From 75349b38b752a3e9067d45bff83c77e83091a25e Mon Sep 17 00:00:00 2001
From: gredin67 <gredin67@sans-nuage.fr>
Date: Thu, 19 Jan 2023 10:08:18 +0100
Subject: [PATCH] restructure allowed_local_3pids

---
 conf/homeserver.yaml |  6 ++----
 config_panel.toml    | 51 ++++++++++++++++++++++++++------------------
 scripts/install      |  9 ++++++--
 scripts/upgrade      | 18 ++++++++++++----
 4 files changed, 53 insertions(+), 31 deletions(-)

diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml
index e146d78..f45de3c 100644
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
@@ -1283,9 +1283,7 @@ disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__
 # Mandate that users are only allowed to associate certain formats of
 # 3PIDs with accounts on this server.
 #
-allowed_local_3pids:
-  - medium: __REGISTRATIONS_REQUIRE_3PID__
-    pattern: __ALLOWED_LOCAL_3PIDS__
+#allowed_local_3pids:
 #  - medium: email
 #    pattern: '^[^@]+@vector\.im$'
 #  - medium: msisdn
@@ -1293,7 +1291,7 @@ allowed_local_3pids:
 
 # Enable 3PIDs lookup requests to identity servers from this server.
 #
-#enable_3pid_lookup: true
+enable_3pid_lookup: __ENABLE_3PID_LOOKUP__
 
 # Require users to submit a token during registration.
 # Tokens can be managed using the admin API:
diff --git a/config_panel.toml b/config_panel.toml
index fa45bc4..b709cca 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -25,27 +25,27 @@ services = ["matrix-__APP__"]
         visible = "! enable_registration"
 
         [main.welcome.registrations_require_3pid]
-        ask = "Register only with all following types of 3PID."
+        ask = "Registration requires all following 3PID personal identifier."
         type = "select"
-        choices = ["false","email", "msidn", "email&msisdn"]
+        choices = ["false","email", "msisdn", "email&msisdn"]
         help = "Defaults to: 'email'. Phone number: 'msisdn'"
         visible = "enable_registration"
 
-        [main.welcome.allowed_local_3pids]
-        ask = "Register only with given formats of 3PIDs."
-        type = "string"
-        help = '''
-        allowed_local_3pids:
-          - medium: email
-            pattern: '^[^@]+@matrix\.org$'
-          - medium: msisdn
-            pattern: '\+33'
-        '''
-        visible = "registrations_require_3pid != 'false'"
+        [main.welcome.allowed_local_3pids_email]
+        ask = "Register only with given email formats."
+        type = "tags"
+        help = "'^[^@]+@matrix\.org$'"
+        visible = 'enable_registration && (registrations_require_3pid == "email" || registrations_require_3pid == "email&msisdn")'
+
+        [main.welcome.allowed_local_3pids_msisdn]
+        ask = "Register only with given phone number formats."
+        type = "tags"
+        help = "'\+33'"
+        visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
 
         [main.welcome.auto_join_rooms]
         ask = "Auto Join new Users in following Rooms:"
-        type = "string"
+        type = "tags"
         help = "Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting."
         bind = ":/etc/matrix-__APP__/homeserver.yaml"
 
@@ -105,9 +105,9 @@ services = ["matrix-__APP__"]
     name = "User Experience"
 
         [main.experience.web_client_location]
-        ask = "URL to the web client which / will redirect to."
+        ask = "Element instance your HomeServer should redirect to."
         type = "url"
-        help = "Basically Element instance the server should redirect to."
+        help = "URL to the web client which / will redirect to."
         bind = ":/etc/matrix-__APP__/homeserver.yaml"
 
         [main.experience.enable_group_creation]
@@ -115,7 +115,7 @@ services = ["matrix-__APP__"]
         type = "boolean"
         yes = true
         no = false
-        help = "Defaults to 'false'."
+        help = "Disabled by default: only server admins can create Spaces"
         bind = ":/etc/matrix-__APP__/homeserver.yaml"
 
         [main.experience.enable_notifs]
@@ -131,6 +131,7 @@ services = ["matrix-__APP__"]
         type = "url"
         help = "Used to be called 'riot_base_url', still supported"
         bind = ":/etc/matrix-__APP__/homeserver.yaml"
+        visible = "enable_notifs"
 
 [resources]
 name = "Resource Usage"
@@ -150,11 +151,11 @@ name = "Advanced Settings"
 services = ["matrix-__APP__"]
 
