Allow blocking invites from people you don't share a room with

Matrix currently has a significant moderation loophole, thanks to invites. Right now, anyone can invite anyone to a room - and clients like NeoChat will gladly display these rooms to them and even give you a notification. However, this creates a pretty easy attack since room names and avatars are arbitrary and this is a known vector of harassment in the Matrix community. There's currently no tools to block this server-side, so let's try to improve the situation where we can. This adds a new setting to the Security page, wherein it allows you to block invites from people you don't share a room with. This prevents the notification from appearing and NeoChat will attempt to leave the room immediately. Since this depends on MSC 2666 - a currently unstable feature - the server may not support it and NeoChat will disable the setting in this case.
2024-07-25 15:03:22 -04:00
parent 83c6ce0ace
commit 07fee30cc0
8 changed files with 123 additions and 18 deletions
--- a/src/settings/NeoChatSecurityPage.qml
+++ b/src/settings/NeoChatSecurityPage.qml
@@ -16,6 +16,32 @@ FormCard.FormCardPage {

    title: i18nc("@title", "Security")

+    FormCard.FormHeader {
+        title: i18nc("@title:group", "Invitations")
+    }
+    FormCard.FormCard {
+        FormCard.FormCheckDelegate {
+            text: i18nc("@option:check", "Reject invitations from unknown users")
+            description: connection.canCheckMutualRooms ? i18n("If enabled, NeoChat will reject invitations from from users you don't share a room with.") : i18n("Your server does not support this setting.")
+            checked: Config.rejectUnknownInvites
+            enabled: !Config.isRejectUnknownInvitesImmutable && connection.canCheckMutualRooms
+            onToggled: {
+                Config.rejectUnknownInvites = checked;
+                Config.save();
+            }
+        }
+    }
+    FormCard.FormHeader {
+        title: i18nc("@title:group", "Ignored Users")
+    }
+    FormCard.FormCard {
+        FormCard.FormButtonDelegate {
+            text: i18nc("@action:button", "Manage ignored users")
+            onClicked: root.ApplicationWindow.window.pageStack.push(ignoredUsersDialogComponent, {}, {
+                title: i18nc("@title:window", "Ignored Users")
+            });
+        }
+    }
    FormCard.FormHeader {
        title: i18nc("@title", "Keys")
    }
@@ -33,17 +59,6 @@ FormCard.FormCardPage {
            description: i18n("Device id")
        }
    }
-    FormCard.FormHeader {
-        title: i18nc("@title:group", "Ignored Users")
-    }
-    FormCard.FormCard {
-        FormCard.FormButtonDelegate {
-            text: i18nc("@action:button", "Manage ignored users")
-            onClicked: pageStack.pushDialogLayer(ignoredUsersDialogComponent, {}, {
-                title: i18nc("@title:window", "Ignored Users")
-            });
-        }
-    }

    Component {
        id: ignoredUsersDialogComponent