Add config options for how much to obfuscate email addresses in 3rd party invites #311
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When inviting a user via their email address using Sydent, a third party invite event is injected into the room using an obfuscated version of the invitee's email address (to prevent This PR adds two new config options to sydent:
email.third_party_invite_username_obfuscate_characters
- for obfuscating the text before the@
signemail.third_party_invite_domain_obfuscate_characters - for obfuscating the text after the
@` signInstead of only truncating the string, I decided to keep the old behaviour of redacting based on string length (only if the string's length is <= the configured threshold). The old behaviour ensured that a full email address is never shown, even if it is very short (e.g. a@a.co), which is a property I believe we want to uphold.
Reviewable commit-by-commit.