fix(ui): detect awaiting sync for owner imports via config signature#200
Merged
fix(ui): detect awaiting sync for owner imports via config signature#200
Conversation
The previous is_awaiting_initial_sync() had an owner bypass that returned false immediately for room owners. This caused owner identity imports to skip the GET-first sync flow, PUT the default state (unsigned config) directly to the contract, and allow message sends before sync completed. Every UPDATE then failed with "State verification failed: Invalid signature: signature error" because the default AuthorizedConfigurationV1 is signed by SigningKey([0; 32]), not the real owner. Fix: check whether the configuration signature verifies against the owner's key instead of using ownership as a proxy for "already synced". This correctly detects the placeholder state for both owner and non-owner imports, while newly-created rooms pass (their config is signed by the real owner at creation time). Updated the test to cover the owner-import case (the exact bug) using AuthorizedConfigurationV1::default() for imported rooms instead of a properly-signed config. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
sanity
force-pushed
the
fix/owner-import-sync
branch
from
659a6c3 to
94d7dd7
Compare
The comment referenced the old is_awaiting_initial_sync logic ("returns
false once members are populated"). Updated to reflect the new
signature-based check.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When a room owner imports their identity on a new device,
is_awaiting_initial_sync()returnedfalseimmediately due to an owner bypass (if is_owner { return false }). This caused a cascade of failures:validate_statefailed with "State verification failed: Invalid signature: signature error" because the defaultAuthorizedConfigurationV1is signed bySigningKey([0; 32]), not the real ownerUser report from Ivvor on Matrix: messages sent after owner identity import all fail, with only pre-export messages visible via
riverctl message list.Approach
Replace the ownership-based heuristic with a direct check: verify whether the configuration signature is valid against the owner's key.
AuthorizedConfigurationV1::default()is signed bySigningKey([0; 32])→verify_signature(&owner_vk)returnsErr→ awaiting sync =trueverify_signature(&owner_vk)returnsOk→ awaiting sync =falsefalseThis works correctly for both owner and non-owner imports without special-casing.
Testing
cargo check -p river-ui --target wasm32-unknown-unknown --features no-sync— compilescargo test -p river-core— 181 tests passAuthorizedConfigurationV1::default()usesSigningKey([0; 32])(configuration.rs:164-169)create_new_room_with_namesigns config with real owner key (room_data.rs:748)[AI-assisted - Claude]