Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-18 05:39:53 +01:00
Code Issues Projects Releases Wiki Activity

Be more specific about errors when adding pending contact

Browse Source 
Following the docs at
https://code.briarproject.org/briar/briar/-/blob/beta-1.2.14/bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactManager.java#L110

Fixes #1825
This commit is contained in:
Nico Alt
2021-02-02 12:00:00 +00:00
parent 6fbc82ee27
commit 7fab97d26c
4 changed files with 195 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
briar-headless/README.md
View File

@@ -105,7 +105,7 @@ The link and the alias should be posted as a JSON object:
}
```
This starts the process of adding the contact.
Adding a pending contact starts the process of adding the contact.
Until it is completed, a pending contact is returned as JSON:
```json
@@ -116,6 +116,60 @@ Until it is completed, a pending contact is returned as JSON:
}
```
Possible errors when adding a pending contact are:
#### 400: Pending contact's handshake public key is invalid
```json
{
"error": "INVALID_PUBLIC_KEY"
}
```
#### 403: A contact with the same handshake public key already exists
This error may be caused by someone attacking the user with the goal
of discovering the contacts of the user.
In the Android client, upon encountering this issue a message dialog
is shown that asks whether the contact and the just added pending contact
are the same person. If that's the case, a message is shown that the
contact already exists and the pending contact isn't added.
If that's not the case and they are two different persons, the Android
client
[shows the following message](https://code.briarproject.org/briar/briar/-/blob/beta-1.2.14/briar-android/src/main/res/values/strings.xml#L271)
when this happens:
> [Alice] and [Bob] sent you the same link.
>
> One of them may be trying to discover who your contacts are.
>
> Don't tell them you received the same link from someone else.
```json
{
"error": "CONTACT_EXISTS"
}
```
#### 403: A pending contact with the same handshake public key already exists
This error, too, may be caused by someone attacking the user with the goal
of discovering the contacts of the user.
Just like above, upon encountering this issue a message dialog is shown in
the Android client that asks whether the contact and the just added pending
contact are the same person. If that's the case, the pending contact gets
updated. If that's not the case and they are two different persons, the
Android client shows the same message as above, warning the user about the
possible attack.
```json
{
"error": "PENDING_EXISTS"
}
```
-----------
Before users can send messages to contacts, they become pending contacts.
In this state Briar still needs to do some work in the background (e.g.
spinning up a dedicated hidden service and letting the contact connect to it).