Add config options for how much to obfuscate email addresses in 3rd party invites #311
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This endpoint is currently only accepting email addresses, which is why I didn't make it generic (or support msisdn's).
turt2live
pushed a commit
that referenced
this pull request
Sep 11, 2020
…arty invites (#311) When inviting a user via their email address using Sydent, a third party invite event is injected into the room using an obfuscated version of the invitee's email address (to prevent This PR adds two new config options to sydent: * `email.third_party_invite_username_obfuscate_characters` - for obfuscating the text before the `@` sign * `email.third_party_invite_domain_obfuscate_characters - for obfuscating the text after the `@` sign Instead of only truncating the string, I decided to keep the old behaviour of redacting based on string length (only if the string's length is <= the configured threshold). The old behaviour ensured that a full email address is never shown, even if it is very short (e.g. a@a.co), which is a property I believe we want to uphold.
anoadragon453
added a commit
that referenced
this pull request
Oct 13, 2020
…har (#316) #311 had a typo in it which can be seen here: https://github.com/matrix-org/sydent/pull/311/files#diff-7d63b60d76737089d460f16b53428930d3b0dedbcf3e26a396155a5f22fee3b3L161-R172 This is the code that obfuscates email addresses when creating a 3PID invite for them in a room. `s[:3]` was changed to `s[3]`, which mean that if we were inviting `abcdef@example.com` and config options were set so that this codepath was run, we'd end up with `d...@example.com` instead of `abc...@example.com`, as we were returning the 4th character (`s[3]`), instead of returning everything in the string up to the 4th character (`s[:3]`). This PR fixes that typo.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When inviting a user via their email address using Sydent, a third party invite event is injected into the room using an obfuscated version of the invitee's email address (to prevent This PR adds two new config options to sydent:
email.third_party_invite_username_obfuscate_characters- for obfuscating the text before the@signemail.third_party_invite_domain_obfuscate_characters - for obfuscating the text after the@` signInstead of only truncating the string, I decided to keep the old behaviour of redacting based on string length (only if the string's length is <= the configured threshold). The old behaviour ensured that a full email address is never shown, even if it is very short (e.g. a@a.co), which is a property I believe we want to uphold.
Reviewable commit-by-commit.