This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add option to enable encryption by default for new rooms (#7639)
Fixes #2431 Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used. Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala #7637 Based on #7637
- Loading branch information
1 parent
191dc98
commit fcd6961
Showing
11 changed files
with
275 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Add an option to enable encryption by default for new rooms. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
# -*- coding: utf-8 -*- | ||
# Copyright 2020 The Matrix.org Foundation C.I.C. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
import logging | ||
|
||
from synapse.api.constants import RoomCreationPreset | ||
|
||
from ._base import Config, ConfigError | ||
|
||
logger = logging.Logger(__name__) | ||
|
||
|
||
class RoomDefaultEncryptionTypes(object): | ||
"""Possible values for the encryption_enabled_by_default_for_room_type config option""" | ||
|
||
ALL = "all" | ||
INVITE = "invite" | ||
OFF = "off" | ||
|
||
|
||
class RoomConfig(Config): | ||
section = "room" | ||
|
||
def read_config(self, config, **kwargs): | ||
# Whether new, locally-created rooms should have encryption enabled | ||
encryption_for_room_type = config.get( | ||
"encryption_enabled_by_default_for_room_type", | ||
RoomDefaultEncryptionTypes.OFF, | ||
) | ||
if encryption_for_room_type == RoomDefaultEncryptionTypes.ALL: | ||
self.encryption_enabled_by_default_for_room_presets = [ | ||
RoomCreationPreset.PRIVATE_CHAT, | ||
RoomCreationPreset.TRUSTED_PRIVATE_CHAT, | ||
RoomCreationPreset.PUBLIC_CHAT, | ||
] | ||
elif encryption_for_room_type == RoomDefaultEncryptionTypes.INVITE: | ||
self.encryption_enabled_by_default_for_room_presets = [ | ||
RoomCreationPreset.PRIVATE_CHAT, | ||
RoomCreationPreset.TRUSTED_PRIVATE_CHAT, | ||
] | ||
elif encryption_for_room_type == RoomDefaultEncryptionTypes.OFF: | ||
self.encryption_enabled_by_default_for_room_presets = [] | ||
else: | ||
raise ConfigError( | ||
"Invalid value for encryption_enabled_by_default_for_room_type" | ||
) | ||
|
||
def generate_config_section(self, **kwargs): | ||
return """\ | ||
## Rooms ## | ||
# Controls whether locally-created rooms should be end-to-end encrypted by | ||
# default. | ||
# | ||
# Possible options are "all", "invite", and "off". They are defined as: | ||
# | ||
# * "all": any locally-created room | ||
# * "invite": any room created with the "private_chat" or "trusted_private_chat" | ||
# room creation presets | ||
# * "off": this option will take no effect | ||
# | ||
# The default value is "off". | ||
# | ||
# Note that this option will only affect rooms created after it is set. It | ||
# will also not affect rooms created by other servers. | ||
# | ||
#encryption_enabled_by_default_for_room_type: invite | ||
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.