From 6939a3d6d319c896b525a70c1b4ab697968e7458 Mon Sep 17 00:00:00 2001 From: Jayesh Nirve Date: Mon, 13 Feb 2023 12:06:20 +0530 Subject: [PATCH] fix: only add element related entries to client well-known if element is enabled (#2453) * fix: only add element related entries to client well-known if element is enabled * Fix matrix-base/defaults/main.yml syntax --------- Co-authored-by: Slavi Pantaleev --- roles/custom/matrix-base/defaults/main.yml | 14 +++++++++++--- roles/custom/matrix-base/tasks/validate_config.yml | 3 +++ .../static-files/well-known/matrix-client.j2 | 11 ++++++----- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 6a9901717..e72142c37 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -154,17 +154,25 @@ matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming # Controls whether Element should use End-to-End Encryption by default. # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md -matrix_client_element_e2ee_default: true +matrix_well_known_matrix_client_io_element_e2ee_default: true # Controls whether Element should require a secure backup set up before Element can be used. # Setting this to true will update `/.well-known/matrix/client` and tell Element require a secure backup. # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md -matrix_client_element_e2ee_secure_backup_required: false +matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required: false # Controls which backup methods from ["key", "passphrase"] should be used, both is the default. # Setting this to other then empty will update `/.well-known/matrix/client` and tell Element which method to use # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md -matrix_client_element_e2ee_secure_backup_setup_methods: [] +matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods: [] + +# Controls whether element related entries should be added to the client well-known. Override this to false to hide +# element related well-known entries. +# By default if any of the following change from their default this is set to true: +# `matrix_well_known_matrix_client_io_element_e2ee_default` +# `matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required` +# `matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods` +matrix_well_known_matrix_client_io_element_e2ee_entries_enabled: "{{ not matrix_well_known_matrix_client_io_element_e2ee_default or matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required or matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods | length > 0 }}" # Default `/.well-known/matrix/client` configuration - it covers the generic use case. # You can customize it by controlling the various variables inside the template file that it references. diff --git a/roles/custom/matrix-base/tasks/validate_config.yml b/roles/custom/matrix-base/tasks/validate_config.yml index cd6d20cdd..ab06ffcd6 100644 --- a/roles/custom/matrix-base/tasks/validate_config.yml +++ b/roles/custom/matrix-base/tasks/validate_config.yml @@ -18,6 +18,9 @@ - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'} - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'} - {'old': 'matrix_local_bin_path', 'new': ''} + - {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_well_known_matrix_client_io_element_e2ee_default'} + - {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required'} + - {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods'} # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message. - name: Fail if matrix_homeserver_generic_secret_key is undefined diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 4595bed11..63b2c812f 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -31,13 +31,14 @@ "map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json" } {% endif %} - , + {% if matrix_well_known_matrix_client_io_element_e2ee_entries_enabled %}, "io.element.e2ee": { - "default": {{ matrix_client_element_e2ee_default|to_json }}, - "secure_backup_required": {{ matrix_client_element_e2ee_secure_backup_required|to_json }}, - "secure_backup_setup_methods": {{ matrix_client_element_e2ee_secure_backup_setup_methods|to_json }} + "default": {{ matrix_well_known_matrix_client_io_element_e2ee_default|to_json }}, + "secure_backup_required": {{ matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required|to_json }}, + "secure_backup_setup_methods": {{ matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods|to_json }} }, + {% if matrix_well_known_matrix_client_io_element_e2ee_entries_enabled %}, "im.vector.riot.e2ee": { - "default": {{ matrix_client_element_e2ee_default|to_json }} + "default": {{ matrix_well_known_matrix_client_io_element_e2ee_default|to_json }} } }