From 2461c03b0b832851ce82e9ca16ecdebe722bd68d Mon Sep 17 00:00:00 2001
From: Florian Duros <florian.duros@ormaz.fr>
Date: Thu, 24 Oct 2024 17:25:28 +0200
Subject: [PATCH 1/5] Remove "Upgrade your encryption" flow

---
 .../security/CreateSecretStorageDialog.tsx    | 121 +------
 src/i18n/strings/en_EN.json                   |   6 -
 test/test-utils/test-utils.ts                 |   5 +
 .../CreateSecretStorageDialog-test.tsx        | 203 +++--------
 .../CreateSecretStorageDialog-test.tsx.snap   | 328 ++++++------------
 5 files changed, 173 insertions(+), 490 deletions(-)

diff --git a/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx b/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
index 2278fb38060..e593a459b75 100644
--- a/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
+++ b/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
@@ -11,7 +11,7 @@ import React, { createRef } from "react";
 import FileSaver from "file-saver";
 import { logger } from "matrix-js-sdk/src/logger";
 import { AuthDict, CrossSigningKeys, MatrixError, UIAFlow, UIAResponse } from "matrix-js-sdk/src/matrix";
-import { CryptoEvent, BackupTrustInfo, GeneratedSecretStorageKey, KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
+import { BackupTrustInfo, GeneratedSecretStorageKey, KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
 import classNames from "classnames";
 import CheckmarkIcon from "@vector-im/compound-design-tokens/assets/web/icons/check";
 
@@ -25,7 +25,6 @@ import StyledRadioButton from "../../../../components/views/elements/StyledRadio
 import AccessibleButton from "../../../../components/views/elements/AccessibleButton";
 import DialogButtons from "../../../../components/views/elements/DialogButtons";
 import InlineSpinner from "../../../../components/views/elements/InlineSpinner";
-import RestoreKeyBackupDialog from "../../../../components/views/dialogs/security/RestoreKeyBackupDialog";
 import {
     getSecureBackupSetupMethods,
     isSecureBackupRequired,
@@ -45,7 +44,6 @@ enum Phase {
     Loading = "loading",
     LoadError = "load_error",
     ChooseKeyPassphrase = "choose_key_passphrase",
-    Migrate = "migrate",
     Passphrase = "passphrase",
     PassphraseConfirm = "passphrase_confirm",
     ShowKey = "show_key",
@@ -160,15 +158,9 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
             accountPassword,
         };
 
-        cli.on(CryptoEvent.KeyBackupStatus, this.onKeyBackupStatusChange);
-
         this.getInitialPhase();
     }
 
-    public componentWillUnmount(): void {
-        MatrixClientPeg.get()?.removeListener(CryptoEvent.KeyBackupStatus, this.onKeyBackupStatusChange);
-    }
-
     private getInitialPhase(): void {
         const keyFromCustomisations = ModuleRunner.instance.extensions.cryptoSetup.createSecretStorageKey();
         if (keyFromCustomisations) {
@@ -199,11 +191,8 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
                 // we may not have started crypto yet, in which case we definitely don't trust the backup
                 backupInfo ? await cli.getCrypto()?.isKeyBackupTrusted(backupInfo) : undefined;
 
-            const { forceReset } = this.props;
-            const phase = backupInfo && !forceReset ? Phase.Migrate : Phase.ChooseKeyPassphrase;
-
             this.setState({
-                phase,
+                phase: Phase.ChooseKeyPassphrase,
                 backupInfo,
                 backupTrustInfo,
             });
@@ -237,10 +226,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
         }
     }
 
-    private onKeyBackupStatusChange = (): void => {
-        if (this.state.phase === Phase.Migrate) this.fetchBackupInfo();
-    };
-
     private onKeyPassphraseChange = (e: React.ChangeEvent<HTMLInputElement>): void => {
         this.setState({
             passPhraseKeySelected: e.target.value,
@@ -265,15 +250,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
         }
     };
 
-    private onMigrateFormSubmit = (e: React.FormEvent): void => {
-        e.preventDefault();
-        if (this.state.backupTrustInfo?.trusted) {
-            this.bootstrapSecretStorage();
-        } else {
-            this.restoreBackup();
-        }
-    };
-
     private onCopyClick = (): void => {
         const successful = copyNode(this.recoveryKeyNode.current);
         if (successful) {
@@ -381,20 +357,7 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
                 phase: Phase.Stored,
             });
         } catch (e) {
-            if (
-                this.state.canUploadKeysWithPasswordOnly &&
-                e instanceof MatrixError &&
-                e.httpStatus === 401 &&
-                e.data.flows
-            ) {
-                this.setState({
-                    accountPassword: "",
-                    accountPasswordCorrect: false,
-                    phase: Phase.Migrate,
-                });
-            } else {
-                this.setState({ error: true });
-            }
+            this.setState({ error: true });
             logger.error("Error bootstrapping secret storage", e);
         }
     };
@@ -403,24 +366,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
         this.props.onFinished(false);
     };
 
-    private restoreBackup = async (): Promise<void> => {
-        const { finished } = Modal.createDialog(
-            RestoreKeyBackupDialog,
-            {
-                showSummary: false,
-            },
-            undefined,
-            /* priority = */ false,
-            /* static = */ false,
-        );
-
-        await finished;
-        const backupTrustInfo = await this.fetchBackupInfo();
-        if (backupTrustInfo?.trusted && this.state.canUploadKeysWithPasswordOnly && this.state.accountPassword) {
-            this.bootstrapSecretStorage();
-        }
-    };
-
     private onLoadRetryClick = (): void => {
         this.setState({ phase: Phase.Loading });
         this.fetchBackupInfo();
@@ -495,12 +440,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
         });
     };
 
-    private onAccountPasswordChange = (e: React.ChangeEvent<HTMLInputElement>): void => {
-        this.setState({
-            accountPassword: e.target.value,
-        });
-    };
-
     private renderOptionKey(): JSX.Element {
         return (
             <StyledRadioButton
@@ -565,55 +504,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
         );
     }
 
