	if (!membersNeedingApproval.has(userId) && gotVerificationStatusUpdate.get(userId) === false) {
	// Only actually update the list if we haven't received a `UserTrustStatusChanged` for this user in
	// the meantime.
	if (!membersNeedingApproval.has(userId) && gotVerificationStatusUpdate.get(userId) === false) {

[richvdh]

Also, consider removing !membersNeedingApproval.has(userId) from this condition. AFAICT, addMemberNeedingApproval is a no-op if the user is already in the list, and removing the check would simplify this function.

[richvdh]

aside: I wondered if it would be good to have a single updateCurrentPrompt function which updates currentPrompt based on the current state of the list. Hence we'd have something like:

const updateCurrentPrompt = useCallback(() => {
    // Some sort of comment about callbacks and await
    setCurrentPrompt((currentPrompt) => {
        // If we have an existing prompt, leave it in place unless the user has been removed from the list
        if (currentPrompt && membersNeedingApproval.has(currentPrompt.userId)) {
            return currentPrompt;
        }

        return selectCurrentPrompt();  // probably inline this
    });
}, [setCurrentPrompt]);

... and then use that in the three places we currently call setCurrentPrompt.

It feels cognitively simpler to me, and has the advantage that we don't need to worry about someone slipping in an async before a call to setCurrentPrompt and breaking everything.

[richvdh]

Suggested change

	// Check if the user's identity needs approval, and if so, add them to the
	// For each user in the list, check if their identity needs approval, and if so, add them to the

[richvdh]

Suggested change

	// We're processing an m.room.member event

[richvdh]

okayyy, but now don't we have a problem for a join-leave-join scenario?

I can't help but feel we need a proper queue of things to process :/

[uhoreg]

I think I figured out a way to solve it while minimising the changes.

[richvdh]

out of interest, was the switch to doing this in parallel meant to fix something, or just an optimisation?

[uhoreg]

Just an optimisation. I changed the function to take a list of users so that it would update gotVerificationStatusUpdate for all the users at once, so that if we get an update for, say, Alice, but we haven't started fetching her update status, we won't try to overwrite the update with a fetched value. Then I figured it was silly that we were waiting for one to complete before querying the next.