search

element-hq / element-web

A glossy Matrix collaboration client for the web.
https://element.io
GNU Affero General Public License v3.0
11.02k stars 1.96k forks source link

Don't prompt to set up Secure Backup when we don't have the keys #19058

Open duxovni opened 3 years ago

duxovni commented 3 years ago

Steps to reproduce

  1. Create an account without setting up secure backup
  2. Log into that account on a new device, and skip verification
  3. Go into Security & Privacy settings

What happened?

What did you expect?

You shouldn't be able to set up secure backup from an unverified device

What happened?

There are buttons in the "Secure Backup" and "Cross-signing" sections prompting you to set up secure backup, even though this device doesn't have the cross-signing keys

Operating system

No response

Browser information

No response

URL for webapp

No response

Homeserver

No response

Have you submitted a rageshake?

No

Palid commented 3 years ago

I'm not entirely sure how big of an issue it is in terms of security, but it's definitely annoying from terms of UX. @dbkr please advise.

667bdrm commented 1 year ago

Looks like the nag popup display condition is calculated in Matrix react sdk https://github.com/matrix-org/matrix-react-sdk/blob/81098b991414c9414a62a747b1ad97e2505411e0/src/DeviceListener.ts#L240