-    private renderPhaseMigrate(): JSX.Element {
-        let authPrompt;
-        let nextCaption = _t("action|next");
-        if (this.state.canUploadKeysWithPasswordOnly) {
-            authPrompt = (
-                <div>
-                    <div>{_t("settings|key_backup|setup_secure_backup|requires_password_confirmation")}</div>
-                    <div>
-                        <Field
-                            id="mx_CreateSecretStorageDialog_password"
-                            type="password"
-                            label={_t("common|password")}
-                            value={this.state.accountPassword}
-                            onChange={this.onAccountPasswordChange}
-                            forceValidity={this.state.accountPasswordCorrect === false ? false : undefined}
-                            autoFocus={true}
-                        />
-                    </div>
-                </div>
-            );
-        } else if (!this.state.backupTrustInfo?.trusted) {
-            authPrompt = (
-                <div>
-                    <div>{_t("settings|key_backup|setup_secure_backup|requires_key_restore")}</div>
-                </div>
-            );
-            nextCaption = _t("action|restore");
-        } else {
-            authPrompt = <p>{_t("settings|key_backup|setup_secure_backup|requires_server_authentication")}</p>;
-        }
-
-        return (
-            <form onSubmit={this.onMigrateFormSubmit}>
-                <p>{_t("settings|key_backup|setup_secure_backup|session_upgrade_description")}</p>
-                <div>{authPrompt}</div>
-                <DialogButtons
-                    primaryButton={nextCaption}
-                    onPrimaryButtonClick={this.onMigrateFormSubmit}
-                    hasCancel={false}
-                    primaryDisabled={!!this.state.canUploadKeysWithPasswordOnly && !this.state.accountPassword}
-                >
-                    <button type="button" className="danger" onClick={this.onCancelClick}>
-                        {_t("action|skip")}
-                    </button>
-                </DialogButtons>
-            </form>
-        );
-    }
-
     private renderPhasePassPhrase(): JSX.Element {
         return (
             <form onSubmit={this.onPassPhraseNextClick}>
@@ -829,8 +719,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
         switch (phase) {
             case Phase.ChooseKeyPassphrase:
                 return _t("encryption|set_up_toast_title");
-            case Phase.Migrate:
-                return _t("settings|key_backup|setup_secure_backup|title_upgrade_encryption");
             case Phase.Passphrase:
                 return _t("settings|key_backup|setup_secure_backup|title_set_phrase");
             case Phase.PassphraseConfirm:
@@ -889,9 +777,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
                 case Phase.ChooseKeyPassphrase:
                     content = this.renderPhaseChooseKeyPassphrase();
                     break;
-                case Phase.Migrate:
-                    content = this.renderPhaseMigrate();
-                    break;
                 case Phase.Passphrase:
                     content = this.renderPhasePassPhrase();
                     break;
diff --git a/src/i18n/strings/en_EN.json b/src/i18n/strings/en_EN.json
index 7ba141c784d..4704117340f 100644
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@@ -103,7 +103,6 @@
         "report_content": "Report Content",
         "resend": "Resend",
         "reset": "Reset",
-        "restore": "Restore",
         "resume": "Resume",
         "retry": "Retry",
         "review": "Review",
@@ -2588,18 +2587,13 @@
                 "pass_phrase_match_failed": "That doesn't match.",
                 "pass_phrase_match_success": "That matches!",
                 "phrase_strong_enough": "Great! This Security Phrase looks strong enough.",
-                "requires_key_restore": "Restore your key backup to upgrade your encryption",
-                "requires_password_confirmation": "Enter your account password to confirm the upgrade:",
-                "requires_server_authentication": "You'll need to authenticate with the server to confirm the upgrade.",
                 "secret_storage_query_failure": "Unable to query secret storage status",
                 "security_key_safety_reminder": "Store your Security Key somewhere safe, like a password manager or a safe, as it's used to safeguard your encrypted data.",
-                "session_upgrade_description": "Upgrade this session to allow it to verify other sessions, granting them access to encrypted messages and marking them as trusted for other users.",
                 "set_phrase_again": "Go back to set it again.",
                 "settings_reminder": "You can also set up Secure Backup & manage your keys in Settings.",
                 "title_confirm_phrase": "Confirm Security Phrase",
                 "title_save_key": "Save your Security Key",
                 "title_set_phrase": "Set a Security Phrase",
-                "title_upgrade_encryption": "Upgrade your encryption",
                 "unable_to_setup": "Unable to set up secret storage",
                 "use_different_passphrase": "Use a different passphrase?",
                 "use_phrase_only_you_know": "Use a secret phrase only you know, and optionally save a Security Key to use for backup."
diff --git a/test/test-utils/test-utils.ts b/test/test-utils/test-utils.ts
index c36b1f50549..0e608b14266 100644
--- a/test/test-utils/test-utils.ts
+++ b/test/test-utils/test-utils.ts
@@ -127,6 +127,10 @@ export function createTestClient(): MatrixClient {
             prepareToEncrypt: jest.fn(),
             bootstrapCrossSigning: jest.fn(),
             getActiveSessionBackupVersion: jest.fn().mockResolvedValue(null),
+            isKeyBackupTrusted: jest.fn().mockResolvedValue({}),
+            createRecoveryKeyFromPassphrase: jest.fn().mockResolvedValue({}),
+            bootstrapSecretStorage: jest.fn(),
+            isDehydrationSupported: jest.fn().mockResolvedValue(false),
         }),
 
         getPushActionsForEvent: jest.fn(),
@@ -270,6 +274,7 @@ export function createTestClient(): MatrixClient {
         getOrCreateFilter: jest.fn(),
         sendStickerMessage: jest.fn(),
         getLocalAliases: jest.fn().mockReturnValue([]),
+        uploadDeviceSigningKeys: jest.fn(),
     } as unknown as MatrixClient;
 
     client.reEmitter = new ReEmitter(client);
diff --git a/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx b/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
index 5d1bbb46029..34d26e119f7 100644
--- a/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
+++ b/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
@@ -10,42 +10,25 @@ import { render, RenderResult, screen } from "jest-matrix-react";
 import userEvent from "@testing-library/user-event";
 import React from "react";
 import { mocked, MockedObject } from "jest-mock";
-import { Crypto, MatrixClient, MatrixError } from "matrix-js-sdk/src/matrix";
-import { defer, IDeferred, sleep } from "matrix-js-sdk/src/utils";
-import { BackupTrustInfo, KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
-
-import {
-    filterConsole,
-    flushPromises,
-    getMockClientWithEventEmitter,
-    mockClientMethodsCrypto,
-    mockClientMethodsServer,
-} from "../../../../../test-utils";
+import { MatrixClient, MatrixError } from "matrix-js-sdk/src/matrix";
+import { sleep } from "matrix-js-sdk/src/utils";
+import { KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
+import { waitFor } from "@testing-library/dom";
+
+import { filterConsole, flushPromises, stubClient } from "../../../../../test-utils";
 import CreateSecretStorageDialog from "../../../../../../src/async-components/views/dialogs/security/CreateSecretStorageDialog";
-import Modal from "../../../../../../src/Modal";
-import RestoreKeyBackupDialog from "../../../../../../src/components/views/dialogs/security/RestoreKeyBackupDialog";
 
 describe("CreateSecretStorageDialog", () => {
     let mockClient: MockedObject<MatrixClient>;
-    let mockCrypto: MockedObject<Crypto.CryptoApi>;
 
     beforeEach(() => {
-        mockClient = getMockClientWithEventEmitter({
-            ...mockClientMethodsServer(),
-            ...mockClientMethodsCrypto(),
-            uploadDeviceSigningKeys: jest.fn().mockImplementation(async () => {
-                await sleep(0); // CreateSecretStorageDialog doesn't expect this to resolve immediately
-                throw new MatrixError({ flows: [] });
-            }),
-        });
-
-        mockCrypto = mocked(mockClient.getCrypto()!);
-        Object.assign(mockCrypto, {
-            isKeyBackupTrusted: jest.fn(),
-            isDehydrationSupported: jest.fn(() => false),
-            bootstrapCrossSigning: jest.fn(),
-            bootstrapSecretStorage: jest.fn(),
+        mockClient = mocked(stubClient());
+        mockClient.uploadDeviceSigningKeys.mockImplementation(async () => {
+            await sleep(0); // CreateSecretStorageDialog doesn't expect this to resolve immediately
+            throw new MatrixError({ flows: [] });
         });
+        // Mock the clipboard API
+        document.execCommand = jest.fn().mockReturnValue(true);
     });
 
     afterEach(() => {
@@ -66,114 +49,58 @@ describe("CreateSecretStorageDialog", () => {
         await flushPromises();
     });
 
