Merge pull request #3262 from matrix-org/rav/has_already_consented

Add a 'has_consented' template var to consent forms
2018-05-22 15:35:10 +01:00 · 2018-05-22 15:35:10 +01:00 · 08a14b32ae
parent 82c2a52987 7b36d06a69
commit 08a14b32ae
3 changed files with 25 additions and 5 deletions
--- a/docs/privacy_policy_templates/README.md
+++ b/docs/privacy_policy_templates/README.md
@ -9,7 +9,7 @@ form_secret: <unique but arbitrary secret>

 user_consent:
  template_dir: docs/privacy_policy_templates
-  default_version: 1.0
+  version: 1.0
 ```

 You should then be able to enable the `consent` resource under a `listener`
--- a/docs/privacy_policy_templates/en/1.0.html
+++ b/docs/privacy_policy_templates/en/1.0.html
@ -4,6 +4,11 @@
    <title>Matrix.org Privacy policy</title>
  </head>
  <body>
+  {% if has_consented %}
+    <p>
+      Your base already belong to us.
+    </p>
+  {% else %}
    <p>
      All your base are belong to us.
    </p>
@ -13,5 +18,6 @@
      <input type="hidden" name="h" value="{{userhmac}}"/>
      <input type="submit" value="Sure thing!"/>
    </form>
+  {% endif %}
  </body>
 </html>
--- a/synapse/rest/consent/consent_resource.py
+++ b/synapse/rest/consent/consent_resource.py
@ -95,8 +95,8 @@ class ConsentResource(Resource):
        # this is required by the request_handler wrapper
        self.clock = hs.get_clock()

-        self._default_consent_verison = hs.config.user_consent_version
-        if self._default_consent_verison is None:
+        self._default_consent_version = hs.config.user_consent_version
+        if self._default_consent_version is None:
            raise ConfigError(
                "Consent resource is enabled but user_consent section is "
                "missing in config file.",
@ -114,7 +114,10 @@ class ConsentResource(Resource):
            )

        loader = jinja2.FileSystemLoader(consent_template_directory)
-        self._jinja_env = jinja2.Environment(loader=loader)
+        self._jinja_env = jinja2.Environment(
+            loader=loader,
+            autoescape=jinja2.select_autoescape(['html', 'htm', 'xml']),
+        )

        if hs.config.form_secret is None:
            raise ConfigError(
@ -129,6 +132,7 @@ class ConsentResource(Resource):
        return NOT_DONE_YET

    @wrap_html_request_handler
+    @defer.inlineCallbacks
    def _async_render_GET(self, request):
        """
        Args:
@ -136,16 +140,26 @@ class ConsentResource(Resource):
        """

        version = parse_string(request, "v",
-                               default=self._default_consent_verison)
+                               default=self._default_consent_version)
        username = parse_string(request, "u", required=True)
        userhmac = parse_string(request, "h", required=True)

        self._check_hash(username, userhmac)

+        if username.startswith('@'):
+            qualified_user_id = username
+        else:
+            qualified_user_id = UserID(username, self.hs.hostname).to_string()
+
+        u = yield self.store.get_user_by_id(qualified_user_id)
+        if u is None:
+            raise NotFoundError("Unknown user")
+
        try:
            self._render_template(
                request, "%s.html" % (version,),
                user=username, userhmac=userhmac, version=version,
+                has_consented=(u["consent_version"] == version),
            )
        except TemplateNotFound:
            raise NotFoundError("Unknown policy version")