Skip to content

Fix bug which caused app not to load correctly when force_verification is enabled #31265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
richvdh merged 6 commits into from
Dec 2, 2025
Merged

Fix bug which caused app not to load correctly when force_verification is enabled #31265

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
142a66d
MatrixChat: add a load of logging for view transitions
richvdh Nov 20, 2025
66dd507
Add more comments on `state.view`
richvdh Nov 27, 2025
a525c53
Add a new state between LOADING/SOFT_LOGOUT and LOGGED_IN
richvdh Nov 26, 2025
1cf6476
Remove redundant check for `force_verification`
richvdh Nov 18, 2025
92af206
`onShowPostLoginScreen` need no longer be `async`
richvdh Nov 27, 2025
c798c77
Regression test for https://github.com/element-hq/element-web/issues/…
richvdh Nov 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions playwright/e2e/login/login.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
Copyright 2025 Element Creations Ltd.

SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
Please see LICENSE files in the repository root for full details.
*/

import { expect, test } from "../../element-web-test";
import { logIntoElement } from "../crypto/utils.ts";

test.describe(`With force_verification: true`, () => {
test.use({
config: {
force_verification: true,
},
});

test("Can reload after login", async ({ page, credentials }) => {
// The page should reload fine when going to the base client URL
// Regression test for https://github.com/element-hq/element-web/issues/31203
await logIntoElement(page, credentials);

// We should auto-upload the E2EE keys, and show a welcome page
await expect(page.getByRole("heading", { name: `Welcome ${credentials.displayName}` })).toBeVisible();

await page.goto("/");

await expect(page.getByRole("heading", { name: `Welcome ${credentials.displayName}` })).toBeVisible();
});
});
1 change: 1 addition & 0 deletions src/PosthogTrackers.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ const notLoggedInMap: Record<Exclude<Views, Views.LOGGED_IN>, ScreenName> = {
[Views.FORGOT_PASSWORD]: "ForgotPassword",
[Views.COMPLETE_SECURITY]: "CompleteSecurity",
[Views.E2E_SETUP]: "E2ESetup",
[Views.PENDING_CLIENT_START]: "Loading",
[Views.SOFT_LOGOUT]: "SoftLogout",
[Views.LOCK_STOLEN]: "SessionLockStolen",
};
Expand Down
108 changes: 62 additions & 46 deletions src/Views.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,52 +20,62 @@ Please see LICENSE files in the repository root for full details.
* │ LOADING │─────────────────────────────►│ CONFIRM_LOCK_ │
* │ │◄─────────────────────────────│ THEFT │
* └─────────────────┘ Lock theft confirmed └─────────────────┘
* Session recovered │ │ │
* ┌──────────────┘ │ └────────────────┐
* │ ┌─────────────┘ │ No previous session
* │ │ Token/OIDC login succeeded │
* │ │ ▼
* │ │ ┌─────────────────┐
* │ │ │ WELCOME │ (from all other states
* │ │ │ │ except LOCK_STOLEN)
* │ │ └─────────────────┘ │
* │ │ "Create Account" │ │ "Sign in" │ Client logged out
* │ │ ┌────────────────────────┘ │ │
* │ │ │ │ ┌────────────────────┘
* │ │ │ │ │
* │ │ ▼ "Create an ▼ ▼ "Forgot
* │ │ ┌─────────────────┐ account" ┌─────────────────┐ password" ┌─────────────────┐
* │ │ │ REGISTER │◄───────────────│ LOGIN │───────────────►│ FORGOT_PASSWORD │
* │ │ │ │───────────────►│ │◄───────────────│ │
* │ │ └─────────────────┘ "Sign in here" └─────────────────┘ Complete / └─────────────────┘
* │ │ │ │ "Sign in instead" ▲
* │ │ └────────────────────────────────┐ │ │
* │ └────────────────────────────────────────┐ │ │ │
* │ ▼ ▼ ▼ │
* │ ┌──────────────────┐ │
* │ │ (postLoginSetup) │ │
* │ └──────────────────┘ │
* │ ┌────────────────────────────────────┘ │ │ │
* │ │ E2EE not enabled ┌─────────────┘ └──────┐ │
* │ │ │ Account has │ Account lacks │
* │ │ │ cross-signing │ cross-signing │
* │ │ │ keys │ keys │
* │ │ Client started and ▼ ▼ │
* │ │ force_verification ┌─────────────────┐ ┌─────────────────┐ │
* │ │ pending │ COMPLETE_ │ │ E2E_SETUP │ │
* │ │ ┌─────────────────►│ SECURITY │ │ │ │
* │ │ │ └─────────────────┘ └─────────────────┘ │ "Forgotten
* │ │ │ ┌───────────────────────┘ │ │ your
* │ │ │ │ ┌───────────────────────────────────────────────┘ │ password?"
* │ │ │ │ │ │
* │ │ │ │ │ (from all other states │
* │ │ │ │ │ except LOCK_STOLEN) │
* │ │ │ │ │ └──────────────┐ │
* ▼ ▼ │ ▼ ▼ Soft logout error ▼ │
* ┌─────────────────┐ ┌─────────────────┐
* │ LOGGED_IN │ Re-authentication succeeded │ SOFT_LOGOUT │
* │ │◄────────────────────────────────────────────────────────│ │
* └─────────────────┘ └─────────────────┘
* Session recovered │ │ │ Token/OIDC login succeeded
* ┌──────────────┘ │ └──────────────────────────────────────────────────────────────────┐
* │ └───────────────────────────────────────────┐ │
* │ │ No previous session │
* │ ▼ │
* │ (from all other states ┌─────────────────┐ │
* │ except LOCK_STOLEN) │ WELCOME │ │
* │ │ │ │ │
* │ │ Client logged out └─────────────────┘ │
* │ │ │ │ │
* │ └──────────────────────────┐ "Sign in" │ │ "Create account" │
* │ │ ┌────────────┘ └──────────────┐ │
* │ │ │ │ │
* │ "Forgot ▼ ▼ "Create an ▼ │
* │ ┌─────────────────┐ password" ┌─────────────────┐ account" ┌─────────────────┐ │
* │ │ FORGOT_PASSWORD │◄───────────────│ LOGIN │───────────────►│ REGISTER │ │
* │ │ │───────────────►│ │◄───────────────│ │ │
* │ └─────────────────┘ Complete / └─────────────────┘ "Sign in here" └─────────────────┘ │
* │ ▲ "Sign in instead" │ │ │
* │ │ └──────────────────────┐ ┌─────────┘ │
* │ │"Forgotten your │ │ ┌──────────────────┘
* │ │ password?" │ │ │
* │ │ │ │ │
* │ ┌─────────────────┐ Soft-logout error │ │ │
* │ │ SOFT_LOGOUT │◄───────────── (from all other states │ │ │
* │ │ │ except LOCK_STOLEN) │ │ │
* │ └─────────────────┘ │ │ │
* │ │ Re-authentication succeeded ▼ ▼ ▼
* │ │ ┌──────────────────┐
* ▼ ▼ │ (postLoginSetup) │
* ┌─────────────────┐ └──────────────────┘
* │ PENDING_CLIENT_ │ Account has │ │ │ Account lacks
* │ START │ cross-signing │ │ │ cross-signing
* └─────────────────┘ keys │ │ │ keys
* │ │ │ │ │
* │ └───────────────────────────────┐ │ │ │
* │ Client started, │ │ │ └──────┐
* │ force_verification pending │ │ │ │
* │ ▼ │ │ │
* │ Client started, ┌─────────────────┐ │ │ │
* │ force_verification │ COMPLETE_ │◄────────────┘ │ ▼
* │ not needed │ SECURITY │ │ ┌─────────────────┐
* │ └─────────────────┘ │ │ E2E_SETUP │
* │ │ │ │ │
* │ ┌─────────────────────────────────────┘ E2EE not enabled │ └─────────────────┘
* │ │ ┌─────────────────────────────────────────────────────────────┘ │
* │ │ │ ┌──────────────────────────────────────────────────────────────────────┘
* │ │ │ │
* │ │ │ │
* │ │ │ │
* │ │ │ │
* ▼ ▼ ▼ ▼
* ┌─────────────────┐
* │ LOGGED_IN │
* │ │
* └─────────────────┘
*
* (from all other states)
* │
Expand Down Expand Up @@ -102,6 +112,12 @@ enum Views {
// flow to setup SSSS / cross-signing on this account
E2E_SETUP,

/**
* We have successfully recovered a session from localstorage, but the client
* has not yet been started.
*/
PENDING_CLIENT_START,

// we are logged in with an active matrix client. The logged_in state also
// includes guests users as they too are logged in at the client level.
LOGGED_IN,
Expand Down
Loading
Loading