-    describe("when there is an error fetching the backup version", () => {
-        filterConsole("Error fetching backup data from server");
-
-        it("shows an error", async () => {
-            mockClient.getKeyBackupVersion.mockImplementation(async () => {
-                throw new Error("bleh bleh");
-            });
-
-            const result = renderComponent();
-            // XXX the error message is... misleading.
-            await result.findByText("Unable to query secret storage status");
-            expect(result.container).toMatchSnapshot();
-        });
-    });
-
-    it("shows 'Generate a Security Key' text if no key backup is present", async () => {
+    it("show the standard path", async () => {
         const result = renderComponent();
-        await flushPromises();
+        await result.findByText(
+            "Safeguard against losing access to encrypted messages & data by backing up encryption keys on your server.",
+        );
+        expect(result.container).toMatchSnapshot();
+        await userEvent.click(result.getByRole("button", { name: "Continue" }));
+
+        await screen.findByText("Save your Security Key");
         expect(result.container).toMatchSnapshot();
-        result.getByText("Generate a Security Key");
+        // Copy the key to enable the continue button
+        await userEvent.click(screen.getByRole("button", { name: "Copy" }));
+        expect(result.queryByText("Copied!")).not.toBeNull();
+        await userEvent.click(screen.getByRole("button", { name: "Continue" }));
+
+        await screen.findByText("Your keys are now being backed up from this device.");
     });
 
-    describe("when canUploadKeysWithPasswordOnly", () => {
-        // spy on Modal.createDialog
-        let modalSpy: jest.SpyInstance;
+    it("when there is an error when bootstraping the secret storage, it shows an error", async () => {
+        jest.spyOn(mockClient.getCrypto()!, "bootstrapSecretStorage").mockRejectedValue(new Error("error"));
 
-        // deferred which should be resolved to indicate that the created dialog has completed
-        let restoreDialogFinishedDefer: IDeferred<[done?: boolean]>;
+        renderComponent();
+        await screen.findByText(
+            "Safeguard against losing access to encrypted messages & data by backing up encryption keys on your server.",
+        );
+        await userEvent.click(screen.getByRole("button", { name: "Continue" }));
+        await screen.findByText("Save your Security Key");
+        await userEvent.click(screen.getByRole("button", { name: "Copy" }));
+        await userEvent.click(screen.getByRole("button", { name: "Continue" }));
 
-        beforeEach(() => {
-            mockClient.getKeyBackupVersion.mockResolvedValue({} as KeyBackupInfo);
-            mockClient.uploadDeviceSigningKeys.mockImplementation(async () => {
-                await sleep(0);
-                throw new MatrixError({
-                    flows: [{ stages: ["m.login.password"] }],
-                });
-            });
+        await screen.findByText("Unable to set up secret storage");
+    });
 
-            restoreDialogFinishedDefer = defer<[done?: boolean]>();
-            modalSpy = jest.spyOn(Modal, "createDialog").mockReturnValue({
-                finished: restoreDialogFinishedDefer.promise,
-                close: jest.fn(),
-            });
-        });
+    it("when there is an error fetching the backup version handles the error sensibly", async () => {
+        mockClient.getKeyBackupVersion.mockRejectedValue(new Error("error"));
+        renderComponent();
 
-        it("prompts for a password and then shows RestoreKeyBackupDialog", async () => {
-            const result = renderComponent();
-            await result.findByText(/Enter your account password to confirm the upgrade/);
-            expect(result.container).toMatchSnapshot();
+        await waitFor(() => expect(screen.queryByText("Unable to query secret storage status")).not.toBeNull());
+    });
 
-            await userEvent.type(result.getByPlaceholderText("Password"), "my pass");
-            result.getByRole("button", { name: "Next" }).click();
-
-            expect(modalSpy).toHaveBeenCalledWith(
-                RestoreKeyBackupDialog,
-                {
-                    showSummary: false,
-                },
-                undefined,
-                false,
-                false,
-            );
+    describe("when there is an error fetching the backup version", () => {
+        filterConsole("Error fetching backup data from server");
 
-            restoreDialogFinishedDefer.resolve([]);
-        });
+        it("shows an error", async () => {
+            mockClient.getKeyBackupVersion.mockImplementation(async () => {
+                throw new Error("bleh bleh");
+            });
 
-        it("calls bootstrapSecretStorage once keys are restored if the backup is now trusted", async () => {
             const result = renderComponent();
-            await result.findByText(/Enter your account password to confirm the upgrade/);
+            // XXX the error message is... misleading.
+            await screen.findByText("Unable to query secret storage status");
             expect(result.container).toMatchSnapshot();
-
-            await userEvent.type(result.getByPlaceholderText("Password"), "my pass");
-            result.getByRole("button", { name: "Next" }).click();
-
-            expect(modalSpy).toHaveBeenCalled();
-
-            // While we restore the key backup, its signature becomes accepted
-            mockCrypto.isKeyBackupTrusted.mockResolvedValue({ trusted: true } as BackupTrustInfo);
-
-            restoreDialogFinishedDefer.resolve([]);
-            await flushPromises();
-
-            // XXX no idea why this is a sensible thing to do. I just work here.
-            expect(mockCrypto.bootstrapCrossSigning).toHaveBeenCalled();
-            expect(mockCrypto.bootstrapSecretStorage).toHaveBeenCalled();
-
-            await result.findByText("Your keys are now being backed up from this device.");
-        });
-
-        describe("when there is an error fetching the backup version after RestoreKeyBackupDialog", () => {
-            filterConsole("Error fetching backup data from server");
-
-            it("handles the error sensibly", async () => {
-                const result = renderComponent();
-                await result.findByText(/Enter your account password to confirm the upgrade/);
-                expect(result.container).toMatchSnapshot();
-
-                await userEvent.type(result.getByPlaceholderText("Password"), "my pass");
-                result.getByRole("button", { name: "Next" }).click();
-
-                expect(modalSpy).toHaveBeenCalled();
-
-                mockClient.getKeyBackupVersion.mockImplementation(async () => {
-                    throw new Error("bleh bleh");
-                });
-                restoreDialogFinishedDefer.resolve([]);
-                await result.findByText("Unable to query secret storage status");
-            });
         });
     });
 
@@ -182,32 +109,12 @@ describe("CreateSecretStorageDialog", () => {
             mockClient.getKeyBackupVersion.mockResolvedValue({} as KeyBackupInfo);
         });
 
