Some fix

Scille · Nov 1, 2024 · 2c19d47 · 2c19d47
1 parent c101752
commit 2c19d47
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 25 deletions.
diff --git a/cli/src/commands/invite/list.rs b/cli/src/commands/invite/list.rs
@@ -1,9 +1,6 @@
 // Parsec Cloud (https://parsec.cloud) Copyright (c) BUSL-1.1 2016-present Scille SAS
 
-use libparsec::{
-    authenticated_cmds::latest::invite_list::{self, InviteListItem, InviteListRep},
-    InvitationStatus,
-};
+use libparsec::{authenticated_cmds::latest::invite_list::InviteListItem, InvitationStatus};
 
 use crate::utils::*;
 
@@ -24,19 +21,12 @@ pub async fn main(args: Args) -> anyhow::Result<()> {
         device.as_deref().unwrap_or("N/A")
     );
 
-    let (cmds, _) = load_cmds(&config_dir, device, password_stdin).await?;
+    let client = load_client(&config_dir, device, password_stdin).await?;
     let mut handle = start_spinner("Listing invitations".into());
 
-    let rep = cmds.send(invite_list::Req).await?;
+    let invitations = client.list_invitations().await?;
 
-    let invitations = match rep {
-        InviteListRep::Ok { invitations } => invitations,
-        rep => {
-            return Err(anyhow::anyhow!(
-                "Server error while listing invitations: {rep:?}"
-            ));
-        }
-    };
+    let users = client.list_users(false, None, None).await?;
 
     if invitations.is_empty() {
         handle.stop_with_message("No invitation.".into());
@@ -55,11 +45,18 @@ pub async fn main(args: Args) -> anyhow::Result<()> {
                     token,
                     claimer_user_id,
                     ..
-                } => (
-                    token,
-                    status,
-                    format!("shamir recovery (user_id={claimer_user_id}"),
-                ),
+                } => {
+                    let claimer_human_handle = users
+                        .iter()
+                        .find(|user| user.id == claimer_user_id)
+                        .map(|user| format!("{}", user.human_handle))
+                        .unwrap_or("N/A".to_string());
+                    (
+                        token,
+                        status,
+                        format!("shamir recovery ({claimer_human_handle})"),
+                    )
+                }
             };
 
             let token = token.hex();

diff --git a/cli/src/commands/shared_recovery/create.rs b/cli/src/commands/shared_recovery/create.rs
@@ -61,7 +61,9 @@ pub async fn main(shamir_setup: Args) -> anyhow::Result<()> {
     } else {
         users
             .iter()
-            .filter(|info| info.current_profile == UserProfile::Admin)
+            .filter(|info| {
+                info.current_profile == UserProfile::Admin && info.id != client.user_id()
+            })
             .map(|info| info.id)
             .collect()
     };

diff --git a/server/parsec/components/memory/invite.py b/server/parsec/components/memory/invite.py
@@ -415,12 +415,15 @@ async def list(
 
         items = []
         for invitation in org.invitations.values():
-            if invitation.created_by_user_id != author_user_id:
-                continue
-
             status = self._get_invitation_status(organization_id, invitation)
+
             match invitation.type:
                 case InvitationType.USER:
+                    # In the future, this might change to:
+                    #     if author_user.current_profile == UserProfile.ADMIN
+                    # so that any admin can greet a user
+                    if invitation.created_by_user_id != author_user_id:
+                        continue
                     assert invitation.claimer_email is not None
                     item = UserInvitation(
                         claimer_email=invitation.claimer_email,
@@ -432,6 +435,8 @@ async def list(
                         status=status,
                     )
                 case InvitationType.DEVICE:
+                    if invitation.created_by_user_id != author_user_id:
+                        continue
                     item = DeviceInvitation(
                         token=invitation.token,
                         created_on=invitation.created_on,
@@ -440,6 +445,37 @@ async def list(
                         created_by_human_handle=author_user.cooked.human_handle,
                         status=status,
                     )
+                case InvitationType.SHAMIR_RECOVERY:
+                    assert invitation.claimer_user_id is not None
+                    # There is no corresponding setup for this invitation, ignore it
+                    shamir_setup = org.shamir_setup.get(invitation.claimer_user_id)
+                    if shamir_setup is None:
+                        continue
+                    threshold = shamir_setup.brief.threshold
+                    par_recipient_shares = shamir_setup.brief.per_recipient_shares
+                    recipients = [
+                        ShamirRecoveryRecipient(
+                            user_id=user_id,
+                            human_handle=org.users[user_id].cooked.human_handle,
+                            shares=shares,
+                        )
+                        for user_id, shares in par_recipient_shares.items()
+                    ]
+                    # The author is not part of the recipients
+                    if author_user_id not in par_recipient_shares:
+                        continue
+                    recipients.sort(key=lambda x: x.human_handle.label)
+                    item = ShamirRecoveryInvitation(
+                        token=invitation.token,
+                        created_on=invitation.created_on,
+                        created_by_device_id=invitation.created_by_device_id,
+                        created_by_user_id=invitation.created_by_user_id,
+                        created_by_human_handle=author_user.cooked.human_handle,
+                        status=status,
+                        claimer_user_id=invitation.claimer_user_id,
+                        threshold=threshold,
+                        recipients=recipients,
+                    )
                 case unknown:
                     # TODO: find a way to type `InvitationType` as a proper enum
                     # so that we can use `assert_never` here

diff --git a/server/parsec/components/memory/user.py b/server/parsec/components/memory/user.py
@@ -596,7 +596,10 @@ async def get_certificates(
 
         for user_id, shamir in sorted(org.shamir_setup.items(), key=lambda x: x[1].brief.timestamp):
             # filter on timestamp
-            if shamir_recovery_after is not None and shamir.brief.timestamp < shamir_recovery_after:
+            if (
+                shamir_recovery_after is not None
+                and shamir.brief.timestamp <= shamir_recovery_after
+            ):
                 continue
 
             # if it is user's certificate keep brief
@@ -605,8 +608,9 @@ async def get_certificates(
 
             # if user is a share recipient keep share and brief
             if author_user_id in shamir.shares.keys():
-                shamir_recovery_certificates.append(shamir.shares[author_user_id])
+                # Important: the brief certificate must come first
                 shamir_recovery_certificates.append(shamir.brief_bytes)
+                shamir_recovery_certificates.append(shamir.shares[author_user_id])
 
         return CertificatesBundle(
             common=common_certificates,