Require key rotation to disable pins.

2026-04-20 00:29:11 +01:00 · 2025-11-04 12:33:38 -05:00
parent 4cce6d3c86
commit e6f11c7443
9 changed files with 123 additions and 14 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/pin/PinOptOutDialog.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/pin/PinOptOutDialog.java
@@ -17,7 +17,11 @@ public final class PinOptOutDialog {

  private static final String TAG = Log.tag(PinOptOutDialog.class);

-  public static void show(@NonNull Context context, @NonNull Runnable onSuccess) {
+  /**
+   * @param rotateAep If true, this will rotate the AEP as part of the process of opting out. Only do this if the user has not enabled backups! If the user
+   *    has backups enabled, you should guide them through rotating the AEP first, and then call this with [rotateAep] = false.
+   */
+  public static void show(@NonNull Context context, boolean rotateAep, @NonNull Runnable onSuccess) {
    Log.i(TAG, "show()");
    AlertDialog dialog = new MaterialAlertDialogBuilder(context)
                                        .setTitle(R.string.PinOptOutDialog_warning)
@@ -29,7 +33,7 @@ public final class PinOptOutDialog {
                                          AlertDialog progress = SimpleProgressDialog.show(context);

                                          SimpleTask.run(() -> {
-                                            SvrRepository.optOutOfPin();
+                                            SvrRepository.optOutOfPin(rotateAep);
                                            return null;
                                          }, success -> {
                                            Log.i(TAG, "Disable operation finished.");
--- a/app/src/main/java/org/thoughtcrime/securesms/pin/SvrRepository.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/pin/SvrRepository.kt
@@ -15,6 +15,7 @@ import org.signal.core.util.logging.Log
 import org.thoughtcrime.securesms.BuildConfig
 import org.thoughtcrime.securesms.dependencies.AppDependencies
 import org.thoughtcrime.securesms.jobmanager.JobTracker
+import org.thoughtcrime.securesms.jobs.MultiDeviceKeysUpdateJob
 import org.thoughtcrime.securesms.jobs.RefreshAttributesJob
 import org.thoughtcrime.securesms.jobs.ResetSvrGuessCountJob
 import org.thoughtcrime.securesms.jobs.StorageForcePushJob
@@ -26,6 +27,7 @@ import org.thoughtcrime.securesms.megaphone.Megaphones
 import org.thoughtcrime.securesms.net.SignalNetwork
 import org.thoughtcrime.securesms.registration.ui.restore.StorageServiceRestore
 import org.thoughtcrime.securesms.registration.viewmodel.SvrAuthCredentialSet
+import org.whispersystems.signalservice.api.AccountEntropyPool
 import org.whispersystems.signalservice.api.NetworkResultUtil
 import org.whispersystems.signalservice.api.SvrNoDataException
 import org.whispersystems.signalservice.api.kbs.MasterKey
@@ -357,12 +359,21 @@ object SvrRepository {
    }
  }

+  /**
+   * @param rotateAep If true, this will rotate the AEP as part of the process of opting out. Only do this if the user has not enabled backups! If the user
+   *    has backups enabled, you should guide them through rotating the AEP first, and then call this with [rotateAep] = false.
+   */
  @JvmStatic
  @WorkerThread
-  fun optOutOfPin() {
+  fun optOutOfPin(rotateAep: Boolean) {
    operationLock.withLock {
      SignalStore.svr.optOut()

+      if (rotateAep) {
+        SignalStore.account.rotateAccountEntropyPool(AccountEntropyPool.generate())
+        AppDependencies.jobManager.add(MultiDeviceKeysUpdateJob())
+      }
+
      AppDependencies.megaphoneRepository.markFinished(Megaphones.Event.PINS_FOR_ALL)

      bestEffortRefreshAttributes()