-        it("shows migrate text, then 'RestoreKeyBackupDialog' if 'Restore' is clicked", async () => {
+        it("shows key passphrase change", async () => {
             const result = renderComponent();
-            await result.findByText("Restore your key backup to upgrade your encryption");
-            expect(result.container).toMatchSnapshot();
-
-            // before we click "Restore", set up a spy on createDialog
-            const restoreDialogFinishedDefer = defer<[done?: boolean]>();
-            const modalSpy = jest.spyOn(Modal, "createDialog").mockReturnValue({
-                finished: restoreDialogFinishedDefer.promise,
-                close: jest.fn(),
-            });
-
-            result.getByRole("button", { name: "Restore" }).click();
-
-            expect(modalSpy).toHaveBeenCalledWith(
-                RestoreKeyBackupDialog,
-                {
-                    showSummary: false,
-                },
-                undefined,
-                false,
-                false,
+            await screen.findByText(
+                "Safeguard against losing access to encrypted messages & data by backing up encryption keys on your server.",
             );
-
-            // simulate RestoreKeyBackupDialog completing, to run that code path
-            restoreDialogFinishedDefer.resolve([]);
+            expect(result.container).toMatchSnapshot();
         });
     });
 });
diff --git a/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap b/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
index 3ba1018ae11..5ea6a4ffa12 100644
--- a/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
+++ b/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
@@ -1,6 +1,6 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`CreateSecretStorageDialog shows 'Generate a Security Key' text if no key backup is present 1`] = `
+exports[`CreateSecretStorageDialog show the standard path 1`] = `
 <div>
   <div
     data-focus-guard="true"
@@ -128,47 +128,7 @@ exports[`CreateSecretStorageDialog shows 'Generate a Security Key' text if no ke
 </div>
 `;
 
-exports[`CreateSecretStorageDialog shows a loading spinner initially 1`] = `
-<div>
-  <div
-    data-focus-guard="true"
-    style="width: 1px; height: 0px; padding: 0px; overflow: hidden; position: fixed; top: 1px; left: 1px;"
-    tabindex="0"
-  />
-  <div
-    aria-labelledby="mx_BaseDialog_title"
-    class="mx_CreateSecretStorageDialog"
-    data-focus-lock-disabled="false"
-    role="dialog"
-  >
-    <div
-      class="mx_Dialog_header"
-    />
-    <div>
-      <div>
-        <div
-          class="mx_Spinner"
-        >
-          <div
-            aria-label="Loading…"
-            class="mx_Spinner_icon"
-            data-testid="spinner"
-            role="progressbar"
-            style="width: 32px; height: 32px;"
-          />
-        </div>
-      </div>
-    </div>
-  </div>
-  <div
-    data-focus-guard="true"
-    style="width: 1px; height: 0px; padding: 0px; overflow: hidden; position: fixed; top: 1px; left: 1px;"
-    tabindex="0"
-  />
-</div>
-`;
-
-exports[`CreateSecretStorageDialog when backup is present but not trusted shows migrate text, then 'RestoreKeyBackupDialog' if 'Restore' is clicked 1`] = `
+exports[`CreateSecretStorageDialog show the standard path 2`] = `
 <div>
   <div
     data-focus-guard="true"
@@ -185,105 +145,47 @@ exports[`CreateSecretStorageDialog when backup is present but not trusted shows
       class="mx_Dialog_header"
     >
       <h1
-        class="mx_Heading_h3 mx_Dialog_title"
+        class="mx_Heading_h3 mx_Dialog_title mx_CreateSecretStorageDialog_titleWithIcon mx_CreateSecretStorageDialog_secureBackupTitle"
         id="mx_BaseDialog_title"
       >
-        Upgrade your encryption
+        Save your Security Key
       </h1>
     </div>
     <div>
-      <form>
+      <div>
         <p>
-          Upgrade this session to allow it to verify other sessions, granting them access to encrypted messages and marking them as trusted for other users.
+          Store your Security Key somewhere safe, like a password manager or a safe, as it's used to safeguard your encrypted data.
         </p>
-        <div>
-          <div>
-            <div>
-              Restore your key backup to upgrade your encryption
-            </div>
-          </div>
-        </div>
         <div
-          class="mx_Dialog_buttons"
+          class="mx_CreateSecretStorageDialog_primaryContainer mx_CreateSecretStorageDialog_recoveryKeyPrimarycontainer"
         >
-          <span
-            class="mx_Dialog_buttons_row"
+          <div
+            class="mx_CreateSecretStorageDialog_recoveryKeyContainer"
           >
-            <button
-              class="danger"
-              type="button"
-            >
-              Skip
-            </button>
-            <button
-              class="mx_Dialog_primary"
-              data-testid="dialog-primary-button"
-              type="button"
+            <div
+              class="mx_CreateSecretStorageDialog_recoveryKey"
             >
-              Restore
-            </button>
-          </span>
-        </div>
-      </form>
-    </div>
-  </div>
-  <div
-    data-focus-guard="true"
-    style="width: 1px; height: 0px; padding: 0px; overflow: hidden; position: fixed; top: 1px; left: 1px;"
-    tabindex="0"
-  />
-</div>
-`;
-
-exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly calls bootstrapSecretStorage once keys are restored if the backup is now trusted 1`] = `
-<div>
-  <div
-    data-focus-guard="true"
-    style="width: 1px; height: 0px; padding: 0px; overflow: hidden; position: fixed; top: 1px; left: 1px;"
-    tabindex="0"
-  />
-  <div
-    aria-labelledby="mx_BaseDialog_title"
-    class="mx_CreateSecretStorageDialog"
-    data-focus-lock-disabled="false"
-    role="dialog"
-  >
-    <div
-      class="mx_Dialog_header"
-    >
-      <h1
-        class="mx_Heading_h3 mx_Dialog_title"
-        id="mx_BaseDialog_title"
-      >
-        Upgrade your encryption
-      </h1>
-    </div>
-    <div>
-      <form>
-        <p>
-          Upgrade this session to allow it to verify other sessions, granting them access to encrypted messages and marking them as trusted for other users.
-        </p>
-        <div>
-          <div>
-            <div>
-              Enter your account password to confirm the upgrade:
+              <code />
             </div>
-            <div>
+            <div
+              class="mx_CreateSecretStorageDialog_recoveryKeyButtons"
+            >
               <div
-                class="mx_Field mx_Field_input"
+                class="mx_AccessibleButton mx_Dialog_primary mx_AccessibleButton_hasKind mx_AccessibleButton_kind_primary"
+                role="button"
+                tabindex="0"
               >
-                <input
-                  id="mx_CreateSecretStorageDialog_password"
-                  label="Password"
-                  placeholder="Password"
-                  type="password"
-                  value=""
-                />
-                <label
-                  for="mx_CreateSecretStorageDialog_password"
-                >
-                  Password
-                </label>
+                Download
+              </div>
+              <span>
+                 or 
+              </span>
+              <div
+                class="mx_AccessibleButton mx_Dialog_primary mx_CreateSecretStorageDialog_recoveryKeyButtons_copyBtn mx_AccessibleButton_hasKind mx_AccessibleButton_kind_primary"
+                role="button"
+                tabindex="0"
+              >
+                Copy
               </div>
             </div>
           </div>
@@ -294,23 +196,17 @@ exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly calls boot
           <span
             class="mx_Dialog_buttons_row"
           >
-            <button
-              class="danger"
-              type="button"
-            >
-              Skip
-            </button>
             <button
               class="mx_Dialog_primary"
               data-testid="dialog-primary-button"
               disabled=""
               type="button"
             >
-              Next
+              Continue
             </button>
           </span>
         </div>
-      </form>
+      </div>
     </div>
   </div>
   <div
@@ -321,7 +217,7 @@ exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly calls boot
 </div>
 `;
 
-exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly prompts for a password and then shows RestoreKeyBackupDialog 1`] = `
+exports[`CreateSecretStorageDialog shows a loading spinner initially 1`] = `
 <div>
   <div
     data-focus-guard="true"
@@ -336,67 +232,21 @@ exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly prompts fo
   >
     <div
       class="mx_Dialog_header"
-    >
-      <h1
-        class="mx_Heading_h3 mx_Dialog_title"
-        id="mx_BaseDialog_title"
-      >
-        Upgrade your encryption
-      </h1>
-    </div>
+    />
     <div>
-      <form>
-        <p>
-          Upgrade this session to allow it to verify other sessions, granting them access to encrypted messages and marking them as trusted for other users.
-        </p>
-        <div>
-          <div>
-            <div>
-              Enter your account password to confirm the upgrade:
-            </div>
-            <div>
-              <div
-                class="mx_Field mx_Field_input"
-              >
-                <input
-                  id="mx_CreateSecretStorageDialog_password"
-                  label="Password"
-                  placeholder="Password"
-                  type="password"
-                  value=""
-                />
-                <label
-                  for="mx_CreateSecretStorageDialog_password"
-                >
-                  Password
-                </label>
-              </div>
-            </div>
-          </div>
-        </div>
+      <div>
         <div
-          class="mx_Dialog_buttons"
+          class="mx_Spinner"
         >
-          <span
-            class="mx_Dialog_buttons_row"
-          >
-            <button
-              class="danger"
-              type="button"
-            >
-              Skip
-            </button>
-            <button
-              class="mx_Dialog_primary"
-              data-testid="dialog-primary-button"
-              disabled=""
-              type="button"
-            >
-              Next
-            </button>
-          </span>
+          <div
+            aria-label="Loading…"
+            class="mx_Spinner_icon"
+            data-testid="spinner"
+            role="progressbar"
+            style="width: 32px; height: 32px;"
+          />
         </div>
-      </form>
+      </div>
     </div>
   </div>
   <div
@@ -407,7 +257,7 @@ exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly prompts fo
 </div>
 `;
 
-exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly when there is an error fetching the backup version after RestoreKeyBackupDialog handles the error sensibly 1`] = `
+exports[`CreateSecretStorageDialog when backup is present but not trusted shows key passphrase change 1`] = `
 <div>
   <div
     data-focus-guard="true"
@@ -424,41 +274,84 @@ exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly when there
       class="mx_Dialog_header"
     >
       <h1
-        class="mx_Heading_h3 mx_Dialog_title"
+        class="mx_Heading_h3 mx_Dialog_title mx_CreateSecretStorageDialog_centeredTitle"
         id="mx_BaseDialog_title"
       >
-        Upgrade your encryption
+        Set up Secure Backup
       </h1>
     </div>
     <div>
       <form>
-        <p>
-          Upgrade this session to allow it to verify other sessions, granting them access to encrypted messages and marking them as trusted for other users.
+        <p
+          class="mx_CreateSecretStorageDialog_centeredBody"
+        >
+          Safeguard against losing access to encrypted messages & data by backing up encryption keys on your server.
         </p>
-        <div>
-          <div>
+        <div
+          class="mx_CreateSecretStorageDialog_primaryContainer"
+          role="radiogroup"
+        >
+          <label
+            class="mx_StyledRadioButton mx_StyledRadioButton_enabled mx_StyledRadioButton_checked mx_StyledRadioButton_outlined"
+          >
+            <input
+              checked=""
+              name="keyPassphrase"
+              type="radio"
+              value="key"
+            />
             <div>
-              Enter your account password to confirm the upgrade:
+              <div />
             </div>
+            <div
+              class="mx_StyledRadioButton_content"
+            >
+              <div
+                class="mx_CreateSecretStorageDialog_optionTitle"
+              >
+                <span
+                  class="mx_CreateSecretStorageDialog_optionIcon mx_CreateSecretStorageDialog_optionIcon_secureBackup"
+                />
+                Generate a Security Key
+              </div>
+              <div>
+                We'll generate a Security Key for you to store somewhere safe, like a password manager or a safe.
+              </div>
+            </div>
+            <div
+              class="mx_StyledRadioButton_spacer"
+            />
+          </label>
+          <label
+            class="mx_StyledRadioButton mx_StyledRadioButton_enabled mx_StyledRadioButton_outlined"
+          >
+            <input
+              name="keyPassphrase"
+              type="radio"
+              value="passphrase"
+            />
             <div>
+              <div />
+            </div>
+            <div
+              class="mx_StyledRadioButton_content"
+            >
               <div
-                class="mx_Field mx_Field_input"
+                class="mx_CreateSecretStorageDialog_optionTitle"
               >
-                <input
-                  id="mx_CreateSecretStorageDialog_password"
-                  label="Password"
-                  placeholder="Password"
-                  type="password"
-                  value=""
+                <span
+                  class="mx_CreateSecretStorageDialog_optionIcon mx_CreateSecretStorageDialog_optionIcon_securePhrase"
                 />
-                <label
-                  for="mx_CreateSecretStorageDialog_password"
-                >
-                  Password
-                </label>
+                Enter a Security Phrase
+              </div>
+              <div>
+                Use a secret phrase only you know, and optionally save a Security Key to use for backup.
               </div>
             </div>
-          </div>
+            <div
+              class="mx_StyledRadioButton_spacer"
+            />
+          </label>
         </div>
         <div
           class="mx_Dialog_buttons"
@@ -467,18 +360,17 @@ exports[`CreateSecretStorageDialog when canUploadKeysWithPasswordOnly when there
             class="mx_Dialog_buttons_row"
           >
             <button
-              class="danger"
+              data-testid="dialog-cancel-button"
               type="button"
             >
-              Skip
+              Cancel
             </button>
             <button
               class="mx_Dialog_primary"
               data-testid="dialog-primary-button"
-              disabled=""
               type="button"
             >
-              Next
+              Continue
             </button>
           </span>
         </div>

From 5bdc16174ce283a78273b12f5e33f83e81752759 Mon Sep 17 00:00:00 2001
From: Florian Duros <florian.duros@ormaz.fr>
Date: Fri, 25 Oct 2024 14:47:57 +0200
Subject: [PATCH 2/5] Rename and remove tests

