add sender badge to replies

[sssoleileraaa]

Description

Resolves #76

Test Plan

Init setup

1. run make dev
2. log into the client as journalist
3. log into the SI and send a message as a new source
4. create an additional user account with the username: alice (this will be used at the end to test multiple deleted accounts)

Sending a reply from the JI

1. log into the JI as dellsberg and reply to the new source

• confirm that you see de in the badge next to the reply

Changing username

1. log into the JI as journalist (an admin account) and change dellsberg's username to unknown and wait until next sync

• confirm that you see the badge initials next to the reply change from de to un

Sending a reply from the JI with a new username

1. log into the JI as unknown and reply to the source

• confirm that you see un in the badge next to the new reply

Changing name

1. while logged in as unknown, change first name to Pizza and last name to Cat and wait until next sync

• confirm that you see the badge initials next to all existing replies change from un to pc
• confirm that you see pc in the badge next to the new reply

Multiple journalists responding to the same source

1. log into the JI as journalist and reply to the source

• confirm that you see jo in a purple badge next to the reply
• confirm all replies from Pizza Cat remain pc

Deleting a journalist

Note: #1143 is a known issue

1. log into the JI as journalist and delete unknown's account

• confirm that you see a deleted account icon in the badge next to all replies from unknown

Sending a reply from the client: success

1. log into the client as alice

• confirm that you see jo in a blue badge now

2. send a reply to the source

• confirm that you see al in a purple badge next to the new reply

Sending a reply from the client: failed

1. close the client
2. in the securedrop-client root dir, run git clone https://gist.github.com/5ba70d50c12b6a6df6f98ed40ad09645.git
3. run git apply 5ba70d50c12b6a6df6f98ed40ad09645/failed-reply
4. log in as alice and send a reply to the source

• confirm that you see al in a red badge next to the new reply
• confirm that you see a red status bar

Sending a reply from the client: pending

1. close the client
2. in the securedrop-client root dir, run git clone https://gist.github.com/7f19a7d10334359f40dbdbb2354cd13a.git
3. stash your changes to uploads.py and run git apply 7f19a7d10334359f40dbdbb2354cd13a/pending-reply
4. log in as alice and send a reply to the source

• confirm that you see al in a purple badge next to the new reply
• confirm that you see a purple status bar
• confirm the background color of the reply widget and the color of the text are faded/ more transparent

Offline mode and switching accounts in the client

1. stash your changes and now log into the client as journalist

• confirm that journalist replies have purple badges

2. logout so that you're in offline mode

• confirm that all reply badges, including badges for journalist are now blue

3. click the login button and log in as alice

• confirm al badges are now purple

4. close the client and log in in offline mode

• confirm all badges are blue

5. click the login button and log in as journalist

• confirm all badges for journalist are purple

Multiple deleted accounts

Note: #1143 is a known issue

1. log into the JI as journalist and delete alice's account and wait until next sync

• confirm that you now see a deleted account icon in badges next to alice's replies that are not failed replies (see next step for what to expect with failed replies that are asscociated with a deleted account)

Failed replies associated with deleted account

• confirm from you see an al in a red badge next to failed replies: once the known issue described in Deleted user is not fully removed from client database after a sync #1143 (comment) is fixed we can start showing the deleted account icon in the red badge

Same authenticated journalist with new name across sources

1. reply to all sources with the same "journalist" account
2. now change the username from the admin interface in the JI and wait until next sync

• confirm that you see the new initials in all the relevant reply badges across all the sources

3. now change the first and/or last name from the admin interface in the JI and wait until next sync

• confirm that you see the new initials in all the relevant reply badges across all the sources

Failed-to-decrypt errors

1. start the client, and before logging in, delete the submission key:

• gpg --homedir ~/.securedrop_client/gpg --delete-secret-keys --yes 65A1B5FF195B56353CC63DFFCC40EF1228271441
• gpg --homedir ~/.securedrop_client/gpg --delete-keys --yes 65A1B5FF195B56353CC63DFFCC40EF1228271441

