Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-4214

Add encrypted mobile notifications

    XMLWordPrintable

Details

    • Hide

      We need to test several scenarios here:

      Firstly, non-encrypted notifications:

      • Non-encrypted push notifications containing a lot of text (a very large forum post, for example) in this case the push will arrive without content (just with a Tap to view message). Current limit is around 4k words for the total payload
      • Non-encrypted Push notifications for Premium sites (Premium Moodle sites support multimedia and grouped notifications, for example, the user avatar for private Push messages is displayed in Android devices and conversations for the same chat are grouped in the same Push notifications instead of generating separed ones)
        • Other notifications containing images are badge awarded notifications and course completed notifications

      Secondly, encrypted notifications:

      • Encrypted push notifications for premium sites that should include multimedia or grouped notifications won't work the same:
        • multimedia elements such as images won't work
        • grouped notifications should work
      • Encrypted push notifications containing a lot of text (a very large forum post, for example will arrive without content (just with a Tap to view message), the size of an encrypted push payload is larger (maybe 3x) so a shorter text will make the push to display the "Tap to view message"

      For both cases:

      • Clicking the push notification should open the correct page in Moodle: a forum post, a course, a private conversation, etc...

      To also test:

      • The Push test under Mobile notification settings in Moodle LMS should continue working
      • The Apps Portal functionality for BMAs to send non-encrypted custom Push notifications should still work
      • Sending Push notifications directly via Airnotifier should work (using a curl command calling Airnotifier's API)
      Show
      We need to test several scenarios here: Firstly, non-encrypted notifications: Non-encrypted push notifications containing a lot of text (a very large forum post, for example) in this case the push will arrive without content (just with a Tap to view message). Current limit is around 4k words for the total payload Non-encrypted Push notifications for Premium sites (Premium Moodle sites support multimedia and grouped notifications, for example, the user avatar for private Push messages is displayed in Android devices and conversations for the same chat are grouped in the same Push notifications instead of generating separed ones) Other notifications containing images are badge awarded notifications and course completed notifications Secondly, encrypted notifications: Encrypted push notifications for premium sites that should include multimedia or grouped notifications won't work the same: multimedia elements such as images won't work grouped notifications should work Encrypted push notifications containing a lot of text (a very large forum post, for example will arrive without content (just with a Tap to view message), the size of an encrypted push payload is larger (maybe 3x) so a shorter text will make the push to display the "Tap to view message" For both cases: Clicking the push notification should open the correct page in Moodle: a forum post, a course, a private conversation, etc... To also test: The Push test under Mobile notification settings in Moodle LMS should continue working The Apps Portal functionality for BMAs to send non-encrypted custom Push notifications should still work Sending Push notifications directly via Airnotifier should work (using a curl command calling Airnotifier's API)
    • MOODLE_400_STABLE
    • MDL-76722-encrypted_notifications
    • Moodle App 4.2.0

    Description

      Encrypt mobile notifications should be encrypted so the AirNotifier server and platform notification service (Firebase/APN) cannot read user data.

      Fields to encrypt:

      • userfromfullname
      • smallmessage,
      • fullmessage
      • fullmessagehtml
      • subject
      • customdata

       

      A key pair should be generated on the device to be stored in the device keychain (Hardware module if possible).
      The public key will be registered against the device in Moodle (user_devices table).
      If the setting `tool_mobile/encryptnotifications` is on the relevant notification fields will be encrypted.
      When the device receives an encrypted notification it will be decrypted using the private key.

       

      Push wrapper: https://github.com/alexmorrisnz/push-wrapper

      phonegap-plugin-push: https://github.com/alexmorrisnz/phonegap-plugin-push/tree/MDL-76722-encrypted_notifications

      Attachments

        Issue Links

          Activity

            People

              alexmorris Alexander Morris
              alexmorris Alexander Morris
              Dani Palou Dani Palou
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated: