hicli/verify: add support for passphrase in addition to recovery key

pkg/hicli/json-commands.go

@@ -129,7 +129,7 @@ func (h *HiClient) handleJSONCommand(ctx context.Context, req *JSONCommand) (any
 		})
 	case "verify":
 		return unmarshalAndCall(req.Data, func(params *verifyParams) (bool, error) {
-			return true, h.VerifyWithRecoveryKey(ctx, params.RecoveryKey)
+			return true, h.Verify(ctx, params.RecoveryKey)
 		})
 	case "discover_homeserver":
 		return unmarshalAndCall(req.Data, func(params *discoverHomeserverParams) (*mautrix.ClientWellKnown, error) {

pkg/hicli/login.go

@@ -80,7 +80,7 @@ func (h *HiClient) LoginAndVerify(ctx context.Context, homeserverURL, username,
 	if err != nil {
 		return err
 	}
-	err = h.VerifyWithRecoveryKey(ctx, recoveryKey)
+	err = h.Verify(ctx, recoveryKey)
 	if err != nil {
 		return err
 	}

pkg/hicli/verify.go

@@ -9,6 +9,7 @@ package hicli
 import (
 	"context"
 	"encoding/base64"
+	"errors"
 	"fmt"
 
 	"github.com/rs/zerolog"
@@ -125,13 +126,16 @@ func (h *HiClient) storeCrossSigningPrivateKeys(ctx context.Context) error {
 	return nil
 }
 
-func (h *HiClient) VerifyWithRecoveryKey(ctx context.Context, code string) error {
+func (h *HiClient) Verify(ctx context.Context, code string) error {
 	defer h.dispatchCurrentState()
 	keyID, keyData, err := h.Crypto.SSSS.GetDefaultKeyData(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to get default SSSS key data: %w", err)
 	}
 	key, err := keyData.VerifyRecoveryKey(keyID, code)
+	if errors.Is(err, ssss.ErrInvalidRecoveryKey) && keyData.Passphrase != nil {
+		key, err = keyData.VerifyPassphrase(keyID, code)
+	}
 	if err != nil {
 		return err
 	}

web/src/ui/login/VerificationScreen.tsx

@@ -40,7 +40,7 @@ export const VerificationScreen = ({ client, clientState }: LoginScreenProps) =>
 				type="text"
 				autoComplete="off"
 				id="mxlogin-recoverykey"
-				placeholder="Recovery key"
+				placeholder="Recovery key or passphrase"
 				value={recoveryKey}
 				onChange={evt => setRecoveryKey(evt.target.value)}
 			/>