Make the default value for the 'trusted' checkbox configurable

Also remove the `message_storage` setting.

CHANGES.md

@@ -14,7 +14,8 @@
 - Support for rendering URLs sent according to XEP-0066 Out of Band Data.
 - Geo-URIs (e.g. from Conversations) are now replaced by links to openstreetmap (works in reverse also)
 - Add a checkbox to indicate whether a trusted device is being used or not.
-  If the device is not trusted, then all user data is deleted from the cache upon logout.
+  If the device is not trusted, sessionStorage is used and all user data is deleted from the browser cache upon logout.
+  If the device is trusted, localStorage is used and user data is cached indefinitely.
 
 ### Bugfixes
 

docs/source/configuration.rst

@@ -927,28 +927,6 @@ Message carbons is the XEP (Jabber protocol extension) specifically drafted to
 solve this problem, while `forward_messages`_ uses
 `stanza forwarding <http://www.xmpp.org/extensions/xep-0297.html>`_
 
-message_storage
-----------------
-
-* Default:  ``session``
-
-Valid options: ``session``, ``local``.
-
-This option determines the type of `browser storage <https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Storage>`_
-(``localStorage`` or ``sessionStorage``) used by converse.js to cache messages (private and group).
-
-The main difference between the two is that `sessionStorage` only persists while
-the current tab or window containing a converse.js instance is open. As soon as
-it's closed, the data is cleared.
-
-Data in `localStorage` on the other hand is kept indefinitely, which can have
-privacy implications on public computers or when multiple people are using the
-same computer.
-
-See also the `storage`_ option, which applies to other cached data, such as
-which chats you have open, what features the XMPP server supports and what
-your online status is.
-
 muc_disable_moderator_commands
 ------------------------------
 
@@ -1269,17 +1247,20 @@ privacy perspective a better choice.
 
 The main difference between the two is that `sessionStorage` only persists while
 the current tab or window containing a converse.js instance is open. As soon as
-it's closed, the data is cleared.
+it's closed, the data is cleared (as long as there aren't any other tabs with
+the same domain open).
 
 Data in `localStorage` on the other hand is kept indefinitely.
 
-The data that is cached includes which chats you had open, what features the
-XMPP server supports and what your online status was.
+The data that is cached includes your sent and received messages, which chats you had
+open, what features the XMPP server supports and what your online status was.
+
+See also `trusted`_.
+
+.. note::
+    When the user checks the checkbox labeled "This is a trusted device", then
+    the storage setting will automatically be set to localStorage.
 
-Since version 1.0.7, the store for messages is now configurable separately with
-the `message_storage`_ option, to allow you to cache messages for longer in the
-browser (with `localStorage`) while still using `sessionStorage` for other
-data.
 
 .. note::
     Between versions 0.8.0 and 1.0.7, setting the value of this option to "local"
@@ -1295,6 +1276,7 @@ data.
     storage), to address the above issue.
 
 
+
 sticky_controlbox
 -----------------
 
@@ -1352,6 +1334,21 @@ If set to ``false``, this feature is disabled.
 
 If set to ``a resource name``, converse.js will synchronize only with a client that has that particular resource assigned to it.
 
+trusted
+-------
+
+* Default: ``true``
+
+This setting determines whether the default value of the "This is a trusted device" checkbox in the login form.
+
+When the current device is not trusted, then localStorage and sessionStorage
+will be cleared when the user logs out, thereby removing all cached data.
+
+Clearing the cache in this way makes Converse.js much slower when the user logs
+in again, because all data needs to be fetch anew.
+
+See also `storage`_.
+
 time_format
 -----------
 

