diff --git a/dendrite-config.yaml b/dendrite-config.yaml index 2aa0a4069..f6671b452 100644 --- a/dendrite-config.yaml +++ b/dendrite-config.yaml @@ -72,6 +72,8 @@ global: # If either require_at_registration or send_server_notice_to_guest are true, consent # messages will be sent to the users. user_consent: + # Randomly generated string to be used to calculate the HMAC + form_secret: "superSecretRandomlyGeneratedSecret" # Require consent when user registers for the first time require_at_registration: false # The name to be shown to the user diff --git a/setup/config/config_global.go b/setup/config/config_global.go index 016504da6..ad69a6d5e 100644 --- a/setup/config/config_global.go +++ b/setup/config/config_global.go @@ -208,6 +208,8 @@ func (c *DNSCacheOptions) Verify(configErrs *ConfigErrors, isMonolith bool) { // If either require_at_registration or send_server_notice_to_guest are true, consent // messages will be sent to the users. type UserConsentOptions struct { + // Randomly generated string to be used to calculate the HMAC + FormSecret string // Require consent when user registers for the first time RequireAtRegistration bool `yaml:"require_at_registration"` // The name to be shown to the user @@ -243,6 +245,7 @@ func (c *UserConsentOptions) Verify(configErrors *ConfigErrors, isMonolith bool) checkNotEmpty(configErrors, "template_dir", c.TemplateDir) checkNotEmpty(configErrors, "version", c.Version) checkNotEmpty(configErrors, "policy_name", c.PolicyName) + checkNotEmpty(configErrors, "form_secret", c.FormSecret) if len(*configErrors) > 0 { return } diff --git a/setup/config/config_global_test.go b/setup/config/config_global_test.go new file mode 100644 index 000000000..a3ede2d59 --- /dev/null +++ b/setup/config/config_global_test.go @@ -0,0 +1,110 @@ +package config + +import ( + "testing" +) + +func TestUserConsentOptions_Verify(t *testing.T) { + type args struct { + configErrors *ConfigErrors + isMonolith bool + } + tests := []struct { + name string + fields UserConsentOptions + args args + wantErr bool + }{ + { + name: "template dir not set", + fields: UserConsentOptions{ + RequireAtRegistration: true, + }, + args: struct { + configErrors *ConfigErrors + isMonolith bool + }{configErrors: &ConfigErrors{}, isMonolith: true}, + wantErr: true, + }, + { + name: "template dir set", + fields: UserConsentOptions{ + RequireAtRegistration: true, + TemplateDir: "testdata/privacy", + }, + args: struct { + configErrors *ConfigErrors + isMonolith bool + }{configErrors: &ConfigErrors{}, isMonolith: true}, + wantErr: true, + }, + { + name: "policy name not set", + fields: UserConsentOptions{ + RequireAtRegistration: true, + TemplateDir: "testdata/privacy", + }, + args: struct { + configErrors *ConfigErrors + isMonolith bool + }{configErrors: &ConfigErrors{}, isMonolith: true}, + wantErr: true, + }, + { + name: "policy name set", + fields: UserConsentOptions{ + RequireAtRegistration: true, + TemplateDir: "testdata/privacy", + PolicyName: "Privacy policy", + }, + args: struct { + configErrors *ConfigErrors + isMonolith bool + }{configErrors: &ConfigErrors{}, isMonolith: true}, + wantErr: true, + }, + { + name: "version not set", + fields: UserConsentOptions{ + RequireAtRegistration: true, + TemplateDir: "testdata/privacy", + }, + args: struct { + configErrors *ConfigErrors + isMonolith bool + }{configErrors: &ConfigErrors{}, isMonolith: true}, + wantErr: true, + }, + { + name: "everyhing required set", + fields: UserConsentOptions{ + RequireAtRegistration: true, + TemplateDir: "./testdata/privacy", + Version: "1.0", + PolicyName: "Privacy policy", + }, + args: struct { + configErrors *ConfigErrors + isMonolith bool + }{configErrors: &ConfigErrors{}, isMonolith: true}, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &UserConsentOptions{ + RequireAtRegistration: tt.fields.RequireAtRegistration, + PolicyName: tt.fields.PolicyName, + Version: tt.fields.Version, + TemplateDir: tt.fields.TemplateDir, + SendServerNoticeToGuest: tt.fields.SendServerNoticeToGuest, + ServerNoticeContent: tt.fields.ServerNoticeContent, + BlockEventsError: tt.fields.BlockEventsError, + } + c.Verify(tt.args.configErrors, tt.args.isMonolith) + if tt.wantErr && tt.args.configErrors == nil { + t.Errorf("expected no errors, got '%+v'", tt.args.configErrors) + } + }) + } +} diff --git a/setup/config/testdata/privacy/1.0.gohtml b/setup/config/testdata/privacy/1.0.gohtml new file mode 100644 index 000000000..12602fada --- /dev/null +++ b/setup/config/testdata/privacy/1.0.gohtml @@ -0,0 +1,26 @@ + + + + Matrix.org Privacy policy + + +{{ if .HasConsented }} +

+ Your base already belong to us. +

+{{ else }} +

+ All your base are belong to us. +

+{{ if not .PublicVersion }} + +
+ + + + +
+{{ end }} +{{ end }} + + \ No newline at end of file