2. log in and send a reply

• confirm failed-to-send error with urgent coral badge

3. Send a reply from the JI

• confirm reply appears with a gray badge

4. Send a message from the JI

• confirm message appears with a gray badge

5. Delete account from the JI

• confirm failed-to-decrypt reply badge is now gray with the deleted account icon

6. log out

• confirm all failed-to-send and failed-to-decrypt status bars, badges, and other styling remain unchanged

7. restart the client

• confirm all failed-to-decrypt messages and replies are now decrypted with normal styling

Checklist

If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:

• I have tested these changes in the appropriate Qubes environment
• I do not have an appropriate Qubes OS workstation set up (the reviewer will need to test these changes)
• These changes should not need testing in Qubes

If these changes add or remove files other than client code, the AppArmor profile may need to be updated. Please check as applicable:

• I have updated the AppArmor profile
• No update to the AppArmor profile is required for these changes
• I don't know and would appreciate guidance

If these changes modify the database schema, you should include a database migration. Please check as applicable:

• I have written a migration and upgraded a test database based on main and confirmed that the migration applies cleanly
• I have written a migration but have not upgraded a test database based on main and would like the reviewer to do so
• I need help writing a database migration
• No database schema changes are needed

[sssoleileraaa]

Update:

• waiting on pass id instead of uuid for journalist_id #1147
• this pr can be merged before Preserve deleted journalist UUIDs in database to attribute replies securedrop#5467 but it means that we will continue to use the "deleted" journalist_uuid passed to the client via the sdk to know when not to show the initials in the reply badge (for now we can keep ReplyWidget updated every sync with a "deleted_sender" flag until #5467 is finished)
• this pr does not need to remove user accounts based on the "deleted" journalist_uuid returned in the /replies endpoint since that is going away soon
• now we have a new /users endpoint that will allow us to address the bug reported in this comment: Deleted user is not fully removed from client database after a sync #1143 (comment) and allow us to remove journalist accounts to match the server. this pr can be merged before we start using the new /users endpoint. so for now the test in the test plan will continue to be:

Failed replies associated with deleted account

• confirm from you now see a al in a red badge next to failed replies: once the known issue described in Deleted user is not fully removed from client database after a sync #1143 (comment) is fixed we can start showing the deleted account icon in the red badge

[sssoleileraaa]

this is ready for review, but should wait for #1147 to be merged first

[eloquence]

Functional testing, part 1:

Sending a reply from the JI

1. log into the JI as dellsberg and reply to the new source

• confirm that you see de in the badge next to the reply

Changing username

1. log into the JI as journalist (an admin account) and change dellsberg's username to unknown and wait until next sync

• confirm that you see the badge initials next to the reply change from de to un

Sending a reply from the JI with a new username

1. log into the JI as unknown and reply to the source

• confirm that you see un in the badge next to the new reply

Changing name

1. while logged in as unknown, change first name to Pizza and last name to Cat and wait until next sync

• confirm that you see the badge initials next to all existing replies change from un to pc
• confirm that you see pc in the badge next to the new reply

Multiple journalists responding to the same source

1. log into the JI as journalist and reply to the source

• confirm that you see jo in a purple badge next to the reply
• confirm all replies from Pizza Cat remain pc

Deleting a journalist

Note: #1143 is a known issue

1. log into the JI as journalist and delete unknown's account

• confirm that you see a deleted account icon in the badge next to all replies from unknown

Sending a reply from the client: success

1. log into the client as alice

• confirm that you see jo in a blue badge now

2. send a reply to the source

• confirm that you see al in a purple badge next to the new reply

Sending a reply from the client: failed

1. close the client
2. in the securedrop-client root dir, run git clone https://gist.github.com/5ba70d50c12b6a6df6f98ed40ad09645.git
3. run git apply 5ba70d50c12b6a6df6f98ed40ad09645/failed-reply
4. log in as alice and send a reply to the source

