Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Display specific message when verif code malformed #6395

Merged
merged 2 commits into from
Jul 21, 2022
Merged

Display specific message when verif code malformed #6395

merged 2 commits into from
Jul 21, 2022

Conversation

BillCarsonFr
Copy link
Member

@BillCarsonFr BillCarsonFr commented Jun 28, 2022
edited
Loading

Type of change

  • Bugfix

Content

When scanning an invalid (malformed) QR code during a user verification, the application will display the compromised warning modal. It looks like this warning is a bit too much compared to other reason like mismatched keys or users.
And given that some mobile clients can have issues decoding some QR code it's worth it to create a specific screen.

So now instead a specific warning is shown for QR code format issues

Motivation and context

Screenshots / GIFs

Before After
image image

Tests

  • Step 1

  • Step 2

  • Step ...

Tested devices

  • Physical
  • Emulator
  • OS version(s):

Checklist

@BillCarsonFr BillCarsonFr requested review from a team, onurays and bmarty and removed request for a team June 28, 2022 10:24
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

onurays
onurays approved these changes Jun 28, 2022
View reviewed changes
Copy link
Contributor

@onurays onurays left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvement, LGTM!

bmarty
bmarty approved these changes Jun 28, 2022
View reviewed changes
Copy link
Member

@bmarty bmarty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one question. Thanks!

...trix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt
@@ -84,7 +84,7 @@ internal class DefaultQrCodeVerificationTransaction(
// Perform some checks
if (otherQrCodeData.transactionId != transactionId) {
Timber.d("## Verification QR: Invalid transaction actual ${otherQrCodeData.transactionId} expected:$transactionId")
cancel(CancelCode.QrCodeInvalid)
cancel(CancelCode.UnknownTransaction)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's worth noting that UnknownTransaction was never used.

That said, it looks that this change is not triggering the usage of ConclusionState.INVALID_QR_CODE.

I would have split the 2 changes into 2 distinct commits, or am I missing something?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I lowered the warning level when the QR code is malformed. But in this case the QR code is valid but it's not the right transaction Id, so it looks like it's more worrying than just a format error, so I still want it to have the old warning, it would appear has a compromised modal.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I understand the same thing. 2 commits would have been better :).

Also this case can happen if I scan any other unrelated but well formatted verification QR code, so maybe in this case, this is probably not really a compromission, so we may just show something like "this is not the expected QR code" and cancel the verification. Not sure if we want to bother more about that.

@BillCarsonFr BillCarsonFr enabled auto-merge July 21, 2022 10:06
@BillCarsonFr BillCarsonFr merged commit fb05ab3 into develop Jul 21, 2022
@BillCarsonFr BillCarsonFr deleted the feature/bca/fix_invalid_qr_warning branch July 21, 2022 10:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmarty bmarty bmarty approved these changes

@onurays onurays onurays approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BillCarsonFr @onurays @bmarty