This file is loaded by the background page, which means it is already
bound to the background page's global context. This was not true at some
time in the distant past but is true now.
// FREEBIE
This line was never being hit due to the duplicate one above (#L166).
Peeking at the server code shows that 403 is only given in response to
registration attempts, where it does in fact indicate an invalid code.
// FREEBIE
Previous commit removed notification models from the global collection
but did not actually update the existing notification.
This commit refactors the notification interface to allow us to update
it without re-surfacing the notifcation onscreen.
// FREEBIE
Fix bug where resending due to failed network connection would fail
silently.
Broken in 7b6820 refactor which changed arguments to transmitMessage
// FREEBIE
Previously, libtextsecure would send a sync message automatically
when appropriate. This fails if any recipient has a key conflict
or if our network connection fails mid-send.
Instead, when appropriate, return a the DataMessage encoded as an array
buffer for later syncing. This lets the application choose when to send
it, which we now do after any successful send to a recipient, rather
than after all recipients are successfully sent to.
Eventually we should move the DataMessage protobuf construction and
group sending logic to the application layer entirely, in which case
we wouldn't need libtextsecure to construct the sync message either.
Fixes#408
Fix bug where re-installing would cause sync messages to fail and
produce unresolvable error indicators on messages that were actually
sent.
// FREEBIE
If you had an inaccurate unread count due to previously broken unread
tracking, it's possible to go negative and never fully recover. Fixed
by clamping to zero.
// FREEBIE
Messages that are received in the active conversation while the window
is focused, are automatically marked as read.
The conversation appears as unread for a split second as the incoming message
arrives but it gets marked as read as soon as the message is displayed.
The window title now shows the global number of unread messages as
"Signal (1)". This way the user can see the number of unread messages
in the task bar and when alt-tabbing.
Resolves: #384
Fixed the global counting of unread messages. This makes the "unreadCount"
variable in storage to stay in sync with the sum of unread messages in each
conversation. To achieve this, the controller_view updates the global
variable whenever messages are received or read.
encryptMessageFor now requires an array buffer instead of a protobuf.
By converting the message to an array buffer outside the Promise.all, we
avoid allocating a new copy for each device.
// FREEBIE
We don't need to keep them in memory if we're done viewing them,
plus it avoids having to re-render a large collection when we re-open a
conversation. Now that we only load a sensible number of messages at a
time, caching them between usages is less valuable. Removing them from
the collection should free them for garbage collection.
// FREEBIE
Messages with images or media were causing the scroll position to jump
around when they loaded, because rendering them changed the height of their
elements from 0 to full-height sometime after they were inserted into
the DOM.
Now when rendering attachments, we wait for them to load so they can
render at full height immediately, then warn our parent message list
before and after a potential height change, so the scroll position can
be saved and reset.
// FREEBIE
Only load the most recent messages when initially rendering a
conversation. Scrolling to the top of a message list loads older
messages.
This required some slight refactoring of how we insert message elements
into the dom. If the message is added to the end of the collection,
append it at the end. Otherwise, assume it is an older message and
prepend it.
When adding elements to the top, reset the scrollPosition to its
previous distance from scrollHeight. This keeps the current set of
elements fixed in the viewport.
// FREEBIE
Add db adapter support for clean cursor termination when passing
options.index and options.limit together. Previously this would cause a
crash because options.conditions was undefined.
// FREEBIE
Renames extension.windows.beforeUnload to onSuspend, to match the
underlying chrome api call. onClosed fires when the frontend app window
is closed, while onSuspend fires when the background page is closed or
refreshed (which amounts to an app restart).
Frontend views are initialized iff the inbox window is opened, and so
should always be listening to onClosed in order to know when they are no
longer needed.
// FREEBIE
1. Update chrome version because v40 fails to clear the session store
2. Add message view to test page and fix bad reference to chrome
3. Update the message view template in tests with new timestmap markup
// FREEBIE
Create a cleaner seperation between generating notifications
and updating frontend conversation views. The former is now
handled by `conversation.notify` while the latter is achieved
by triggering an event on the conversation model, which will
only be acted on if there are any views listening for it.
Additionally, instead of re-fetching the entire message history,
which is overkill, just add or update the new/modified message.
This will help speed up the newmessage event handler and also
help avoid unnecessary re-rendering when resolving key conflicts.
// FREEBIE
Follow up to b0da4910. When inferring membership of the sender in an
unknown group, remember to save and return the group members.
Generally, this should only effect standalone clients unless someone
managed to clear their groups db table, since linked clients get group
info synced at registration.
// FREEBIE
If you're the last member of the group, it doesn't make sense to send
messages to it. Previously, we would wait forever for a callback,
causing a stuck pending state indicator.