---
 .../CreateSecretStorageDialog-test.tsx        |  17 +--
 .../CreateSecretStorageDialog-test.tsx.snap   | 132 +-----------------
 2 files changed, 3 insertions(+), 146 deletions(-)

diff --git a/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx b/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
index 34d26e119f7..c652fc1dfef 100644
--- a/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
+++ b/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
@@ -12,7 +12,6 @@ import React from "react";
 import { mocked, MockedObject } from "jest-mock";
 import { MatrixClient, MatrixError } from "matrix-js-sdk/src/matrix";
 import { sleep } from "matrix-js-sdk/src/utils";
-import { KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
 import { waitFor } from "@testing-library/dom";
 
 import { filterConsole, flushPromises, stubClient } from "../../../../../test-utils";
@@ -49,7 +48,7 @@ describe("CreateSecretStorageDialog", () => {
         await flushPromises();
     });
 
-    it("show the standard path", async () => {
+    it("handles the happy path", async () => {
         const result = renderComponent();
         await result.findByText(
             "Safeguard against losing access to encrypted messages & data by backing up encryption keys on your server.",
@@ -103,18 +102,4 @@ describe("CreateSecretStorageDialog", () => {
             expect(result.container).toMatchSnapshot();
         });
     });
-
-    describe("when backup is present but not trusted", () => {
-        beforeEach(() => {
-            mockClient.getKeyBackupVersion.mockResolvedValue({} as KeyBackupInfo);
-        });
-
-        it("shows key passphrase change", async () => {
-            const result = renderComponent();
-            await screen.findByText(
-                "Safeguard against losing access to encrypted messages & data by backing up encryption keys on your server.",
-            );
-            expect(result.container).toMatchSnapshot();
-        });
-    });
 });
diff --git a/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap b/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
index 5ea6a4ffa12..7c0ce6ecae3 100644
--- a/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
+++ b/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
@@ -1,6 +1,6 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`CreateSecretStorageDialog show the standard path 1`] = `
+exports[`CreateSecretStorageDialog handles the happy path 1`] = `
 <div>
   <div
     data-focus-guard="true"
@@ -128,7 +128,7 @@ exports[`CreateSecretStorageDialog show the standard path 1`] = `
 </div>
 `;
 
-exports[`CreateSecretStorageDialog show the standard path 2`] = `
+exports[`CreateSecretStorageDialog handles the happy path 2`] = `
 <div>
   <div
     data-focus-guard="true"
@@ -257,134 +257,6 @@ exports[`CreateSecretStorageDialog shows a loading spinner initially 1`] = `
 </div>
 `;
 
-exports[`CreateSecretStorageDialog when backup is present but not trusted shows key passphrase change 1`] = `
-<div>
-  <div
-    data-focus-guard="true"
-    style="width: 1px; height: 0px; padding: 0px; overflow: hidden; position: fixed; top: 1px; left: 1px;"
-    tabindex="0"
-  />
-  <div
-    aria-labelledby="mx_BaseDialog_title"
-    class="mx_CreateSecretStorageDialog"
-    data-focus-lock-disabled="false"
-    role="dialog"
-  >
-    <div
-      class="mx_Dialog_header"
-    >
-      <h1
-        class="mx_Heading_h3 mx_Dialog_title mx_CreateSecretStorageDialog_centeredTitle"
-        id="mx_BaseDialog_title"
-      >
-        Set up Secure Backup
-      </h1>
-    </div>
-    <div>
-      <form>
-        <p
-          class="mx_CreateSecretStorageDialog_centeredBody"
-        >
-          Safeguard against losing access to encrypted messages & data by backing up encryption keys on your server.
-        </p>
-        <div
-          class="mx_CreateSecretStorageDialog_primaryContainer"
-          role="radiogroup"
-        >
-          <label
-            class="mx_StyledRadioButton mx_StyledRadioButton_enabled mx_StyledRadioButton_checked mx_StyledRadioButton_outlined"
-          >
-            <input
-              checked=""
-              name="keyPassphrase"
-              type="radio"
-              value="key"
-            />
-            <div>
-              <div />
-            </div>
-            <div
-              class="mx_StyledRadioButton_content"
-            >
-              <div
-                class="mx_CreateSecretStorageDialog_optionTitle"
-              >
-                <span
-                  class="mx_CreateSecretStorageDialog_optionIcon mx_CreateSecretStorageDialog_optionIcon_secureBackup"
-                />
-                Generate a Security Key
-              </div>
-              <div>
-                We'll generate a Security Key for you to store somewhere safe, like a password manager or a safe.
-              </div>
-            </div>
-            <div
-              class="mx_StyledRadioButton_spacer"
-            />
-          </label>
-          <label
-            class="mx_StyledRadioButton mx_StyledRadioButton_enabled mx_StyledRadioButton_outlined"
-          >
-            <input
-              name="keyPassphrase"
-              type="radio"
-              value="passphrase"
-            />
-            <div>
-              <div />
-            </div>
-            <div
-              class="mx_StyledRadioButton_content"
-            >
-              <div
-                class="mx_CreateSecretStorageDialog_optionTitle"
-              >
-                <span
-                  class="mx_CreateSecretStorageDialog_optionIcon mx_CreateSecretStorageDialog_optionIcon_securePhrase"
-                />
-                Enter a Security Phrase
-              </div>
-              <div>
-                Use a secret phrase only you know, and optionally save a Security Key to use for backup.
-              </div>
-            </div>
-            <div
-              class="mx_StyledRadioButton_spacer"
-            />
-          </label>
-        </div>
-        <div
-          class="mx_Dialog_buttons"
-        >
-          <span
-            class="mx_Dialog_buttons_row"
-          >
-            <button
-              data-testid="dialog-cancel-button"
-              type="button"
-            >
-              Cancel
-            </button>
-            <button
-              class="mx_Dialog_primary"
-              data-testid="dialog-primary-button"
-              type="button"
-            >
-              Continue
-            </button>
-          </span>
-        </div>
-      </form>
-    </div>
-  </div>
-  <div
-    data-focus-guard="true"
-    style="width: 1px; height: 0px; padding: 0px; overflow: hidden; position: fixed; top: 1px; left: 1px;"
-    tabindex="0"
-  />
-</div>
-`;
-
 exports[`CreateSecretStorageDialog when there is an error fetching the backup version shows an error 1`] = `
 <div>
   <div

From 63a2ef1a8e99921e83761663ee280f8ae1d1fbe7 Mon Sep 17 00:00:00 2001
From: Florian Duros <florian.duros@ormaz.fr>
Date: Fri, 25 Oct 2024 15:21:02 +0200
Subject: [PATCH 3/5] Remove `BackupTrustInfo`

