diff options
| author | Travis Ralston <travpc@gmail.com> | 2018-11-06 03:32:34 -0700 |
|---|---|---|
| committer | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2018-11-06 10:32:34 +0000 |
| commit | 0f5e51f726756318f355d988856730a9930e2d2f (patch) | |
| tree | f01b2b5e438f669497e24dad108b23cb4a81ba7c /docs | |
| parent | handle empty backups according to latest spec proposal (#4123) (diff) | |
| download | synapse-0f5e51f726756318f355d988856730a9930e2d2f.tar.xz | |
Add config variables for enabling terms auth and the policy name (#4142)
So people can still collect consent the old way if they want to.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/consent_tracking.md | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/docs/consent_tracking.md b/docs/consent_tracking.md index 3634d13d4f..c586b5f0b6 100644 --- a/docs/consent_tracking.md +++ b/docs/consent_tracking.md @@ -81,9 +81,40 @@ should be a matter of `pip install Jinja2`. On debian, try `apt-get install python-jinja2`. Once this is complete, and the server has been restarted, try visiting -`https://<server>/_matrix/consent`. If correctly configured, you should see a -default policy document. It is now possible to manually construct URIs where -users can give their consent. +`https://<server>/_matrix/consent`. If correctly configured, this should give +an error "Missing string query parameter 'u'". It is now possible to manually +construct URIs where users can give their consent. + +### Enabling consent tracking at registration + +1. Add the following to your configuration: + + ```yaml + user_consent: + require_at_registration: true + policy_name: "Privacy Policy" # or whatever you'd like to call the policy + ``` + +2. In your consent templates, make use of the `public_version` variable to + see if an unauthenticated user is viewing the page. This is typically + wrapped around the form that would be used to actually agree to the document: + + ``` + {% if not public_version %} + <!-- The variables used here are only provided when the 'u' param is given to the homeserver --> + <form method="post" action="consent"> + <input type="hidden" name="v" value="{{version}}"/> + <input type="hidden" name="u" value="{{user}}"/> + <input type="hidden" name="h" value="{{userhmac}}"/> + <input type="submit" value="Sure thing!"/> + </form> + {% endif %} + ``` + +3. Restart Synapse to apply the changes. + +Visiting `https://<server>/_matrix/consent` should now give you a view of the privacy +document. This is what users will be able to see when registering for accounts. ### Constructing the consent URI @@ -108,7 +139,8 @@ query parameters: Note that not providing a `u` parameter will be interpreted as wanting to view the document from an unauthenticated perspective, such as prior to registration. -Therefore, the `h` parameter is not required in this scenario. +Therefore, the `h` parameter is not required in this scenario. To enable this +behaviour, set `require_at_registration` to `true` in your `user_consent` config. Sending users a server notice asking them to agree to the policy |