From 2508ef0e9e7c273a49c2053ac846ce0c9cddafd2 Mon Sep 17 00:00:00 2001 From: JC Brand Date: Fri, 18 May 2018 12:21:02 +0200 Subject: [PATCH] Make the default value for the 'trusted' checkbox configurable Also remove the `message_storage` setting. --- CHANGES.md | 3 +- docs/source/configuration.rst | 55 ++++++++++++++++------------------ spec/login.js | 38 +++++++++++++++++++++++ src/converse-bookmarks.js | 6 ++-- src/converse-chatboxes.js | 2 +- src/converse-controlbox.js | 1 + src/converse-core.js | 6 +++- src/templates/login_panel.html | 2 +- 8 files changed, 76 insertions(+), 37 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 4e7b30229..c131c7bcb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -14,7 +14,8 @@ - Support for rendering URLs sent according to XEP-0066 Out of Band Data. - Geo-URIs (e.g. from Conversations) are now replaced by links to openstreetmap (works in reverse also) - Add a checkbox to indicate whether a trusted device is being used or not. - If the device is not trusted, then all user data is deleted from the cache upon logout. + If the device is not trusted, sessionStorage is used and all user data is deleted from the browser cache upon logout. + If the device is trusted, localStorage is used and user data is cached indefinitely. ### Bugfixes diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst index 9ca3113dd..cd30d3f45 100644 --- a/docs/source/configuration.rst +++ b/docs/source/configuration.rst @@ -927,28 +927,6 @@ Message carbons is the XEP (Jabber protocol extension) specifically drafted to solve this problem, while `forward_messages`_ uses `stanza forwarding `_ -message_storage ----------------- - -* Default: ``session`` - -Valid options: ``session``, ``local``. - -This option determines the type of `browser storage `_ -(``localStorage`` or ``sessionStorage``) used by converse.js to cache messages (private and group). - -The main difference between the two is that `sessionStorage` only persists while -the current tab or window containing a converse.js instance is open. As soon as -it's closed, the data is cleared. - -Data in `localStorage` on the other hand is kept indefinitely, which can have -privacy implications on public computers or when multiple people are using the -same computer. - -See also the `storage`_ option, which applies to other cached data, such as -which chats you have open, what features the XMPP server supports and what -your online status is. - muc_disable_moderator_commands ------------------------------ @@ -1269,17 +1247,20 @@ privacy perspective a better choice. The main difference between the two is that `sessionStorage` only persists while the current tab or window containing a converse.js instance is open. As soon as -it's closed, the data is cleared. +it's closed, the data is cleared (as long as there aren't any other tabs with +the same domain open). Data in `localStorage` on the other hand is kept indefinitely. -The data that is cached includes which chats you had open, what features the -XMPP server supports and what your online status was. +The data that is cached includes your sent and received messages, which chats you had +open, what features the XMPP server supports and what your online status was. + +See also `trusted`_. + +.. note:: + When the user checks the checkbox labeled "This is a trusted device", then + the storage setting will automatically be set to localStorage. -Since version 1.0.7, the store for messages is now configurable separately with -the `message_storage`_ option, to allow you to cache messages for longer in the -browser (with `localStorage`) while still using `sessionStorage` for other -data. .. note:: Between versions 0.8.0 and 1.0.7, setting the value of this option to "local" @@ -1295,6 +1276,7 @@ data. storage), to address the above issue. + sticky_controlbox ----------------- @@ -1352,6 +1334,21 @@ If set to ``false``, this feature is disabled. If set to ``a resource name``, converse.js will synchronize only with a client that has that particular resource assigned to it. +trusted +------- + +* Default: ``true`` + +This setting determines whether the default value of the "This is a trusted device" checkbox in the login form. + +When the current device is not trusted, then localStorage and sessionStorage +will be cleared when the user logs out, thereby removing all cached data. + +Clearing the cache in this way makes Converse.js much slower when the user logs +in again, because all data needs to be fetch anew. + +See