Merge docs on consent bits from PR #3268 into release branch

2018-05-23 16:24:58 +01:00 · 2018-05-23 16:24:58 +01:00 · 043f05a078
commit 043f05a078
parent 2f7008d4eb e206b2c9ac
4 changed files with 271 additions and 23 deletions
--- a/docs/consent_tracking.md
+++ b/docs/consent_tracking.md
@ -0,0 +1,160 @@
 Support in Synapse for tracking agreement to server terms and conditions
 ========================================================================
 Synapse 0.30 introduces support for tracking whether users have agreed to the
 terms and conditions set by the administrator of a server - and blocking access
 to the server until they have.
 There are several parts to this functionality; each requires some specific
 configuration in `homeserver.yaml` to be enabled.
 Note that various parts of the configuation and this document refer to the
 "privacy policy": agreement with a privacy policy is one particular use of this
 feature, but of course adminstrators can specify other terms and conditions
 unrelated to "privacy" per se.
 Collecting policy agreement from a user
 ---------------------------------------
 Synapse can be configured to serve the user a simple policy form with an
 "accept" button. Clicking "Accept" records the user's acceptance in the
 database and shows a success page.
 To enable this, first create templates for the policy and success pages.
 These should be stored on the local filesystem.
 These templates use the [Jinja2](http://jinja.pocoo.org) templating language,
 and [docs/privacy_policy_templates](privacy_policy_templates) gives
 examples of the sort of thing that can be done.
 Note that the templates must be stored under a name giving the language of the
 template - currently this must always be `en` (for "English");
 internationalisation support is intended for the future.
 The template for the policy itself should be versioned and named according to 
 the version: for example `1.0.html`. The version of the policy which the user
 has agreed to is stored in the database.
 Once the templates are in place, make the following changes to `homeserver.yaml`:
 1. Add a `user_consent` section, which should look like:
    ```yaml
    user_consent:
      template_dir: privacy_policy_templates
      version: 1.0
    ```
    `template_dir` points to the directory containing the policy
    templates. `version` defines the version of the policy which will be served
    to the user. In the example above, Synapse will serve
    `privacy_policy_templates/en/1.0.html`.
 2. Add a `form_secret` setting at the top level:
    ```yaml
    form_secret: "<unique secret>"
    ```
    This should be set to an arbitrary secret string (try `pwgen -y 30` to
    generate suitable secrets).
    More on what this is used for below.
 3. Add `consent` wherever the `client` resource is currently enabled in the
    `listeners` configuration. For example:
    ```yaml
    listeners:
      - port: 8008
        resources:
          - names:
            - client
            - consent
    ```
 Finally, ensure that `jinja2` is installed. If you are using a virtualenv, this
 should be a matter of `pip install Jinja2`. On debian, try `apt-get install
 python-jinja2`.
 Once this is complete, and the server has been restarted, try visiting
 `https://<server>/_matrix/consent`. If correctly configured, this should give
 an error "Missing string query parameter 'u'". It is now possible to manually
 construct URIs where users can give their consent.
 ### Constructing the consent URI
 It may be useful to manually construct the "consent URI" for a given user - for
 instance, in order to send them an email asking them to consent. To do this,
 take the base `https://<server>/_matrix/consent` URL and add the following
 query parameters:
 * `u`: the user id of the user. This can either be a full MXID
   (`@user:server.com`) or just the localpart (`user`).
 * `h`: hex-encoded HMAC-SHA256 of `u` using the `form_secret` as a key. It is
   possible to calculate this on the commandline with something like:
   ```bash
   echo -n '<user>' | openssl sha256 -hmac '<form_secret>'
   ```
   This should result in a URI which looks something like:
   `https://<server>/_matrix/consent?u=<user>&h=68a152465a4d...`.
 Sending users a server notice asking them to agree to the policy
 ----------------------------------------------------------------
 It is possible to configure Synapse to send a [server
 notice](server_notices.md) to anybody who has not yet agreed to the current
 version of the policy. To do so:
 * ensure that the consent resource is configured, as in the previous section
 * ensure that server notices are configured, as in [server_notices.md](server_notices.md).
 * Add `server_notice_content` under `user_consent` in `homeserver.yaml`. For
   example:
   ```yaml
   user_consent:
     server_notice_content:
       msgtype: m.text
       body: >-
         Please give your consent to the privacy policy at %(consent_uri)s.
   ```
   Synapse automatically replaces the placeholder `%(consent_uri)s` with the
   consent uri for that user.
 * ensure that `public_baseurl` is set in `homeserver.yaml`, and gives the base
   URI that clients use to connect to the server. (It is used to construct
   `consent_uri` in the server notice.)
 Blocking users from using the server until they agree to the policy
 -------------------------------------------------------------------
 Synapse can be configured to block any attempts to join rooms or send messages
 until the user has given their agreement to the policy. (Joining the server
 notices room is exempted from this).