---
 .../security/CreateSecretStorageDialog.tsx    | 27 +++----------------
 1 file changed, 3 insertions(+), 24 deletions(-)

diff --git a/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx b/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
index e593a459b75..7c6e2a10e1f 100644
--- a/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
+++ b/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
@@ -11,7 +11,7 @@ import React, { createRef } from "react";
 import FileSaver from "file-saver";
 import { logger } from "matrix-js-sdk/src/logger";
 import { AuthDict, CrossSigningKeys, MatrixError, UIAFlow, UIAResponse } from "matrix-js-sdk/src/matrix";
-import { BackupTrustInfo, GeneratedSecretStorageKey, KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
+import { GeneratedSecretStorageKey, KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
 import classNames from "classnames";
 import CheckmarkIcon from "@vector-im/compound-design-tokens/assets/web/icons/check";
 
@@ -80,14 +80,6 @@ interface IState {
      */
     backupInfo: KeyBackupInfo | null;
 
-    /**
-     * Information on whether the backup in `backupInfo` is correctly signed, and whether we have the right key to
-     * decrypt it.
-     *
-     * `undefined` if `backupInfo` is null, or if crypto is not enabled in the client.
-     */
-    backupTrustInfo: BackupTrustInfo | undefined;
-
     // does the server offer a UI auth flow with just m.login.password
     // for /keys/device_signing/upload?
     canUploadKeysWithPasswordOnly: boolean | null;
@@ -148,7 +140,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
             downloaded: false,
             setPassphrase: false,
             backupInfo: null,
-            backupTrustInfo: undefined,
             // does the server offer a UI auth flow with just m.login.password
             // for /keys/device_signing/upload?
             accountPasswordCorrect: null,
@@ -178,30 +169,19 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
     /**
      * Attempt to get information on the current backup from the server, and update the state.
      *
-     * Updates {@link IState.backupInfo} and {@link IState.backupTrustInfo}, and picks an appropriate phase for
-     * {@link IState.phase}.
-     *
-     * @returns If the backup data was retrieved successfully, the trust info for the backup. Otherwise, undefined.
+     * Updates {@link IState.backupInfo} and set the phase to {@link Phase.ChooseKeyPassphrase} if successful.
      */
-    private async fetchBackupInfo(): Promise<BackupTrustInfo | undefined> {
+    private async fetchBackupInfo(): Promise<void> {
         try {
             const cli = MatrixClientPeg.safeGet();
             const backupInfo = await cli.getKeyBackupVersion();
-            const backupTrustInfo =
-                // we may not have started crypto yet, in which case we definitely don't trust the backup
-                backupInfo ? await cli.getCrypto()?.isKeyBackupTrusted(backupInfo) : undefined;
-
             this.setState({
                 phase: Phase.ChooseKeyPassphrase,
                 backupInfo,
-                backupTrustInfo,
             });
-
-            return backupTrustInfo;
         } catch (e) {
             console.error("Error fetching backup data from server", e);
             this.setState({ phase: Phase.LoadError });
-            return undefined;
         }
     }
 
@@ -347,7 +327,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
                 });
                 await crypto.bootstrapSecretStorage({
                     createSecretStorageKey: async () => this.recoveryKey!,
-                    keyBackupInfo: this.state.backupInfo!,
                     setupNewKeyBackup: !this.state.backupInfo,
                 });
             }

From e0fd3dabf97a916b7e7862100c2a370280d6e6a9 Mon Sep 17 00:00:00 2001
From: Florian Duros <florian.duros@ormaz.fr>
Date: Tue, 29 Oct 2024 16:14:28 +0100
Subject: [PATCH 4/5] Get keybackup when bootstraping the secret storage.

---
 .../security/CreateSecretStorageDialog.tsx    | 84 +++++++------------
 .../CreateSecretStorageDialog-test.tsx        | 27 +++---
 .../CreateSecretStorageDialog-test.tsx.snap   | 40 ---------
 3 files changed, 42 insertions(+), 109 deletions(-)

diff --git a/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx b/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
index 7c6e2a10e1f..c9414b28b5d 100644
--- a/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
+++ b/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
@@ -11,7 +11,7 @@ import React, { createRef } from "react";
 import FileSaver from "file-saver";
 import { logger } from "matrix-js-sdk/src/logger";
 import { AuthDict, CrossSigningKeys, MatrixError, UIAFlow, UIAResponse } from "matrix-js-sdk/src/matrix";
-import { GeneratedSecretStorageKey, KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
+import { GeneratedSecretStorageKey } from "matrix-js-sdk/src/crypto-api";
 import classNames from "classnames";
 import CheckmarkIcon from "@vector-im/compound-design-tokens/assets/web/icons/check";
 
@@ -70,16 +70,6 @@ interface IState {
     downloaded: boolean;
     setPassphrase: boolean;
 
-    /** Information on the current key backup version, as returned by the server.
-     *
-     * `null` could mean any of:
-     *    * we haven't yet requested the data from the server.
-     *    * we were unable to reach the server.
-     *    * the server returned key backup version data we didn't understand or was malformed.
-     *    * there is actually no backup on the server.
-     */
-    backupInfo: KeyBackupInfo | null;
-
     // does the server offer a UI auth flow with just m.login.password
     // for /keys/device_signing/upload?
     canUploadKeysWithPasswordOnly: boolean | null;
@@ -131,15 +121,17 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
             this.queryKeyUploadAuth();
         }
 
+        const keyFromCustomisations = ModuleRunner.instance.extensions.cryptoSetup.createSecretStorageKey();
+        const phase = keyFromCustomisations ? Phase.Loading : Phase.ChooseKeyPassphrase;
+
         this.state = {
-            phase: Phase.Loading,
+            phase,
             passPhrase: "",
             passPhraseValid: false,
             passPhraseConfirm: "",
             copied: false,
             downloaded: false,
             setPassphrase: false,
-            backupInfo: null,
             // does the server offer a UI auth flow with just m.login.password
             // for /keys/device_signing/upload?
             accountPasswordCorrect: null,
@@ -149,40 +141,15 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
             accountPassword,
         };
 
-        this.getInitialPhase();
-    }
-
-    private getInitialPhase(): void {
-        const keyFromCustomisations = ModuleRunner.instance.extensions.cryptoSetup.createSecretStorageKey();
-        if (keyFromCustomisations) {
-            logger.log("CryptoSetupExtension: Created key via extension, jumping to bootstrap step");
-            this.recoveryKey = {
-                privateKey: keyFromCustomisations,
-            };
-            this.bootstrapSecretStorage();
-            return;
-        }
-
-        this.fetchBackupInfo();
+        if (keyFromCustomisations) this.initExtension(keyFromCustomisations);
     }
 
