fix(e2ee): pass isSelfOutgoing in retryDecryptSingle for sent-carbon replays

mremond · mremond · commit 0acd58c6d92a · 2026-05-22T13:50:23.000+02:00
retryDecryptSingle built the stanza and called decryptStanzaInPlace
without the isSelfOutgoing option.  For messages where msg.from equals
the account's own bare JID (XEP-0280 sent carbons or XEP-0313 MAM
self-replays stored before the key was unlocked), the OpenPGP plugin's
signcrypt reflection check compared the envelope's &lt;to/&gt; addressee
against ownBareJid — but the envelope names the conversation peer —
so it threw envelope-reflection and the retry permanently failed.

Detect self-outgoing at retry time (getBareJid(senderJid) === ownBareJid)
and forward isSelfOutgoing: true to decryptStanzaInPlace, mirroring the
logic already correct in the live and MAM paths.

Add XMPPClient.e2ee.test.ts with three regression tests:
- isSelfOutgoing=true is passed to decryptArchive for own-JID senders
- isSelfOutgoing is absent for peer-JID senders
- message body and encryptedPayload are updated in the store on success
diff --git a/packages/fluux-sdk/src/core/XMPPClient.e2ee.test.ts b/packages/fluux-sdk/src/core/XMPPClient.e2ee.test.ts
@@ -0,0 +1,204 @@
+/**
+ * XMPPClient E2EE integration tests — retryPendingDecrypts().
+ *
+ * Regression guard for: self-outgoing messages stored with encryptedPayload
+ * (sent carbons or MAM self-replays received before the key was unlocked)
+ * were permanently undecryptable because retryDecryptSingle did not pass
+ * isSelfOutgoing: true when senderJid === ownBareJid. Without that flag the
+ * OpenPGP plugin's signcrypt reflection check compared the envelope's <to/>
+ * addressee against our own JID, but the envelope names the conversation
+ * peer — so it threw 'envelope-reflection' and the message stayed broken.
+ */
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest'
+import { localStorageMock } from './sideEffects.testHelpers'
+
+// chatStore uses persist middleware — needs localStorage before any store import
+Object.defineProperty(globalThis, 'localStorage', {
+  value: localStorageMock,
+  writable: true,
+})
+
+// Prevent IndexedDB operations triggered by chatStore.addMessage / updateMessage
+vi.mock('../utils/messageCache', () => ({
+  saveMessage: vi.fn().mockResolvedValue(undefined),
+  saveMessages: vi.fn().mockResolvedValue(undefined),
+  getMessages: vi.fn().mockResolvedValue([]),
+  getMessage: vi.fn().mockResolvedValue(null),
+  getMessageByStanzaId: vi.fn().mockResolvedValue(null),
+  updateMessage: vi.fn().mockResolvedValue(undefined),
+  deleteMessage: vi.fn().mockResolvedValue(undefined),
+  deleteConversationMessages: vi.fn().mockResolvedValue(undefined),
+  clearAllMessages: vi.fn().mockResolvedValue(undefined),
+  isMessageCacheAvailable: vi.fn().mockReturnValue(false),
+  getOldestMessageTimestamp: vi.fn().mockResolvedValue(null),
+  getMessageCount: vi.fn().mockResolvedValue(0),
+  saveRoomMessage: vi.fn().mockResolvedValue(undefined),
+  saveRoomMessages: vi.fn().mockResolvedValue(undefined),
+  getRoomMessages: vi.fn().mockResolvedValue([]),
+  getRoomMessage: vi.fn().mockResolvedValue(null),
+  getRoomMessageByStanzaId: vi.fn().mockResolvedValue(null),
+  updateRoomMessage: vi.fn().mockResolvedValue(undefined),
+  deleteRoomMessage: vi.fn().mockResolvedValue(undefined),
+  deleteRoomMessages: vi.fn().mockResolvedValue(undefined),
+  getRoomMessageCount: vi.fn().mockResolvedValue(0),
+}))
+
+import { XMPPClient } from './XMPPClient'
+import { chatStore } from '../stores/chatStore'
+import {
