Closed Bug 1651712 Opened 4 years ago Closed 4 years ago

Enable Revocation, extending expiration, and secret key backup in OpenPGP prefs

Categories

(MailNews Core :: Security: OpenPGP, enhancement, P1)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(thunderbird_esr78 fixed, thunderbird79 fixed)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 80.0
Tracking Flags:
Tracking Status
thunderbird_esr78 --- fixed
thunderbird79 --- fixed

People

(Reporter: KaiE, Assigned: aleca)

References

Details

(Keywords: ux-efficiency)

Attachments

(3 files, 8 obsolete files)

icon-not-centred.png
3.78 KB, image/png
Details
1651712-openpgp-options-portable.diff
41.49 KB, patch
KaiE
: review+
wsmwk
: approval-comm-beta+
wsmwk
: approval-comm-esr78+
Details | Diff | Splinter Review
fix-lint.patch
1.18 KB, patch
KaiE
: review+
wsmwk
: approval-comm-beta+
wsmwk
: approval-comm-esr78+
Details | Diff | Splinter Review

Alessandro, I attempted to add the code to enable the actions for revocation, extending expiration and backup of secret keys to am-e2e.js

I already did some refactoring in the base code, to allow you to share the common implementation. I'll attach a patch with my attempted changes to am-e2e.js. One of them uses a callback function to open a sub dialog, as I saw it needs to be done differently from within account prefs.

However, it doesn't work yet. After returning from the backup password dialog, I get some strange errors, about autocompletion and incorrect URIs. Maybe it's simply an async issue, but it could also be something different.

I'll attach my preparation as a starting point for you.

Please base your work on the dependent patch from bug 1651707, and there are additional base patches which you might pull in locally, and work on top of them.

Status: NEW → ASSIGNED
Keywords: ux-efficiency
Priority: -- → P1

I've almost completed this implementation.

I'm not sure why, but all the EnigmailDialog helper methods don't work correctly when triggered from within a subdialog.
I converted the methods that were causing failures intro regular alert and confirmEx.

There are also some UI issues here and there, which I'm fixing (eg. buttons getting pushed outside the view, missing styles, etc.)

Attached patch 1651712-openpgp-options.diff (obsolete) — Splinter Review

Implemented all the methods, polished the UI of the used dialogs, and integrated successful notifications inline the account settings.

As you may notice, I didn't end up using the shared methods you created since those use the window.openDialog() method, which doesn't work in the context of the Account Settings tab.

Attachment #9162513 - Attachment is obsolete: true
Attachment #9163660 - Flags: ui-review?(richard.marti)
Attachment #9163660 - Flags: review?(kaie)
Attached patch 1651712-openpgp-options.diff (obsolete) — Splinter Review

Forgot to add a newly generated file.

Attachment #9163660 - Attachment is obsolete: true
Attachment #9163660 - Flags: ui-review?(richard.marti)
Attachment #9163660 - Flags: review?(kaie)
Attachment #9163674 - Flags: ui-review?(richard.marti)
Attachment #9163674 - Flags: review?(kaie)
Comment on attachment 9163674 [details] [diff] [review] 1651712-openpgp-options.diff Looks good. Only the icon isn't centred. Screenshot follows. Are you planning to convert all dialogs that now open as normal dialogs to sub-dialogs?
Attachment #9163674 - Flags: ui-review?(richard.marti) → ui-review+
Attached image icon-not-centred.png

The info icon isn't centred.

Thanks, I forgot to center align that.

Are you planning to convert all dialogs that now open as normal dialogs to sub-dialogs?

I wish but we can't for now. Those dialogs are shared between the account settings and the key manager, which opens as a regular dialog from other locations like the app menu.

I'd like to keep that as a low level objective, so if we can convert all those to subdialog and get rid of the repetitions and duplciate embedded styles. That would mean that when the key manager is called from other locations, we would open the account settings tab for the current identity and trigger the key manager subdialog.
I'll explore that option on bug 1652537.

Attached patch 1651712-openpgp-options.diff (obsolete) — Splinter Review
Attachment #9163674 - Attachment is obsolete: true
Attachment #9163674 - Flags: review?(kaie)
Attachment #9163821 - Flags: ui-review+
Attachment #9163821 - Flags: review?(kaie)

Key backup from within the account doesn't work, console says:

Uncaught (in promise) TypeError: window.browsingContext is undefined
    openPgpExportSecretKey chrome://messenger/content/am-e2e.js:1281

  window.browsingContext.topChromeWindow.openDialog(
    "chrome://openpgp/content/ui/backupKeyPassword.xhtml",
    "",
    "dialog,modal,centerscreen,resizable",
    args
  );

You allow revoking the currently selected key.
If that is done, the revoked key will be removed from the list of keys that is shown (expected).
However, you don't update the config, the header line still has a green checkmark and says it's using the key ID that has just been revoked.

Ah, good point. I'll prevent it the same way I did if trying to delete the selected key.

Attached patch 1651712-openpgp-options.diff (obsolete) — Splinter Review

This is only for trunk and 79.
The user can't revoke the currently used key and gets prompted with an alert.

Attachment #9163821 - Attachment is obsolete: true
Attachment #9163821 - Flags: review?(kaie)
Attachment #9164091 - Flags: review?(kaie)
Attached patch 1651712-openpgp-options-78.diff (obsolete) — Splinter Review

Same patch, but compatible with 78
m-c changed the way it handles parent windows from the settings tab for 79+

Attachment #9164093 - Flags: review?(kaie)

So the menus offer an action, but when pressed, you refuse the action.
Maybe that's not ideal.

