Merge branch 'develop' into livechat-storybook

.changeset/bright-humans-cross.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': minor
+---
+
+Federation actions like sending message in a federated DM, reacting in a federated chat, etc, will no longer work if the configuration is invalid.

.changeset/cool-rocks-remember.md

@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": patch
+"@rocket.chat/model-typings": patch
+---
+
+Fixed login with third-party apps not working without the "Manage OAuth Apps" permission

.changeset/giant-spiders-pay.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixes an issue where the Announcement modal with long words was adding a horizontal scrollbar

.changeset/nasty-windows-smile.md

@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Allow apps to react/unreact to messages via bridge

.changeset/ninety-hounds-exist.md

@@ -0,0 +1,7 @@
+---
+'@rocket.chat/rest-typings': patch
+'@rocket.chat/meteor': patch
+'@rocket.chat/i18n': patch
+---
+
+Fix: Show correct user info actions for non-members in channels.

.changeset/purple-dolls-serve.md

@@ -0,0 +1,7 @@
+---
+'@rocket.chat/web-ui-registration': patch
+'@rocket.chat/i18n': patch
+'@rocket.chat/meteor': patch
+---
+
+Fixes an issue where creating a new user with an invalid username (containing special characters) resulted in an error message, but the user was still created. The user creation process now properly aborts when an invalid username is provided.

.changeset/rich-pillows-hang.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixes the `expanded` prop being accidentally forwarded to `ContextualbarHeader`

.changeset/rotten-camels-pretend.md

@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": patch
+"@rocket.chat/core-typings": patch
+---
+
+Fixed issue with system messages being counted as agents' first responses in livechat rooms (which caused the "best first response time" and "average first response time" metrics to be unreliable for all agents)

.changeset/six-beers-fry.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': minor
+---
+
+New button added to validate Matrix Federation configuration. A new field inside admin settings will reflect the configuration status being either 'Valid' or 'Invalid'.

.changeset/sixty-spoons-own.md

@@ -0,0 +1,9 @@
+---
+"@rocket.chat/meteor": minor
+"@rocket.chat/core-typings": minor
+"@rocket.chat/model-typings": minor
+"@rocket.chat/models": minor
+"@rocket.chat/rest-typings": minor
+---
+
+Introduced "create contacts" endpoint to omnichannel

.changeset/smart-mice-attack.md

@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed an issue where teams were being created with no room associated with it.

.changeset/strong-terms-love.md

@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": patch
+"@rocket.chat/model-typings": patch
+---
+
+Fixed issue with livechat analytics in a given date range considering conversation data from the following day

.changeset/stupid-fishes-relate.md

@@ -0,0 +1,7 @@
+---
+'@rocket.chat/core-typings': minor
+'@rocket.chat/i18n': minor
+'@rocket.chat/meteor': minor
+---
+
+Added a new setting to enable/disable file encryption in an end to end encrypted room.

.changeset/two-bikes-crash.md

@@ -0,0 +1,7 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixed an issue related to setting Accounts_ForgetUserSessionOnWindowClose, this setting was not working as expected.
+
+The new meteor 2.16 release introduced a new option to configure the Accounts package and choose between the local storage or session storage. They also changed how Meteor.\_localstorage works internally. Due to these changes in Meteor, our setting to use session storage wasn't working as expected. This PR fixes this issue and configures the Accounts package according to the workspace settings.

.changeset/violet-radios-begin.md

@@ -0,0 +1,15 @@
+---
+'@rocket.chat/core-typings': minor
+'@rocket.chat/i18n': minor
+'@rocket.chat/meteor': minor
+---
+
+Fixed a bug related to uploading end to end encrypted file. 
+
+E2EE files and uploads are uploaded as files of mime type `application/octet-stream` as we can't reveal the mime type of actual content since it is encrypted and has to be kept confidential.
+
+The server resolves the mime type of encrypted file as `application/octet-stream` but it wasn't playing nicely with existing settings related to whitelisted and blacklisted media types.
+
+E2EE files upload was getting blocked if `application/octet-stream` is not a whitelisted media type. 
+
+Now this PR solves this issue by always accepting E2EE uploads even if `application/octet-stream` is not whitelisted but it will block the upload if `application/octet-stream` is black listed.