spec/login.js

@@ -41,5 +41,43 @@
                 done();
             });
         }));
+
+        it("checkbox can be set to false by default",
+            mock.initConverseWithPromises(
+                null, ['connectionInitialized', 'chatBoxesInitialized'],
+                { auto_login: false,
+                  trusted: false,
+                  allow_registration: false },
+                function (done, _converse) {
+
+            test_utils.waitUntil(() => _converse.chatboxviews.get('controlbox'))
+            .then(function () {
+                var cbview = _converse.chatboxviews.get('controlbox');
+                test_utils.openControlBox();
+                const checkboxes = cbview.el.querySelectorAll('input[type="checkbox"]');
+                expect(checkboxes.length).toBe(1);
+
+                const checkbox = checkboxes[0];
+                const label = cbview.el.querySelector(`label[for="${checkbox.getAttribute('id')}"]`);
+                expect(label.textContent).toBe('This is a trusted device');
+                expect(checkbox.checked).toBe(false);
+
+                cbview.el.querySelector('input[name="jid"]').value = 'dummy@localhost';
+                cbview.el.querySelector('input[name="password"]').value = 'secret';
+
+                spyOn(cbview.loginpanel, 'connect');
+                cbview.delegateEvents();
+
+                expect(_converse.storage).toBe('session');
+                cbview.el.querySelector('input[type="submit"]').click();
+                expect(_converse.storage).toBe('session');
+                expect(cbview.loginpanel.connect).toHaveBeenCalled();
+
+                checkbox.click();
+                cbview.el.querySelector('input[type="submit"]').click();
+                expect(_converse.storage).toBe('local');
+                done();
+            });
+        }));
     });
 }));

src/converse-bookmarks.js

@@ -52,12 +52,12 @@
             // New functions which don't exist yet can also be added.
 
             clearSession () {
-                this.__super__.clearSession.apply(this, arguments);
                 if (!_.isUndefined(this.bookmarks)) {
                     this.bookmarks.reset();
                     this.bookmarks.browserStorage._clear();
                     window.sessionStorage.removeItem(this.bookmarks.fetched_flag);
                 }
+                this.__super__.clearSession.apply(this, arguments);
             },
 
             ChatRoomView: {
@@ -261,9 +261,7 @@
 
                     const cache_key = `converse.room-bookmarks${_converse.bare_jid}`;
                     this.fetched_flag = b64_sha1(cache_key+'fetched');
-                    this.browserStorage = new Backbone.BrowserStorage[_converse.storage](
-                        b64_sha1(cache_key)
-                    );
+                    this.browserStorage = new Backbone.BrowserStorage[_converse.storage](b64_sha1(cache_key));
                 },
 
                 openBookmarkedRoom (bookmark) {

src/converse-chatboxes.js

@@ -249,7 +249,7 @@
                         this.addRelatedContact(_converse.roster.findWhere({'jid': this.get('jid')}));
                     });
                     this.messages = new _converse.Messages();
-                    this.messages.browserStorage = new Backbone.BrowserStorage[_converse.message_storage](
+                    this.messages.browserStorage = new Backbone.BrowserStorage[_converse.storage](
                         b64_sha1(`converse.messages${this.get('jid')}${_converse.bare_jid}`));
                     this.messages.chatbox = this;
 

src/converse-controlbox.js

@@ -478,6 +478,7 @@
                     if (!this.validate()) { return; }
 
                     const form_data = new FormData(ev.target);
+                    _converse.trusted = form_data.get('trusted');
                     _converse.storage = form_data.get('trusted') ? 'local' : 'session';
 
                     let jid = form_data.get('jid');

src/converse-core.js

@@ -322,7 +322,6 @@
                 'pl', 'pt_BR', 'ru', 'tr', 'uk', 'zh_CN', 'zh_TW'
             ],
             message_carbons: true,
-            message_storage: 'session',
             nickname: undefined,
             password: undefined,
             prebind_url: null,
@@ -336,6 +335,7 @@
             storage: 'session',
             strict_plugin_dependencies: false,
             synchronize_availability: true,
+            trusted: true,
             view_mode: 'overlayed', // Choices are 'overlayed', 'fullscreen', 'mobile'
             websocket_url: undefined,
             whitelisted_plugins: []
@@ -652,6 +652,10 @@
             if (!_.isUndefined(this.session) && this.session.browserStorage) {
                 this.session.browserStorage._clear();
             }
+            if (!_converse.trusted) {
+                window.localStorage.clear();
+                window.sessionStorage.clear();
+            }
         };
 
         this.logOut = function () {

src/templates/login_panel.html

@@ -19,7 +19,7 @@
                 </div>
                 {[ } ]}
                 <div class="form-group form-check">
-                    <input id="converse-login-trusted" type="checkbox" class="form-check-input" name="trusted" checked="checked">
+                    <input id="converse-login-trusted" type="checkbox" class="form-check-input" name="trusted" {[ if (o._converse.trusted) { ]} checked="checked" {[ } ]}>
                     <label for="converse-login-trusted" class="form-check-label">{{{o.__('This is a trusted device')}}}</label>
                     <i class="fa fa-info-circle" data-toggle="popover"
                        data-title="Trusted device?"