lib/model: Don't share with introduced device if encrypted (fixes #7724) (#7734)

lib/model/model.go

@@ -1565,6 +1565,11 @@ func (m *model) handleIntroductions(introducerCfg config.DeviceConfiguration, cm
 				continue
 			}
 
+			if fcfg.Type != config.FolderTypeReceiveEncrypted && device.EncryptionPasswordToken != nil {
+				l.Infof("Cannot share folder %s with %v because the introducer %v encrypts data, which requires a password", folder.Description(), device.ID, introducerCfg.DeviceID)
+				continue
+			}
+
 			// We don't yet share this folder with this device. Add the device
 			// to sharing list of the folder.
 			l.Infof("Sharing folder %s with %v (vouched for by introducer %v)", folder.Description(), device.ID, introducerCfg.DeviceID)

lib/model/model_test.go

@@ -518,12 +518,18 @@ func TestIntroducer(t *testing.T) {
 			},
 		},
 	})
-	cc := basicClusterConfig(myID, device1, "folder1")
+	cc := basicClusterConfig(myID, device1, "folder1", "folder2")
 	cc.Folders[0].Devices = append(cc.Folders[0].Devices, protocol.Device{
 		ID:                       device2,
 		Introducer:               true,
 		SkipIntroductionRemovals: true,
 	})
+	cc.Folders[1].Devices = append(cc.Folders[1].Devices, protocol.Device{
+		ID:                       device2,
+		Introducer:               true,
+		SkipIntroductionRemovals: true,
+		EncryptionPasswordToken:  []byte("faketoken"),
+	})
 	m.ClusterConfig(device1, cc)
 
 	if newDev, ok := m.cfg.Device(device2); !ok || !newDev.Introducer || !newDev.SkipIntroductionRemovals {
@@ -534,6 +540,12 @@ func TestIntroducer(t *testing.T) {
 		t.Error("expected folder 1 to have device2 introduced by device 1")
 	}
 
+	for _, devCfg := range m.cfg.Folders()["folder2"].Devices {
+		if devCfg.DeviceID == device2 {
+			t.Error("Device was added even though it's untrusted")
+		}
+	}
+
 	cleanupModel(m)
 	cancel()
 	m, cancel = newState(t, config.Configuration{