Make the default value for the 'trusted' checkbox configurable

Also remove the `message_storage` setting.
2018-05-18 12:21:02 +02:00 · 2018-05-18 12:21:02 +02:00 · 2508ef0e9e
parent e82112715d
commit 2508ef0e9e
8 changed files with 76 additions and 37 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -14,7 +14,8 @@
 - Support for rendering URLs sent according to XEP-0066 Out of Band Data.
 - Geo-URIs (e.g. from Conversations) are now replaced by links to openstreetmap (works in reverse also)
 - Add a checkbox to indicate whether a trusted device is being used or not.
-  If the device is not trusted, then all user data is deleted from the cache upon logout.
+  If the device is not trusted, sessionStorage is used and all user data is deleted from the browser cache upon logout.
+  If the device is trusted, localStorage is used and user data is cached indefinitely.

 ### Bugfixes

--- a/docs/source/configuration.rst
+++ b/docs/source/configuration.rst
@ -927,28 +927,6 @@ Message carbons is the XEP (Jabber protocol extension) specifically drafted to
 solve this problem, while `forward_messages`_ uses
 `stanza forwarding <http://www.xmpp.org/extensions/xep-0297.html>`_

-message_storage
----------------
-
-* Default:  ``session``
-
-Valid options: ``session``, ``local``.
-
-This option determines the type of `browser storage <https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Storage>`_
-(``localStorage`` or ``sessionStorage``) used by converse.js to cache messages (private and group).
-
-The main difference between the two is that `sessionStorage` only persists while
-the current tab or window containing a converse.js instance is open. As soon as
-it's closed, the data is cleared.
-
-Data in `localStorage` on the other hand is kept indefinitely, which can have
-privacy implications on public computers or when multiple people are using the
-same computer.
-
-See also the `storage`_ option, which applies to other cached data, such as
-which chats you have open, what features the XMPP server supports and what
-your online status is.
-
 muc_disable_moderator_commands
 ------------------------------

@ -1269,17 +1247,20 @@ privacy perspective a better choice.

 The main difference between the two is that `sessionStorage` only persists while
 the current tab or window containing a converse.js instance is open. As soon as
-it's closed, the data is cleared.
+it's closed, the data is cleared (as long as there aren't any other tabs with
+the same domain open).

 Data in `localStorage` on the other hand is kept indefinitely.

-The data that is cached includes which chats you had open, what features the
-XMPP server supports and what your online status was.
+The data that is cached includes your sent and received messages, which chats you had
+open, what features the XMPP server supports and what your online status was.
+
+See also `trusted`_.
+
+.. note::
+    When the user checks the checkbox labeled "This is a trusted device", then
+    the storage setting will automatically be set to localStorage.

-Since version 1.0.7, the store for messages is now configurable separately with
-the `message_storage`_ option, to allow you to cache messages for longer in the
-browser (with `localStorage`) while still using `sessionStorage` for other
-data.

 .. note::
    Between versions 0.8.0 and 1.0.7, setting the value of this option to "local"
@ -1295,6 +1276,7 @@ data.
    storage), to address the above issue.


+
 sticky_controlbox
 -----------------

@ -1352,6 +1334,21 @@ If set to ``false``, this feature is disabled.

 If set to ``a resource name``, converse.js will synchronize only with a client that has that particular resource assigned to it.

+trusted
+-------
+
+* Default: ``true``
+
+This setting determines whether the default value of the "This is a trusted device" checkbox in the login form.
+
+When the current device is not trusted, then localStorage and sessionStorage
+will be cleared when the user logs out, thereby removing all cached data.
+
+Clearing the cache in this way makes Converse.js much slower when the user logs
+in again, because all data needs to be fetch anew.
+
+See also `storage`_.
+
 time_format
 -----------

