From ac68d0850b0e4bb69876470012efde07677f64b4 Mon Sep 17 00:00:00 2001
From: Mikhail Rakhmanov <rakhmanov.m@gmail.com>
Date: Mon, 12 May 2025 13:29:41 +0200
Subject: [PATCH] Encrypt read key with invites on key change

---
 .../object/acl/list/aclrecordbuilder.go       | 23 ++++++++++++++++++-
 .../object/acl/list/acltestsuite_test.go      |  6 +++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/commonspace/object/acl/list/aclrecordbuilder.go b/commonspace/object/acl/list/aclrecordbuilder.go
index 57411da4..aaff083f 100644
--- a/commonspace/object/acl/list/aclrecordbuilder.go
+++ b/commonspace/object/acl/list/aclrecordbuilder.go
@@ -626,7 +626,10 @@ func (a *aclRecordBuilder) buildReadKeyChange(payload ReadKeyChangePayload, remo
 	if err != nil {
 		return nil, err
 	}
-	var aclReadKeys []*aclrecordproto.AclEncryptedReadKey
+	var (
+		aclReadKeys []*aclrecordproto.AclEncryptedReadKey
+		invites     []*aclrecordproto.AclEncryptedReadKey
+	)
 	for identity, st := range a.state.accountStates {
 		if removedIdentities != nil {
 			if _, exists := removedIdentities[identity]; exists {
@@ -649,6 +652,23 @@ func (a *aclRecordBuilder) buildReadKeyChange(payload ReadKeyChangePayload, remo
 			EncryptedReadKey: enc,
 		})
 	}
+	for _, invite := range a.state.invites {
+		if invite.Type != aclrecordproto.AclInviteType_AnyoneCanJoin {
+			continue
+		}
+		protoIdentity, err := invite.Key.Marshall()
+		if err != nil {
+			return nil, err
+		}
+		enc, err := invite.Key.Encrypt(protoKey)
+		if err != nil {
+			return nil, err
+		}
+		invites = append(invites, &aclrecordproto.AclEncryptedReadKey{
+			Identity:         protoIdentity,
+			EncryptedReadKey: enc,
+		})
+	}
 	// encrypting metadata key with new read key
 	mkPubKey, err := payload.MetadataKey.GetPublic().Marshall()
 	if err != nil {
@@ -680,6 +700,7 @@ func (a *aclRecordBuilder) buildReadKeyChange(payload ReadKeyChangePayload, remo
 		MetadataPubKey:           mkPubKey,
 		EncryptedMetadataPrivKey: encPrivKey,
 		EncryptedOldReadKey:      encOldKey,
+		InviteKeys:               invites,
 	}
 	return readRec, nil
 }
diff --git a/commonspace/object/acl/list/acltestsuite_test.go b/commonspace/object/acl/list/acltestsuite_test.go
index 29b82638..30e9a803 100644
--- a/commonspace/object/acl/list/acltestsuite_test.go
+++ b/commonspace/object/acl/list/acltestsuite_test.go
@@ -53,6 +53,7 @@ func TestAclExecutor(t *testing.T) {
 		{"a.init::a", nil},
 		// creating an invite
 		{"a.invite::invId", nil},
+		{"a.invite_anyone::oldInvId", nil},
 		// cannot self join
 		{"a.join::invId", ErrInsufficientPermissions},
 		// now b can join
@@ -130,7 +131,12 @@ func TestAclExecutor(t *testing.T) {
 		{"a.changes::r,g", ErrInsufficientPermissions},
 		{"a.invite_anyone::invAnyoneId", nil},
 		{"new.invite_join::invAnyoneId", nil},
+		// invite keys persist after user removal
+		{"a.remove::new", nil},
 		{"new1.invite_join::invAnyoneId", nil},
+		{"a.revoke::invAnyoneId", nil},
+		{"new2.invite_join::invAnyoneId", ErrNoSuchInvite},
+		{"new2.invite_join::oldInvId", nil},
 	}
 	for _, cmd := range cmds {
 		err := a.Execute(cmd.cmd)