fix: refresh Security Seed before replication

Reason:
- A client that remains open during a remote database rebuild can retain the previous Security Seed and upload documents encrypted with the wrong key.

Changes:
- Fetch the remote Security Seed at every replication preflight instead of reusing the process cache.
- Add a regression test and an unreleased change note for issue #1018.
This commit is contained in:
Ouyang Xingyuan
2026-07-14 18:15:40 +08:00
parent 056d89aa4d
commit 45657ba39c
3 changed files with 54 additions and 1 deletions
+2 -1
View File
@@ -49,7 +49,8 @@ async function canReplicateWithPBKDF2(
// Showing message is false: that because be shown here. (And it is a fatal error, no way to hide it).
// tagged as network error at beginning for error filtering with NetworkWarningStyles
const ensureMessage = `${MARK_LOG_NETWORK_ERROR}Failed to initialise the encryption key, preventing replication.`;
const ensureResult = await replicator.ensurePBKDF2Salt(currentSettings, showMessage, true);
// A remote database rebuild replaces the Security Seed while this process may still hold the previous one.
const ensureResult = await replicator.ensurePBKDF2Salt(currentSettings, showMessage, false);
if (!ensureResult) {
errorManager.showError(ensureMessage, showMessage ? LOG_LEVEL_NOTICE : LOG_LEVEL_INFO);
return false;