• confirm that you see al in a red badge next to the new reply
• confirm that you see a red status bar

[eloquence]

Part 2:

Sending a reply from the client: pending

1. close the client
2. in the securedrop-client root dir, run git clone https://gist.github.com/7f19a7d10334359f40dbdbb2354cd13a.git
3. stash your changes to uploads.py and run git apply 7f19a7d10334359f40dbdbb2354cd13a/pending-reply
4. log in as alice and send a reply to the source

• confirm that you see al in a purple badge next to the new reply
• confirm that you see a purple status bar
• confirm the background color of the reply widget and the color of the text are faded/ more transparent

Switching journalist accounts in the client

1. stash your changes and now log into the client as journalist

• confirm that journalist replies have purple badges

Multiple deleted accounts

Note: #1143 is a known issue

1. log into the JI as journalist and delete alice's account and wait until next sync

• confirm that you now see a deleted account icon in badges next to alice's replies that are not failed replies (see next step for what to expect with failed replies that are asscociated with a deleted account)

Failed replies associated with deleted account

• confirm from you see an al in a red badge next to failed replies: once the known issue described in Deleted user is not fully removed from client database after a sync #1143 (comment) is fixed we can start showing the deleted account icon in the red badge

Same authenticated journalist with new name across sources

1. reply to all sources with the same "journalist" account
2. now change the username from the admin interface in the JI and wait until next sync

• confirm that you see the new initials in all the relevant reply badges across all the sources

3. now change the first and/or last name from the admin interface in the JI and wait until next sync

• confirm that you see the new initials in all the relevant reply badges across all the sources

[eloquence]

Functional testing per test plan looks great! Will do a bit more exploratory testing tomorrow. >:)

[eloquence]

Did a bit more exploratory testing and wasn't able to break things (e.g. deleting individual replies via JI, using pseudo-delete functionality in Source UI, renaming user right after logging in and before sending first reply). :)

[sssoleileraaa]

I added one more test section to the test plan around offline mode and switching accounts, so please make sure to focus here upon second review:

## Offline mode and switching accounts in the client
1. stash your changes and now log into the client as journalist
- [ ] confirm that journalist replies have purple badges
2. logout so that you're in offline mode
- [ ] confirm that all reply badges, including badges for journalist are now blue
3. click the login button and log in as alice
- [ ] confirm `al` badges are now purple
4. close the client and log in in offline mode
- [ ] confirm all badges are blue
5. click the login button and log in as journalist
- [ ] confirm all badges for journalist are purple

[sssoleileraaa]

just learned there is one more state around reply badges that we need to test: the failed-to-decrypt state. will update the test plan and push one more change so this is ready for the night crew :)

[sssoleileraaa]

This is ready for review again! I add a new test section to the test plan to account for changes made to handle decryption errors:

Failed-to-decrypt errors

1. start the client, and before logging in, delete the submission key:

• gpg --homedir ~/.securedrop_client/gpg --delete-secret-keys --yes 65A1B5FF195B56353CC63DFFCC40EF1228271441
• gpg --homedir ~/.securedrop_client/gpg --delete-keys --yes 65A1B5FF195B56353CC63DFFCC40EF1228271441

2. log in and send a reply

• confirm failed-to-send error with urgent coral badge

3. Send a reply from the JI

• confirm reply appears with a gray badge

4. Send a message from the JI

• confirm message appears with a gray badge

5. Delete account from the JI

• confirm failed-to-decrypt reply badge is now gray with the deleted account icon

6. log out

• confirm all failed-to-send and failed-to-decrypt status bars, badges, and other styling remain unchanged

7. restart the client

• confirm all failed-to-decrypt messages and replies are now decrypted with normal styling

[sssoleileraaa]

updated to include new artwork added from the issue this resolves (still ready for review)

[emkll]

