extended trust endpoint

* added possibility to trust all known keys. This option doesn't require the user to provide a safety number, but insted all known keys are trusted. This option is obviously less secure and should only be used for testing. see #237
2025-12-19 07:34:23 +01:00 · 2022-04-09 09:23:34 +02:00
parent ab4934832a
commit 00ea8809b2
5 changed files with 69 additions and 12 deletions
--- a/src/api/api.go
+++ b/src/api/api.go
@@ -116,7 +116,8 @@ type UpdateProfileRequest struct {
 }

 type TrustIdentityRequest struct {
-	VerifiedSafetyNumber string `json:"verified_safety_number"`
+	VerifiedSafetyNumber *string `json:"verified_safety_number"`
+	TrustAllKnownKeys    *bool   `json:"trust_all_known_keys" example:"false"`
 }

 type SendMessageResponse struct {
@@ -967,7 +968,7 @@ func (a *Api) ListIdentities(c *gin.Context) {

 // @Summary Trust Identity
 // @Tags Identities
-// @Description Trust an identity.
+// @Description Trust an identity. When 'trust_all_known_keys' is set to' true', all known keys of this user are trusted. **This is only recommended for testing.**
 // @Produce  json
 // @Success 204 {string} OK
 // @Param data body TrustIdentityRequest true "Input Data"
@@ -996,12 +997,22 @@ func (a *Api) TrustIdentity(c *gin.Context) {
 		return
 	}

-	if req.VerifiedSafetyNumber == "" {
-		c.JSON(400, Error{Msg: "Couldn't process request - verified safety number missing"})
+	if (req.VerifiedSafetyNumber == nil && req.TrustAllKnownKeys == nil) || (req.VerifiedSafetyNumber == nil && req.TrustAllKnownKeys != nil && !*req.TrustAllKnownKeys) {
+		c.JSON(400, Error{Msg: "Couldn't process request - please either provide a safety number (preferred & more secure) or set 'trust_all_known_keys' to true"})
 		return
 	}

-	err = a.signalClient.TrustIdentity(number, numberToTrust, req.VerifiedSafetyNumber)
+	if req.VerifiedSafetyNumber != nil && req.TrustAllKnownKeys != nil && *req.TrustAllKnownKeys {
+		c.JSON(400, Error{Msg: "Couldn't process request - please either provide a safety number or set 'trust_all_known_keys' to true. But do not set both parameters at once!"})
+		return
+	}
+
+	if req.VerifiedSafetyNumber != nil && *req.VerifiedSafetyNumber == "" {
+		c.JSON(400, Error{Msg: "Couldn't process request - please provide a valid safety number"})
+		return
+	}
+
+	err = a.signalClient.TrustIdentity(number, numberToTrust, req.VerifiedSafetyNumber, req.TrustAllKnownKeys)
 	if err != nil {
 		c.JSON(400, Error{Msg: err.Error()})
 		return
--- a/src/client/client.go
+++ b/src/client/client.go
@@ -1100,21 +1100,40 @@ func (s *SignalClient) ListIdentities(number string) (*[]IdentityEntry, error) {
 	return &identityEntries, nil
 }

