Allow deanonymizing phone numbers for abuse handling

[scy]

• Have a list of “abusive” phone number hashes (initially empty).
• The admin can add hashes to that list if they abuse the system.
• Every time a raw phone number is being hashed (by the number class, I guess?) it will be compared to this list.
• If the hash matches an entry on the list, store the hash and its corresponding number in a (to-be-created) “de-anonymizing” database table.

A good spot to implement this would probably be in the is_allowed (or something like that) check in the number class, as it checks the number for policy reasons anyway and thus should be called in central places. Also, it does have database access (or at least it had once while I implemented it, don’t think it does currently … 🤔 but it should).

[jbethune]

I see that there is a check for blocked numbers:

dearmep/server/dearmep/models.py

Line 421 in 4c0e537

if self.matches_filter(config.blocked_numbers):

However, this check is done against the values in the config file. Should the "abusive" phone number hashes also be stored in the config file or should we use a database table? If it is the latter case: Once we have a match, should the entry in the abusive-hashes table be removed once we have written an entry (hashed+unhashed) in the "de-anonymizing” database table?

Should we maybe also move the blocked phone numbers into the database?

Also, it does have database access (or at least it had once while I implemented it, don’t think it does currently … 🤔 but it should).

It currently doesn't. Should we pass in a Session as a method parameter?

[scy]

I see that there is a check for blocked numbers:

dearmep/server/dearmep/models.py

Line 421 in 4c0e537

if self.matches_filter(config.blocked_numbers):

Yeah, but I'm not 100 % sure if hooking the de-anonymizing into that place is the best way to do it. There are some additional spots in the code that deal with unhashed phone numbers (though not many), e.g. the scheduler.

However, this check is done against the values in the config file. Should the "abusive" phone number hashes also be stored in the config file or should we use a database table? If it is the latter case: Once we have a match, should the entry in the abusive-hashes table be removed once we have written an entry (hashed+unhashed) in the "de-anonymizing” database table?

Good questions. I don't have a strong opinion on either of these. If we're using the database instead of the config file, we should provide a CLI command, too.

Should we maybe also move the blocked phone numbers into the database?

No. We can talk about having an additional block list in the database, for numbers that are added and deleted on the fly (if there ever is such a thing), but having at least some of them in the config allows adding them to version control.

Also, it does have database access (or at least it had once while I implemented it, don’t think it does currently … 🤔 but it should).

It currently doesn't. Should we pass in a Session as a method parameter?

Guess we'd have to. Note that it's also called from UserPhone.is_allowed().