+  E2EEManager,
+  InMemoryStorageBackend,
+  type XMPPPrimitives,
+} from './e2ee'
+import { DummyPlaintextPlugin } from './e2ee/DummyPlaintextPlugin'
+import { _resetStorageScopeForTesting } from '../utils/storageScope'
+
+function stubXmppPrimitives(): XMPPPrimitives {
+  return {
+    sendStanza: async () => {},
+    queryDisco: async () => ({ features: [], identities: [] }),
+    publishPEP: async () => {},
+    retractPEP: async () => {},
+    deletePEP: async () => {},
+    queryPEP: async () => [],
+    subscribePEP: () => ({ unsubscribe: () => {} }),
+  }
+}
+
+async function makeManagerWithDummyPlugin(selfJid: string): Promise<E2EEManager> {
+  const manager = new E2EEManager({
+    storage: new InMemoryStorageBackend(),
+    xmpp: stubXmppPrimitives(),
+    account: { jid: selfJid },
+  })
+  await manager.register(new DummyPlaintextPlugin())
+  return manager
+}
+
+// DummyPlaintextPlugin serialises the payload as:
+//   <plain xmlns='urn:fluux:e2ee-dummy:0'>base64(plaintext)</plain>
+// This is the encryptedPayload string that retryPendingDecrypts() will parse.
+const DUMMY_PAYLOAD_XML = `<plain xmlns="urn:fluux:e2ee-dummy:0">aGVsbG8=</plain>`  // base64("hello")
+
+describe('XMPPClient.retryPendingDecrypts()', () => {
+  let xmppClient: XMPPClient
+  let manager: E2EEManager
+
+  beforeEach(async () => {
+    _resetStorageScopeForTesting()
+    chatStore.getState().reset()
+    manager = await makeManagerWithDummyPlugin('me@example.com')
+    xmppClient = new XMPPClient({ debug: false })
+    // e2ee is a public field, normally set in handleConnectionSuccess
+    xmppClient.e2ee = manager
+    // currentJid is protected; cast to inject without a full connection
+    ;(xmppClient as unknown as { currentJid: string }).currentJid = 'me@example.com/web'
+  })
+
+  afterEach(() => {
+    vi.clearAllMocks()
+    chatStore.getState().reset()
+  })
+
+  describe('isSelfOutgoing flag propagation', () => {
+    it('passes isSelfOutgoing=true to the plugin when the sender equals our own bare JID', async () => {
+      // A message where from === own bare JID represents a sent carbon or MAM
+      // self-replay: our other device sent it and the server copied it to us.
+      chatStore.getState().addConversation({
+        id: 'bob@example.com',
+        name: 'Bob',
+        type: 'chat',
+        lastMessage: undefined,
+        unreadCount: 0,
+      })
+      chatStore.getState().addMessage({
+        type: 'chat',
+        id: 'msg-self-outgoing',
+        conversationId: 'bob@example.com',
+        from: 'me@example.com',      // own bare JID → self-outgoing
+        body: '[dummy-plaintext payload]',
+        timestamp: new Date(),
+        isOutgoing: true,
+        encryptedPayload: DUMMY_PAYLOAD_XML,
+      })
+
+      const decryptSpy = vi.spyOn(manager, 'decryptArchive')
+      await xmppClient.retryPendingDecrypts()
+
+      // decryptArchive must have been called exactly once.
+      expect(decryptSpy).toHaveBeenCalledTimes(1)
+
+      // The plugin must receive isSelfOutgoing=true so it inverts its
+      // reflection check (signcrypt <to/> names the peer, not us).
+      const [, , context] = decryptSpy.mock.calls[0]
+      expect(context?.isSelfOutgoing).toBe(true)
+    })
+
+    it('does not set isSelfOutgoing when the sender is the conversation peer', async () => {
+      chatStore.getState().addConversation({
+        id: 'bob@example.com',
+        name: 'Bob',
+        type: 'chat',
+        lastMessage: undefined,
+        unreadCount: 0,
+      })
+      chatStore.getState().addMessage({