// FREEBIE
Follow up to ddd2e67eb5
but for incoming messages.
* Conflict state sometimes failed to be removed even though the
conflict was resolved.
* Messages failed to re-render after a conflict. We want to
re-render only the error state on outgoing messages, to avoid
flickering attachments. On incoming messages, we need to call
render to populate the message text, avatar, etc...
// FREEBIE
Display format consistent with Android:
* relative time for everything from today
* Day of week + time for within the past 7 days
* Static Month Day time for everything older
Each timestamp will only update as often as needed to stay accurate,
which is once a minute, once an hour, once a week, or never.
// FREEBIE
* Don't open message detail views from message detail views
* When message errors change, re-render the error state, but
not the message markup and contents.
* Fix renderErrors bug not removing the error class correctly.
// FREEBIE
Previously, with a mix of text and media messages in conflict,
asynchronous callbacks aligned so as to fail to remove some of
the conflict objects on messages.
Fix by serializing conflict processing, but making sure to move
on through the message list even if some conflict resolutions fail.
Fixes#370
// FREEBIE
* Refactor options.js into a view
* Break up install flow into a series of screens
* Remove bootstrap
* Make installer window static size, mostly to facilitate positioning
// FREEBIE
When we re-register, our deviceId might change, which makes our sessions
are no longer valid since the recipient will see us as a new device.
Fixes#388
Fix a bad loop scope bug in getKeysForNumber by using forEach.
Refactor the initial process of establishing key material for devices
that do not have open sessions.
// FREEBIE
For non text messages (ex: media messages and group updates), the
lastMessage field was being populated with empty string, resulting in an
empty message preview in the conversation list. Instead, display 'Media
message' or 'Updated the group', etc...
// FREEBIE
These functions accept an array buffer and extract an AES and MAC key
from it without verifying it has the appropriate length. Ciphertext
messages are similarly dissected. The slice function does not raise an
error on out of bounds accesses but instead returns an empty or
partially-filled array. Empty or short arrays will be passed through to
the window.crypto.subtle API, where they will raise an error. We should
not rely on the Web Crypto API to validate key lengths or for MAC checks
to fail. Instead, validate the lengths of given parameters before
extracting their components.
// FREEBIE
This may increase processing latency a bit, particularly with large
attachments, but will ensure that messages are dispatched in the order
they are received.
It would be nice to enforce ordering on only the dispatch step, so that
we could, for example, decrypt the next websocket message while waiting
for an attachment to download, but that will require a more complicated
refactor. Will stick with the quick fix for now and revisit later.
Fixes#342
// FREEBIE
It's rare that we get in a state where we have a device record without a
session, but we should handle errors gracefully in that case. Catch them
and register them, except for identity key errors which are registered
in handleResult.
// FREEBIE
fixup error handling // FREEBIE
This function dynamically declares a bunch of functions which bind to
its input arguments. Instead, use a new prototypal class to define
these functions within the context of a particular message.
// FREEBIE
Add a pendingMessages object to MessageSender. This object holds
one promise per recipient number. We init this promise with
Promise.resolve(), and chain on promises for message sending, replacing
the previous promise with the newly chained promise each time. If the
current promise resolves and finds that it is still the last promise
in the chain, it removes itself.
Websocket resources should have their keepalive timers reset whenever a
message comes in. This is a nicety that slightly reduces the amount of
traffic we send when actively messaging.
Previously this was handled by MessageReceiver, but it's a bit cleaner
to just have the WebsocketResource add an extra 'message' event handler.
// FREEBIE
Bind the sub-view to some data when we initialize it, rather than
passing it in on render. That means the image view click handler will
only ever open the blob we bound it to, even if its src attr changes for
some reason, which should never happen, but if it does, it's nice to
guard against opening arbitrary urls found in the dom.
// FREEBIE
Images that are attached to messages, either sent or received
can be opened in a new tab by clicking on them.
The previous approach that used Anchors to open the image
attachmets failed in various systems because:
- Chrome on Windows recognised "blob" as protocol and tried
to find an app for it
- Chromium on Ubuntu didn't open a new window to load the URL
The new approach adds a "click" listener to the IMG element and
opens the link using window.open (which seems to be working globaly).
Resolves: #252
In rare cases, a race between delivery receipts and outgoing message
requests can cause the sent flag to be reversed. Fix by marking messages
sent at the same time they are marked delivered.
// FREEBIE
Per WhisperSystems/TextSecure@8a1428e, bump GIF limit to 5MB, and
audio/video limit to 100MB. Update toast to notify in correct
human-readable units. The only kB size limit is for images, and will
trigger only if after scaling up to 4 times, the rescaled image did not
come in under the size limit without unacceptable quality loss.
