From 1591eddaea779d2805afb1acc102630a8e580f0d Mon Sep 17 00:00:00 2001 From: Caleb James DeLisle Date: Fri, 23 Jun 2017 13:01:04 +0200 Subject: [PATCH 1/4] Add configuration parameter to allow redaction of content from push messages for google/apple devices --- synapse/config/homeserver.py | 3 ++- synapse/config/pushconfig.py | 40 ++++++++++++++++++++++++++++++++++++ synapse/push/httppusher.py | 2 +- 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 synapse/config/pushconfig.py diff --git a/synapse/config/homeserver.py b/synapse/config/homeserver.py index 0f890fc04a..327c7e4fc6 100644 --- a/synapse/config/homeserver.py +++ b/synapse/config/homeserver.py @@ -33,6 +33,7 @@ from .jwt import JWTConfig from .password_auth_providers import PasswordAuthProviderConfig from .emailconfig import EmailConfig from .workers import WorkerConfig +from .pushconfig import PushConfig class HomeServerConfig(TlsConfig, ServerConfig, DatabaseConfig, LoggingConfig, @@ -40,7 +41,7 @@ class HomeServerConfig(TlsConfig, ServerConfig, DatabaseConfig, LoggingConfig, VoipConfig, RegistrationConfig, MetricsConfig, ApiConfig, AppServiceConfig, KeyConfig, SAML2Config, CasConfig, JWTConfig, PasswordConfig, EmailConfig, - WorkerConfig, PasswordAuthProviderConfig,): + WorkerConfig, PasswordAuthProviderConfig, PushConfig,): pass diff --git a/synapse/config/pushconfig.py b/synapse/config/pushconfig.py new file mode 100644 index 0000000000..afe8aba0a8 --- /dev/null +++ b/synapse/config/pushconfig.py @@ -0,0 +1,40 @@ +# -*- coding: utf-8 -*- +# Copyright 2015, 2016 OpenMarket Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file can't be called email.py because if it is, we cannot: +import email.utils + +from ._base import Config + + +class PushConfig(Config): + def read_config(self, config): + self.push_redact_content = False + + push_config = config.get("email", {}) + self.push_redact_content = push_config.get("redact_content", False) + + def default_config(self, config_dir_path, server_name, **kwargs): + return """ + # Control how push messages are sent to google/apple to notifications. + # Normally every message is posted to a push server hosted by matrix.org + # which is registered with google and apple in order to allow push + # notifications to be sent to mobile devices. + # Setting redact_content to true will make the push messages contain no + # message content which will provide increased privacy. + # + #push: + # redact_content: false + """ diff --git a/synapse/push/httppusher.py b/synapse/push/httppusher.py index c0f8176e3d..f3f872895a 100644 --- a/synapse/push/httppusher.py +++ b/synapse/push/httppusher.py @@ -275,7 +275,7 @@ class HttpPusher(object): if event.type == 'm.room.member': d['notification']['membership'] = event.content['membership'] d['notification']['user_is_target'] = event.state_key == self.user_id - if 'content' in event: + if not hs.config.push_redact_content and 'content' in event: d['notification']['content'] = event.content # We no longer send aliases separately, instead, we send the human From 75eba3b07d58743f24068efef67d5755f58207ba Mon Sep 17 00:00:00 2001 From: Caleb James DeLisle Date: Fri, 23 Jun 2017 15:15:18 +0200 Subject: [PATCH 2/4] Fix TravisCI tests for PR #2301 --- synapse/config/pushconfig.py => push.py | 3 --- synapse/config/homeserver.py | 2 +- synapse/push/httppusher.py | 2 +- 3 files changed, 2 insertions(+), 5 deletions(-) rename synapse/config/pushconfig.py => push.py (94%) diff --git a/synapse/config/pushconfig.py b/push.py similarity index 94% rename from synapse/config/pushconfig.py rename to push.py index afe8aba0a8..4e5f428820 100644 --- a/synapse/config/pushconfig.py +++ b/push.py @@ -13,9 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# This file can't be called email.py because if it is, we cannot: -import email.utils - from ._base import Config diff --git a/synapse/config/homeserver.py b/synapse/config/homeserver.py index 327c7e4fc6..b22cacf8dc 100644 --- a/synapse/config/homeserver.py +++ b/synapse/config/homeserver.py @@ -33,7 +33,7 @@ from .jwt import JWTConfig from .password_auth_providers import PasswordAuthProviderConfig from .emailconfig import EmailConfig from .workers import WorkerConfig -from .pushconfig import PushConfig +from .push import PushConfig class HomeServerConfig(TlsConfig, ServerConfig, DatabaseConfig, LoggingConfig, diff --git a/synapse/push/httppusher.py b/synapse/push/httppusher.py index f3f872895a..8a5d473108 100644 --- a/synapse/push/httppusher.py +++ b/synapse/push/httppusher.py @@ -275,7 +275,7 @@ class HttpPusher(object): if event.type == 'm.room.member': d['notification']['membership'] = event.content['membership'] d['notification']['user_is_target'] = event.state_key == self.user_id - if not hs.config.push_redact_content and 'content' in event: + if not self.hs.config.push_redact_content and 'content' in event: d['notification']['content'] = event.content # We no longer send aliases separately, instead, we send the human From bce144595ceb7cf5b02efd79ae67e23c0df9fa27 Mon Sep 17 00:00:00 2001 From: Caleb James DeLisle Date: Fri, 23 Jun 2017 15:26:09 +0200 Subject: [PATCH 3/4] Fix TravisCI tests for PR #2301 - Fat finger mistake --- push.py => synapse/config/push.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename push.py => synapse/config/push.py (100%) diff --git a/push.py b/synapse/config/push.py similarity index 100% rename from push.py rename to synapse/config/push.py From 27bd0b9a91607beb3965c48edcab10e5f6924879 Mon Sep 17 00:00:00 2001 From: Caleb James DeLisle Date: Sat, 24 Jun 2017 10:32:12 +0200 Subject: [PATCH 4/4] Change the config file generator to more descriptive explanation of push.redact_content --- synapse/config/push.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/synapse/config/push.py b/synapse/config/push.py index 4e5f428820..9c68318b40 100644 --- a/synapse/config/push.py +++ b/synapse/config/push.py @@ -26,11 +26,19 @@ class PushConfig(Config): def default_config(self, config_dir_path, server_name, **kwargs): return """ # Control how push messages are sent to google/apple to notifications. - # Normally every message is posted to a push server hosted by matrix.org + # Normally every message said in a room with one or more people using + # mobile devices will be posted to a push server hosted by matrix.org # which is registered with google and apple in order to allow push - # notifications to be sent to mobile devices. + # notifications to be sent to these mobile devices. + # # Setting redact_content to true will make the push messages contain no - # message content which will provide increased privacy. + # message content which will provide increased privacy. This is a + # temporary solution pending improvements to Android and iPhone apps + # to get content from the app rather than the notification. + # + # For modern android devices the notification content will still appear + # because it is loaded by the app. iPhone, however will send a + # notification saying only that a message arrived and who it came from. # #push: # redact_content: false