Skip to content

Commit

Permalink
fix: Group removal is best effort access control, so use fresh session
Browse files Browse the repository at this point in the history
The group removal feature is not based on cryptography,
just best-effort server side access control.
With either manual sessions or transparent sessions,
a user may keep using a session that was previously shared with
a group, and the key does not rotate when a group member is removed

So when using transparent sessions a device that shares with a
given group may keep using the same cryptographic key for up to 12h,
which means the server should continue to apply access control to the
files themselves, in addition to best-effort acces control on groups.

In the case of our functional tests, it means that after removing
a user from a group we should test with a fresh device (and drop any
still active manual sessions) to get a reliable access control test
  • Loading branch information
tux3 committed Dec 19, 2022
1 parent d86bd16 commit d8bc6f8
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion tests/group_tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -153,13 +153,15 @@ async fn remove_member_from_group() -> Result<(), Error> {
.update_group_members(&group_id, &[], &[bob_pub_id])
.await?;

let encrypted = alice.encrypt(msg, &options).await?;
let charles = app.start_anonymous(&app.create_identity(None)).await?;
let encrypted = charles.encrypt(msg, &options).await?;

let err = bob.decrypt(&encrypted).await.unwrap_err();
assert_eq!(err.code(), ErrorCode::InvalidArgument);

alice.stop().await?;
bob.stop().await?;
charles.stop().await?;
Ok(())
}

Expand Down

0 comments on commit d8bc6f8

Please sign in to comment.