Shout - Private Messaging for Flarum

TOWUK

Kyrne good! awesome!

Yalfoosh

regarding this: nexromant I've had this issue on Firefox, but what I'd noticed is that when sending the message it didn't ask me to set it up (with the password). Also, I've got this:

I switched to Chrome in order to give you a better log (as you've already taught me to do), but when I logged in chrome and went into messages, it asked me to set it up, with a password, and then it worked!

Hope this helps.

EDIT: More info on this, seems to happen in incognito mode. When I use Firefox normally, it asks me to set up private messaging normally and I can access messages. In incognito mode it doesn't ask me to set it up, I can't send messages and I can't see the messages I received.

The really WEIRD thing is that despite it not being set up in incognito, when I initially sent my messages I got a message indicator. But when I opened it there were no messages to see.

Kyrne

You guys are crazy! Let me go through each question.

[deleted] so you got it fixed? If not I'll proceed with the change.

iPurpl3x No, the admins would have to know their password, that's why they are asked a second time after logging in. It also has a detection that sends the other user (not being impersonated) if you even attempt to view their messages (it will fail anyways).

danielunited on desktop I assume? This is totally doable and is like halfway done already just because of mobile support. Maybe I'll add this as an option in the future.

clarkwinkelmann I'm going to fix that up.

Yalfoosh you will only be asked for the password 1 time per device (until cache is cleared). I'll look into the Firefox issue.

Edit: looks like my hands are tied: https://bugzilla.mozilla.org/show_bug.cgi?id=1639542
I could use local storage as a fallback.

Kyrne

[deleted]

0.1.6

Add option to let users make their own password - setting in admin.
- If you already have at least 1 encryption key set up and decide to switch to this option you will need to truncate user_encryption_keys and set PMSetup to 0 for those users in the users table. To clarify, if you don't use anything like Github login, Wordpress integration, etc. This is not necessary.
- If you use these services at all I would encourage you to enable this as those users won't be able to use the ex
Markdown support
- Plaintext links will be automatically turned into actual links
- Markdown image embed works but you can't click the image to open it up bigger. I recommend the FancyBox Extension.
- Emoji's are supported too now. On desktop you can type them using : just like discord. There is no helper however to help users get the emoji names correct.
- The markdown is sanitized so don't try any XSS ya freaking script kiddies
Message previews before sending (like when editing a post) to help with markdown formatting
Negative unread messages fix
- It will not be fixed right away but will slowly resolve itself as messages are sent.

Updating:

composer update kyrne/shout
php flarum migrate
php flarum cache:clear

Yalfoosh The fix for this is not included in this update, I'm still trying to work on a solution (why can't Firefox just be normal?)

[deleted]

Kyrne so you got it fixed? If not I'll proceed with the change.

No. That was just a test. As I'm using WordPress to handle authentication, I need a way to set a password if there isn't one.

HD3D

Kyrne Typo error in "Enter a paassword to setup private messages."

Also, it is really confusing for users to use password option, can't we have an option in admin panel if we want our users to set up password or not?

Yalfoosh

Kyrne You're insanely fast! However, I don't think emojis work (2 different messages):

[deleted]

Kyrne Upgraded successfully (it seems to 0.1.7), truncated the table, and set PMSetup to 0 for all users. Now I am unable to set any password - it responds with the below

EDIT: Spoke to @Kyrne on Discord. Seems it's a caching issue of sorts - all working now !

Kyrne

HD3D whoops, fixed.

The password is required for the extension to work securely. What part of it is confusing?

HD3D

Kyrne The confusing part is that what if they choose a new password other than their account's password and later on the forget the password, are they gonna be able to recover it?

Kyrne

HD3D if you forget you password you lost access to all your old messages. This is true of every encrypted messaging service.

Mark73

Kyrne I'm 100% against admins accessing users private messages. But losing access to all old messages because you forgot the PMs password? Well that's a negative point...

HD3D

Kyrne In this case, I think you should let us (admins) to decide if we want our users to set up shout password or let them use it without password.

I understand that you want your extension to work securely sir but you can do it on your site and on our sites you can let us decide.

And if you can please disable the setup option and make it default that everyone should have Private Messaging option enabled. (Imagine I'm an admin and I need to wait for my users to set up their inbox in order to message them?) 😕
I should be able to message them without this restriction

Kyrne

Mark73 the only other secure way around this is to have users download a copy of their keys (which is totally doable) to import later if they forget the password.

Mark73

Kyrne Not the best way as we all know how people want everything to be as simple as possible. Yet, I'm glad there is a way to recover old messages, definitely considering this

Kyrne

Yalfoosh nope. That update wasn't supposed to add full emoji support (and I guess it didn't add it at all). I'll try to hook flarum/emoji.

Mark73 interesting read: https://www.forbes.com/sites/anthonykosner/2012/08/05/how-secure-is-your-cloud-take-the-mud-puddle-test/#76fcfd506627

Kyrne

Yalfoosh not sure if joyful is an emoji. Try :1234:

Yalfoosh

Kyrne

am I doing something wrong?

Yalfoosh

HD3D Why don't you simply use Byobu then? It's more polished and has more features.

HD3D

Yalfoosh I'm already using byobu but I thought Shout could be more useful and easy for users but the restrictions to shout are making it impossible for me to use

Kyrne

HD3D shout was built around the concept of private, encrypted messages. The 2 are essentially inseparable without a lot of work.

I'm still lost as to how the password aspect makes it impossible to use? Websites run on passwords and if you lose them for encryption you're SOL on any truly secure messaging service.

I'm going to stand firm on encryption only. I will be adding a feature shortly where you can force a user to setup their encryption before they can continue to use the site (on a per user or whole site level)

« Previous Page Next Page »