-func (s *SignalClient) TrustIdentity(number string, numberToTrust string, verifiedSafetyNumber string) error {
+func (s *SignalClient) TrustIdentity(number string, numberToTrust string, verifiedSafetyNumber *string, trustAllKnownKeys *bool) error {
 	var err error
 	if s.signalCliMode == JsonRpc {
 		type Request struct {
-			VerifiedSafetyNumber string `json:"verified-safety-number"`
+			VerifiedSafetyNumber string `json:"verified-safety-number,omitempty"`
+			TrustAllKnownKeys    bool   `json:"trust-all-known-keys,omitempty"`
 			Recipient            string `json:"recipient"`
 		}
-		request := Request{VerifiedSafetyNumber: verifiedSafetyNumber, Recipient: numberToTrust}
+		request := Request{Recipient: numberToTrust}
+
+		if verifiedSafetyNumber != nil {
+			request.VerifiedSafetyNumber = *verifiedSafetyNumber
+		}
+
+		if trustAllKnownKeys != nil {
+			request.TrustAllKnownKeys = *trustAllKnownKeys
+		}
+
 		jsonRpc2Client, err := s.getJsonRpc2Client(number)
 		if err != nil {
 			return err
 		}
 		_, err = jsonRpc2Client.getRaw("trust", request)
 	} else {
-		cmd := []string{"--config", s.signalCliConfig, "-a", number, "trust", numberToTrust, "--verified-safety-number", verifiedSafetyNumber}
+		cmd := []string{"--config", s.signalCliConfig, "-a", number, "trust", numberToTrust}
+
+		if verifiedSafetyNumber != nil {
+			cmd = append(cmd, []string{"--verified-safety-number", *verifiedSafetyNumber}...)
+		}
+
+		if trustAllKnownKeys != nil && *trustAllKnownKeys {
+			cmd = append(cmd, "--trust-all-known-keys")
+		}
+
 		_, err = runSignalCli(true, cmd, "", s.signalCliMode)
 	}
 	return err
--- a/src/docs/docs.go
+++ b/src/docs/docs.go
@@ -840,7 +840,7 @@ var doc = `{
        },
        "/v1/identities/{number}/trust/{numberToTrust}": {
            "put": {
-                "description": "Trust an identity.",
+                "description": "Trust an identity. When 'trust_all_known_keys' is set to' true', all known keys of this user are trusted. **This is only recommended for testing.**",
                "produces": [
                    "application/json"
                ],
@@ -1649,6 +1649,10 @@ var doc = `{
        "api.TrustIdentityRequest": {
            "type": "object",
            "properties": {
+                "trust_all_known_keys": {
+                    "type": "boolean",
+                    "example": false
+                },
                "verified_safety_number": {
                    "type": "string"
                }
@@ -1727,6 +1731,12 @@ var doc = `{
        "client.GroupEntry": {
            "type": "object",
            "properties": {
+                "admins": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                "blocked": {
                    "type": "boolean"
                },
--- a/src/docs/swagger.json
+++ b/src/docs/swagger.json
@@ -824,7 +824,7 @@
        },
        "/v1/identities/{number}/trust/{numberToTrust}": {
            "put": {
-                "description": "Trust an identity.",
+                "description": "Trust an identity. When 'trust_all_known_keys' is set to' true', all known keys of this user are trusted. **This is only recommended for testing.**",
                "produces": [
                    "application/json"
                ],
@@ -1633,6 +1633,10 @@
        "api.TrustIdentityRequest": {
            "type": "object",
            "properties": {
+                "trust_all_known_keys": {
+                    "type": "boolean",
+                    "example": false
+                },
                "verified_safety_number": {
                    "type": "string"
                }
@@ -1711,6 +1715,12 @@
        "client.GroupEntry": {
            "type": "object",
            "properties": {
+                "admins": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                "blocked": {
                    "type": "boolean"
                },
--- a/src/docs/swagger.yaml
+++ b/src/docs/swagger.yaml
@@ -135,6 +135,9 @@ definitions:
    type: object
  api.TrustIdentityRequest:
    properties:
+      trust_all_known_keys:
+        example: false
+        type: boolean
      verified_safety_number:
        type: string
    type: object
@@ -185,6 +188,10 @@ definitions:
    type: object
  client.GroupEntry:
    properties:
+      admins:
+        items:
+          type: string
+        type: array
      blocked:
        type: boolean
      id:
@@ -769,7 +776,7 @@ paths:
      - Identities
  /v1/identities/{number}/trust/{numberToTrust}:
    put:
-      description: Trust an identity.
+      description: Trust an identity. When 'trust_all_known_keys' is set to' true', all known keys of this user are trusted. **This is only recommended for testing.**
      parameters:
      - description: Input Data
        in: body