Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78072

Add support for encrypted Mobile notifications (backport of MDL-76722)

    XMLWordPrintable

Details

    • MOODLE_401_STABLE
    • MOODLE_401_STABLE
    • MDL-78072-401
    • Hide

      Setup

      1. Ensure that your site is available globally (e.g. use ngrok)
      2. Register with the Airnotifier service (https://apps.moodle.com/)
      3. Navigate to Site administration -> Messaging -> Mobile
      4. Put the Airnotifier access key in place
      5. Ensure that you have a course with the following enrolled:
        • Your admin user
        • A student user
      6. Login to the site on the app using a student account
      7. Open the "Messaging" app
      8. Choose the "Settings" cog icon
      9. Ensure that the "Mobile" checkbox is ticked

      Testing with the App

      An Android version of the app is already available as an APK which can be manually installed.

      Testing with Android

      • Log into the app with a Moodle user (student)

      Android Emulator

      If you do not have a real Android device, then you can use the Android Emulator from Android Studio.

      1. Download the Studio from https://developer.android.com/studio
      2. Install the Studio (this takes a while, and requires more heavy downloads)
      3. From the "More options" menu, open the "Virtual Device Manager"
      4. Create a virtual device for a recent device, against a recent version of Android OS
      5. Start your virtual device
      6. Drag + Drop the apk into the running device

      Real device + Emulator

      1. Open a connection to your database server
      2. Check for the list of entries in the mdl_user_devices table:

        select * from mdl_user_devices;
        

      3. Open message/output/airnotifier/message_output_airnotifier.php in your editor
      4. Find the send_message function
      5. Add the following just before the call to $curl->post($serverurl, json_encode($params));:

        // !!! MDL-76722: START OF TESTING HACK !!!
        error_log("Sending a payload to {$serverurl} with content " . json_encode($params));
        // !!! MDL-76722: END OF TESTING HACK !!!
         
        // JSON POST raw body request.
        $resp = $curl->post($serverurl, json_encode($params));
        

      6. Log in to your Moodle site as the student in the app
      7. Check the list of device entries again using the above query
        1. Confirm that there is a new entry for this device
        2. Confirm that the publickey field is populated
      8. In the App, open Messages -> Settings
      9. Enable "Mobile" notifications
      10. In the Web client, message the student as another user
        1. Confirm that a notification appeared on the device
      11. Check your web server error logs and find the log entry for "Sending a payload to ..."
        1. Confirm that the encrypted field is populated
        2. Confirm that the following keys look like garbage (because they're encrypted):
          Note: Not all fields are always present
          1. userfromfullname
          2. userfromid
          3. sitefullname
          4. smallmessage
          5. fullmessage
          6. fullmessagehtml
          7. subject
          8. contexturl

      Test existing notifications with Sodium unavailable

      1. Edit lib/classes/encryption.php
        1. Find the is_sodium_installed() function
        2. Change it to return false; before the extension check.
      2. On the site as the admin, send a private message to the student account
        1. Confirm the expected notification message arrived on the mobile device as normal
      3. Login to the site as an administrator
      4. Navigate to Site administration -> Messaging -> Mobile
      5. Ensure that the setting `message_airnotifier | encryptnotifications` is on
      6. Ensure that the setting `message_airnotifier | encryptprocessing` is set to Do not send notifications at all
      7. On the site as the admin, send a private message to the student account
        1. Confirm the expected notification message DID NOT arrive on the student device
      8. Undo the change to the file

      Test existing notifications with encryption disabled

      1. Login to the site as an administrator
      2. Navigate to Site administration -> Messaging -> Mobile
      3. Ensure that the setting `message_airnotifier | encryptnotifications` is off
      4. On the site as the admin, send a private message to the student account
        1. Confirm the expected notification message arrived on the mobile device as normal

      Test existing large notifications (over 4kb) with encryption disabled

      1. Navigate to Site administration -> Messaging -> Mobile
      2. Re-enable encryption
      3. Using https://www.lipsum.com/ generate a text of 4000 words
      4. On the site as the admin, send a private message to the student account copying the previous text
        1. Confirm you receive a push notification that just says "Tap to view"
      5. Disable encryption
      6. On the site as the admin, send a private message to the student account copying the previous text
        1. Confirm you receive a push notification that just says "Tap to view"

      Test notifications with encryption and default settings work

      1. Login to the site as an administrator
      2. Navigate to Site administration -> Messaging -> Mobile
      3. Ensure that the setting `message_airnotifier | encryptnotifications` is on
      4. On the site as the admin, send a private message to the student account
        1. Confirm the expected notification message arrived on the mobile device as normal

      Test notifications when encryption is enabled and device not support encryption works as expected

      1. Access the Moodle site database, and edit the "user_devices" table to remove the "publickey" field (you have to set it to NULL) for the student device row
      2. Login to the site as an administrator
      3. Navigate to Site administration -> Messaging -> Mobile
      4. Ensure that the setting `message_airnotifier | encryptnotifications` is on
      5. Ensure that the setting `message_airnotifier | encryptprocessing` is set to Do not send notifications at all
      6. On the site as the admin, send a private message to the student account
        1. Confirm the notification did not arrive
      7. Login to the site as an administrator
      8. Navigate to Site administration -> Messaging -> Mobile
      9. Ensure that the setting `message_airnotifier | encryptnotifications` is on
      10. Ensure that the setting `message_airnotifier | encryptprocessing` is set to Send notifications without encryption
      11. On the site as the admin, send a private message to the student account
        1. Confirm the expected notification message arrived on the mobile device as normal

      Unit tests

      1. Open the following files in your editor:

        ./vendor/bin/phpunit user/tests/devicekey_test.php
        ./vendor/bin/phpunit user/tests/external/update_user_device_public_key_test.php
        

