Merge branch 'develop' into e2e-async-key-exchange

.changeset/brown-lobsters-join.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Resolved an issue with the room type filter not being reset after navigating between admin sections.

.changeset/five-monkeys-applaud.md

@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+fixes not being able to reinstall app after installation failure

.changeset/friendly-months-attack.md

@@ -0,0 +1,6 @@
+---
+'@rocket.chat/i18n': minor
+'@rocket.chat/meteor': minor
+---
+
+Implement E2EE warning callouts letting users know that encrypted messages can't be searched and auditted on search contextual bar and audit panel.

.changeset/happy-cameras-mix.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixed an issue where private encrypted room creation was being forced even when E2EE feature was disabled.

.changeset/happy-windows-drum.md

@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed an issue that allowed saveSettings method to save NaN values on numeric settings.

.changeset/heavy-dolphins-lie.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixes the issue where the modal backdrop is overlapping the options of the `Select` component

.changeset/hungry-waves-lick.md

@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed file name being incorrectly sent from the client when uploading assets

.changeset/metal-candles-float.md

@@ -0,0 +1,13 @@
+---
+"@rocket.chat/meteor": minor
+"@rocket.chat/core-typings": patch
+"@rocket.chat/i18n": patch
+---
+
+Implemented a new "Pending Users" tab on the users page to list users who have not yet been activated and/or have not logged in for the first time. 
+Additionally, added a "Pending Action" column to aid administrators in identifying necessary actions for each user. Incorporated a "Reason for Joining" field 
+into the user info contextual bar, along with a callout for exceeding the seats cap in the users page header. Finally, introduced a new logic to disable user creation buttons upon surpassing the seats cap.
+
+
+
+

.changeset/mighty-oranges-wait.md

@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": minor
+"@rocket.chat/i18n": minor
+---
+
+Added a "LDAP group validation strategy" setting to LDAP channels and roles sync in order to enable faster syncs

.changeset/nasty-windows-reply.md

@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": minor
+---
+
+Moves the quotes to be on top of the message for better readability

.changeset/plenty-buses-kneel.md

@@ -0,0 +1,6 @@
+---
+'@rocket.chat/i18n': minor
+'@rocket.chat/meteor': minor
+---
+
+Disable "Reply in direct message", "Copy link" and "Forward message" message menu items for encrypted messages as they don't apply to encrypted messages and also disable apps menu items and show a warning.

.changeset/popular-bulldogs-accept.md

@@ -0,0 +1,6 @@
+---
+'@rocket.chat/i18n': patch
+'@rocket.chat/meteor': patch
+---
+
+Disable slash commands in encrypted rooms and show a disabled warning.

.changeset/rare-dancers-own.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Adds the missing `ignoreThreads` param fixing the issue not allowing ignoring threads when overriding retention policy

.changeset/red-cheetahs-heal.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixes a cosmetic issue where emoji picker object and symbols category icon are swapped

.changeset/spotty-seals-whisper.md

@@ -0,0 +1,6 @@
+---
+'@rocket.chat/uikit-playground': minor
+'@rocket.chat/meteor': minor
+---
+
+Upgrades fuselage-toastbar version in order to add RTL support to the component

.changeset/ten-stingrays-eat.md

@@ -0,0 +1,7 @@
+---
+"@rocket.chat/meteor": minor
+"@rocket.chat/core-typings": minor
+"@rocket.chat/i18n": minor
+---
+
+Added the possibility to choose the time unit (days, hours, minutes) to the global retention policy settings

apps/meteor/app/2fa/server/functions/resetTOTP.ts

@@ -4,6 +4,7 @@ import { Meteor } from 'meteor/meteor';
 
 import { i18n } from '../../../../server/lib/i18n';
 import { isUserIdFederated } from '../../../../server/lib/isUserIdFederated';
+import { notifyOnUserChange } from '../../../lib/server/lib/notifyListener';
 import * as Mailer from '../../../mailer/server/api';
 import { settings } from '../../../settings/server';
 
@@ -68,6 +69,14 @@ export async function resetTOTP(userId: string, notifyUser = false): Promise<boo
 
 	if (result?.modifiedCount === 1) {
 		await Users.unsetLoginTokens(userId);
+
+		void notifyOnUserChange({
+			clientAction: 'updated',
+			id: userId,
+			diff: {
+				'services.resume.loginTokens': [],
+			},
+		});
 		return true;
 	}
 

apps/meteor/app/2fa/server/methods/validateTempToken.ts

@@ -2,6 +2,7 @@ import { Users } from '@rocket.chat/models';
 import type { ServerMethods } from '@rocket.chat/ui-contexts';
 import { Meteor } from 'meteor/meteor';
 
+import { notifyOnUserChangeAsync } from '../../../lib/server/lib/notifyListener';
 import { TOTP } from '../lib/totp';
 
 declare module '@rocket.chat/ui-contexts' {
@@ -43,11 +44,25 @@ Meteor.methods<ServerMethods>({
 
 		// Once the TOTP is validated we logout all other clients
 		const { 'x-auth-token': xAuthToken } = this.connection?.httpHeaders ?? {};
-		if (xAuthToken) {
+		if (xAuthToken && this.userId) {
 			const hashedToken = Accounts._hashLoginToken(xAuthToken);
 
-			if (!(await Users.removeNonPATLoginTokensExcept(this.userId, hashedToken))) {
-				throw new Meteor.Error('error-logging-out-other-clients', 'Error logging out other clients');
+			const { modifiedCount } = await Users.removeNonPATLoginTokensExcept(this.userId, hashedToken);
+
+			if (modifiedCount > 0) {
+				// TODO this can be optmized so places that care about loginTokens being removed are invoked directly
+				// instead of having to listen to every watch.users event
+				void notifyOnUserChangeAsync(async () => {
+					if (!this.userId) {
+						return;
+					}
+					const userTokens = await Users.findOneById(this.userId, { projection: { 'services.resume.loginTokens': 1 } });
+					return {
+						clientAction: 'updated',
+						id: this.userId,
+						diff: { 'services.resume.loginTokens': userTokens?.services?.resume?.loginTokens },
+					};
+				});
 			}
 		}
 

apps/meteor/app/api/server/api.ts

@@ -14,9 +14,11 @@ import { Restivus } from 'meteor/rocketchat:restivus';
 import _ from 'underscore';
 
 import { isObject } from '../../../lib/utils/isObject';
+import { getNestedProp } from '../../../server/lib/getNestedProp';
 import { getRestPayload } from '../../../server/lib/logger/logPayloads';
 import { checkCodeForUser } from '../../2fa/server/code';
 import { hasPermissionAsync } from '../../authorization/server/functions/hasPermission';
+import { notifyOnUserChangeAsync } from '../../lib/server/lib/notifyListener';
 import { metrics } from '../../metrics/server';
 import { settings } from '../../settings/server';
 import { getDefaultUserFields } from '../../utils/server/functions/getDefaultUserFields';
@@ -848,6 +850,19 @@ export class APIClass<TBasePath extends string = ''> extends Restivus {
 				},
 			);
 
+			// TODO this can be optmized so places that care about loginTokens being removed are invoked directly
+			// instead of having to listen to every watch.users event
+			void notifyOnUserChangeAsync(async () => {
+				const userTokens = await Users.findOneById(this.user._id, { projection: { [tokenPath]: 1 } });
+				if (!userTokens) {
+					return;
+				}
+
+				const diff = { [tokenPath]: getNestedProp(userTokens, tokenPath) };
+
+				return { clientAction: 'updated', id: this.user._id, diff };
+			});
+
 			const response = {
 				status: 'success',
 				data: {

apps/meteor/app/api/server/lib/rooms.ts

@@ -98,6 +98,7 @@ export async function findAdminRoomsAutocomplete({ uid, selector }: { uid: strin
 			name: 1,
 			t: 1,
 			avatarETag: 1,
+			encrypted: 1,
 		},
 		limit: 10,
 		sort: {

apps/meteor/app/api/server/lib/users.ts

@@ -154,6 +154,7 @@ export async function findPaginatedUsersByStatus({
 		lastLogin: 1,
 		type: 1,
 		reason: 1,
+		federated: 1,
 	};
 
 	const actualSort: Record<string, 1 | -1> = sort || { username: 1 };

apps/meteor/app/api/server/v1/misc.ts

@@ -24,6 +24,7 @@ import { SystemLogger } from '../../../../server/lib/logger/system';
 import { getLogs } from '../../../../server/stream/stdout';
 import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 import { passwordPolicy } from '../../../lib/server';
+import { notifyOnSettingChangedById } from '../../../lib/server/lib/notifyListener';
 import { settings } from '../../../settings/server';
 import { getDefaultUserFields } from '../../../utils/server/functions/getDefaultUserFields';
 import { isSMTPConfigured } from '../../../utils/server/functions/isSMTPConfigured';
@@ -687,27 +688,49 @@ API.v1.addRoute(
 				setDeploymentAs: String,
 			});
 