+        type: 'chat',
+        id: 'msg-inbound',
+        conversationId: 'bob@example.com',
+        from: 'bob@example.com',      // peer JID → normal inbound
+        body: '[dummy-plaintext payload]',
+        timestamp: new Date(),
+        isOutgoing: false,
+        encryptedPayload: DUMMY_PAYLOAD_XML,
+      })
+
+      const decryptSpy = vi.spyOn(manager, 'decryptArchive')
+      await xmppClient.retryPendingDecrypts()
+
+      expect(decryptSpy).toHaveBeenCalledTimes(1)
+      const [, , context] = decryptSpy.mock.calls[0]
+      expect(context?.isSelfOutgoing).not.toBe(true)
+    })
+
+    it('updates the message body and clears encryptedPayload on successful retry', async () => {
+      // The DummyPlaintextPlugin always returns trust:'untrusted', which
+      // triggers needsDeferredVerification and prevents count from being
+      // incremented. To test the end-to-end store update, mock decryptArchive
+      // to return trust:'verified' so the message is committed to the store.
+      vi.spyOn(manager, 'decryptArchive').mockResolvedValue({
+        plaintext: new TextEncoder().encode('hello'),
+        senderDevice: { jid: 'me@example.com', deviceId: 'test' },
+        securityContext: { protocolId: 'dummy-plaintext', trust: 'verified' },
+      })
+
+      chatStore.getState().addConversation({
+        id: 'bob@example.com',
+        name: 'Bob',
+        type: 'chat',
+        lastMessage: undefined,
+        unreadCount: 0,
+      })
+      chatStore.getState().addMessage({
+        type: 'chat',
+        id: 'msg-body-check',
+        conversationId: 'bob@example.com',
+        from: 'me@example.com',
+        body: '[dummy-plaintext payload]',
+        timestamp: new Date(),
+        isOutgoing: true,
+        encryptedPayload: DUMMY_PAYLOAD_XML,
+      })
+
+      const count = await xmppClient.retryPendingDecrypts()
+
+      expect(count).toBe(1)
+      // After retry, the message in the store must have the plaintext body
+      // and no encryptedPayload stash.
+      const messages = chatStore.getState().messages.get('bob@example.com') ?? []
+      const msg = messages.find((m) => m.id === 'msg-body-check')
+      expect(msg?.body).toBe('hello')
+      expect(msg?.encryptedPayload).toBeUndefined()
+    })
+  })
+})
diff --git a/packages/fluux-sdk/src/core/XMPPClient.ts b/packages/fluux-sdk/src/core/XMPPClient.ts
@@ -1679,10 +1679,19 @@ export class XMPPClient {
       const ltx = await import('ltx')
       const encryptedEl = ltx.parse(encryptedPayloadXml) as unknown as Element
 
-      // Build a minimal stanza wrapper for decryptStanzaInPlace
+      // Build a minimal stanza wrapper for decryptStanzaInPlace.
+      // Detect self-outgoing (sent carbon or MAM self-replay): when the
+      // sender's bare JID equals our own, the signcrypt envelope's <to/>
+      // addresses the conversation peer — not us — so the plugin's
+      // reflection check must be inverted via isSelfOutgoing.
+      const ownBareJid = this.currentJid ? getBareJid(this.currentJid) : ''
+      const isSelfOutgoing = ownBareJid !== '' && getBareJid(senderJid) === ownBareJid
       const stanza = xml('message', { from: senderJid }, encryptedEl)
 
-      const result = await decryptStanzaInPlace(stanza, manager, peer, 'archive')
+      const result = await decryptStanzaInPlace(
+        stanza, manager, peer, 'archive',
+        isSelfOutgoing ? { isSelfOutgoing: true } : undefined,
+      )
       if (!result.attempted || result.encryptedPayloadXml) {
         // Still can't decrypt
         return null