Closes#354
Using the search field produces a filtered view of all contacts and
groups containing the input. To make this fast and scalable, add an
index on a 'tokens' array containing words from the conversation name
and different forms of phone number.
Closes#365
// FREEBIE
Split into separate encrypt and transmit functions. Let the encryption
function also handle all wire formatting (ie, jsonification and base64
encoding), which simplifes TextSecureServer.sendMessages, removes a
TODO, and lets us save fewer params to make network errors replayable.
// FREEBIE
The resend button should disappear once you've clicked it. This was not
happening because the message detail view held a cached copy of the old
message errors. Fix by re-reading the errors when we re-render.
// FREEBIE
This ensures that the containing promise is rejected without triggering
the side effects of an uncaught exception, such as causing the debugger
to pause.
// FREEBIE
Opening two message-detail views in two separate conversations would
disappear one of the conversations. Fixed by better encapsulating the
sub-views of a conversation.
// FREEBIE
Previously would fail to register keys by using the wrong username.
The username should be <number>.<deviceid> once we've confirmed our
account and received a deviceId from the server.
// FREEBIE
`tryMessageAgain` is the routine called when re-trying a message that
failed to decrypt due to an IncomingIdentityKeyError. This handling
needs to move to MessageReceiver because it depends on
`processDecrypted` to handle incoming message protos, which depends
on a server instance in order to download attachments.
// FREEBIE
textsecure.MessageSender takes server url and credentials and returns
a message sending interface configured for that server.
Used a wrapper function to insert a TextSecureServer instance into
sendmessage.js code at runtime. This will result in function duplication
between different MessageSender objects, pending further refactoring to
use prototypal inheritence.
// FREEBIE
Following the pattern from previous commit, let the server class accept
a url and login credentials from the caller. Then integrate into
MessageReceiver and AccountManager.
// FREEBIE
An exception to the previous commit, for incoming messages we should not
show a mysterious empty bubble. Instead there is some generic
non-technical error message.
// FREEBIE
Change how message errors are rendered. Errors associated with a number
will be shown under that number in the detail view rather than piling up
in the message bubble.
// FREEBIE
Fix inconsistency in error format, where we sometimes get an unexpected
Error object and sometimes get a wrapper object containing an Error.
Also start saving network errors.
// FREEBIE
Refactor outgoing message error handling to use the same success and
error handlers. This creates a somewhat strange pattern, where we call
send and pass in the promise that resolves when sending is complete, but
there's enough variety in the libtextsecure syntax for different message
sending routines that it belongs at the conversation level and only the
post-processing stuff is really shared by all messages.
// FREEBIE
There is no in-window navigation in the chrome app environment, so nix
the first if-clause here. Also make it programmatically reloadable and
fix indentation.
// FREEBIE
1. This is nonstandard behavior, not supported by any other clients. It
may help sometimes but will also cause bugs (see 2)
2. iOS doesn't handle group updates with missing fields. all fields must
be populated, and libtextsecure doesn't have any knowledge of the group
name or avatar, so these updates will clobber group state on iOS.
// FREEBIE
This one's been around since forever, but only manifests when someone
leaves the group and comes back. In that case we fail to reinit their
numberRegistrationId object, which causes a npe when we try to send
send them group messages.
Affected parties must ask their fickle friends to leave/join again.
// FREEBIE
Rather than asking for a global target, the message receiver implements
the EventTarget interface itself. It does not expose the dispatchEvent
method, however. This ensures that events can only be triggered from
within the internal MessageReceiver class, which means we no longer need
to namespace them.
// FREEBIE
Let the libtextsecure consumer pass in their own server url, username,
password, and signaling key, as with libtextsecure-java.
Also brings reconnect logic up into the MessageReceiver class, which
is the only place it should apply.
Encapsulate the global conversation cache collection against accidental
access, avoiding the data-clobbering bug fixed in previous commit.
Also move some one-off program initialization code from panel controller
to background.js
// FREEBIE
The conversation's contactCollection only contains references to the
current membership, and will not provide contact info for people who
have left the group, causing their messages to render without numbers or
avatars.
// FREEBIE
When confirming the creation of a one on one conversation with a new
contact, the first click would do nothing but the second click would
work. Now the first click works.
Fix by only reject new conversation creation if not saved.
// FREEBIE
Fixes auto archive when deleting all messages, and auto unarchive when
sending a new message. Previously, the convo would not reappear in the
inbox after deleting all messages.
