Remove the ability to skip device verification during login

playwright/e2e/crypto/decryption-failure-messages.spec.ts

@@ -30,6 +30,12 @@ test.describe("Cryptography", function () {
     test.describe("decryption failure messages", () => {
         test.skip(isDendrite, "Dendrite lacks support for MSC3967 so requires additional auth here");
 
+        test.use({
+            config: {
+                force_verification: false,
+            },
+        });
+
         test("should handle device-relative historical messages", async ({
             homeserver,
             page,

playwright/e2e/crypto/device-verification.spec.ts

@@ -185,6 +185,12 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => {
         await enterRecoveryKeyAndCheckVerified(page, app, recoveryKey);
     });
 
+    test.use({
+        config: {
+            force_verification: false,
+        },
+    });
+
     test("Verify device with Recovery Key from settings", async ({ page, app, credentials }) => {
         const recoveryKey = (await aliceBotClient.getRecoveryKey()).encodedPrivateKey;
 

playwright/e2e/login/login-consent.spec.ts

@@ -167,7 +167,7 @@ test.describe("Login", () => {
         });
 
         test.describe("verification after login", () => {
-            test("Shows verification prompt after login if signing keys are set up, skippable by default", async ({
+            test("Shows verification prompt after login if signing keys are set up, unskippable by default", async ({
                 page,
                 homeserver,
                 request,
@@ -185,9 +185,10 @@ test.describe("Login", () => {
                 await page.goto("/");
                 await login(page, homeserver, credentials);
 
-                await expect(page.getByRole("heading", { name: "Confirm your identity", level: 2 })).toBeVisible();
+                const h2 = page.getByRole("heading", { name: "Confirm your identity", level: 2 });
+                await expect(h2).toBeVisible();
 
-                await expect(page.getByRole("button", { name: "Skip verification for now" })).toBeVisible();
+                await expect(h2.locator(".mx_CompleteSecurity_skip")).toHaveCount(0);
             });
 
             test.describe("with force_verification off", () => {

src/SdkConfig.ts

@@ -24,7 +24,7 @@ export const DEFAULTS: DeepReadonly<IConfigOptions> = {
     integrations_rest_url: "https://scalar.vector.im/api",
     uisi_autorageshake_app: "element-auto-uisi",
     show_labs_settings: false,
-    force_verification: false,
+    force_verification: true,
 
     jitsi: {
         preferred_domain: "meet.element.io",

src/components/structures/MatrixChat.tsx

@@ -1367,11 +1367,20 @@ export default class MatrixChat extends React.PureComponent<IProps, IState> {
         if (!mustVerifyFlag) return false;
 
         const client = MatrixClientPeg.safeGet();
+
+        // Guests won't have a cross-signing identity to confirm.
         if (client.isGuest()) return false;
 
+        // If we don't have crypto support, we can't verify.
         const crypto = client.getCrypto();
-        const crossSigningReady = await crypto?.isCrossSigningReady();
+        if (!crypto) return false;
+
+        // If we skip setting up encryption, this takes priority over forcing
+        // verification.
+        if (await shouldSkipSetupEncryption(client)) return false;
 
+        // Force verification if this device hasn't already verified.
+        const crossSigningReady = await crypto.isCrossSigningReady();
         return !crossSigningReady;
     }
 

test/unit-tests/components/structures/MatrixChat-test.tsx

@@ -129,7 +129,7 @@ describe("<MatrixChat />", () => {
         setGuest: jest.fn(),
         setNotifTimelineSet: jest.fn(),
         getAccountData: jest.fn(),
-        doesServerSupportUnstableFeature: jest.fn().mockResolvedValue(false),
+        doesServerSupportUnstableFeature: jest.fn().mockResolvedValue(true),
         getDevices: jest.fn().mockResolvedValue({ devices: [] }),
         getProfileInfo: jest.fn().mockResolvedValue({
             displayname: "Ernie",
@@ -1324,6 +1324,7 @@ describe("<MatrixChat />", () => {
                         .mockResolvedValue(new UserVerificationStatus(false, false, false)),
                     setDeviceIsolationMode: jest.fn(),
                     userHasCrossSigningKeys: jest.fn().mockResolvedValue(false),
+                    isCrossSigningReady: jest.fn().mockResolvedValue(false),
                     // This needs to not finish immediately because we need to test the screen appears
                     bootstrapCrossSigning: jest.fn().mockImplementation(() => bootstrapDeferred.promise),
                     resetKeyBackup: jest.fn(),
@@ -1342,7 +1343,7 @@ describe("<MatrixChat />", () => {
                 expect(screen.getByRole("heading", { name: "Welcome Ernie" })).toBeInTheDocument();
             });
 
-            describe("when server supports cross signing and user does not have cross signing setup", () => {
+            describe("when user does not have cross signing setup", () => {
                 beforeEach(() => {
                     jest.spyOn(loginClient.getCrypto()!, "userHasCrossSigningKeys").mockResolvedValue(false);
                 });

test/unit-tests/components/structures/auth/CompleteSecurity-test.tsx

@@ -47,10 +47,10 @@ describe("CompleteSecurity", () => {
         jest.restoreAllMocks();
     });
 
-    it("Renders with a cancel button by default", () => {
+    it("Renders without a cancel button by default", () => {
         render(<CompleteSecurity onFinished={() => {}} />);
 
-        expect(screen.getByRole("button", { name: "Skip verification for now" })).toBeInTheDocument();
+        expect(screen.queryByRole("button", { name: "Skip verification for now" })).not.toBeInTheDocument();
     });
 
     it("Renders with a cancel button if forceVerification false", () => {

test/unit-tests/components/structures/auth/__snapshots__/CompleteSecurity-test.tsx.snap

@@ -23,14 +23,7 @@ exports[`CompleteSecurity Allows verifying with another device if one is availab
           >
             <h1
               class="mx_CompleteSecurity_header"
-            >
-              <div
-                aria-label="Skip verification for now"
-                class="mx_AccessibleButton mx_CompleteSecurity_skip"
-                role="button"
-                tabindex="0"
-              />
-            </h1>
+            />
             <div
               class="mx_CompleteSecurity_body"
             >
@@ -191,14 +184,7 @@ exports[`CompleteSecurity Allows verifying with recovery key if one is available
           >
             <h1
               class="mx_CompleteSecurity_header"
-            >
-              <div
-                aria-label="Skip verification for now"
-                class="mx_AccessibleButton mx_CompleteSecurity_skip"
-                role="button"
-                tabindex="0"
-              />
-            </h1>
+            />
             <div
               class="mx_CompleteSecurity_body"
             >

test/unit-tests/components/views/right_panel/UserInfo-test.tsx

@@ -118,6 +118,7 @@ beforeEach(() => {
         on: jest.fn(),
         off: jest.fn(),
         isSynapseAdministrator: jest.fn().mockResolvedValue(false),
+        isVersionSupported: jest.fn().mockResolvedValue(false),
         doesServerSupportUnstableFeature: jest.fn().mockReturnValue(false),
         doesServerSupportExtendedProfiles: jest.fn().mockResolvedValue(false),
         getExtendedProfile: jest.fn().mockRejectedValue(new Error("Not supported")),