If you really want to prevent the action, then I think the error message should explain what the user has to do to fix it, like "select a different key, or select none, then come back and try again". I'm OK with that, but but that's complicated, right?

However, it seems be fine to allow the user to delete the currently selected key. You could show an additional warning (first) "warning, you are deleting the key that you are currently using for OpenPGP, are you sure?" If the user confirms, then you could change the selection to None.

A stronger argument applies for revoke. The user's motivation might be more urgent. When "deleting" the user mightly try to clean up. But when "revoking", the user might be potentially in an emergency situation. Blocking the action that the user really wants to do quickly might frustrate the user.

Again, you could potentially show an initial extra warning "warning, you are revoking the key that you are actively using for this account are you sure?"

But showing a sequence of two warning dialogs isn't ideal either, right?

Please let me know which one you prefer

(a) keep current patch as is
(b) keep current patch, but add explanation that user must select "None", then try the action again
(c) show an additional warning "confirm action on selected key", on confirmation, show the existing warning "confirm action", and on confirmation, automatically switch selection to "None".

(d) No additional warning. Show only the usual warning to confirm the delete/revoke action, and automatically switch selection to "None"

FYI, I'm OK to keep (a) for now. Just wanted to bring up these thoughts.

I'd prefer preventing those actions through the alert, and extending the error message by suggesting to change key if the user wants to proceed.
Everything else adds an extra layer of complexity I'd like to avoid right now.

Attached patch 1651712-openpgp-options.diff (obsolete) — Splinter Review
Attachment #9164091 - Attachment is obsolete: true
Attachment #9164091 - Flags: review?(kaie)
Attachment #9164112 - Flags: review?(kaie)

Let me know about this, and if approved I'll upload the 78 variation

Attachment #9164093 - Attachment is obsolete: true
Attachment #9164093 - Flags: review?(kaie)
Attached patch 1651712-openpgp-options.diff (obsolete) — Splinter Review

Patch updated based on our chat on matrix.
Using the same callback for both backup export, and using a boolean variable to confirm the password was properly defined.

Attachment #9164112 - Attachment is obsolete: true
Attachment #9164112 - Flags: review?(kaie)
Attachment #9164189 - Flags: review?(kaie)
Comment on attachment 9164189 [details] [diff] [review] 1651712-openpgp-options.diff Review of attachment 9164189 [details] [diff] [review]: ----------------------------------------------------------------- Thanks. This looks good. I suggest two changes. r=kaie ::: mail/extensions/am-e2e/am-e2e.js @@ +958,5 @@ > +async function enigmailRevokeKey(key) { > + // Interrupt if the selected key is currently being used. > + if (key.keyId == gIdentity.getUnicharAttribute("openpgp_key_id")) { > + let [alertTitle, alertDescription] = await document.l10n.formatValues([ > + { id: "delete-key-in-use-title" }, optional nit: rename "delete-key-in-use-title" to "key-in-use-title" @@ +1288,5 @@ > + file: outFile, > + fprArray: [keyFpr], > + }; > + > + window.browsingContext.topChromeWindow.openDialog( I suggest to use dynamic code, that will allow us to use the same code on both 78 and 79+ branches, at least while we're trying to keep both in sync. let w; if ("browsingContext" in window) { // 79+ w = window.browsingContext.topChromeWindow; } else { // 78 w = window.docShell.rootTreeItem.domWindow; } w.openDialog(
Attachment #9164189 - Flags: review?(kaie) → review?

And thanks for fixing the "change expiration date" button.

Attachment #9164189 - Flags: review? → review+

I've applied the small changes, and tested that they work on both nightly and 78 builds.

Attachment #9164665 - Flags: review+
Attachment #9164189 - Attachment is obsolete: true

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/9c81e7406889
Enable Revocation, extending expiration, and secret key backup in OpenPGP prefs. r=kaie

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Comment on attachment 9164665 [details] [diff] [review] 1651712-openpgp-options-portable.diff Important UI enhancement and string changes for OpenPGP
Attachment #9164665 - Flags: approval-comm-esr78?
Attachment #9164665 - Flags: approval-comm-beta?
Comment on attachment 9164665 [details] [diff] [review] 1651712-openpgp-options-portable.diff Approved for esr78 and beta - please land
Attachment #9164665 - Flags: approval-comm-esr78?
Attachment #9164665 - Flags: approval-comm-esr78+
Attachment #9164665 - Flags: approval-comm-beta?
Attachment #9164665 - Flags: approval-comm-beta+
Target Milestone: --- → Thunderbird 80.0
Pushed by mkmelin@iki.fi: https://hg.mozilla.org/comm-central/rev/e5af7184777e followup - fix linting. rs=eslint
Attached patch fix-lint.patchSplinter Review

lint fix

Attachment #9164701 - Flags: review+
Attachment #9164701 - Flags: approval-comm-esr78?
Attachment #9164701 - Flags: approval-comm-beta?
Comment on attachment 9164701 [details] [diff] [review] fix-lint.patch Approved for beta and esr78
Attachment #9164701 - Flags: approval-comm-esr78?
Attachment #9164701 - Flags: approval-comm-esr78+
Attachment #9164701 - Flags: approval-comm-beta?
Attachment #9164701 - Flags: approval-comm-beta+

Thanks for updating and landing this.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: