feat!: Merge LDAP Teams Sync and Channels Sync into a new Rooms Sync section

.changeset/fair-seahorses-laugh.md

@@ -0,0 +1,13 @@
+---
+'@rocket.chat/meteor': major
+---
+
+As per MongoDB Lifecycle Schedules ([mongodb.com/legal/support-policy/lifecycles](https://www.mongodb.com/legal/support-policy/lifecycles)) we're removing official support to MongoDB version 4.4 that has reached end of life in February 2024.
+
+We recommend upgrading to at least MongoDB 6.0+, though 5.0 is still a supported version.
+
+Here are official docs on how to upgrade to some of the supported versions:
+
+- [mongodb.com/docs/manual/release-notes/5.0-upgrade-replica-set](https://www.mongodb.com/docs/manual/release-notes/5.0-upgrade-replica-set/)
+- [mongodb.com/docs/manual/release-notes/6.0-upgrade-replica-set](https://www.mongodb.com/docs/manual/release-notes/6.0-upgrade-replica-set/)
+- [mongodb.com/docs/manual/release-notes/7.0-upgrade-replica-set](https://www.mongodb.com/docs/manual/release-notes/7.0-upgrade-replica-set/)

.changeset/fluffy-knives-count.md

@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": major
+---
+
+Added MongoDB 7.0 support 

.changeset/fuzzy-cherries-buy.md

@@ -0,0 +1,7 @@
+---
+"@rocket.chat/meteor": major
+---
+
+Api login should not suggest which credential is wrong (password/username)
+
+Failed login attemps will always return `Unauthorized` instead of the internal fail reason

.changeset/quiet-kings-rhyme.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': major
+---
+
+Removed the ability to import data in the HipChat Enterprise format, as it was discontinued over five years ago.

.github/workflows/ci-test-e2e.yml

@@ -29,7 +29,7 @@ on:
       transporter:
         type: string
       mongodb-version:
-        default: "['4.4', '6.0']"
+        default: "['5.0', '7.0']"
         required: false
         type: string
       release:
@@ -78,16 +78,16 @@ jobs:
   test:
     runs-on: ubuntu-20.04
     env:
-      RC_DOCKERFILE: ${{ matrix.mongodb-version == '6.0' && inputs.rc-dockerfile-alpine || inputs.rc-dockerfile }}
-      RC_DOCKER_TAG: ${{ matrix.mongodb-version == '6.0' && inputs.rc-docker-tag-alpine || inputs.rc-docker-tag }}
+      RC_DOCKERFILE: ${{ matrix.mongodb-version == '7.0' && inputs.rc-dockerfile-alpine || inputs.rc-dockerfile }}
+      RC_DOCKER_TAG: ${{ matrix.mongodb-version == '7.0' && inputs.rc-docker-tag-alpine || inputs.rc-docker-tag }}
 
     strategy:
       fail-fast: false
       matrix:
         mongodb-version: ${{ fromJSON(inputs.mongodb-version) }}
         shard: ${{ fromJSON(inputs.shard) }}
 
-    name: MongoDB ${{ matrix.mongodb-version }}${{ inputs.db-watcher-disabled == 'true' && ' [no watchers]' || '' }} (${{ matrix.shard }}/${{ inputs.total-shard }})${{ matrix.mongodb-version == '6.0' && ' - Alpine' || '' }}
+    name: MongoDB ${{ matrix.mongodb-version }}${{ inputs.db-watcher-disabled == 'true' && ' [no watchers]' || '' }} (${{ matrix.shard }}/${{ inputs.total-shard }})${{ matrix.mongodb-version == '7.0' && ' - Alpine' || '' }}
 
     steps:
       - name: Login to GitHub Container Registry

.github/workflows/ci.yml

@@ -117,7 +117,7 @@ jobs:
           fi;
 