--- a/spec/login.js
+++ b/spec/login.js
@ -41,5 +41,43 @@
                done();
            });
        }));
+
+        it("checkbox can be set to false by default",
+            mock.initConverseWithPromises(
+                null, ['connectionInitialized', 'chatBoxesInitialized'],
+                { auto_login: false,
+                  trusted: false,
+                  allow_registration: false },
+                function (done, _converse) {
+
+            test_utils.waitUntil(() => _converse.chatboxviews.get('controlbox'))
+            .then(function () {
+                var cbview = _converse.chatboxviews.get('controlbox');
+                test_utils.openControlBox();
+                const checkboxes = cbview.el.querySelectorAll('input[type="checkbox"]');
+                expect(checkboxes.length).toBe(1);
+
+                const checkbox = checkboxes[0];
+                const label = cbview.el.querySelector(`label[for="${checkbox.getAttribute('id')}"]`);
+                expect(label.textContent).toBe('This is a trusted device');
+                expect(checkbox.checked).toBe(false);
+
+                cbview.el.querySelector('input[name="jid"]').value = 'dummy@localhost';
+                cbview.el.querySelector('input[name="password"]').value = 'secret';
+
+                spyOn(cbview.loginpanel, 'connect');
+                cbview.delegateEvents();
+
+                expect(_converse.storage).toBe('session');
+                cbview.el.querySelector('input[type="submit"]').click();
+                expect(_converse.storage).toBe('session');
+                expect(cbview.loginpanel.connect).toHaveBeenCalled();
+
+                checkbox.click();
+                cbview.el.querySelector('input[type="submit"]').click();
+                expect(_converse.storage).toBe('local');
+                done();
+            });
+        }));
    });
 }));
--- a/src/converse-bookmarks.js
+++ b/src/converse-bookmarks.js
@ -52,12 +52,12 @@
            // New functions which don't exist yet can also be added.

            clearSession () {
-                this.__super__.clearSession.apply(this, arguments);
                if (!_.isUndefined(this.bookmarks)) {
                    this.bookmarks.reset();
                    this.bookmarks.browserStorage._clear();
                    window.sessionStorage.removeItem(this.bookmarks.fetched_flag);
                }
+                this.__super__.clearSession.apply(this, arguments);
            },

            ChatRoomView: {
@ -261,9 +261,7 @@

                    const cache_key = `converse.room-bookmarks${_converse.bare_jid}`;
                    this.fetched_flag = b64_sha1(cache_key+'fetched');
-                    this.browserStorage = new Backbone.BrowserStorage[_converse.storage](
-                        b64_sha1(cache_key)
-                    );
+                    this.browserStorage = new Backbone.BrowserStorage[_converse.storage](b64_sha1(cache_key));
                },

                openBookmarkedRoom (bookmark) {
--- a/src/converse-chatboxes.js
+++ b/src/converse-chatboxes.js
@ -249,7 +249,7 @@
                        this.addRelatedContact(_converse.roster.findWhere({'jid': this.get('jid')}));
                    });
                    this.messages = new _converse.Messages();
-                    this.messages.browserStorage = new Backbone.BrowserStorage[_converse.message_storage](
+                    this.messages.browserStorage = new Backbone.BrowserStorage[_converse.storage](
                        b64_sha1(`converse.messages${this.get('jid')}${_converse.bare_jid}`));
                    this.messages.chatbox = this;

--- a/src/converse-controlbox.js
+++ b/src/converse-controlbox.js
@ -478,6 +478,7 @@
                    if (!this.validate()) { return; }

                    const form_data = new FormData(ev.target);
+                    _converse.trusted = form_data.get('trusted');
                    _converse.storage = form_data.get('trusted') ? 'local' : 'session';

                    let jid = form_data.get('jid');
--- a/src/converse-core.js
+++ b/src/converse-core.js
@ -322,7 +322,6 @@
                'pl', 'pt_BR', 'ru', 'tr', 'uk', 'zh_CN', 'zh_TW'
            ],
            message_carbons: true,
-            message_storage: 'session',
            nickname: undefined,
            password: undefined,
            prebind_url: null,
@ -336,6 +335,7 @@
            storage: 'session',
            strict_plugin_dependencies: false,
            synchronize_availability: true,
+            trusted: true,
            view_mode: 'overlayed', // Choices are 'overlayed', 'fullscreen', 'mobile'
            websocket_url: undefined,
            whitelisted_plugins: []
@ -652,6 +652,10 @@
            if (!_.isUndefined(this.session) && this.session.browserStorage) {
                this.session.browserStorage._clear();
            }
+            if (!_converse.trusted) {
+                window.localStorage.clear();
+                window.sessionStorage.clear();
+            }
        };

        this.logOut = function () {
--- a/src/templates/login_panel.html
+++ b/src/templates/login_panel.html
@ -19,7 +19,7 @@
                </div>
                {[ } ]}
                <div class="form-group form-check">
-                    <input id="converse-login-trusted" type="checkbox" class="form-check-input" name="trusted" checked="checked">
+                    <input id="converse-login-trusted" type="checkbox" class="form-check-input" name="trusted" {[ if (o._converse.trusted) { ]} checked="checked" {[ } ]}>
                    <label for="converse-login-trusted" class="form-check-label">{{{o.__('This is a trusted device')}}}</label>
                    <i class="fa fa-info-circle" data-toggle="popover"
                       data-title="Trusted device?"