Revert "[keyserver][lib] don't generate one time keys on identity login"

Summary:
This reverts commit d2f01b5.

Depends on D13575

Resolves https://linear.app/comm/issue/ENG-9440/clients-should-include-otks-on-first-login

Test Plan: set up a new keyserver with my test user credentials, on login my keyserver's OTKs were present in DynamoDB

Reviewers: will, bartek, ashoat

Reviewed By: ashoat

Subscribers: ashoat, tomek

Differential Revision: https://phab.comm.dev/D13577

keyserver/addons/rust-node-addon/rust-binding-types.js

@@ -18,6 +18,8 @@ type RustNativeBindingAPI = {
     contentPrekeySignature: string,
     notifPrekey: string,
     notifPrekeySignature: string,
+    contentOneTimeKeys: $ReadOnlyArray<string>,
+    notifOneTimeKeys: $ReadOnlyArray<string>,
     force: ?boolean,
   ) => Promise<IdentityInfo>,
   +registerUser: (

keyserver/addons/rust-node-addon/src/identity_client/login.rs

@@ -18,6 +18,8 @@ pub async fn login_user(
   content_prekey_signature: String,
   notif_prekey: String,
   notif_prekey_signature: String,
+  content_one_time_keys: Vec<String>,
+  notif_one_time_keys: Vec<String>,
   force: Option<bool>,
 ) -> Result<UserLoginInfo> {
   debug!("Attempting to log in user: {}", username);
@@ -47,8 +49,8 @@ pub async fn login_user(
         prekey: notif_prekey,
         prekey_signature: notif_prekey_signature,
       }),
-      one_time_content_prekeys: Vec::new(),
-      one_time_notif_prekeys: Vec::new(),
+      one_time_content_prekeys: content_one_time_keys,
+      one_time_notif_prekeys: notif_one_time_keys,
       device_type: DeviceType::Keyserver.into(),
     }),
     force,

keyserver/src/user/login.js

@@ -3,13 +3,9 @@
 import type { Account as OlmAccount } from '@commapp/olm';
 import { getRustAPI } from 'rust-node-addon';
 
-import { ONE_TIME_KEYS_NUMBER } from 'lib/types/identity-service-types.js';
 import { getCommConfig } from 'lib/utils/comm-config.js';
 import { ServerError } from 'lib/utils/errors.js';
-import {
-  retrieveIdentityKeysAndPrekeys,
-  getAccountOneTimeKeys,
-} from 'lib/utils/olm-utils.js';
+import { retrieveAccountKeysSet } from 'lib/utils/olm-utils.js';
 
 import type { UserCredentials } from './checks.js';
 import {
@@ -156,14 +152,16 @@ async function registerOrLogInBase<T>(
     identityKeys: notificationsIdentityKeys,
     prekey: notificationsPrekey,
     prekeySignature: notificationsPrekeySignature,
-  } = await getUpdateNotificationsAccount(retrieveIdentityKeysAndPrekeys);
+    oneTimeKeys: notificationsOneTimeKeys,
+  } = await fetchCallUpdateOlmAccount('notifications', retrieveAccountKeysSet);
 
-  const contentAccountCallback = (account: OlmAccount) => {
+  const contentAccountCallback = async (account: OlmAccount) => {
     const {
       identityKeys: contentIdentityKeys,
+      oneTimeKeys,
       prekey,
       prekeySignature,
-    } = retrieveIdentityKeysAndPrekeys(account);
+    } = await retrieveAccountKeysSet(account);
 
     const identityKeysBlob = {
       primaryIdentityPublicKeys: JSON.parse(contentIdentityKeys),
@@ -177,6 +175,7 @@ async function registerOrLogInBase<T>(
 
     return {
       signedIdentityKeysBlob,
+      oneTimeKeys,
       prekey,
       prekeySignature,
     };
@@ -188,6 +187,7 @@ async function registerOrLogInBase<T>(
       signedIdentityKeysBlob,
       prekey: contentPrekey,
       prekeySignature: contentPrekeySignature,
+      oneTimeKeys: contentOneTimeKeys,
     },
   ] = await Promise.all([
     rustAPIPromise,
@@ -203,6 +203,8 @@ async function registerOrLogInBase<T>(
       contentPrekeySignature,
       notificationsPrekey,
       notificationsPrekeySignature,
+      contentOneTimeKeys,
+      notificationsOneTimeKeys,
       userInfo.forceLogin,
     );
     await Promise.all([
@@ -212,14 +214,6 @@ async function registerOrLogInBase<T>(
     return identity_info;
   } catch (e) {
     console.warn('Failed to login user: ' + getMessageForException(e));
-    const [contentOneTimeKeys, notificationsOneTimeKeys] = await Promise.all([
-      getUpdateContentAccount((account: OlmAccount) =>
-        getAccountOneTimeKeys(account, ONE_TIME_KEYS_NUMBER),
-      ),
-      getUpdateNotificationsAccount((account: OlmAccount) =>
-        getAccountOneTimeKeys(account, ONE_TIME_KEYS_NUMBER),
-      ),
-    ]);
     try {
       await Promise.all([
         getUpdateContentAccount(markOneTimeKeysAsPublished),

lib/utils/olm-utils.js

@@ -18,12 +18,6 @@ type AccountKeysSet = {
   +oneTimeKeys: $ReadOnlyArray<string>,
 };
 
-type IdentityKeysAndPrekeys = {
-  +identityKeys: string,
-  +prekey: string,
-  +prekeySignature: string,
-};
-
 function validateAccountPrekey(account: OlmAccount) {
   if (shouldRotatePrekey(account)) {
     account.generate_prekey();
@@ -95,15 +89,6 @@ function getAccountOneTimeKeys(
 }
 
 function retrieveAccountKeysSet(account: OlmAccount): AccountKeysSet {
-  const { identityKeys, prekey, prekeySignature } =
-    retrieveIdentityKeysAndPrekeys(account);
-  const oneTimeKeys = getAccountOneTimeKeys(account, ONE_TIME_KEYS_NUMBER);
-  return { identityKeys, oneTimeKeys, prekey, prekeySignature };
-}
-
-function retrieveIdentityKeysAndPrekeys(
-  account: OlmAccount,
-): IdentityKeysAndPrekeys {
   const identityKeys = account.identity_keys();
 
   validateAccountPrekey(account);
@@ -113,7 +98,9 @@ function retrieveIdentityKeysAndPrekeys(
     throw new Error('invalid_prekey');
   }
 
-  return { identityKeys, prekey, prekeySignature };
+  const oneTimeKeys = getAccountOneTimeKeys(account, ONE_TIME_KEYS_NUMBER);
+
+  return { identityKeys, oneTimeKeys, prekey, prekeySignature };
 }
 
 export const OLM_SESSION_ERROR_PREFIX = 'OLM_';
@@ -155,7 +142,6 @@ export {
   shouldForgetPrekey,
   shouldRotatePrekey,
   getAccountOneTimeKeys,
-  retrieveIdentityKeysAndPrekeys,
   hasHigherDeviceID,
   olmSessionErrors,
 };