      2. Find the line just above the class definition in each file:

         * @requires extension sodium
        

      3. Change it to:

         * @requires extension salt
        

      4. Initialise phpuit
      5. Run the following tests:

        ./vendor/bin/phpunit user/tests/devicekey_test.php
        ./vendor/bin/phpunit user/tests/external/update_user_device_public_key_test.php
        

        1. Confirm they are skipped
      Show
      Setup Ensure that your site is available globally (e.g. use ngrok) Register with the Airnotifier service ( https://apps.moodle.com/ ) Navigate to Site administration -> Messaging -> Mobile Put the Airnotifier access key in place Ensure that you have a course with the following enrolled: Your admin user A student user Login to the site on the app using a student account Open the "Messaging" app Choose the "Settings" cog icon Ensure that the "Mobile" checkbox is ticked Testing with the App An Android version of the app is already available as an APK which can be manually installed. Testing with Android Log into the app with a Moodle user (student) Android Emulator If you do not have a real Android device, then you can use the Android Emulator from Android Studio. Download the Studio from https://developer.android.com/studio Install the Studio (this takes a while, and requires more heavy downloads) From the "More options" menu, open the "Virtual Device Manager" Create a virtual device for a recent device, against a recent version of Android OS Start your virtual device Drag + Drop the apk into the running device Real device + Emulator Open a connection to your database server Check for the list of entries in the mdl_user_devices table: select * from mdl_user_devices; Open message/output/airnotifier/message_output_airnotifier.php in your editor Find the send_message function Add the following just before the call to $curl->post($serverurl, json_encode($params)); : // !!! MDL-76722: START OF TESTING HACK !!! error_log("Sending a payload to {$serverurl} with content " . json_encode($params)); // !!! MDL-76722: END OF TESTING HACK !!!   // JSON POST raw body request. $resp = $curl->post($serverurl, json_encode($params)); Log in to your Moodle site as the student in the app Check the list of device entries again using the above query Confirm that there is a new entry for this device Confirm that the publickey field is populated In the App, open Messages -> Settings Enable "Mobile" notifications In the Web client, message the student as another user Confirm that a notification appeared on the device Check your web server error logs and find the log entry for "Sending a payload to ..." Confirm that the encrypted field is populated Confirm that the following keys look like garbage (because they're encrypted): Note: Not all fields are always present userfromfullname userfromid sitefullname smallmessage fullmessage fullmessagehtml subject contexturl Test existing notifications with Sodium unavailable Edit lib/classes/encryption.php Find the is_sodium_installed() function Change it to return false; before the extension check. On the site as the admin, send a private message to the student account Confirm the expected notification message arrived on the mobile device as normal Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is on Ensure that the setting `message_airnotifier | encryptprocessing` is set to Do not send notifications at all On the site as the admin, send a private message to the student account Confirm the expected notification message DID NOT arrive on the student device Undo the change to the file Test existing notifications with encryption disabled Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is off On the site as the admin, send a private message to the student account Confirm the expected notification message arrived on the mobile device as normal Test existing large notifications (over 4kb) with encryption disabled Navigate to Site administration -> Messaging -> Mobile Re-enable encryption Using https://www.lipsum.com/ generate a text of 4000 words On the site as the admin, send a private message to the student account copying the previous text Confirm you receive a push notification that just says "Tap to view" Disable encryption On the site as the admin, send a private message to the student account copying the previous text Confirm you receive a push notification that just says "Tap to view" Test notifications with encryption and default settings work Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is on On the site as the admin, send a private message to the student account Confirm the expected notification message arrived on the mobile device as normal Test notifications when encryption is enabled and device not support encryption works as expected Access the Moodle site database, and edit the "user_devices" table to remove the "publickey" field (you have to set it to NULL) for the student device row Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is on Ensure that the setting `message_airnotifier | encryptprocessing` is set to Do not send notifications at all On the site as the admin, send a private message to the student account Confirm the notification did not arrive Login to the site as an administrator Navigate to Site administration -> Messaging -> Mobile Ensure that the setting `message_airnotifier | encryptnotifications` is on Ensure that the setting `message_airnotifier | encryptprocessing` is set to Send notifications without encryption On the site as the admin, send a private message to the student account Confirm the expected notification message arrived on the mobile device as normal Unit tests Open the following files in your editor: ./vendor/bin/phpunit user/tests/devicekey_test.php ./vendor/bin/phpunit user/tests/external/update_user_device_public_key_test.php Find the line just above the class definition in each file: * @requires extension sodium Change it to: * @requires extension salt Initialise phpuit Run the following tests: ./vendor/bin/phpunit user/tests/devicekey_test.php ./vendor/bin/phpunit user/tests/external/update_user_device_public_key_test.php Confirm they are skipped

    Description

      A large barrier to using the mobile app is that the notifications are not encrypted. Some organisations stick to LTS releases and it would be really useful if the 4.1 LTS could have support for encrypted mobile notifications backported - this patch also provides security and privacy benefits which would be useful to have included on the LTS branch.

      Catalyst's clients have asked that we submit this backport request for consideration by Moodle HQ.

      I note that due to the change in encryption library, the impact on the Moodle LMS core code is much smaller than the initial patch, so I'm hoping that the fact this isn't a very complex patch on the LMS side that the Integration team will be open to this being backported.

      thanks for considering it!

      Attachments

        Issue Links

          Activity

            People

              dobedobedoh Andrew Lyons
              danmarsden Dan Marsden
              Jordi Pujol-Ahulló Jordi Pujol-Ahulló
              Jun Pataleta Jun Pataleta
              Ron Carl Alfon Yu Ron Carl Alfon Yu
              Votes:
              28 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours, 22 minutes
                  5h 22m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.