Merge pull request #108 from local-first-web/fix-join

HerbCaudill · web-flow · commit f0d6fbc874ef · 2024-05-31T16:11:17.000+02:00
diff --git a/packages/auth-provider-automerge-repo/src/AuthProvider.ts b/packages/auth-provider-automerge-repo/src/AuthProvider.ts
@@ -255,7 +255,7 @@ export class AuthProvider extends EventEmitter<AuthProviderEvents> {
   /**
    * Creates a private share for a team we're already a member of.
    */
-  public async addTeam(team: Auth.Team) {
+  public async addTeam(team: Auth.Team, teamKeyring = team.teamKeyring()) {
     const shareId = getShareId(team)
 
     if (this.hasTeam(shareId)) {
@@ -269,6 +269,7 @@ export class AuthProvider extends EventEmitter<AuthProviderEvents> {
       shareId,
       team,
       documentIds: new Set(),
+      teamKeyring,
     })
 
     // persist our state now and whenever the team changes
@@ -469,16 +470,16 @@ export class AuthProvider extends EventEmitter<AuthProviderEvents> {
     this.#connections.set([shareId, peerId], connection)
 
     connection
-      .on('joined', async ({ team, user }) => {
+      .on('joined', async ({ team, user, teamKeyring }) => {
         // When we successfully join a team, the connection gives us the team graph and the user's
         // info (including keys).
 
         // When we're joining as a new device for an existing user, this is how we get the user's id and keys.
         this.#user = user
         this.#log = log.extend(user.userName)
 
-        // Create a share with this team
-        await this.addTeam(team)
+        // Create a share with this team and the full team keys
+        await this.addTeam(team, teamKeyring)
 
         // remove the used invitation as we no longer need it & don't want to present it to others
         this.#invitations.delete(shareId)
@@ -640,7 +641,10 @@ export class AuthProvider extends EventEmitter<AuthProviderEvents> {
         ? ({
             shareId,
             encryptedTeam: share.team.save(),
-            encryptedTeamKeys: encryptBytes(share.team.teamKeyring(), this.#device.keys.secretKey),
+            encryptedTeamKeys: encryptBytes(
+              { ...share.teamKeyring, ...share.team.teamKeyring() },
+              this.#device.keys.secretKey
+            ),
             documentIds,
           } as SerializedShare)
         : { shareId, documentIds }
diff --git a/packages/auth-provider-automerge-repo/src/test/AuthProvider.test.ts b/packages/auth-provider-automerge-repo/src/test/AuthProvider.test.ts
@@ -260,15 +260,31 @@ describe('auth provider for automerge-repo', () => {
     teardown()
   })
 
-  it('persists local context and team state', async () => {
+  it('persists local context and team state (including the complete keyring)', async () => {
     const {
-      users: { alice, bob },
+      users: { alice, bob, charlie },
       teardown,
-    } = setup(['alice', 'bob'])
+    } = setup(['alice', 'bob', 'charlie'])
 
     const aliceTeam = Auth.createTeam('team A', alice.context)
     await alice.authProvider.addTeam(aliceTeam)
 
+    // Alice sends Charlie an invitation
+    const { seed: charlieInvite } = aliceTeam.inviteMember()
+
+    // Charlie uses the invitation to join
+    await charlie.authProvider.addInvitation({
+      shareId: getShareId(aliceTeam),
+      invitationSeed: charlieInvite,
+    })
+
+    // they're able to authenticate and sync
+    await authenticated(alice, charlie)
+    await synced(alice, charlie) // ✅
+
+    // Alice boots charlie
+    aliceTeam.remove(charlie.user.userId)
+
     // Alice sends Bob an invitation
     const { seed: bobInvite } = aliceTeam.inviteMember()
 
diff --git a/packages/auth-provider-automerge-repo/src/types.ts b/packages/auth-provider-automerge-repo/src/types.ts
@@ -34,6 +34,7 @@ export type PublicShare = {
 export type PrivateShare = PublicShare & {
   /** The team that is used for enforcing authenticated access to this share */
   team: Auth.Team
+  teamKeyring: Auth.Keyring
 }
 
 export const isPrivateShare = (share: Share): share is PrivateShare =>
diff --git a/packages/auth/src/connection/Connection.ts b/packages/auth/src/connection/Connection.ts
@@ -229,7 +229,7 @@ export class Connection extends EventEmitter<ConnectionEvents> {
 
           // We join the team, which adds our device to the team graph.
           team.join(teamKeyring)
-          this.emit('joined', { team, user })
+          this.emit('joined', { team, user, teamKeyring })
           return { user, team }
         }),
 
diff --git a/packages/auth/src/connection/types.ts b/packages/auth/src/connection/types.ts
@@ -4,6 +4,7 @@ import type {
   Base58,
   Hash,
   KeyScope,
+  Keyring,
   Keyset,
   SyncState,
   UnixTimestamp,
@@ -43,7 +44,7 @@ export type ConnectionEvents = {
    * this is how we get the user's keys.) This event gives the application a chance to persist the
    * team graph and the user's info.
    */
-  joined: ({ team, user }: { team: Team; user: UserWithSecrets }) => void
+  joined: ({ team, user }: { team: Team; user: UserWithSecrets; teamKeyring: Keyring }) => void
 
   /** The team graph has been updated. This event gives the application a chance to persist the changes. */
   updated: () => void

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ export type PublicShare = {`
`34`	`34`	`export type PrivateShare = PublicShare & {`
`35`	`35`	`/** The team that is used for enforcing authenticated access to this share */`
`36`	`36`	`team: Auth.Team`
	`37`	`+ teamKeyring: Auth.Keyring`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`export const isPrivateShare = (share: Share): share is PrivateShare =>`