From 862a9fb24ce96ed47fbbe4ea5da0030abc69a3f3 Mon Sep 17 00:00:00 2001
From: Juan Leyva <juanleyvadelgado@gmail.com>
Date: Mon, 17 Apr 2023 12:38:18 +0200
Subject: [PATCH] MDL-77893 airnotifier: Allow configuring how to process
 encrypted notifs

---
 message/output/airnotifier/classes/manager.php      |  6 ++++++
 .../airnotifier/lang/en/message_airnotifier.php     |  4 ++++
 .../airnotifier/message_output_airnotifier.php      | 11 ++++++++++-
 message/output/airnotifier/settings.php             | 13 +++++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/message/output/airnotifier/classes/manager.php b/message/output/airnotifier/classes/manager.php
index 80638488607..ed9adf5692c 100644
--- a/message/output/airnotifier/classes/manager.php
+++ b/message/output/airnotifier/classes/manager.php
@@ -37,6 +37,12 @@ class message_airnotifier_manager {
     /** @var string The Airnotifier public instance URL */
     const AIRNOTIFIER_PUBLICURL = 'https://messages.moodle.net';
 
+    /** @var int Avoid sending notifications to devices not supporting encryption */
+    const ENCRYPT_UNSUPPORTED_NOT_SEND = 0;
+
+    /** @var int Send notifications to devices not supporting encryption */
+    const ENCRYPT_UNSUPPORTED_SEND = 1;
+
     /**
      * Include the relevant javascript and language strings for the device
      * toolbox YUI module
diff --git a/message/output/airnotifier/lang/en/message_airnotifier.php b/message/output/airnotifier/lang/en/message_airnotifier.php
index 80b1ac53f9c..35de2534e7c 100644
--- a/message/output/airnotifier/lang/en/message_airnotifier.php
+++ b/message/output/airnotifier/lang/en/message_airnotifier.php
@@ -38,9 +38,12 @@ $string['configured'] = 'Configured';
 $string['deletecheckdevicename'] = 'Delete your device: {$a->name}';
 $string['deletedevice'] = 'Delete the device. Note that an app can register the device again. If the device keeps reappearing, disable it.';
 $string['devicetoken'] = 'Device token';
+$string['donotsendnotification'] = 'Do not send notifications at all';
 $string['enableprocessor'] = 'Enable mobile notifications';
 $string['encryptnotifications'] = 'Encrypt notifications';
 $string['encryptnotifications_help'] = 'Enable end-to-end encryption of app notifications where possible. Only personal data is encrypted, some data may be removed from notification payload if it can\'t be encrypted.';
+$string['encryptprocessing'] = 'For devices not supporting encryption';
+$string['encryptprocessing_desc'] = 'Please indicate what to do when the target device does not support encryption (supported only Android 6 and iOS 13 onward).';
 $string['errorretrievingkey'] = 'An error occurred while retrieving the access key. Your site must be registered to use this service. If your site is already registered, please try updating your registration. Alternatively, you can obtain an access key by creating an account on the <a href="https://apps.moodle.com">Moodle Apps Portal</a>.';
 $string['keyretrievedsuccessfully'] = 'The access key was retrieved successfully. To access Moodle app usage statistics, please create an account on the <a href="https://apps.moodle.com">Moodle Apps Portal</a>.';
 $string['messageprovidersempty'] = 'There are no mobile notifications enabled in default notification preferences.';
@@ -73,6 +76,7 @@ $string['privacy:subcontext'] = 'Message Airnotifier';
 $string['sitemustberegistered'] = 'In order to use the public Airnotifier instance, your site must be registered. Alternatively, you can obtain an access key by creating an account on the <a href="https://apps.moodle.com">Moodle Apps Portal</a>.';
 $string['showhide'] = 'Enable/disable the device.';
 $string['requestaccesskey'] = 'Request access key';
+$string['sendnotificationnotenc'] = 'Send notifications without encryption';
 $string['sendtest'] = 'Send test push notification to my devices';
 $string['sendtestconfirmation'] = 'A test push notification will be sent to the devices you use to connect to this site. Please ensure that your devices are connected to the Internet and that the mobile app is not open (since push notifications are only displayed when received in the background).';
 $string['serverconnectivityerror'] = 'This site is not able to connect to the notifications server {$a}';
diff --git a/message/output/airnotifier/message_output_airnotifier.php b/message/output/airnotifier/message_output_airnotifier.php
index de973e154e6..1873326b7d2 100644
--- a/message/output/airnotifier/message_output_airnotifier.php
+++ b/message/output/airnotifier/message_output_airnotifier.php
@@ -85,7 +85,8 @@ class message_output_airnotifier extends message_output {
         $extra->site            = $siteid;
         $extra->date            = (!empty($eventdata->timecreated)) ? $eventdata->timecreated : time();
         $extra->notification    = (!empty($eventdata->notification)) ? 1 : 0;
-        $extra->encrypted = get_config('message_airnotifier', 'encryptnotifications') == 1;
+        $encryptnotifications = get_config('message_airnotifier', 'encryptnotifications') == 1;
+        $encryptprocessing = get_config('message_airnotifier', 'encryptprocessing');
 
