feat(ffi): Allow passing in a SecretsBundle while logging in

Author: poljar

bindings/matrix-sdk-ffi/src/authentication.rs

@@ -29,7 +29,7 @@ use matrix_sdk::{
 use ruma::serde::Raw;
 use url::Url;
 
-use crate::client::{Client, OidcPrompt, SlidingSyncVersion};
+use crate::client::{Client, OidcPrompt, SecretsBundle, SlidingSyncVersion};
 
 #[derive(uniffi::Object)]
 pub struct HomeserverLoginDetails {
@@ -95,12 +95,24 @@ impl SsoHandler {
     }
 
     /// Completes the SSO login process.
-    pub async fn finish(&self, callback_url: String) -> Result<(), SsoError> {
+    pub async fn finish(
+        &self,
+        callback_url: String,
+        secrets_bundle: Option<Arc<SecretsBundle>>,
+    ) -> Result<(), SsoError> {
         let auth = self.client.inner.matrix_auth();
         let url = Url::parse(&callback_url).map_err(|_| SsoError::CallbackUrlInvalid)?;
         let builder =
             auth.login_with_sso_callback(url).map_err(|_| SsoError::CallbackUrlInvalid)?;
         builder.await.map_err(|_| SsoError::LoginWithTokenFailed)?;
+
+        if let Some(bundle) = secrets_bundle {
+            self.client
+                .import_secrets_bundle(&bundle)
+                .await
+                .map_err(|e| SsoError::Generic { message: e.to_string() })?;
+        }
+
         Ok(())
     }
 }

bindings/matrix-sdk-ffi/src/client.rs

@@ -203,6 +203,23 @@ impl From<PushFormat> for RumaPushFormat {
     }
 }
 
+#[derive(uniffi::Object)]
+pub struct SecretsBundle {
+    inner: matrix_sdk_base::crypto::types::SecretsBundle,
+}
+
+impl SecretsBundle {
+    pub fn bundle_from_str(bundle: &str) -> Result<Arc<Self>, ClientError> {
+        let bundle = serde_json::from_str(bundle)?;
+
+        Ok(Self { inner: bundle }.into())
+    }
+
+    pub fn from_database(database_path: &str) -> Result<Arc<Self>, ClientError> {
+        todo!()
+    }
+}
+
 #[matrix_sdk_ffi_macros::export(callback_interface)]
 pub trait ClientDelegate: SyncOutsideWasm + SendOutsideWasm {
     /// A callback invoked whenever the SDK runs into an unknown token error.
@@ -418,6 +435,24 @@ impl Client {
 
         Ok(client)
     }
+
+    pub(crate) async fn import_secrets_bundle(
+        &self,
+        secrets_bundle: &SecretsBundle,
+    ) -> Result<(), ClientError> {
+        self.inner
+            .encryption()
+            .import_secrets_bundle(&secrets_bundle.inner)
+            .await
+            .map_err(|e| ClientError::from_err(e))?;
+
+        // Upload the device keys, this will ensure that other devices see us as a fully
+        // verified device ass soon as this method returns.
+        self.inner.encryption().ensure_device_keys_upload().await?;
+        self.inner.encryption().wait_for_e2ee_initialization_tasks().await;
+
+        Ok(())
+    }
 }
 
 #[matrix_sdk_ffi_macros::export]
@@ -486,15 +521,24 @@ impl Client {
         password: String,
         initial_device_name: Option<String>,
         device_id: Option<String>,
+        secrets_bundle: Option<Arc<SecretsBundle>>,
     ) -> Result<(), ClientError> {
         let mut builder = self.inner.matrix_auth().login_username(&username, &password);
+
         if let Some(initial_device_name) = initial_device_name.as_ref() {
             builder = builder.initial_device_display_name(initial_device_name);
         }
+
         if let Some(device_id) = device_id.as_ref() {
             builder = builder.device_id(device_id);
         }
+
         builder.send().await?;
+
+        if let Some(bundle) = secrets_bundle {
+            self.import_secrets_bundle(&bundle).await?;
+        }
+
         Ok(())
     }
 
@@ -506,6 +550,7 @@ impl Client {
         jwt: String,
         initial_device_name: Option<String>,
         device_id: Option<String>,
+        secrets_bundle: Option<Arc<SecretsBundle>>,
     ) -> Result<(), ClientError> {
         let data = json!({ "token": jwt }).as_object().unwrap().clone();
 
@@ -520,6 +565,11 @@ impl Client {
         }
 
         builder.send().await?;
+
+        if let Some(bundle) = secrets_bundle {
+            self.import_secrets_bundle(&bundle).await?;
+        }
+
         Ok(())
     }
 
@@ -530,6 +580,7 @@ impl Client {
         password: String,
         initial_device_name: Option<String>,
         device_id: Option<String>,
+        secrets_bundle: Option<Arc<SecretsBundle>>,
     ) -> Result<(), ClientError> {
         let mut builder = self
             .inner
@@ -546,6 +597,10 @@ impl Client {
 
         builder.send().await?;
 
+        if let Some(bundle) = secrets_bundle {
+            self.import_secrets_bundle(&bundle).await?;
+        }
+
         Ok(())
     }
 
@@ -637,7 +692,11 @@ impl Client {
     }
 
     /// Completes the OIDC login process.
-    pub async fn login_with_oidc_callback(&self, callback_url: String) -> Result<(), OidcError> {
+    pub async fn login_with_oidc_callback(
+        &self,
+        callback_url: String,
+        secrets_bundle: Option<Arc<SecretsBundle>>,
+    ) -> Result<(), OidcError> {
         let url = Url::parse(&callback_url).or(Err(OidcError::CallbackUrlInvalid))?;
 
         self.inner.oauth().finish_login(url.into()).await?;

crates/matrix-sdk/src/encryption/mod.rs

@@ -826,7 +826,7 @@ impl Encryption {
         }
     }
 
-    pub(crate) async fn import_secrets_bundle(
+    pub async fn import_secrets_bundle(
         &self,
         bundle: &matrix_sdk_base::crypto::types::SecretsBundle,
     ) -> Result<(), SecretImportError> {
@@ -1890,7 +1890,7 @@ impl Encryption {
     /// **Warning**: Do not use this method if we're already calling
     /// [`Client::send_outgoing_request()`]. This method is intended for
     /// explicitly uploading the device keys before starting a sync.
-    pub(crate) async fn ensure_device_keys_upload(&self) -> Result<()> {
+    pub async fn ensure_device_keys_upload(&self) -> Result<()> {
         let olm = self.client.olm_machine().await;
         let olm = olm.as_ref().ok_or(Error::NoOlmMachine)?;