// FREEBIE
Only fetch them from a frontend view. If the conversation is not open,
we don't need to load the messages, and if we do load them, they will
render before we've done the initial contact info loading (as
implemented in 74e96ce).
Fixes#344
// FREEBIE
This listener is doing way more work than necessary to update the dom by
removing all the list items and re-creating them. This also causes the
bug where selected state is cleared when new messages arrive, not to
mention binding new event listeners without unbinding the old ones.
Fix by simply promoting an element to the top of the list when it's
active_at value changes, rather than re-rendering the whole list. This
could backfire if the value gets changed to an earlier timestamp but for
now we assume that won't happen.
// FREEBIE
The chrome.notifications api renders iconUrls at full bleed, as opposed
to the Web Notifications api, which adds padding. This was causing our
identicons to look a bit over stretched.
Fixed by rendering them a bit larger and with some padding.
// FREEBIE
Only allow one notification at a time. Use a basic notification for
normal messages, and image notification for image messages, and a list
notification when there are multiple unread messages.
// FREEBIE
Forgot to bind the socket event handler, and the then() handler should
come before the catch() handler or else it will execute every time the
catch handler executes.
// FREEBIE
Always test connectivity with an http request after a websocket closes,
regardless of what code/error it closed with. If that request succeeds,
automatically reconnect the socket.
// FREEBIE
Create a new collection type for the inbox which listens to events on
the main conversation cache. Also don't reload conversation info from
the database as often or when unnecessary.
Fixes#345
// FREEBIE
There's no need to use a custom collection type here since we don't use
any of the ConversationCollection methods. This helps prevent the
introduction of duplicate models for the same chat.
// FREEBIE
The delivery receipt handler should only update messages, so rather than
reloading the conversation and its contacts, only reload the messages.
// FREEBIE
Makes the groupupdate and recipient input fields stick to the top,
restyles the typeahead as a floating dropdown list of suggestions
rather than a full width component, fixes group avatar thumbnail
rendering.
// FREEBIE
Used by member list view. Refactored some templates for shared markup.
Fixes strange behavior where members in the list were hoverable and
selectable.
// FREEBIE
Establishes basic functionality for viewing conversations in two column
mode, including message area and message list resizing, and maintaining
scroll position.
Various subviews need to be retooled but are more or less still
functional, i.e., new message, message detail, key verification, etc...
Start by requesting keys for only the master device, then handle 410 as
needed. Single-device users are the more common case and this strategy
lets us avoid requesting/expending one of our own device keys when
establishing a session with sibling devices.
// FREEBIE
After setting a new identity key as trusted, we retry decryption on all
pending conflicts for that contact. If their identity changed twice in a
row, we can still get a conflict the second time, and should handle it
appropriately.
When resolving conflicts, we should not only discard the old key, but
set the new trusted key to the one the user has verified. Previously, we
would end up trusting the first-seen new key, which may not be the one
the user verified.
// FREEBIE
Related with #278. Redone to include keeping scroll at the bottom when resizing the window, as suggested in #305, and to better fit the current code structure.
This new endpoint should always issue a response to a provisioning
socket so if we don't receive one we should assume the connection has
been lost.
Closes#318
By default, automatically disconnect if no response. This is preferable
because we can sometimes lose connectivity without receiving a close
event from the socket, but it's also possible that the endpoint may not
support responses.
// FREEBIE
saveKeysToDeviceObject is the detector of outgoing identity key errors.
Catch these key errors closer to the source by pulling the
getKeysForNumber into the context of sendMessageToDevices, which lets
it access registerError and the message protobuf.
Previously identity key errors would be uncaught if all existing
sessions with a recipient were closed/deleted, since we would
preemptively fetch the new identity key. The old error handling only
kicked in after a 409/410 response from the server when posting a
message encrypted for a stale session.
// FREEBIE
Previously we would convert a bytebuffer to a string, pass it to
libaxolotl where it would be parsed back into a bytebuffer.
Ideally we would just pass the bytebuffer, but it turns out that
libaxolotl's bytebyffer class is identical but separate from
libtextsecure's bytebuffer class. ¯\_(ツ)_/¯
So instead we pass the underlying array buffer, which is handled
more or less the same way as a bytebuffer, and most importantly,
does not involve any copying.
// FREEBIE
We now disconnect ourselves if we don't get the server's response to a
keepalive request within 30s. This way we will eventually disconnect if
the network goes away but the socket is not closed.*
* See code.google.com/p/chromium/issues/detail?id=197841 and
https://stackoverflow.com/questions/11755605/chrome-websocket-connection-not-closed-when-browser-closed
We will then try to reconnect once a minute (See 8a10c96);
Keepalives belong at this level anyway, since the format is defined by
both the websocket resource protocol and our specific server url
structure.