(@emkyll oh friday mistakes... i accidentally edited your comment and now i'm unable to get your comment back with all of the formatting, so we can just look at the github comment history here to see what you said orignally :bushes:)

[sssoleileraaa]

@emkyll - you'll see above that i accidentally edited your comment and lost all the nice formatting you did so... for efficiency, i captured just the part of the test plan that needs focus (the rest passed without issue):

Failed-to-decrypt errors

1. start the client, and before logging in, delete the submission key:

• gpg --homedir ~/.securedrop_client/gpg --delete-secret-keys --yes 65A1B5FF195B56353CC63DFFCC40EF1228271441
• gpg --homedir ~/.securedrop_client/gpg --delete-keys --yes 65A1B5FF195B56353CC63DFFCC40EF1228271441

2. log in and send a reply

• confirm failed-to-send error with urgent coral badge

3. Send a reply from the JI

• ❗ confirm reply appears with a gray badge: (though this is to be expected, I think?)

4. Send a message from the JI

• ❗ confirm message appears with a gray badge: For the current user it appears as purple (though this is to be expected, I think?)

Just to double check, you're saying that in step 3 and 4 the new reply from a journalist and message from a source did not show up in gray with the "cannot decrypt message", even though you deleted the submission key locally? If so I am unable to reproduce. In case it helps try this:

1. start the client, and before logging in, delete the submission key via those gpg commands above (remember that when you run ./run.sh the test submission key will be recreated so we're trying to avoid running the client after deleting the key)
2. in the JI, send a reply as "journalist"
3. wait in the client with the source you sent a reply to selected
4. when the reply shows up you'll need to scroll to the bottom to see the new reply due to a bug currently on main where the scrollbar doesn't automatically scroll you to the bottom to see the new content

• confirm that the reply says in italics "cannot decrypt reply" and the reply bar and badge should be gray

For test #3 above, you need to do the same thing but with a source message instead of a journalist reply.

[emkll]

Thanks @creviera confirmed the thorough test plan is now passing in an sd-app VM in Qubes, including the failed to decrypt scenario. (see below). Thanks for your hard work on this, changes look great.

There are a couple of todo's still outstanding (one which is dependent on freedomofpress/securedrop-sdk#134) . Would you like to address these as part of this PR or open follow-up issues? IMO this PR if good to merge as-is, and the todo's are small incremental improvements that can be merged separately.

Sending a reply from the JI

1. log into the JI as dellsberg and reply to the new source

• confirm that you see de in the badge next to the reply

Changing username

1. log into the JI as journalist (an admin account) and change dellsberg's username to unknown and wait until next sync

• confirm that you see the badge initials next to the reply change from de to un

Sending a reply from the JI with a new username

1. log into the JI as unknown and reply to the source

• confirm that you see un in the badge next to the new reply

Changing name

1. while logged in as unknown, change first name to Pizza and last name to Cat and wait until next sync

• confirm that you see the badge initials next to all existing replies change from un to pc
• confirm that you see pc in the badge next to the new reply

Multiple journalists responding to the same source

1. log into the JI as journalist and reply to the source

• confirm that you see jo in a purple badge next to the reply
• confirm all replies from Pizza Cat remain pc

Deleting a journalist

Note: #1143 is a known issue

1. log into the JI as journalist and delete unknown's account

• confirm that you see a deleted account icon in the badge next to all replies from unknown

Sending a reply from the client: success

1. log into the client as alice

• confirm that you see jo in a blue badge now

2. send a reply to the source

• confirm that you see al in a purple badge next to the new reply

Sending a reply from the client: failed

1. close the client
2. in the securedrop-client root dir, run git clone https://gist.github.com/5ba70d50c12b6a6df6f98ed40ad09645.git
3. run git apply 5ba70d50c12b6a6df6f98ed40ad09645/failed-reply
4. log in as alice and send a reply to the source

• confirm that you see al in a red badge next to the new reply
• confirm that you see a red status bar