 To enable this, add `block_events_error` under `user_consent`. For example:
 ```yaml
 user_consent:
  block_events_error: >-
    You can't send any messages until you consent to the privacy policy at
    %(consent_uri)s.
 ```
 Synapse automatically replaces the placeholder `%(consent_uri)s` with the
 consent uri for that user.
 ensure that `public_baseurl` is set in `homeserver.yaml`, and gives the base
 URI that clients use to connect to the server. (It is used to construct
 `consent_uri` in the error.)
--- a/docs/manhole.md
+++ b/docs/manhole.md
@ -0,0 +1,43 @@
 Using the synapse manhole
 =========================
 The "manhole" allows server administrators to access a Python shell on a running
 Synapse installation. This is a very powerful mechanism for administration and
 debugging.
 To enable it, first uncomment the `manhole` listener configuration in
 `homeserver.yaml`:
 ```yaml
 listeners:
  - port: 9000
    bind_addresses: ['::1', '127.0.0.1']
    type: manhole
 ```
 (`bind_addresses` in the above is important: it ensures that access to the
 manhole is only possible for local users).
 Note that this will give administrative access to synapse to **all users** with
 shell access to the server. It should therefore **not** be enabled in
 environments where untrusted users have shell access.
 Then restart synapse, and point an ssh client at port 9000 on localhost, using
 the username `matrix`:
 ```bash
 ssh -p9000 matrix@localhost
 ```
 The password is `rabbithole`.
 This gives a Python REPL in which `hs` gives access to the
 `synapse.server.HomeServer` object - which in turn gives access to many other
 parts of the process.
 As a simple example, retrieving an event from the database:
 ```
 >>> hs.get_datastore().get_event('$1416420717069yeQaw:matrix.org')
 <Deferred at 0x7ff253fc6998 current result: <FrozenEvent event_id='$1416420717069yeQaw:matrix.org', type='m.room.create', state_key=''>>
 ```
--- a/docs/privacy_policy_templates/README.md
+++ b/docs/privacy_policy_templates/README.md
@ -1,23 +0,0 @@
 If enabling the 'consent' resource in synapse, you will need some templates
 for the HTML to be served to the user. This directory contains very simple
 examples of the sort of thing that can be done.
 You'll need to add this sort of thing to your homeserver.yaml:
 ```
 form_secret: <unique but arbitrary secret>
 user_consent:
  template_dir: docs/privacy_policy_templates
  version: 1.0
 ```
 You should then be able to enable the `consent` resource under a `listener`
 entry. For example:
 ```
 listeners:
  - port: 8008
    resources:
      - names: [client, consent]
 ```
--- a/docs/server_notices.md
+++ b/docs/server_notices.md
@ -0,0 +1,68 @@
 Server Notices
 ==============
 'Server Notices' are a new feature introduced in Synapse 0.30. They provide a
 channel whereby server administrators can send messages to users on the server.
 They are used as part of communication of the server polices(see
 [consent_tracking.md](consent_tracking.md)), however the intention is that 
 they may also find a use for features such as "Message of the day".
 This is a feature specific to Synapse, but it uses standard Matrix
 communication mechanisms, so should work with any Matrix client.
 User experience
 ---------------
 When the user is first sent a server notice, they will get an invitation to a
 room (typically called 'Server Notices', though this is configurable in
 `homeserver.yaml`). They will be **unable to reject** this invitation -
 attempts to do so will receive an error.
 Once they accept the invitation, they will see the notice message in the room
 history; it will appear to have come from the 'server notices user' (see
 below).
 The user is prevented from sending any messages in this room by the power
 levels. They also cannot leave it.
 Synapse configuration
 ---------------------
 Server notices come from a specific user id on the server. Server
 administrators are free to choose the user id - something like `server` is
 suggested, meaning the notices will come from
 `@server:<your_server_name>`. Once the Server Notices user is configured, that
 user id becomes a special, privileged user, so administrators should ensure
 that **it is not already allocated**.
 In order to support server notices, it is necessary to add some configuration
 to the `homeserver.yaml` file. In particular, you should add a `server_notices`
 section, which should look like this:
 ```yaml
 server_notices:
   system_mxid_localpart: server
   system_mxid_display_name: "Server Notices"
   room_name: "Server Notices"
 ```
 The only compulsory setting is `system_mxid_localpart`, which defines the user
 id of the server notices user, as above. `system_mxid_display_name` and
 `room_name` define the displayname of the system notices user, and of
 the notices room, respectively.
 Sending notices
 ---------------
 As of the current version of synapse, there is no convenient interface for
 sending notices (other than the automated ones sent as part of consent
 tracking).
 In the meantime, it is possible to test this feature using the manhole. Having
 gone into the manhole as described in [manhole.md](manhole.md), a notice can be
 sent with something like:
 ```
 >>> hs.get_server_notices_manager().send_notice('@user:server.com', {'msgtype':'m.text', 'body':'foo'})
 ```