           curl -H "Content-Type: application/json" -H "X-Update-Token: $UPDATE_TOKEN" -d \
-              "{\"nodeVersion\": \"${{ needs.release-versions.outputs.node-version }}\", \"compatibleMongoVersions\": [\"4.4\", \"5.0\", \"6.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"draft\", \"draftAs\": \"$RC_RELEASE\"}" \
+              "{\"nodeVersion\": \"${{ needs.release-versions.outputs.node-version }}\", \"compatibleMongoVersions\": [\"5.0\", \"6.0\", \"7.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"draft\", \"draftAs\": \"$RC_RELEASE\"}" \
               https://releases.rocket.chat/update
 
   packages-build:
@@ -348,7 +348,7 @@ jobs:
       release: ee
       transporter: 'nats://nats:4222'
       enterprise-license: ${{ needs.release-versions.outputs.enterprise-license }}
-      mongodb-version: "['4.4']"
+      mongodb-version: "['5.0']"
       node-version: ${{ needs.release-versions.outputs.node-version }}
       lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }}
       rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }}
@@ -372,7 +372,7 @@ jobs:
       enterprise-license: ${{ needs.release-versions.outputs.enterprise-license }}
       shard: '[1, 2, 3, 4, 5]'
       total-shard: 5
-      mongodb-version: "['4.4']"
+      mongodb-version: "['5.0']"
       node-version: ${{ needs.release-versions.outputs.node-version }}
       lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }}
       rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }}
@@ -750,7 +750,7 @@ jobs:
           fi;
 
           curl -H "Content-Type: application/json" -H "X-Update-Token: $UPDATE_TOKEN" -d \
-              "{\"nodeVersion\": \"${{ needs.release-versions.outputs.node-version }}\", \"compatibleMongoVersions\": [\"4.4\", \"5.0\", \"6.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"$RC_RELEASE\"}" \
+              "{\"nodeVersion\": \"${{ needs.release-versions.outputs.node-version }}\", \"compatibleMongoVersions\": [\"5.0\", \"6.0\", \"7.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"$RC_RELEASE\"}" \
               https://releases.rocket.chat/update
 
           # Makes build fail if the release isn't there

FEATURES.md

@@ -33,7 +33,6 @@
   - Incoming / Outgoing Webhooks
   - Data Importer
     - Import from Slack
-    - Import from Hipchat
   - Slack Bridge
 - Profiles
   - Custom avatars

apps/meteor/app/api/server/v1/channels.ts

@@ -27,7 +27,7 @@ import { findUsersOfRoom } from '../../../../server/lib/findUsersOfRoom';
 import { hideRoomMethod } from '../../../../server/methods/hideRoom';
 import { removeUserFromRoomMethod } from '../../../../server/methods/removeUserFromRoom';
 import { canAccessRoomAsync } from '../../../authorization/server';
-import { hasPermissionAsync, hasAtLeastOnePermissionAsync } from '../../../authorization/server/functions/hasPermission';
+import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 import { saveRoomSettings } from '../../../channel-settings/server/methods/saveRoomSettings';
 import { mountIntegrationQueryBasedOnPermissions } from '../../../integrations/server/lib/mountQueriesBasedOnPermission';
 import { addUsersToRoomMethod } from '../../../lib/server/methods/addUsersToRoom';
@@ -272,6 +272,7 @@ API.v1.addRoute(
 	{
 		authRequired: true,
 		validateParams: isChannelsMessagesProps,
+		permissionsRequired: ['view-c-room'],
 	},
 	{
 		async get() {
@@ -292,9 +293,6 @@ API.v1.addRoute(
 			) {
 				return API.v1.unauthorized();
 			}
-			if (!(await hasPermissionAsync(this.userId, 'view-c-room'))) {
-				return API.v1.unauthorized();
-			}
 
 			const { cursor, totalCount } = await Messages.findPaginated(ourQuery, {
 				sort: sort || { ts: -1 },
@@ -477,13 +475,10 @@ API.v1.addRoute(
 	{
 		authRequired: true,
 		validateParams: isChannelsConvertToTeamProps,
+		permissionsRequired: ['create-team'],
 	},
 	{
 		async post() {
-			if (!(await hasPermissionAsync(this.userId, 'create-team'))) {
-				return API.v1.unauthorized();
-			}
-
 			const { channelId, channelName } = this.bodyParams;
 
 			if (!channelId && !channelName) {
@@ -855,20 +850,22 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'channels.getIntegrations',
-	{ authRequired: true },
 	{
-		async get() {
-			if (
-				!(await hasAtLeastOnePermissionAsync(this.userId, [
+		authRequired: true,
+		permissionsRequired: {
+			GET: {
+				permissions: [
 					'manage-outgoing-integrations',
 					'manage-own-outgoing-integrations',
 					'manage-incoming-integrations',
 					'manage-own-incoming-integrations',
-				]))
-			) {
-				return API.v1.unauthorized();
-			}
-
+				],
+				operation: 'hasAny',
+			},
+		},
+	},
+	{
+		async get() {
 			const findResult = await findChannelByIdOrName({
 				params: this.queryParams,
 				checkedArchived: false,
@@ -954,7 +951,12 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'channels.list',
-	{ authRequired: true },
+	{
+		authRequired: true,
+		permissionsRequired: {
+			GET: { permissions: ['view-c-room', 'view-joined-room'], operation: 'hasAny' },
+		},
+	},
 	{
 		async get() {
 			const { offset, count } = await getPaginationItems(this.queryParams);
@@ -964,9 +966,6 @@ API.v1.addRoute(
 			const ourQuery: Record<string, any> = { ...query, t: 'c' };
 
 			if (!hasPermissionToSeeAllPublicChannels) {
-				if (!(await hasPermissionAsync(this.userId, 'view-joined-room'))) {
-					return API.v1.unauthorized();
-				}
 				const roomIds = (
 					await Subscriptions.findByUserIdAndType(this.userId, 'c', {
 						projection: { rid: 1 },

apps/meteor/app/api/server/v1/cloud.ts

@@ -2,7 +2,6 @@ import { check } from 'meteor/check';
 
 import { CloudWorkspaceRegistrationError } from '../../../../lib/errors/CloudWorkspaceRegistrationError';
 import { SystemLogger } from '../../../../server/lib/logger/system';
-import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 import { hasRoleAsync } from '../../../authorization/server/functions/hasRole';
 import { getCheckoutUrl } from '../../../cloud/server/functions/getCheckoutUrl';
 import { getConfirmationPoll } from '../../../cloud/server/functions/getConfirmationPoll';
@@ -20,17 +19,13 @@ import { API } from '../api';
 
 API.v1.addRoute(
 	'cloud.manualRegister',
-	{ authRequired: true },
+	{ authRequired: true, permissionsRequired: ['register-on-cloud'] },
 	{
 		async post() {
 			check(this.bodyParams, {
 				cloudBlob: String,
 			});
 
-			if (!(await hasPermissionAsync(this.userId, 'register-on-cloud'))) {
-				return API.v1.unauthorized();
-			}
-
 			const registrationInfo = await retrieveRegistrationStatus();
 
 			if (registrationInfo.workspaceRegistered) {
@@ -48,18 +43,14 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'cloud.createRegistrationIntent',
-	{ authRequired: true },
+	{ authRequired: true, permissionsRequired: ['manage-cloud'] },
 	{
 		async post() {
 			check(this.bodyParams, {
 				resend: Boolean,
 				email: String,
 			});
 
-			if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) {
-				return API.v1.unauthorized();
-			}
-
 			const intentData = await startRegisterWorkspaceSetupWizard(this.bodyParams.resend, this.bodyParams.email);
 
 			if (intentData) {
@@ -73,32 +64,24 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'cloud.registerPreIntent',
-	{ authRequired: true },
+	{ authRequired: true, permissionsRequired: ['manage-cloud'] },
 	{
 		async post() {
-			if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) {
-				return API.v1.unauthorized();
-			}
-
 			return API.v1.success({ offline: !(await registerPreIntentWorkspaceWizard()) });
 		},
 	},
 );
 
 API.v1.addRoute(
 	'cloud.confirmationPoll',
-	{ authRequired: true },
+	{ authRequired: true, permissionsRequired: ['manage-cloud'] },
 	{
 		async get() {
 			const { deviceCode } = this.queryParams;
 			check(this.queryParams, {
 				deviceCode: String,
 			});
 
-			if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) {
-				return API.v1.unauthorized();
-			}
-
 			if (!deviceCode) {
 				return API.v1.failure('Invalid query');
 			}

apps/meteor/app/api/server/v1/groups.ts

@@ -9,11 +9,7 @@ import { findUsersOfRoom } from '../../../../server/lib/findUsersOfRoom';
 import { hideRoomMethod } from '../../../../server/methods/hideRoom';
 import { removeUserFromRoomMethod } from '../../../../server/methods/removeUserFromRoom';
 import { canAccessRoomAsync, roomAccessAttributes } from '../../../authorization/server';
-import {
-	hasAllPermissionAsync,
-	hasAtLeastOnePermissionAsync,
-	hasPermissionAsync,
-} from '../../../authorization/server/functions/hasPermission';
+import { hasAllPermissionAsync, hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 import { saveRoomSettings } from '../../../channel-settings/server/methods/saveRoomSettings';
 import { mountIntegrationQueryBasedOnPermissions } from '../../../integrations/server/lib/mountQueriesBasedOnPermission';
 import { createPrivateGroupMethod } from '../../../lib/server/methods/createPrivateGroup';
@@ -412,20 +408,22 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'groups.getIntegrations',
-	{ authRequired: true },
 	{
-		async get() {
-			if (
-				!(await hasAtLeastOnePermissionAsync(this.userId, [
+		authRequired: true,
+		permissionsRequired: {
+			GET: {
+				permissions: [
 					'manage-outgoing-integrations',
 					'manage-own-outgoing-integrations',
 					'manage-incoming-integrations',
 					'manage-own-incoming-integrations',
-				]))
-			) {
-				return API.v1.unauthorized();
-			}
-
+				],
+				operation: 'hasAny',
+			},
+		},
+	},
+	{
+		async get() {
 			const findResult = await findPrivateGroupByIdOrName({
 				params: this.queryParams,
 				userId: this.userId,
@@ -670,12 +668,9 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'groups.listAll',
-	{ authRequired: true },
+	{ authRequired: true, permissionsRequired: ['view-room-administration'] },
 	{
 		async get() {
-			if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) {
-				return API.v1.unauthorized();
-			}
 			const { offset, count } = await getPaginationItems(this.queryParams);
 			const { sort, fields, query } = await this.parseJsonQuery();
 			const ourQuery = Object.assign({}, query, { t: 'p' as RoomType });

apps/meteor/app/api/server/v1/im.ts

@@ -395,7 +395,7 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	['dm.messages.others', 'im.messages.others'],
-	{ authRequired: true },
+	{ authRequired: true, permissionsRequired: ['view-room-administration'] },
 	{
 		async get() {
 			if (settings.get('API_Enable_Direct_Message_History_EndPoint') !== true) {
@@ -404,10 +404,6 @@ API.v1.addRoute(
 				});
 			}
 
-			if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) {
-				return API.v1.unauthorized();
-			}
-
 			const { roomId } = this.queryParams;
 			if (!roomId) {
 				throw new Meteor.Error('error-roomid-param-not-provided', 'The parameter "roomId" is required');
@@ -483,13 +479,9 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	['dm.list.everyone', 'im.list.everyone'],
-	{ authRequired: true },
+	{ authRequired: true, permissionsRequired: ['view-room-administration'] },
 	{
 		async get() {
-			if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) {
-				return API.v1.unauthorized();
-			}
-
 			const { offset, count }: { offset: number; count: number } = await getPaginationItems(this.queryParams);
 			const { sort, fields, query } = await this.parseJsonQuery();