         // Site name.
         $site = get_site();
@@ -114,6 +115,13 @@ class message_output_airnotifier extends message_output {
                 continue;
             }
 
+            // Check if we should skip sending the notification.
+            if ($encryptnotifications && empty($devicetoken->publickey) &&
+                    $encryptprocessing == message_airnotifier_manager::ENCRYPT_UNSUPPORTED_NOT_SEND) {
+
+                continue;   // Avoid sending notifications to devices not supporting encryption.
+            }
+
             // Sending the message to the device.
             $serverurl = $CFG->airnotifierurl . ':' . $CFG->airnotifierport . '/api/v2/push/';
             $header = array('Accept: application/json', 'X-AN-APP-NAME: ' . $CFG->airnotifierappname,
@@ -123,6 +131,7 @@ class message_output_airnotifier extends message_output {
             $curl->setopt(array('CURLOPT_TIMEOUT' => 2, 'CURLOPT_CONNECTTIMEOUT' => 2));
             $curl->setHeader($header);
 
+            $extra->encrypted = $encryptnotifications;
             $extra = $this->encrypt_payload($extra, $devicetoken);
             $params = array(
                 'device'    => $devicetoken->platform,
diff --git a/message/output/airnotifier/settings.php b/message/output/airnotifier/settings.php
index ab5ebd8f3ed..c6f37272e4e 100644
--- a/message/output/airnotifier/settings.php
+++ b/message/output/airnotifier/settings.php
@@ -55,6 +55,19 @@ if ($ADMIN->fulltree) {
         false
     ));
 
+    $options = [
+        message_airnotifier_manager::ENCRYPT_UNSUPPORTED_NOT_SEND => new lang_string('donotsendnotification', 'message_airnotifier'),
+        message_airnotifier_manager::ENCRYPT_UNSUPPORTED_SEND => new lang_string('sendnotificationnotenc', 'message_airnotifier'),
+    ];
+    $settings->add(new admin_setting_configselect('message_airnotifier/encryptprocessing',
+        new lang_string('encryptprocessing', 'message_airnotifier'),
+        new lang_string('encryptprocessing_desc', 'message_airnotifier'),
+        message_airnotifier_manager::ENCRYPT_UNSUPPORTED_NOT_SEND,
+        $options
+    ));
+    $settings->hide_if('message_airnotifier/encryptprocessing', 'message_airnotifier/encryptnotifications',
+        'neq', 1);
+
     $url = new moodle_url('/message/output/airnotifier/requestaccesskey.php', array('sesskey' => sesskey()));
     $link = html_writer::link($url, get_string('requestaccesskey', 'message_airnotifier'));
     $settings->add(new admin_setting_heading('requestaccesskey', '', $link));