     [advanced.help]
-    name = "ONLY CHANGE THIS IF YOU'RE AN EXPERT IN SERVER ADMINISTRATION"
+    name = "SETTINGS FOR EXPERTS IN SERVER ADMINISTRATION"
 
         [advanced.help.text]
         ask = '''
-        **There are security and privacy risks if you change these settings without knowing what you do!**
+        !!There are security and privacy risks if you change these settings without knowing what you do!!
         '''
         type = "markdown"
 
@@ -166,7 +167,7 @@ services = ["matrix-__APP__"]
             type = "boolean"
             yes = true
             no = false
-            help = "!!If disabled, do a manual backup before upgrade!! Enable if your Synapse instance is huge and you prefer to disable the backup that is normally automatically done before each upgrade."
+            help = "!! If disabled, do a manual backup before upgrade !! Disable if your Synapse instance is huge and you prefer to disable the backup that is normally automatically done before each upgrade."
 
             [advanced.others.server_statistics]
             ask = "Server statistics"
@@ -204,10 +205,18 @@ services = ["matrix-__APP__"]
     [advanced.privacy]
     name = "Data Privacy"
 
+            [advanced.privacy.enable_3pid_lookup]
+            ask = "Allow discovering friends with phone number or email?"
+            type = "boolean"
+            yes = true
+            no = false
+            help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element."
+            bind = ":/etc/matrix-__APP__/homeserver.yaml"
+
             [advanced.privacy.default_identity_server]
             ask = "Identity server suggested to clients?"
             type = "url"
-            help = "By default, no suggestion is made, so it is left up to the client."
+            help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element."
             bind = ":/etc/matrix-__APP__/homeserver.yaml"
 
             [advanced.privacy.allow_public_rooms_without_auth]
diff --git a/scripts/install b/scripts/install
index 15679d6..5557af4 100644
--- a/scripts/install
+++ b/scripts/install
@@ -91,17 +91,20 @@ then
     turn_allow_guests="false"
     sso_enabled="true"
     password_enabled="false"
+    enable_3pid_lookup="false"
 else
     enable_registration="true"
     turn_allow_guests="true"
     sso_enabled="false"
     password_enabled="true"
+    enable_3pid_lookup="true"
 fi
 
 ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
 ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
 ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
 ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
+ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 
 #=================================================
 ## SET STANDARD SETTINGS FROM DEFAULT CONFIG
@@ -130,7 +133,8 @@ max_upload_size="10M"
 disable_msisdn_registration="true"
 registrations_require_3pid="email"
 # here we need sed magic to transform $server_name
-allowed_local_3pids="'^[^@]+@""matrix""\.org$'"
+allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'"
+allowed_local_3pids_msisdn="'\+33'"
 allow_guest_access="false"
 default_identity_server="https://matrix.org"
 auto_join_rooms="#auto_join_room:""$server_name"
@@ -151,7 +155,8 @@ ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=
 ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
 ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
 ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
-ynh_app_setting_set --app=$app --key=allowed_local_3pids --value=$allowed_local_3pids
+ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
+ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
 ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
 ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
 ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
diff --git a/scripts/upgrade b/scripts/upgrade
index 693a710..6f38269 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -70,7 +70,8 @@ allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_
 max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size)
 disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration)
 registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid)
-allowed_local_3pids=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids)
+allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email)
+allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn)
 allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access)
 default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server)
 auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms)
@@ -84,6 +85,7 @@ enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration)
 turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests)
 sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled)
 password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled)
+enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup)
 
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
@@ -274,10 +276,15 @@ then
   registrations_require_3pid="email"
   ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
 fi
-if [ -z "$allowed_local_3pids" ]
+if [ -z "$allowed_local_3pids_email" ]
 then
-  allowed_local_3pids="'^[^@]+@""matrix""\.org$'"
-  ynh_app_setting_set --app=$app --key=allowed_local_3pids --value=$allowed_local_3pids
+  allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'"
+  ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
+fi
+if [ -z "$allowed_local_3pids_msisdn" ]
+then
+  allowed_local_3pids_msisdn="'\+33'"
+  ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
 fi
 if [ -z "$allow_guest_access" ]
 then
@@ -328,16 +335,19 @@ then
       turn_allow_guests="false"
       sso_enabled="true"
       password_enabled="false"
+      enable_3pid_lookup="false"
   else
       enable_registration="true"
       turn_allow_guests="true"
       sso_enabled="false"
       password_enabled="true"
+      enable_3pid_lookup="true"
   fi
   ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
   ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
   ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
   ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
+  ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 fi
 
 #=================================================