-    /**
-     * Attempt to get information on the current backup from the server, and update the state.
-     *
-     * Updates {@link IState.backupInfo} and set the phase to {@link Phase.ChooseKeyPassphrase} if successful.
-     */
-    private async fetchBackupInfo(): Promise<void> {
-        try {
-            const cli = MatrixClientPeg.safeGet();
-            const backupInfo = await cli.getKeyBackupVersion();
-            this.setState({
-                phase: Phase.ChooseKeyPassphrase,
-                backupInfo,
-            });
-        } catch (e) {
-            console.error("Error fetching backup data from server", e);
-            this.setState({ phase: Phase.LoadError });
-        }
+    private initExtension(keyFromCustomisations: Uint8Array): void {
+        logger.log("CryptoSetupExtension: Created key via extension, jumping to bootstrap step");
+        this.recoveryKey = {
+            privateKey: keyFromCustomisations,
+        };
+        this.bootstrapSecretStorage();
     }
 
     private async queryKeyUploadAuth(): Promise<void> {
@@ -296,16 +263,28 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
     };
 
     private bootstrapSecretStorage = async (): Promise<void> => {
+        const cli = MatrixClientPeg.safeGet();
+        const crypto = cli.getCrypto()!;
+        const { forceReset } = this.props;
+
+        let backupInfo;
+        // First, we try to get the keybackup info
+        if (!forceReset) {
+            try {
+                this.setState({ phase: Phase.Loading });
+                backupInfo = await cli.getKeyBackupVersion();
+            } catch (e) {
+                logger.error("Error fetching backup data from server", e);
+                this.setState({ phase: Phase.LoadError });
+                return;
+            }
+        }
+
         this.setState({
             phase: Phase.Storing,
             error: undefined,
         });
 
-        const cli = MatrixClientPeg.safeGet();
-        const crypto = cli.getCrypto()!;
-
-        const { forceReset } = this.props;
-
         try {
             if (forceReset) {
                 logger.log("Forcing secret storage reset");
@@ -327,7 +306,7 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
                 });
                 await crypto.bootstrapSecretStorage({
                     createSecretStorageKey: async () => this.recoveryKey!,
-                    setupNewKeyBackup: !this.state.backupInfo,
+                    setupNewKeyBackup: !backupInfo,
                 });
             }
             await initialiseDehydration(true);
@@ -346,8 +325,7 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
     };
 
     private onLoadRetryClick = (): void => {
-        this.setState({ phase: Phase.Loading });
-        this.fetchBackupInfo();
+        this.bootstrapSecretStorage();
     };
 
     private onShowKeyContinueClick = (): void => {
diff --git a/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx b/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
index c652fc1dfef..b9d05141481 100644
--- a/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
+++ b/test/unit-tests/components/views/dialogs/security/CreateSecretStorageDialog-test.tsx
@@ -12,9 +12,8 @@ import React from "react";
 import { mocked, MockedObject } from "jest-mock";
 import { MatrixClient, MatrixError } from "matrix-js-sdk/src/matrix";
 import { sleep } from "matrix-js-sdk/src/utils";
-import { waitFor } from "@testing-library/dom";
 
-import { filterConsole, flushPromises, stubClient } from "../../../../../test-utils";
+import { filterConsole, stubClient } from "../../../../../test-utils";
 import CreateSecretStorageDialog from "../../../../../../src/async-components/views/dialogs/security/CreateSecretStorageDialog";
 
 describe("CreateSecretStorageDialog", () => {
@@ -41,13 +40,6 @@ describe("CreateSecretStorageDialog", () => {
         return render(<CreateSecretStorageDialog onFinished={onFinished} {...props} />);
     }
 
-    it("shows a loading spinner initially", async () => {
-        const { container } = renderComponent();
-        expect(screen.getByTestId("spinner")).toBeDefined();
-        expect(container).toMatchSnapshot();
-        await flushPromises();
-    });
-
     it("handles the happy path", async () => {
         const result = renderComponent();
         await result.findByText(
@@ -81,13 +73,6 @@ describe("CreateSecretStorageDialog", () => {
         await screen.findByText("Unable to set up secret storage");
     });
 
-    it("when there is an error fetching the backup version handles the error sensibly", async () => {
-        mockClient.getKeyBackupVersion.mockRejectedValue(new Error("error"));
-        renderComponent();
-
-        await waitFor(() => expect(screen.queryByText("Unable to query secret storage status")).not.toBeNull());
-    });
-
     describe("when there is an error fetching the backup version", () => {
         filterConsole("Error fetching backup data from server");
 
@@ -97,9 +82,19 @@ describe("CreateSecretStorageDialog", () => {
             });
 
             const result = renderComponent();
+            // We go though the dialog until we have to get the key backup
+            await userEvent.click(result.getByRole("button", { name: "Continue" }));
+            await userEvent.click(screen.getByRole("button", { name: "Copy" }));
+            await userEvent.click(screen.getByRole("button", { name: "Continue" }));
+
             // XXX the error message is... misleading.
             await screen.findByText("Unable to query secret storage status");
             expect(result.container).toMatchSnapshot();
+
+            // Now we can get the backup and we retry
+            mockClient.getKeyBackupVersion.mockRestore();
+            await userEvent.click(screen.getByRole("button", { name: "Retry" }));
+            await screen.findByText("Your keys are now being backed up from this device.");
         });
     });
 });
diff --git a/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap b/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
index 7c0ce6ecae3..5ad35904225 100644
--- a/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
+++ b/test/unit-tests/components/views/dialogs/security/__snapshots__/CreateSecretStorageDialog-test.tsx.snap
@@ -217,46 +217,6 @@ exports[`CreateSecretStorageDialog handles the happy path 2`] = `
 </div>
 `;
 
-exports[`CreateSecretStorageDialog shows a loading spinner initially 1`] = `
-<div>
-  <div
-    data-focus-guard="true"
-    style="width: 1px; height: 0px; padding: 0px; overflow: hidden; position: fixed; top: 1px; left: 1px;"
-    tabindex="0"
-  />
-  <div
-    aria-labelledby="mx_BaseDialog_title"
-    class="mx_CreateSecretStorageDialog"
-    data-focus-lock-disabled="false"
-    role="dialog"
-  >
-    <div
-      class="mx_Dialog_header"
-    />
-    <div>
-      <div>
-        <div
-          class="mx_Spinner"
-        >
-          <div
-            aria-label="Loading…"
-            class="mx_Spinner_icon"
-            data-testid="spinner"
-            role="progressbar"
-            style="width: 32px; height: 32px;"
-          />
-        </div>
-      </div>
-    </div>
-  </div>
-  <div
-    data-focus-guard="true"
-    style="width: 1px; height: 0px; padding: 0px; overflow: hidden; position: fixed; top: 1px; left: 1px;"
-    tabindex="0"
-  />
-</div>
-`;
-
 exports[`CreateSecretStorageDialog when there is an error fetching the backup version shows an error 1`] = `
 <div>
   <div

From 0876f07804a137c659b7a263701ecf9b6ae0981c Mon Sep 17 00:00:00 2001
From: Florian Duros <florianduros@element.io>
Date: Wed, 30 Oct 2024 12:05:20 +0100
Subject: [PATCH 5/5] Update
 src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---
 .../views/dialogs/security/CreateSecretStorageDialog.tsx        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx b/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
index c9414b28b5d..3022aa6b8d9 100644
--- a/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
+++ b/src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
@@ -268,7 +268,7 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
         const { forceReset } = this.props;
 
         let backupInfo;
-        // First, we try to get the keybackup info
+        // First, unless we know we want to do a reset, we see if there is an existing key backup
         if (!forceReset) {
             try {
                 this.setState({ phase: Phase.Loading });