From b585d720697d1ffab1502dcd7dbab0d1b28a54aa Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Fri, 15 Nov 2024 16:02:51 +0200
Subject: [PATCH] hicli/verify: add support for passphrase in addition to
 recovery key

---
 pkg/hicli/json-commands.go              | 2 +-
 pkg/hicli/login.go                      | 2 +-
 pkg/hicli/verify.go                     | 6 +++++-
 web/src/ui/login/VerificationScreen.tsx | 2 +-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/pkg/hicli/json-commands.go b/pkg/hicli/json-commands.go
index c141eda7..e05d256c 100644
--- a/pkg/hicli/json-commands.go
+++ b/pkg/hicli/json-commands.go
@@ -129,7 +129,7 @@ func (h *HiClient) handleJSONCommand(ctx context.Context, req *JSONCommand) (any
 		})
 	case "verify":
 		return unmarshalAndCall(req.Data, func(params *verifyParams) (bool, error) {
-			return true, h.VerifyWithRecoveryKey(ctx, params.RecoveryKey)
+			return true, h.Verify(ctx, params.RecoveryKey)
 		})
 	case "discover_homeserver":
 		return unmarshalAndCall(req.Data, func(params *discoverHomeserverParams) (*mautrix.ClientWellKnown, error) {
diff --git a/pkg/hicli/login.go b/pkg/hicli/login.go
index dd1e5fa5..ae45597a 100644
--- a/pkg/hicli/login.go
+++ b/pkg/hicli/login.go
@@ -80,7 +80,7 @@ func (h *HiClient) LoginAndVerify(ctx context.Context, homeserverURL, username,
 	if err != nil {
 		return err
 	}
-	err = h.VerifyWithRecoveryKey(ctx, recoveryKey)
+	err = h.Verify(ctx, recoveryKey)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/hicli/verify.go b/pkg/hicli/verify.go
index eea81dd7..1cfcada7 100644
--- a/pkg/hicli/verify.go
+++ b/pkg/hicli/verify.go
@@ -9,6 +9,7 @@ package hicli
 import (
 	"context"
 	"encoding/base64"
+	"errors"
 	"fmt"
 
 	"github.com/rs/zerolog"
@@ -125,13 +126,16 @@ func (h *HiClient) storeCrossSigningPrivateKeys(ctx context.Context) error {
 	return nil
 }
 
-func (h *HiClient) VerifyWithRecoveryKey(ctx context.Context, code string) error {
+func (h *HiClient) Verify(ctx context.Context, code string) error {
 	defer h.dispatchCurrentState()
 	keyID, keyData, err := h.Crypto.SSSS.GetDefaultKeyData(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to get default SSSS key data: %w", err)
 	}
 	key, err := keyData.VerifyRecoveryKey(keyID, code)
+	if errors.Is(err, ssss.ErrInvalidRecoveryKey) && keyData.Passphrase != nil {
+		key, err = keyData.VerifyPassphrase(keyID, code)
+	}
 	if err != nil {
 		return err
 	}
diff --git a/web/src/ui/login/VerificationScreen.tsx b/web/src/ui/login/VerificationScreen.tsx
index 1ad1b1ed..20900606 100644
--- a/web/src/ui/login/VerificationScreen.tsx
+++ b/web/src/ui/login/VerificationScreen.tsx
@@ -40,7 +40,7 @@ export const VerificationScreen = ({ client, clientState }: LoginScreenProps) =>
 				type="text"
 				autoComplete="off"
 				id="mxlogin-recoverykey"
-				placeholder="Recovery key"
+				placeholder="Recovery key or passphrase"
 				value={recoveryKey}
 				onChange={evt => setRecoveryKey(evt.target.value)}
 			/>