also `storage`_. + time_format ----------- diff --git a/spec/login.js b/spec/login.js index ea833bc15..b74c4e24a 100644 --- a/spec/login.js +++ b/spec/login.js @@ -41,5 +41,43 @@ done(); }); })); + + it("checkbox can be set to false by default", + mock.initConverseWithPromises( + null, ['connectionInitialized', 'chatBoxesInitialized'], + { auto_login: false, + trusted: false, + allow_registration: false }, + function (done, _converse) { + + test_utils.waitUntil(() => _converse.chatboxviews.get('controlbox')) + .then(function () { + var cbview = _converse.chatboxviews.get('controlbox'); + test_utils.openControlBox(); + const checkboxes = cbview.el.querySelectorAll('input[type="checkbox"]'); + expect(checkboxes.length).toBe(1); + + const checkbox = checkboxes[0]; + const label = cbview.el.querySelector(`label[for="${checkbox.getAttribute('id')}"]`); + expect(label.textContent).toBe('This is a trusted device'); + expect(checkbox.checked).toBe(false); + + cbview.el.querySelector('input[name="jid"]').value = 'dummy@localhost'; + cbview.el.querySelector('input[name="password"]').value = 'secret'; + + spyOn(cbview.loginpanel, 'connect'); + cbview.delegateEvents(); + + expect(_converse.storage).toBe('session'); + cbview.el.querySelector('input[type="submit"]').click(); + expect(_converse.storage).toBe('session'); + expect(cbview.loginpanel.connect).toHaveBeenCalled(); + + checkbox.click(); + cbview.el.querySelector('input[type="submit"]').click(); + expect(_converse.storage).toBe('local'); + done(); + }); + })); }); })); diff --git a/src/converse-bookmarks.js b/src/converse-bookmarks.js index 7d665dfb2..1e20b5775 100644 --- a/src/converse-bookmarks.js +++ b/src/converse-bookmarks.js @@ -52,12 +52,12 @@ // New functions which don't exist yet can also be added. clearSession () { - this.__super__.clearSession.apply(this, arguments); if (!_.isUndefined(this.bookmarks)) { this.bookmarks.reset(); this.bookmarks.browserStorage._clear(); window.sessionStorage.removeItem(this.bookmarks.fetched_flag); } + this.__super__.clearSession.apply(this, arguments); }, ChatRoomView: { @@ -261,9 +261,7 @@ const cache_key = `converse.room-bookmarks${_converse.bare_jid}`; this.fetched_flag = b64_sha1(cache_key+'fetched'); - this.browserStorage = new Backbone.BrowserStorage[_converse.storage]( - b64_sha1(cache_key) - ); + this.browserStorage = new Backbone.BrowserStorage[_converse.storage](b64_sha1(cache_key)); }, openBookmarkedRoom (bookmark) { diff --git a/src/converse-chatboxes.js b/src/converse-chatboxes.js index c74c67244..c854d5de8 100644 --- a/src/converse-chatboxes.js +++ b/src/converse-chatboxes.js @@ -249,7 +249,7 @@ this.addRelatedContact(_converse.roster.findWhere({'jid': this.get('jid')})); }); this.messages = new _converse.Messages(); - this.messages.browserStorage = new Backbone.BrowserStorage[_converse.message_storage]( + this.messages.browserStorage = new Backbone.BrowserStorage[_converse.storage]( b64_sha1(`converse.messages${this.get('jid')}${_converse.bare_jid}`)); this.messages.chatbox = this; diff --git a/src/converse-controlbox.js b/src/converse-controlbox.js index a76f04698..a452f0043 100644 --- a/src/converse-controlbox.js +++ b/src/converse-controlbox.js @@ -478,6 +478,7 @@ if (!this.validate()) { return; } const form_data = new FormData(ev.target); + _converse.trusted = form_data.get('trusted'); _converse.storage = form_data.get('trusted') ? 'local' : 'session'; let jid = form_data.get('jid'); diff --git a/src/converse-core.js b/src/converse-core.js index deeace8b2..c91b1975c 100644 --- a/src/converse-core.js +++ b/src/converse-core.js @@ -322,7 +322,6 @@ 'pl', 'pt_BR', 'ru', 'tr', 'uk', 'zh_CN', 'zh_TW' ], message_carbons: true, - message_storage: 'session', nickname: undefined, password: undefined, prebind_url: null, @@ -336,6 +335,7 @@ storage: 'session', strict_plugin_dependencies: false, synchronize_availability: true, + trusted: true, view_mode: 'overlayed', // Choices are 'overlayed', 'fullscreen', 'mobile' websocket_url: undefined, whitelisted_plugins: [] @@ -652,6 +652,10 @@ if (!_.isUndefined(this.session) && this.session.browserStorage) { this.session.browserStorage._clear(); } + if (!_converse.trusted) { + window.localStorage.clear(); + window.sessionStorage.clear(); + } }; this.logOut = function () { diff --git a/src/templates/login_panel.html b/src/templates/login_panel.html index 2279bdd6b..4c22dc874 100644 --- a/src/templates/login_panel.html +++ b/src/templates/login_panel.html @@ -19,7 +19,7 @@ {[ } ]}
- +