// FREEBIE
This trigger function uses chrome's runtime message passing api, which
traverses between different windows in our runtime, but we only trigger
the updateInbox event from the backgroud page, so we don't need to use
that api, which requires some extra cpu/memory overhead.
// FREEBIE
Well that didn't work. Luckily this comparison is primarily enforced at
the libaxolotl level.
With this and the corresponding change to libaxolotl, remote identity
keys are always going to be stored as array buffers going forward. This
will cause incompatibility with existing keys stored as strings, so
updating to this point requires you to purge your identity key and
session store.
We're overriding the default with null often enough that we should
just change the default.
Consequently, no more phantom blank conversations with oneself should
appear after receiving a group update. They were being added to the
inbox because they were incorrectly initialized with an active_at value.
Fixes#281
All the old event listeners and in-memory objects have perished with the
old background page. Also reopen the inbox if it was already open.
Fixes#289
// FREEBIE
The following are equivalent, except that the first is longer and
invokes an extra function call.
```
return new Promise(function(resolve, reject) {
reject(new Error("Unknown Group"));
});
return Promise.reject(new Error("Unknown Group"));
```
Refreshing the background page does re-open the socket, but the inbox
and other windows don't reattach correctly. Reload the whole runtime to
force close all windows, reload the background, and re open the inbox.
In lieu of a click event, the change event was being fired when clicking
out of the search input. The input event seems to be what we actually want.
Fixes#273
This bug was caused by a race between indexeddb requests and sending
messages. Order of events to repro was roughly:
1. send async idb request for current message list
2. add new message(s)
3. idb request returns with now incomplete message list
4. message collection gets reset to list from 3, removing messages
added in 2, but not removing their phantom views/dom elements. (bug)
5. send another idb request for current message list
6. idb request returns bearing all messages including those from 2.
7. messages from 2 are added and rendered a second time.
The fix was simply to not remove messages in 4, which means we reuse the
original message model object rather than recreating it in 7.
Fixes#243
// FREEBIE
The unset function, and the series of events/callbacks triggered by its
use, are not as similar to the set/save functions as previously
anticipated, leading to flux in the state of the 'pending' attribute.
Fixes#283
// FREEBIE
Line breaks can now be insterted into message box using Shift+Enter or Alt+Enter. Messages with new lines are properly displayed in the conversation view (but only there, to keep inbox clean). The template was modified to allow HTML, but the message itself is sanitized before new line handling is run.
As discussed in similar issue there: https://github.com/GoogleChrome/chromedeveditor/issues/1023 - it is not possible to add onClosed event listener on an 'abstract' current window property, it needs to be set on the particular window instance instead.
Before that change, the clean up function was never actually called, because the listener was never properly attached. That was probably the reason of existence for "panel isn't actually open ... and so we try again." code that was executed if the previous window wasn't cleaned up properly (so actually every time). This code is no longer needed, I guess, as the windows are now cleaned up properly.
The avatar handler was being added to the list of promises too late,
so we were storing the raw avatar protobuf (Long id, bytes key) rather
than the downloaded/decrypted attachment data.
Fixes#280
Protocol and handling is all analogous to contact sync: Multiple
GroupDetails structs are packed into a single attachment blob and parsed
on our end. We don't display the synced groups in the conversation list
until a new message is sent to one of them.
// FREEBIE
* Fix a css bug preventing bottom bar from sticking to the bottom.
* Resize discussion container as a function of the overall window
height. The previous difference-based method gives the wrong result
when the window height changes but the bottom-bar height stays the
same.
// FREEBIE
Fixes#264
Implement the equivalent of java's String.hashCode on the conversation model.
Change avatar template and attributes. Use css classes for colors.
Initializing a message receiver opens the socket and starts listening
right away rather than requiring a separate call to connect. The only
other publicly accessible method is to query the socket status.
// FREEBIE
Update protobuf definitions and refactor message receive and decrypt
codepath to support new protocol, including various flavors of sync
messages (sent messages, contacts, and groups).
Also cleans up background.js and lets libtextsecure internalize
textsecure.processDecrypted and ensure that it is called before handing
DataMessages off to the application.
The Envelope structure now has a generic content field and a
legacyMessage field for backwards compatibility. We'll send outgoing
messages as legacy messages, and sync messages as "content" while
continuing to support both legacy and non-legacy messages on the receive
side until old clients have a chance to transition.
This behavior was intended to help keep the websocket alive, but keeping
the inbox window around can cause some stale frontend state. Also we now
have a keepalive alarm to check for new messages once a minute.