Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-77893

Encrypted mobile notifications follow-ups

    XMLWordPrintable

Details

    • MOODLE_402_STABLE
    • MOODLE_402_STABLE
    • MDL-77893-master
    • Hide

      Setup

      1. Ensure that your site is available globally (e.g. use ngrok)
      2. Register with the Airnotifier service (https://apps.moodle.com/)
      3. Navigate to Site administration -> Messaging -> Mobile
      4. Put the Airnotifier access key in place
      5. Ensure that you have a course with the following enrolled:
        • Your admin user
        • A student user
      6. Login to the site on the app using a student account
      7. Open the "Messaging" app
      8. Choose the "Settings" cog icon
      9. Ensure that the "Mobile" checkbox is ticked
      10. Intall the .apk file (available in MDL-76722) in an Android device

      Test existing notifications with encryption disabled

      1. Login to the site as an administrator
      2. Navigate to Site administration -> Messaging -> Mobile
      3. Ensure that the setting `message_airnotifier | encryptnotifications` is off
      4. On the site as the admin, send a private message to the student account
        1. Confirm the expected notification message arrived on the mobile device as normal

      Test existing large notifications (over 4kb) with encryption disabled

      1. Using https://www.lipsum.com/ generate a text of 4000 words
      2. On the site as the admin, send a private message to the student account copying the previous text
      3. Confirm you receive a push notification that just says "Tap to view"

      Test notifications with encryption and default settings work

      1. Login to the site as an administrator
      2. Navigate to Site administration -> Messaging -> Mobile
      3. Ensure that the setting `message_airnotifier | encryptnotifications` is on
      4. On the site as the admin, send a private message to the student account
        1. Confirm the expected notification message arrived on the mobile device as normal

      Test notifications when encryption is enabled and device not support encryption works as expected

      1. Access the Moodle site database, and edit the "user_devices" table to remove the "publickey" field (you have to set it to NULL) for the student device row
      2. Login to the site as an administrator
      3. Navigate to Site administration -> Messaging -> Mobile
      4. Ensure that the setting `message_airnotifier | encryptnotifications` is on
      5. Ensure that the setting `message_airnotifier | encryptprocessing` is set to Do not send notifications at all
      6. On the site as the admin, send a private message to the student account
        1. Confirm the notification did not arrive
      7. Login to the site as an administrator
      8. Navigate to Site administration -> Messaging -> Mobile
      9. Ensure that the setting `message_airnotifier | encryptnotifications` is on
      10. Ensure that the setting `message_airnotifier | encryptprocessing` is set to Send notifications without encryption
      11. On the site as the admin, send a private message to the student account
        1. Confirm the expected notification message arrived on the mobile device as normal
      Show
      Setup Ensure that your site is available globally (e.g. use ngrok) Register with the Airnotifier service ( https://apps.moodle.com/ ) Navigate to Site administration -> Messaging -> Mobile Put the Airnotifier access key in place Ensure that you have a course with the following enrolled: Your admin user A student user Login to the site on the app using a student account Open the "Messaging" app Choose the "Settings" cog icon Ensure that the "Mobile" checkbox is ticked Intall the .apk file (available in MDL-76722 ) in an Android device Test existing notifications with encryption disabled Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is off On the site as the admin, send a private message to the student account Confirm the expected notification message arrived on the mobile device as normal Test existing large notifications (over 4kb) with encryption disabled Using https://www.lipsum.com/ generate a text of 4000 words On the site as the admin, send a private message to the student account copying the previous text Confirm you receive a push notification that just says "Tap to view" Test notifications with encryption and default settings work Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is on On the site as the admin, send a private message to the student account Confirm the expected notification message arrived on the mobile device as normal Test notifications when encryption is enabled and device not support encryption works as expected Access the Moodle site database, and edit the "user_devices" table to remove the "publickey" field (you have to set it to NULL) for the student device row Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is on Ensure that the setting `message_airnotifier | encryptprocessing` is set to Do not send notifications at all On the site as the admin, send a private message to the student account Confirm the notification did not arrive Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is on Ensure that the setting `message_airnotifier | encryptprocessing` is set to Send notifications without encryption On the site as the admin, send a private message to the student account Confirm the expected notification message arrived on the mobile device as normal

    Description

      Including here some additional improvements in the existing features discovered by dpalou  while testing the MOBILE side in MOBILE-4214

      1. Along with the new WebService core_user_update_user_device_public_key, I think it would be nice to also modify the existing WS core_user_add_user_device to add a new optional parameter: the publickey. This way for new sites the app can supply the publickey in the same request used to add the new device and we can avoid performing an extra request just to store the key.
      2. We use a customised version of airnotifier to deliver push notifications to the app. One of the improvements we did, to decrease the payload size, is that we only send a field named "body" to the app and we remove smallmessage, fullmessage and fullmessagehtml from the notification payload:
        message = extra.get('smallmessage', None)
        if not message:
            message = extra.get('fullmessage', None)
        extra["smallmessage"] = None
        extra["fullmessage"] = None
        extra["fullmessagehtml"] = None
        Maybe we can do something similar in LMS if the payload size is bigger than 4000 to decrease the chances of having to display "Tap to view". E.g. we can put the first valid text in smallmessage and get rid of the others, as long as this doesn't cause problems with the public Airnotifier branch (not our private fork). (fullmessage and fullmessagehtml are not currently used by the Moodle app at all, so it is safe to avoid sending them). This will also improve performance in large sites sending lots of notifications (a considerable smallest payload). Please notice that this is also compatible to existing community Airnotifier instances because the code retrieving the notification from the small message has been there since the beginning.
      3.  If I understood it right, if a device doesn't have a publickey then the notification is sent without being encrypted. It can happen that a site enables encryption but some devices don't have a public key because the app hasn't been updated yet or the device hasn't used the app in a while. In this case the sensitive data will still be sent to the push servers but the admin might think it isn't because he enabled encryption. Maybe we shouldn't send the notification to that device, or maybe we should create a new setting so the admin can decide whether to send them or not. For devices not supporting encryption: [Do not send notifications at all | Send notifications without encryption](encryption will be supported only in Android 6.0 and iOS 13 and up)
      4. The code that controls the size of the payload (and try to reduce it when needed) was inside the function that does the encryption, I think it would be good to have this also for non-encrypted push
      5. There was a bug in the way $extra->encrypted was set, it has to be set/reset for every device cause the user can have multiple devices and some of them support notifications while others not

      Attachments

        Issue Links

          Activity

            People

              jleyva Juan Leyva
              jleyva Juan Leyva
              Dani Palou Dani Palou
              Andrew Lyons Andrew Lyons
              Andrew Lyons Andrew Lyons
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 hours, 25 minutes
                  4h 25m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.