Feature: identity reset

[jmartinesp]

Content

• Moves OIDC related code to their own modules: libraries/oidc.
• Improves the custom chrome tab implementation and fixes issues with the fallback webview one (it was freezing after signing in).
• Creates OidcEntryPoint which allows opening any of the OIDC flow options (custom tab, webview).
• Adds new flows for identity reset: root screen with confirmation, OIDC one which uses the extracted OIDC logic, user+password one.
• Create IdentityResetHandle wrappers for both OIDC and password variants.

Motivation and context

Closes #3268.

Screenshots / GIFs

In the PR.

Tests

With a user + password based account whose data you don't mind losing:

• Log in.
• Select 'Can't confirm?'.
• Continue, add your password and confirm.
• You should be fully logged in now and the system will ask you to add key backup.

With an OIDC one (maybe using synapse-oidc.element.dev?):

• Log in.
• Select 'Can't confirm?'.
• Continue, confirm the reset in the custom tab/webview, then go back.
• You should be fully logged in now and the system will ask you to add key backup.

Tested devices

• Physical
• Emulator
• OS version(s): 13

Checklist

• Changes have been tested on an Android device or Android emulator with API 23
• UI change has been tested on both light and dark themes
• Accessibility has been taken into account. See https://github.com/element-hq/element-x-android/blob/develop/CONTRIBUTING.md#accessibility
• Pull request is based on the develop branch
• Pull request title will be used in the release note, it clearly define what will change for the user
• Pull request includes screenshots or videos if containing UI changes
• Pull request includes a sign off
• You've made a self review of your PR

[github-actions]

📱 Scan the QR code below to install the build (arm64 only) for this PR.

If you can't scan the QR code you can install the build via this link: https://i.diawi.com/gRd5UA

[codecov]

Codecov Report

Attention: Patch coverage is 84.92647% with 41 lines in your changes missing coverage. Please review.

Project coverage is 82.56%. Comparing base (45775d7) to head (99efdb6).
Report is 17 commits behind head on develop.

Files	Patch %	Lines
...nt/android/libraries/oidc/impl/webview/OidcView.kt	52.63%	8 Missing and 1 partial ⚠️
...droid/libraries/oidc/impl/DefaultOidcEntryPoint.kt	0.00%	8 Missing ⚠️
.../matrix/test/encryption/FakeIdentityResetHandle.kt	44.44%	5 Missing ⚠️
...p/impl/reset/password/ResetIdentityPasswordView.kt	91.30%	0 Missing and 4 partials ⚠️
.../libraries/androidutils/browser/ChromeCustomTab.kt	0.00%	4 Missing ⚠️
...ecurebackup/impl/reset/ResetIdentityFlowManager.kt	87.50%	0 Missing and 3 partials ⚠️
...l/reset/password/ResetIdentityPasswordPresenter.kt	87.50%	1 Missing and 1 partial ⚠️
.../impl/reset/root/ResetIdentityRootStateProvider.kt	75.00%	2 Missing ⚠️
...eatures/securebackup/api/SecureBackupEntryPoint.kt	0.00%	1 Missing ⚠️
...ckup/impl/reset/root/ResetIdentityRootPresenter.kt	88.88%	1 Missing ⚠️
... and 2 more

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3298      +/-   ##
===========================================
- Coverage    82.56%   82.56%   -0.01%     
===========================================
  Files         1662     1675      +13     
  Lines        38992    39204     +212     
  Branches      4724     4745      +21     
===========================================
+ Hits         32193    32367     +174     
- Misses        5133     5163      +30     
- Partials      1666     1674       +8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bmarty]

A few first remarks.

I have tested the reset using password, it's working as expected.
Also tested using Oidc, working as expected.

[bmarty]

Can we inline the error in the password field when the password is not correct?
We may also want to improve the error message in this case:

Note that the error in this case is not very explicit: the server returned an error: User-Interactive Authentication required.

[bmarty]

Maybe disable the button when the password is empty?

[bmarty]

There is a wording inconsistency: will the user reset encryption or identity (whatever this may mean for a non-technical user...)

Note: on OIDC web page this is yet another wording:

[pmaier1]

The latest agreed terminology is "Reset identity". See https://github.com/matrix-org/matrix-spec-proposals/blob/andybalaam/crypto-terminology/proposals/4161-crypto-terminology.md#identity as well as the Figma designs. The MAS screen will be updated with the next release.

[pmaier1]

FWIW, your first screen is outdated. Figma designs have been updated since.

[jmartinesp]

You mean this one?

[pmaier1]

You mean this one?

I meant the first one of this post.

But the one you mentioned is actually outdated in the designs, yes. It should say "go to your account to reset your identity".

[bmarty]

I have requested to access the Figma file (again)

[bmarty]

Suggested change

	// when we come back to the node if it the reset wasn't successful
	// when we come back to the node if the reset wasn't successful

[bmarty]

This will ignore any Failure coming in the flow. Can it be a problem?
Maybe add a log, just in case...

[bmarty]

Suggested change

	* Copyright (c) 2023 New Vector Ltd
	* Copyright (c) 2024 New Vector Ltd

[bmarty]

Suggested change

	* Copyright (c) 2022 New Vector Ltd
	* Copyright (c) 2024 New Vector Ltd

[bmarty]

I think some unused dependencies can be removed here.

[bmarty]

Wording: reset encryption or reset identity?

[bmarty]

We need to cancel this job if the user click go back instead of going to the end of the flow (or use the presenter / node scope)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[bmarty]

Thanks for the update!