New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add m.login.terms to the registration flow #4004

merged 26 commits into from Nov 1, 2018


4 participants

turt2live commented Oct 3, 2018

This is an intentionally-limited implementation of this: matrix-org/matrix-doc#1692

Addresses part of vector-im/riot-web#7168

This allows the user to accept the privacy policy before they get a user ID, fixing several UX issues in Riot. Because this makes modifications to the UI auth mechanics, fallback auth is also included which means that not-Riot (or old-Riot) clients should be fine.

I've opened this for review to make sure I'm on the right track. Applicable tests will be written after initial review.

@turt2live turt2live requested a review from matrix-org/synapse-core Oct 3, 2018

@neilisfragile neilisfragile added this to To Do in Backend Core Team via automation Oct 5, 2018


looks like a plausible start to me!

Show resolved Hide resolved synapse/rest/consent/ Outdated
Show resolved Hide resolved synapse/rest/consent/ Outdated
Show resolved Hide resolved changelog.d/4004.feature

@neilisfragile neilisfragile moved this from To Do to In Progress: Operational/bug fixes in Backend Core Team Oct 12, 2018

@turt2live turt2live self-assigned this Oct 12, 2018

turt2live added a commit to matrix-org/matrix-react-sdk that referenced this pull request Oct 15, 2018

turt2live added some commits Oct 24, 2018

Fix test
Debug tests

Try printing the channel


Import and use six

Remove debugging

Disable captcha

Add some mocks

Define the URL

Fix the clock?

Less rendering?

use the other render

Complete the dummy auth stage

Fix last stage of the test

Remove mocks we don't need

This comment has been minimized.


turt2live commented Oct 24, 2018

It got lost somewhere in the commits, but thank you to @hawkowl for helping fix the tests :)

@turt2live turt2live requested a review from matrix-org/synapse-core Oct 24, 2018

turt2live added some commits Oct 24, 2018


otherwise, looks great!

Show resolved Hide resolved synapse/rest/client/v2_alpha/ Outdated

@turt2live turt2live requested a review from richvdh Oct 31, 2018


This comment has been minimized.


turt2live commented Oct 31, 2018

@richvdh should be ready for a final look, hopefully. If not, I might lose more of my hair.

@neilisfragile neilisfragile moved this from In Progress: Operational/bug fixes to Review in Backend Core Team Nov 1, 2018


richvdh approved these changes Nov 1, 2018


@turt2live turt2live merged commit c68aab1 into develop Nov 1, 2018

5 checks passed

ci/circleci: sytestpy2merged Your tests passed on CircleCI!
ci/circleci: sytestpy2postgresmerged Your tests passed on CircleCI!
ci/circleci: sytestpy3merged Your tests passed on CircleCI!
ci/circleci: sytestpy3postgresmerged Your tests passed on CircleCI!
continuous-integration/travis-ci/pr The Travis CI build passed

Backend Core Team automation moved this from Review to Done - Operations Nov 1, 2018

@turt2live turt2live deleted the travis/login-terms branch Nov 1, 2018

Please click the button below if you agree to the
<a href="%(terms_url)s">privacy policy of this homeserver.</a>

This comment has been minimized.


rubo77 Nov 14, 2018


This should have been "Please click the button below if you have read the privacy policy of this homeserver."

Because if you have a button to "Agree" you also need a workflow to "disagree" later on, which we don't want to provide.

see #4185

This comment has been minimized.


ilu33 Nov 14, 2018

Correct. The average home server doesn't have any consent to track because there should be nothing you have to consent to. Art. 7 1 b "Processing shall be lawful only if ... processing is necessary for the performance of a contract to which the data subject is party". Everything that is technically necessary to provide the service needs just information, not consent.

Consent needs to be freely given and can be retracted at any time - without terminating the service (Art. 7 GDPR and Recital 43). We are not Facebook or Google, we do not force the user to consent to anything. We can't help the technical necessities though and about them we INFORM.

"Consent" and "agree" implies that you store data that is not technically necessary to supply the service, which - I hope - no homeserver does. (Except: Consent to statistics/piwik is tracked in the settings which is correct. Consent to bots - which I personally think needs consent - should be in the settings too but that's not the topic here.)

hawkowl added a commit that referenced this pull request Nov 19, 2018

Merge tag 'v0.33.9'

- Include flags to optionally add `m.login.terms` to the registration flow when consent tracking is enabled.
([\#4004](#4004), [\#4133](#4133),
[\#4142](#4142), [\#4184](#4184))
- Support for replacing rooms with new ones ([\#4091](#4091), [\#4099](#4099),
[\#4100](#4100), [\#4101](#4101))


- Fix exceptions when using the email mailer on Python 3. ([\#4095](#4095))
- Fix e2e key backup with more than 9 backup versions ([\#4113](#4113))
- Searches that request profile info now no longer fail with a 500. ([\#4122](#4122))
- fix return code of empty key backups ([\#4123](#4123))
- If the typing stream ID goes backwards (as on a worker when the master restarts), the worker's typing handler will no longer erroneously report rooms containing new
typing events. ([\#4127](#4127))
- Fix table lock of device_lists_remote_cache which could freeze the application ([\#4132](#4132))
- Fix exception when using state res v2 algorithm ([\#4135](#4135))
- Generating the user consent URI no longer fails on Python 3. ([\#4140](#4140),
- Loading URL previews from the DB cache on Postgres will no longer cause Unicode type errors when responding to the request, and URL previews will no longer fail if
the remote server returns a Content-Type header with the chartype in quotes. ([\#4157](#4157))
- The hash_password script now works on Python 3. ([\#4161](#4161))
- Fix noop checks when updating device keys, reducing spurious device list update notifications. ([\#4164](#4164))

Deprecations and Removals

- The disused and un-specced identicon generator has been removed. ([\#4106](#4106))
- The obsolete and non-functional /pull federation endpoint has been removed. ([\#4118](#4118))
- The deprecated v1 key exchange endpoints have been removed. ([\#4119](#4119))
- Synapse will no longer fetch keys using the fallback deprecated v1 key exchange method and will now always use v2.

Internal Changes

- Fix build of Docker image with docker-compose ([\#3778](#3778))
- Delete unreferenced state groups during history purge ([\#4006](#4006))
- The "Received rdata" log messages on workers is now logged at DEBUG, not INFO. ([\#4108](#4108))
- Reduce replication traffic for device lists ([\#4109](#4109))
- Fix `synapse_replication_tcp_protocol_*_commands` metric label to be full command name, rather than just the first character
- Log some bits about room creation ([\#4121](#4121))
- Fix `tox` failure on old systems ([\#4124](#4124))
- Add STATE_V2_TEST room version ([\#4128](#4128))
- Clean up event accesses and tests ([\#4137](#4137))
- The default logging config will now set an explicit log file encoding of UTF-8. ([\#4138](#4138))
- Add helpers functions for getting prev and auth events of an event ([\#4139](#4139))
- Add some tests for the HTTP pusher. ([\#4149](#4149))
- add and scripts to contrib/ ([\#4155](#4155))
- HTTP tests have been refactored to contain less boilerplate. ([\#4156](#4156))
- Drop incoming events from federation for unknown rooms ([\#4165](#4165))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment