Merge branch 'develop' into custom-sound

RocketChat · Feb 15, 2022 · d09fd95 · d09fd95
2 parents 2788975 + 05d5d8e
commit d09fd95
Show file tree

Hide file tree

Showing 193 changed files with 2,582 additions and 1,855 deletions.
diff --git a/.docker-mongo/Dockerfile b/.docker-mongo/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:14.18.2-bullseye-slim
+FROM node:14.18.3-bullseye-slim
 
 LABEL maintainer="buildmaster@rocket.chat"
 

diff --git a/.docker/Dockerfile b/.docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:14.18.2-bullseye-slim
+FROM node:14.18.3-bullseye-slim
 
 LABEL maintainer="buildmaster@rocket.chat"
 

diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
@@ -30,10 +30,10 @@ jobs:
         echo "github.event_name: ${{ github.event_name }}"
         cat $GITHUB_EVENT_PATH
 
-    - name: Use Node.js 14.18.2
+    - name: Use Node.js 14.18.3
       uses: actions/setup-node@v2
       with:
-        node-version: "14.18.2"
+        node-version: "14.18.3"
 
     - uses: actions/checkout@v2
 
@@ -186,7 +186,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: ["14.18.2"]
+        node-version: ["14.18.3"]
         mongodb-version: ["3.6", "4.0", "4.2", "4.4","5.0"]
 
     steps:
@@ -324,10 +324,10 @@ jobs:
         path: ~/.meteor
         key: ${{ runner.OS }}-meteor-${{ hashFiles('.meteor/release', '.github/workflows/build_and_test.yml') }}
 
-    - name: Use Node.js 14.18.2
+    - name: Use Node.js 14.18.3
       uses: actions/setup-node@v2
       with:
-        node-version: "14.18.2"
+        node-version: "14.18.3"
 
     - name: Install Meteor
       run: |
@@ -467,7 +467,7 @@ jobs:
         aws s3 cp $ROCKET_DEPLOY_DIR/ s3://download.rocket.chat/build/ --recursive
 
         curl -H "Content-Type: application/json" -H "X-Update-Token: $UPDATE_TOKEN" -d \
-            "{\"nodeVersion\": \"14.18.2\", \"compatibleMongoVersions\": [\"3.6\", \"4.0\", \"4.2\", \"4.4\", \"5.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"$RC_RELEASE\"}" \
+            "{\"nodeVersion\": \"14.18.3\", \"compatibleMongoVersions\": [\"3.6\", \"4.0\", \"4.2\", \"4.4\", \"5.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"$RC_RELEASE\"}" \
             https://releases.rocket.chat/update
 
         # Makes build fail if the release isn't there
@@ -609,10 +609,10 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-    - name: Use Node.js 14.18.2
+    - name: Use Node.js 14.18.3
       uses: actions/setup-node@v2
       with:
-        node-version: "14.18.2"
+        node-version: "14.18.3"
 
     - name: Login to DockerHub
       uses: docker/login-action@v1

diff --git a/.meteor/packages b/.meteor/packages
@@ -67,7 +67,7 @@ littledata:synced-cron
 
 edgee:slingshot
 jalik:ufs-local@1.0.2
-accounts-base@2.2.0
+accounts-base@2.2.1
 accounts-oauth@1.4.0
 autoupdate@1.8.0
 babel-compiler@7.8.0
@@ -76,7 +76,7 @@ htmljs
 less
 matb33:collection-hooks
 meteorhacks:inject-initial
-oauth@2.1.0
+oauth@2.1.1
 oauth2@1.3.1
 routepolicy@1.1.1
 sha@1.0.9

diff --git a/.meteor/release b/.meteor/release
@@ -1 +1 @@
-METEOR@2.5.3
+METEOR@2.5.6
diff --git a/.meteor/versions b/.meteor/versions
@@ -1,4 +1,4 @@
-accounts-base@2.2.0
+accounts-base@2.2.1
 accounts-facebook@1.3.3
 accounts-github@1.5.0
 accounts-google@1.4.0

diff --git a/.snapcraft/resources/preparenode b/.snapcraft/resources/preparenode
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-node_version="v14.18.2"
+node_version="v14.18.3"
 
 unamem="$(uname -m)"
 if [[ $unamem == *aarch64* ]]; then

diff --git a/app/action-links/client/lib/actionLinks.js b/app/action-links/client/lib/actionLinks.js
@@ -1,7 +1,7 @@
 import { Meteor } from 'meteor/meteor';
 
 import { handleError } from '../../../../client/lib/utils/handleError';
-import { Messages, Subscriptions } from '../../../models/client';
+import { Messages } from '../../../models/client';
 
 // Action Links namespace creation.
 export const actionLinks = {
@@ -24,16 +24,6 @@ export const actionLinks = {
 			});
 		}
 
-		const subscription = Subscriptions.findOne({
-			'rid': message.rid,
-			'u._id': userId,
-		});
-		if (!subscription) {
-			throw new Meteor.Error('error-not-allowed', 'Not allowed', {
-				function: 'actionLinks.getMessage',
-			});
-		}
-
 		if (!message.actionLinks || !message.actionLinks[name]) {
 			throw new Meteor.Error('error-invalid-actionlink', 'Invalid action link', {
 				function: 'actionLinks.getMessage',

diff --git a/app/action-links/server/lib/actionLinks.js b/app/action-links/server/lib/actionLinks.js
@@ -1,6 +1,16 @@
 import { Meteor } from 'meteor/meteor';
 
-import { Messages, Subscriptions } from '../../../models/server';
+import { getMessageForUser } from '../../../../server/lib/messages/getMessageForUser';
+
+function getMessageById(messageId) {
+	try {
+		return Promise.await(getMessageForUser(messageId, Meteor.userId()));
+	} catch (e) {
+		throw new Meteor.Error(e.message, 'Invalid message', {
+			function: 'actionLinks.getMessage',
+		});
+	}
+}
 
 // Action Links namespace creation.
 export const actionLinks = {
@@ -9,30 +19,14 @@ export const actionLinks = {
 		actionLinks.actions[name] = funct;
 	},
 	getMessage(name, messageId) {
-		const userId = Meteor.userId();
-		if (!userId) {
-			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
-				function: 'actionLinks.getMessage',
-			});
-		}
+		const message = getMessageById(messageId);
 
-		const message = Messages.findOne({ _id: messageId });
 		if (!message) {
 			throw new Meteor.Error('error-invalid-message', 'Invalid message', {
 				function: 'actionLinks.getMessage',
 			});
 		}
 
-		const subscription = Subscriptions.findOne({
-			'rid': message.rid,
-			'u._id': userId,
-		});
-		if (!subscription) {
-			throw new Meteor.Error('error-not-allowed', 'Not allowed', {
-				function: 'actionLinks.getMessage',
-			});
-		}
-
 		if (!message.actionLinks || !message.actionLinks[name]) {
 			throw new Meteor.Error('error-invalid-actionlink', 'Invalid action link', {
 				function: 'actionLinks.getMessage',

diff --git a/app/api/server/v1/chat.js b/app/api/server/v1/chat.js
@@ -3,7 +3,7 @@ import { Meteor } from 'meteor/meteor';
 import { Match, check } from 'meteor/check';
 
 import { Messages } from '../../../models';
-import { canAccessRoom, hasPermission } from '../../../authorization/server';
+import { canAccessRoom, canAccessRoomId, roomAccessAttributes, hasPermission } from '../../../authorization/server';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
 import { processWebhookMessage } from '../../../lib/server';
 import { executeSendMessage } from '../../../lib/server/methods/sendMessage';
@@ -496,7 +496,7 @@ API.v1.addRoute(
 				throw new Meteor.Error('error-roomId-param-not-provided', 'The required "roomId" query param is missing.');
 			}
 
-			if (!canAccessRoom({ _id: roomId }, { _id: this.userId })) {
+			if (!canAccessRoomId(roomId, this.userId)) {
 				throw new Meteor.Error('error-not-allowed', 'Not allowed');
 			}
 
@@ -535,17 +535,16 @@ API.v1.addRoute(
 				throw new Meteor.Error('error-not-allowed', 'Threads Disabled');
 			}
 			const user = Users.findOneById(this.userId, { fields: { _id: 1 } });
-			const room = Rooms.findOneById(rid, { fields: { t: 1, _id: 1 } });
+			const room = Rooms.findOneById(rid, { fields: { ...roomAccessAttributes, t: 1, _id: 1 } });
+
 			if (!canAccessRoom(room, user)) {
 				throw new Meteor.Error('error-not-allowed', 'Not Allowed');
 			}
 
 			const typeThread = {
 				_hidden: { $ne: true },
 				...(type === 'following' && { replies: { $in: [this.userId] } }),
-				...(type === 'unread' && {
-					_id: { $in: Subscriptions.findOneByRoomIdAndUserId(room._id, user._id).tunread },
-				}),
+				...(type === 'unread' && { _id: { $in: Subscriptions.findOneByRoomIdAndUserId(room._id, user._id).tunread } }),
 				msg: new RegExp(escapeRegExp(text), 'i'),
 			};
 
@@ -595,18 +594,16 @@ API.v1.addRoute(
 				updatedSinceDate = new Date(updatedSince);
 			}
 			const user = Users.findOneById(this.userId, { fields: { _id: 1 } });
-			const room = Rooms.findOneById(rid, { fields: { t: 1, _id: 1 } });
+			const room = Rooms.findOneById(rid, { fields: { ...roomAccessAttributes, t: 1, _id: 1 } });
+
 			if (!canAccessRoom(room, user)) {
 				throw new Meteor.Error('error-not-allowed', 'Not Allowed');
 			}
 			const threadQuery = Object.assign({}, query, { rid, tcount: { $exists: true } });
 			return API.v1.success({
 				threads: {
 					update: Messages.find({ ...threadQuery, _updatedAt: { $gt: updatedSinceDate } }, { fields, sort }).fetch(),
-					remove: Messages.trashFindDeletedAfter(updatedSinceDate, threadQuery, {
-						fields,
-						sort,
-					}).fetch(),
+					remove: Messages.trashFindDeletedAfter(updatedSinceDate, threadQuery, { fields, sort }).fetch(),
 				},
 			});
 		},
@@ -633,7 +630,7 @@ API.v1.addRoute(
 				throw new Meteor.Error('error-invalid-message', 'Invalid Message');
 			}
 			const user = Users.findOneById(this.userId, { fields: { _id: 1 } });
-			const room = Rooms.findOneById(thread.rid, { fields: { t: 1, _id: 1 } });
+			const room = Rooms.findOneById(thread.rid, { fields: { ...roomAccessAttributes, t: 1, _id: 1 } });
 
 			if (!canAccessRoom(room, user)) {
 				throw new Meteor.Error('error-not-allowed', 'Not Allowed');
@@ -690,7 +687,7 @@ API.v1.addRoute(
 				throw new Meteor.Error('error-invalid-message', 'Invalid Message');
 			}
 			const user = Users.findOneById(this.userId, { fields: { _id: 1 } });
-			const room = Rooms.findOneById(thread.rid, { fields: { t: 1, _id: 1 } });
+			const room = Rooms.findOneById(thread.rid, { fields: { ...roomAccessAttributes, t: 1, _id: 1 } });
 
 			if (!canAccessRoom(room, user)) {
 				throw new Meteor.Error('error-not-allowed', 'Not Allowed');

diff --git a/app/api/server/v1/commands.js b/app/api/server/v1/commands.js
@@ -4,7 +4,7 @@ import objectPath from 'object-path';
 
 import { slashCommands } from '../../../utils/server';
 import { Messages } from '../../../models/server';
-import { canAccessRoom } from '../../../authorization/server';
+import { canAccessRoomId } from '../../../authorization/server';
 import { API } from '../api';
 
 API.v1.addRoute(
@@ -201,7 +201,7 @@ API.v1.addRoute(
 				return API.v1.failure('The command provided does not exist (or is disabled).');
 			}
 
-			if (!canAccessRoom({ _id: body.roomId }, user)) {
+			if (!canAccessRoomId(body.roomId, user._id)) {
 				return API.v1.unauthorized();
 			}
 
@@ -255,7 +255,7 @@ API.v1.addRoute(
 				return API.v1.failure('The command provided does not exist (or is disabled).');
 			}
 
-			if (!canAccessRoom({ _id: query.roomId }, user)) {
+			if (!canAccessRoomId(query.roomId, user._id)) {
 				return API.v1.unauthorized();
 			}
 
@@ -310,7 +310,7 @@ API.v1.addRoute(
 				return API.v1.failure('The command provided does not exist (or is disabled).');
 			}
 
-			if (!canAccessRoom({ _id: body.roomId }, user)) {
+			if (!canAccessRoomId(body.roomId, user._id)) {
 				return API.v1.unauthorized();
 			}
 

diff --git a/app/api/server/v1/groups.js b/app/api/server/v1/groups.js
@@ -5,7 +5,13 @@ import { Match, check } from 'meteor/check';
 import { mountIntegrationQueryBasedOnPermissions } from '../../../integrations/server/lib/mountQueriesBasedOnPermission';
 import { Subscriptions, Rooms, Messages, Users } from '../../../models/server';
 import { Integrations, Uploads } from '../../../models/server/raw';
-import { hasPermission, hasAtLeastOnePermission, canAccessRoom, hasAllPermission } from '../../../authorization/server';
+import {
+	hasPermission,
+	hasAtLeastOnePermission,
+	canAccessRoom,
+	hasAllPermission,
+	roomAccessAttributes,
+} from '../../../authorization/server';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
 import { API } from '../api';
 import { Team } from '../../../../server/sdk';
@@ -19,6 +25,7 @@ export function findPrivateGroupByIdOrName({ params, userId, checkedArchived = t
 
 	const roomOptions = {
 		fields: {
+			...roomAccessAttributes,
 			t: 1,
 			ro: 1,
 			name: 1,

diff --git a/app/api/server/v1/rooms.js b/app/api/server/v1/rooms.js
@@ -12,7 +12,7 @@ import {
 	findChannelAndPrivateAutocompleteWithPagination,
 } from '../lib/rooms';
 import { sendFile, sendViaEmail } from '../../../../server/lib/channelExport';
-import { canAccessRoom, hasPermission } from '../../../authorization/server';
+import { canAccessRoom, canAccessRoomId, hasPermission } from '../../../authorization/server';
 import { Media } from '../../../../server/sdk';
 import { settings } from '../../../settings/server/index';
 import { getUploadFormData } from '../lib/getUploadFormData';
@@ -81,7 +81,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		post() {
-			if (!canAccessRoom({ _id: this.urlParams.rid }, { _id: this.userId })) {
+			if (!canAccessRoomId(this.urlParams.rid, this.userId)) {
 				return API.v1.unauthorized();
 			}
 

diff --git a/app/apps/server/converters/rooms.js b/app/apps/server/converters/rooms.js
@@ -41,6 +41,7 @@ export class AppRoomsConverter {
 				_id: visitor._id,
 				username: visitor.username,
 				token: visitor.token,
+				status: visitor.status,
 			};
 		}
 

diff --git a/app/apps/server/converters/visitors.js b/app/apps/server/converters/visitors.js
@@ -33,6 +33,7 @@ export class AppVisitorsConverter {
 			phone: 'phone',
 			visitorEmails: 'visitorEmails',
 			livechatData: 'livechatData',
+			status: 'status',
 		};
 
 		return transformMappedData(visitor, map);
@@ -50,6 +51,7 @@ export class AppVisitorsConverter {
 			token: visitor.token,
 			phone: visitor.phone,
 			livechatData: visitor.livechatData,
+			status: visitor.status,
 			...(visitor.visitorEmails && { visitorEmails: visitor.visitorEmails }),
 			...(visitor.department && { department: visitor.department }),
 		};

diff --git a/app/authorization/server/functions/canAccessRoom.ts b/app/authorization/server/functions/canAccessRoom.ts
@@ -2,5 +2,15 @@ import { Authorization } from '../../../../server/sdk';
 import { IAuthorization } from '../../../../server/sdk/types/IAuthorization';
 
 export const canAccessRoomAsync = Authorization.canAccessRoom;
+export const canAccessRoomIdAsync = Authorization.canAccessRoomId;
+export const roomAccessAttributes = {
+	_id: 1,
+	t: 1,
+	teamId: 1,
+	prid: 1,
+	tokenpass: 1,
+};
 
 export const canAccessRoom = (...args: Parameters<IAuthorization['canAccessRoom']>): boolean => Promise.await(canAccessRoomAsync(...args));
+export const canAccessRoomId = (...args: Parameters<IAuthorization['canAccessRoomId']>): boolean =>
+	Promise.await(canAccessRoomIdAsync(...args));
diff --git a/app/authorization/server/index.js b/app/authorization/server/index.js
@@ -1,5 +1,5 @@
 import { addUserRoles } from './functions/addUserRoles';
-import { canAccessRoom, roomAccessValidators } from './functions/canAccessRoom';
+import { canAccessRoom, canAccessRoomId, roomAccessAttributes, roomAccessValidators } from './functions/canAccessRoom';
 import { canSendMessage, validateRoomMessagePermissions } from './functions/canSendMessage';
 import { getRoles } from './functions/getRoles';
 import { getUsersInRole } from './functions/getUsersInRole';
@@ -26,6 +26,8 @@ export {
 	roomAccessValidators,
 	addUserRoles,
 	canAccessRoom,
+	canAccessRoomId,
+	roomAccessAttributes,
 	hasAllPermission,
 	hasAtLeastOnePermission,
 	hasPermission,