element-web icon indicating copy to clipboard operation
element-web copied to clipboard
verified publisher icon element-hq

Verification persistently fails between two Element Web users

Open twassman opened this issue 7 months ago • 2 comments

Steps to reproduce

  1. Created an account for a new user on Element X Android.
  2. Tried and failed verification between new user and my existing account.
  3. Logged in to new user account on Element Web, and successfully cross-signed with Element X session.
  4. Tried verification between the two Element Web instances by opening profile and selecting "Verify User".

Outcome

What did you expect?

The verification should have completed correctly.

What happened instead?

If trying to verify from the new user:

A m.key.verification.request event is sent and received by the existing user, but there is no verification popup. Console logs for existing user show:

WARN matrix_sdk_crypto::verification::machine: Could not retrieve the device data for the incoming verification request, ignoring it
    at /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/matrix-sdk-crypto-0.10.0/src/verification/machine.rs:375
    in matrix_sdk_crypto::verification::machine::receive_any_event with flow_id="[redacted]"

If trying to verify from the existing user:

A m.key.verification.request is sent and received by the new user. A "Verification requested" appears on the new user's session; proceeding (on the new user's side) sends a m.key.verification.ready event. When this is received by the existing user, console logs show:

WARN matrix_sdk_crypto::verification::machine: Could not retrieve the data for the accepting device, ignoring it
    at /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/matrix-sdk-crypto-0.10.0/src/verification/machine.rs:418
    in matrix_sdk_crypto::verification::machine::receive_any_event with flow_id="[redacted]"

New user then selects "Verify by emoji", which sends a m.key.verification.start event. The existing user stays on "Waiting for [new user] to accept", and the new user stays on a loading screen. Console logs for existing user show:

WARN matrix_sdk_crypto::verification::requests: Received a key verification start event but we're not yet in the ready state
    sender="[redacted]" device_id="[redacted]"
    at /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/matrix-sdk-crypto-0.10.0/src/verification/requests.rs:724
    in matrix_sdk_crypto::verification::machine::receive_any_event with flow_id="[redacted]"

Verification ultimately times out, regardless of method tried.

Logs are being sent from both sessions.

Operating system

No response

Browser information

Firefox 139.0b4

URL for webapp

staging.element.io (existing user); app.element.io (new user)

Application version

Element version: 1.11.101

Homeserver

No response

Will you send logs?

Yes

twassman avatar May 20 '25 19:05 twassman

This is very odd. Both failure modes amount to "existing user doesn't know about new user's device".

To preserve anonymity, I'll redact IDs in the following description, and use the terms @old_user:example.com and @new_user:matrix.org (since the new user is in fact on matrix.org).

From the logs, we see that new_user logs in at 2025-05-20T17:43:37.145Z and publishes the new device keys at 2025-05-20T17:46:01.861Z. By that point, the users share at least one encrypted room, so I would expect matrix.org to notify example.com about the new device immediately.

However, we see the existing client make a number of /keys/query requests after that, none of which produce the new device.

So evidently example.com has an outdated cache of new_user's device list. But as for why that happened, very hard to tell without server-side logs from the time :/

richvdh avatar Jun 13 '25 09:06 richvdh

I've opened https://github.com/element-hq/synapse/issues/18550 to track this.

richvdh avatar Jun 13 '25 09:06 richvdh