Skip to content

EW: Make identity reset consistent with EX #29227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Tracked by #2700
mxandreas opened this issue Feb 6, 2025 · 3 comments · May be fixed by #29701
Open
Tracked by #2700

EW: Make identity reset consistent with EX #29227

mxandreas opened this issue Feb 6, 2025 · 3 comments · May be fixed by #29701
Assignees
@andybalaam
Labels
A-E2EE A-Login T-Enhancement T-User Story Team: Crypto

Comments

@mxandreas
Copy link

mxandreas commented Feb 6, 2025
edited
Loading

Background

Historically EW had many different identity resets, some of which only reset the cross-signing keys and some of which also reset "everything" (meaning any server-side copies of any keys as well as the server side storage as such). The other difference was that in some variants, EW also automatically asked user to set up recovery (on EX this step was separated from the reset flow).

To simplify it for the end users, and make it consistent with EX behavior, only one type of reset will be kept - the one that resets "everything" and does not set up recovery as part of it.

Problem

This new reset, including the new designs has been implemented for the scenarios:

  • when the user goes proactively to Settings > Encryption > Advanced and triggers it.
  • when user is notified that their key storage is out of sync, and the user chooses the Forgot recovery key option.

However, there are other scenarios which are not currently covered.

All of them have the same cause - the user needs to verify their device but is not able to - but the entry points in UI are several:

  • The user tries to login.
  • The user is already in the app but the device not verified:
    • Tries to access Settings > Encryption.
    • Tries to proactively verify the device (e.g. in the Sessions / Devices)
    • Gets a toast that prompts to verify the device.

Designs

Clarifications on the designs:

  • All the current confirmation modals that currently appear right after clicking reset (there are a few variations depending on the starting point), should be removed. The very first screen is the one linked above (on the left are old, on the right the new design).

    • Image

  • Modernizing the screen that is used in case of OIDC (user is directed to MAS web app) is a stretch goal. The minimum is to make sure that the copy of the current modal follows the copy of new designs (current modal on the left, new designs on the right).

    • Image
@mxandreas mxandreas mentioned this issue Feb 6, 2025
Open
@mxandreas mxandreas changed the title EW: Update the reset cryptographic identity flow when triggered from "verify device" modal or when "key storage is out of sync." so that it is consistent with EX and also matches the flow that is triggered from Settings > Encryption > Advanced EW: Make identity reset consistent with EX Feb 6, 2025
@richvdh richvdh transferred this issue from element-hq/element-meta Feb 10, 2025
@dosubot dosubot bot added A-E2EE A-Login T-Task Tasks for the team like planning labels Feb 10, 2025
@andybalaam andybalaam mentioned this issue Feb 10, 2025
Open
@MidhunSureshR MidhunSureshR added T-Enhancement and removed T-Task Tasks for the team like planning labels Feb 12, 2025
@andybalaam andybalaam mentioned this issue Feb 17, 2025
Open
@uhoreg uhoreg self-assigned this Mar 24, 2025
@uhoreg
Copy link
Member

uhoreg commented Mar 25, 2025

A couple questions:

When reset is triggered when already in app.

Is there a way of triggering reset other than in the Encryption settings tab?

The designs show a dialog that looks almost the same as the "Are you sure you want to reset your identity", but says "Reset your identity in case you can't confirm another way". When is this dialog triggered instead of the "Are you sure you want to reset your identity" dialog?

Notes to self:

  • The "Are you sure you want to reset your identity" component is in components/views/settings/encryption/ResetIdentityPanel.tsx, but is built as a panel for the encryption settings and includes a breadcrumb at the top to return to the settings page so we'd need to separate out the common part and put it in a modal.

  • The existing dialogs are in components/structures/auth/CompleteSecurity.tsx

@mxandreas
Copy link
Author

mxandreas commented Mar 26, 2025
edited
Loading

Is there a way of triggering reset other than in the Encryption settings tab?

The other ways currently are:

  • You get the "Key storage out of sync." toast, and decide to reset from there.
  • Until we make verification mandatory at login, you can still trigger it when you go to verify your device from the Sessions tab (this will disappear of course soon, as we make verification mandatory).

Btw, I hoped the ticket description above makes this clear but let me know if there is anything confusing about it or it was just to confirm.

The designs show a dialog that looks almost the same as the "Are you sure you want to reset your identity", but says "Reset your identity in case you can't confirm another way". When is this dialog triggered instead of the "Are you sure you want to reset your identity" dialog?

If you meant this screen, then this is the (external) MAS confirmation modal. Its wording is tailored to the "I need to reset because I can't verify my device" scenario but I just checked that the same modal is re-used for the scenario when you proactively reset from Encryption tab.

@americanrefugee I think it is fine to keep it as it is for now because in 99% of cases people will do reset because they can't verify. We can always adjust this (e.g. make more generic so it fits all scenarios) later. In any case, it would not affect this story/ticket.

@uhoreg
Copy link
Member

uhoreg commented Mar 26, 2025
edited
Loading

Components used by current dialogs:

components/structures/auth/SetupEncryptionBody, which is used by components/structures/auth/CompleteSecurity and
components/views/dialogs/security/SetupEncryptionDialog

components/views/dialogs/security/InitialCryptoSetupDialog, which is used by components/structures/auth/E2eSetup I think this is just for the initial setup, not for reset

@uhoreg uhoreg mentioned this issue Apr 6, 2025
Closed
This was referenced Apr 9, 2025
Merged
Draft
@andybalaam andybalaam assigned andybalaam and unassigned uhoreg Apr 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andybalaam andybalaam

Labels
A-E2EE A-Login T-Enhancement T-User Story Team: Crypto
Projects
None yet
Milestone
No milestone
4 participants
@andybalaam @uhoreg @MidhunSureshR @mxandreas