+			const settingsIds: string[] = [];
+
 			if (this.bodyParams.setDeploymentAs === 'new-workspace') {
-				await Promise.all([
-					Settings.resetValueById('uniqueID', process.env.DEPLOYMENT_ID || uuidv4()),
-					// Settings.resetValueById('Cloud_Url'),
-					Settings.resetValueById('Cloud_Service_Agree_PrivacyTerms'),
-					Settings.resetValueById('Cloud_Workspace_Id'),
-					Settings.resetValueById('Cloud_Workspace_Name'),
-					Settings.resetValueById('Cloud_Workspace_Client_Id'),
-					Settings.resetValueById('Cloud_Workspace_Client_Secret'),
-					Settings.resetValueById('Cloud_Workspace_Client_Secret_Expires_At'),
-					Settings.resetValueById('Cloud_Workspace_Registration_Client_Uri'),
-					Settings.resetValueById('Cloud_Workspace_PublicKey'),
-					Settings.resetValueById('Cloud_Workspace_License'),
-					Settings.resetValueById('Cloud_Workspace_Had_Trial'),
-					Settings.resetValueById('Cloud_Workspace_Access_Token'),
-					Settings.resetValueById('Cloud_Workspace_Access_Token_Expires_At', new Date(0)),
-					Settings.resetValueById('Cloud_Workspace_Registration_State'),
-				]);
+				settingsIds.push(
+					'Cloud_Service_Agree_PrivacyTerms',
+					'Cloud_Workspace_Id',
+					'Cloud_Workspace_Name',
+					'Cloud_Workspace_Client_Id',
+					'Cloud_Workspace_Client_Secret',
+					'Cloud_Workspace_Client_Secret_Expires_At',
+					'Cloud_Workspace_Registration_Client_Uri',
+					'Cloud_Workspace_PublicKey',
+					'Cloud_Workspace_License',
+					'Cloud_Workspace_Had_Trial',
+					'Cloud_Workspace_Access_Token',
+					'uniqueID',
+					'Cloud_Workspace_Access_Token_Expires_At',
+				);
 			}
 
-			await Settings.updateValueById('Deployment_FingerPrint_Verified', true);
+			settingsIds.push('Deployment_FingerPrint_Verified');
+
+			const promises = settingsIds.map((settingId) => {
+				if (settingId === 'uniqueID') {
+					return Settings.resetValueById('uniqueID', process.env.DEPLOYMENT_ID || uuidv4());
+				}
+
+				if (settingId === 'Cloud_Workspace_Access_Token_Expires_At') {
+					return Settings.resetValueById('Cloud_Workspace_Access_Token_Expires_At', new Date(0));
+				}
+
+				if (settingId === 'Deployment_FingerPrint_Verified') {
+					return Settings.updateValueById('Deployment_FingerPrint_Verified', true);
+				}
+
+				return Settings.resetValueById(settingId);
+			});
+
+			(await Promise.all(promises)).forEach((value, index) => {
+				if (value?.modifiedCount) {
+					void notifyOnSettingChangedById(settingsIds[index]);
+				}
+			});
 
 			return API.v1.success({});
 		},

apps/meteor/app/api/server/v1/settings.ts

@@ -13,6 +13,7 @@ import type { FindOptions } from 'mongodb';
 import _ from 'underscore';
 
 import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
+import { notifyOnSettingChanged, notifyOnSettingChangedById } from '../../../lib/server/lib/notifyListener';
 import { SettingsEvents, settings } from '../../../settings/server';
 import { setValue } from '../../../settings/server/raw';
 import { API } from '../api';
@@ -186,23 +187,34 @@ API.v1.addRoute(
 				}
 
 				if (isSettingColor(setting) && isSettingsUpdatePropsColor(this.bodyParams)) {
-					await Settings.updateOptionsById<ISettingColor>(this.urlParams._id, {
-						editor: this.bodyParams.editor,
-					});
-					await Settings.updateValueNotHiddenById(this.urlParams._id, this.bodyParams.value);
+					const updateOptionsPromise = Settings.updateOptionsById<ISettingColor>(this.urlParams._id, { editor: this.bodyParams.editor });
+					const updateValuePromise = Settings.updateValueNotHiddenById(this.urlParams._id, this.bodyParams.value);
+
+					const [updateOptionsResult, updateValueResult] = await Promise.all([updateOptionsPromise, updateValuePromise]);
+
+					if (updateOptionsResult.modifiedCount || updateValueResult.modifiedCount) {
+						await notifyOnSettingChangedById(this.urlParams._id);
+					}
+
 					return API.v1.success();
 				}
 
-				if (
-					isSettingsUpdatePropDefault(this.bodyParams) &&
-					(await Settings.updateValueNotHiddenById(this.urlParams._id, this.bodyParams.value))
-				) {
+				if (isSettingsUpdatePropDefault(this.bodyParams)) {
+					const { matchedCount } = await Settings.updateValueNotHiddenById(this.urlParams._id, this.bodyParams.value);
+					if (!matchedCount) {
+						return API.v1.failure();
+					}
+
 					const s = await Settings.findOneNotHiddenById(this.urlParams._id);
 					if (!s) {
 						return API.v1.failure();
 					}
+
 					settings.set(s);
 					setValue(this.urlParams._id, this.bodyParams.value);
+
+					await notifyOnSettingChanged(s);
+
 					return API.v1.success();
 				}