Sending a reply from the client: pending

1. close the client
2. in the securedrop-client root dir, run git clone https://gist.github.com/7f19a7d10334359f40dbdbb2354cd13a.git
3. stash your changes to uploads.py and run git apply 7f19a7d10334359f40dbdbb2354cd13a/pending-reply
4. log in as alice and send a reply to the source

• confirm that you see al in a purple badge next to the new reply
• confirm that you see a purple status bar
• confirm the background color of the reply widget and the color of the text are faded/ more transparent

Offline mode and switching accounts in the client

1. stash your changes and now log into the client as journalist

• confirm that journalist replies have purple badges

2. logout so that you're in offline mode

• confirm that all reply badges, including badges for journalist are now blue

3. click the login button and log in as alice

• confirm al badges are now purple

4. close the client and log in in offline mode

• confirm all badges are blue

5. click the login button and log in as journalist

• confirm all badges for journalist are purple

Multiple deleted accounts

Note: #1143 is a known issue

1. log into the JI as journalist and delete alice's account and wait until next sync

• confirm that you now see a deleted account icon in badges next to alice's replies that are not failed replies (see next step for what to expect with failed replies that are asscociated with a deleted account)

Failed replies associated with deleted account

• confirm from you see an al in a red badge next to failed replies: once the known issue described in #1143 (comment) is fixed we can start showing the deleted account icon in the red badge

Same authenticated journalist with new name across sources

1. reply to all sources with the same "journalist" account
2. now change the username from the admin interface in the JI and wait until next sync

• confirm that you see the new initials in all the relevant reply badges across all the sources

3. now change the first and/or last name from the admin interface in the JI and wait until next sync

• confirm that you see the new initials in all the relevant reply badges across all the sources

Failed-to-decrypt errors

1. start the client, and before logging in, delete the submission key:

• gpg --homedir ~/.securedrop_client/gpg --delete-secret-keys --yes 65A1B5FF195B56353CC63DFFCC40EF1228271441
• gpg --homedir ~/.securedrop_client/gpg --delete-keys --yes 65A1B5FF195B56353CC63DFFCC40EF1228271441

2. log in and send a reply

• confirm failed-to-send error with urgent coral badge

3. Send a reply from the JI

• confirm reply appears with a gray badge

4. Send a message from the JI

• confirm message appears with a gray badge

5. Delete account from the JI

• confirm failed-to-decrypt reply badge is now gray with the deleted account icon

6. log out

• confirm all failed-to-send and failed-to-decrypt status bars, badges, and other styling remain unchanged

7. restart the client

• confirm all failed-to-decrypt messages and replies are now decrypted with normal styling

[emkll]

Is there a reason we aren't adding db.ReplySendStatusCodes as part of this PR

[sssoleileraaa]

Yes, db.ReplySendStatusCodes only includes 'FAILED' and 'PENDING' statuses. I see other areas of the code that have to hardcode an implied 'SUCCEEDED' status, so I followed suit and made note of how we can improve this: we can add a success status to db.ReplySendStatusCodes and start tracking successful replies with a non-null status. This will require several unrelated updates so I left it out of this PR.

[sssoleileraaa]

Between Erik and myself, we'll add issues to address this TODO and the TODO here: https://github.com/freedomofpress/securedrop-client/pull/1142/files#diff-e9eabf3b8acf5ab72fd3a0881b7a8af395005334f8349fcc6965c385183e1b22R2956-R2957

[emkll]

Same as above

[emkll]

Curious as to why this was renamed, unless there's no other error that could occur with replies (other than failure to decrypt)

[sssoleileraaa]

there was a bug during implementation: error is also the name of the error message widget so when we checked to see if error was null, it always said, nope!

also there are a couple types of errors: decryption/download and failure to send.

[emkll]

Follow up is being tracked in #1156, and we will improve the journalist updating logic once the sdk is released with the changes in freedomofpress/securedrop-sdk#134.