Add encrypted mobile notifications support

Complete testing can't be performed without first setting up a copy of the modified app from MOBILE-4214

The following testing can be carried out regardless of changes to the MOBILE app.

Setup

1. Ensure that your site is available globally (e.g. use ngrok)
2. Register with the Airnotifier service (https://apps.moodle.com/)
3. Navigate to Site administration -> Messaging -> Mobile
4. Put the Airnotifier access key in place
5. Ensure that you have a course with the following enrolled:
   • Your admin user
   • A student user
6. Login to the site on the app using a student account
7. Open the "Messaging" app
8. Choose the "Settings" cog icon
9. Ensure that the "Mobile" checkbox is ticked

Test existing notifications with encryption disabled

1. Login to the site as an administrator
2. Navigate to Site administration -> Messaging -> Mobile
3. Ensure that the setting `message_airnotifier | encryptnotifications` is off
4. On the site as the admin, send a message to the student account
   1. Confirm the expected notification message arrived on the mobile device as normal

Test existing notifications with encryption enabled but no device keys

1. Login to the site as an administrator
2. Navigate to Site administration -> Messaging -> Mobile
3. Turn setting `message_airnotifier | encryptnotifications` to on
4. On the site as the admin, send a message to the student account
   1. Confirm the expected notification message arrived on the mobile device as normal

Testing encrypted notifications

1. Open message/output/airnotifier/message_output_airnotifier.php in your editor
2. Find the send_message function
3. Add the following just before the call to $curl->post($serverurl, json_encode($params));:

   // !!! MDL-76722: START OF TESTING HACK !!!

   file_put_contents(make_temp_directory('mdl76722') . '/payload.json', json_encode($params));

   // !!! MDL-76722: END OF TESTING HACK !!!

   // JSON POST raw body request.

   $resp = $curl->post($serverurl, json_encode($params));

4. Grab the mdl76722.php file from this issue and place it into your moodle root
5. Grab the userid of the student you have been messaging
6. Run the script to generate a keypair (replace 42 by the actual user id):

   php mdl76722.php -u=42

7. The script will output the public key and then wait
8. Send another message to the student
   1. Confirm that the notification arrived on the mobile device, but was not decrypted
      NOTE: If you have an updated mobile app with MOBILE-4214 then it still won't work because this script will overwrite the public key with a new one.
      We do not have access to the private key as it is securely stored in the app.
      You will need to have the app generate a new keypair and then use that to encrypt the message after testing completes.
9. Back in the CLI, press [enter] in the script
   1. Confirm that the message was decrypted
10. Repeat with a really, really, really long message. It needs to be at least 4,000 bytes of json data.
11. Back in the CLI, press [enter] in the script
    1. Confirm that the message was decrypted
    2. Confirm that the short message told you to "Tap to view"
    3. Confirm that the full message was empty
       Note: The mobile messaging does not actually put any content in the fullmessagehtml field.

Testing with the App

An Android version of the app is already available as an APK which can be manually installed.

Ping Andrew for access to this with the required configuration.

Testing with Android

Note: you must run this test after the previous test, otherwise you'll have to either:

• Log into the app with a different Moodle user (student)
• Log out and log back into the app (and possibly clear the user_devices table too)

Android Emulator

If you do not have a real Android device, then you can use the Android Emulator from Android Studio.

1. Download the Studio from https://developer.android.com/studio
2. Install the Studio (this takes a while, and requires more heavy downloads)
3. From the "More options" menu, open the "Virtual Device Manager"
4. Create a virtual device for a recent device, against a recent version of Android OS
5. Start your virtual device
6. Drag + Drop the apk into the running device

Real device + Emulator

1. Open a connection to your database server
2. Check for the list of entries in the mdl_user_devices table:

   select * from mdl_user_devices;

3. Open message/output/airnotifier/message_output_airnotifier.php in your editor
4. Find the send_message function
5. Replace the payload.json line you added earlier with a simple error_log call dumping the JSON:

   error_log("Sending a payload to {$serverurl} with content " . json_encode($params));

6. Log in to your Moodle site as the student in the app
7. Check the list of device entries again using the above query
   1. Confirm that there is a new entry for this device
   2. Confirm that the publickey field is populated
8. In the Web client, message the student
   1. Confirm that a notification appeared on the device
9. Check your web server error logs and find the log entry for "Sending a payload to ..."
   1. Confirm that the encrypted field is populated
   2. Confirm that the following keys look like garbage (because they're encrypted):
      Note: Not all fields are always present
      1. userfromfullname
      2. userfromid
      3. sitefullname
      4. smallmessage
      5. fullmessage
      6. fullmessagehtml
      7. subject
      8. contexturl