Merge pull request #3262 from matrix-org/rav/has_already_consented

Add a 'has_consented' template var to consent forms
pull/3265/head
Richard van der Hoff 2018-05-22 15:35:10 +01:00 committed by GitHub
commit 08a14b32ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 5 deletions

View File

@ -9,7 +9,7 @@ form_secret: <unique but arbitrary secret>
user_consent: user_consent:
template_dir: docs/privacy_policy_templates template_dir: docs/privacy_policy_templates
default_version: 1.0 version: 1.0
``` ```
You should then be able to enable the `consent` resource under a `listener` You should then be able to enable the `consent` resource under a `listener`

View File

@ -4,6 +4,11 @@
<title>Matrix.org Privacy policy</title> <title>Matrix.org Privacy policy</title>
</head> </head>
<body> <body>
{% if has_consented %}
<p>
Your base already belong to us.
</p>
{% else %}
<p> <p>
All your base are belong to us. All your base are belong to us.
</p> </p>
@ -13,5 +18,6 @@
<input type="hidden" name="h" value="{{userhmac}}"/> <input type="hidden" name="h" value="{{userhmac}}"/>
<input type="submit" value="Sure thing!"/> <input type="submit" value="Sure thing!"/>
</form> </form>
{% endif %}
</body> </body>
</html> </html>

View File

@ -95,8 +95,8 @@ class ConsentResource(Resource):
# this is required by the request_handler wrapper # this is required by the request_handler wrapper
self.clock = hs.get_clock() self.clock = hs.get_clock()
self._default_consent_verison = hs.config.user_consent_version self._default_consent_version = hs.config.user_consent_version
if self._default_consent_verison is None: if self._default_consent_version is None:
raise ConfigError( raise ConfigError(
"Consent resource is enabled but user_consent section is " "Consent resource is enabled but user_consent section is "
"missing in config file.", "missing in config file.",
@ -114,7 +114,10 @@ class ConsentResource(Resource):
) )
loader = jinja2.FileSystemLoader(consent_template_directory) loader = jinja2.FileSystemLoader(consent_template_directory)
self._jinja_env = jinja2.Environment(loader=loader) self._jinja_env = jinja2.Environment(
loader=loader,
autoescape=jinja2.select_autoescape(['html', 'htm', 'xml']),
)
if hs.config.form_secret is None: if hs.config.form_secret is None:
raise ConfigError( raise ConfigError(
@ -129,6 +132,7 @@ class ConsentResource(Resource):
return NOT_DONE_YET return NOT_DONE_YET
@wrap_html_request_handler @wrap_html_request_handler
@defer.inlineCallbacks
def _async_render_GET(self, request): def _async_render_GET(self, request):
""" """
Args: Args:
@ -136,16 +140,26 @@ class ConsentResource(Resource):
""" """
version = parse_string(request, "v", version = parse_string(request, "v",
default=self._default_consent_verison) default=self._default_consent_version)
username = parse_string(request, "u", required=True) username = parse_string(request, "u", required=True)
userhmac = parse_string(request, "h", required=True) userhmac = parse_string(request, "h", required=True)
self._check_hash(username, userhmac) self._check_hash(username, userhmac)
if username.startswith('@'):
qualified_user_id = username
else:
qualified_user_id = UserID(username, self.hs.hostname).to_string()
u = yield self.store.get_user_by_id(qualified_user_id)
if u is None:
raise NotFoundError("Unknown user")
try: try:
self._render_template( self._render_template(
request, "%s.html" % (version,), request, "%s.html" % (version,),
user=username, userhmac=userhmac, version=version, user=username, userhmac=userhmac, version=version,
has_consented=(u["consent_version"] == version),
) )
except TemplateNotFound: except TemplateNotFound:
raise NotFoundError("Unknown policy version") raise NotFoundError("Unknown policy version")