.gitignore

@@ -50,3 +50,6 @@ yarn-error.log*
 *.sublime-workspace
 
 **/.vim/
+
+data/
+registration.yaml

apps/meteor/app/api/server/v1/federation.ts

@@ -22,3 +22,21 @@ API.v1.addRoute(
 		},
 	},
 );
+
+API.v1.addRoute(
+	'federation/configuration.verify',
+	{ authRequired: true, permissionsRequired: ['view-privileged-setting'] },
+	{
+		async get() {
+			const service = License.hasValidLicense() ? FederationEE : Federation;
+
+			const status = await service.configurationStatus();
+
+			if (!status.externalReachability.ok || !status.appservice.ok) {
+				return API.v1.failure(status);
+			}
+
+			return API.v1.success(status);
+		},
+	},
+);

apps/meteor/app/api/server/v1/oauthapps.ts

@@ -27,11 +27,12 @@ API.v1.addRoute(
 	{ authRequired: true, validateParams: isOauthAppsGetParams },
 	{
 		async get() {
-			if (!(await hasPermissionAsync(this.userId, 'manage-oauth-apps'))) {
-				return API.v1.unauthorized();
-			}
+			const isOAuthAppsManager = await hasPermissionAsync(this.userId, 'manage-oauth-apps');
 
-			const oauthApp = await OAuthApps.findOneAuthAppByIdOrClientId(this.queryParams);
+			const oauthApp = await OAuthApps.findOneAuthAppByIdOrClientId(
+				this.queryParams,
+				!isOAuthAppsManager ? { projection: { clientSecret: 0 } } : {},
+			);
 
 			if (!oauthApp) {
 				return API.v1.failure('OAuth app not found.');

apps/meteor/app/api/server/v1/rooms.ts

@@ -1,8 +1,14 @@
 import { Media } from '@rocket.chat/core-services';
 import type { IRoom, IUpload } from '@rocket.chat/core-typings';
-import { Messages, Rooms, Users, Uploads } from '@rocket.chat/models';
+import { Messages, Rooms, Users, Uploads, Subscriptions } from '@rocket.chat/models';
 import type { Notifications } from '@rocket.chat/rest-typings';
-import { isGETRoomsNameExists, isRoomsImagesProps, isRoomsMuteUnmuteUserProps, isRoomsExportProps } from '@rocket.chat/rest-typings';
+import {
+	isGETRoomsNameExists,
+	isRoomsImagesProps,
+	isRoomsMuteUnmuteUserProps,
+	isRoomsExportProps,
+	isRoomsIsMemberProps,
+} from '@rocket.chat/rest-typings';
 import { Meteor } from 'meteor/meteor';
 
 import { isTruthy } from '../../../../lib/isTruthy';
@@ -783,6 +789,36 @@ API.v1.addRoute(
 	},
 );
 
+API.v1.addRoute(
+	'rooms.isMember',
+	{
+		authRequired: true,
+		validateParams: isRoomsIsMemberProps,
+	},
+	{
+		async get() {
+			const { roomId, userId, username } = this.queryParams;
+			const [room, user] = await Promise.all([
+				findRoomByIdOrName({
+					params: { roomId },
+				}) as Promise<IRoom>,
+				Users.findOneByIdOrUsername(userId || username),
+			]);
+
+			if (!user?._id) {
+				return API.v1.failure('error-user-not-found');
+			}
+
+			if (await canAccessRoomAsync(room, { _id: this.user._id })) {
+				return API.v1.success({
+					isMember: (await Subscriptions.countByRoomIdAndUserId(room._id, user._id)) > 0,
+				});
+			}
+			return API.v1.unauthorized();
+		},
+	},
+);
+
 API.v1.addRoute(
 	'rooms.muteUser',
 	{ authRequired: true, validateParams: isRoomsMuteUnmuteUserProps },

apps/meteor/app/api/server/v1/subscriptions.ts

@@ -82,6 +82,7 @@ API.v1.addRoute(
 		async post() {
 			const { readThreads = false } = this.bodyParams;
 			const roomId = 'rid' in this.bodyParams ? this.bodyParams.rid : this.bodyParams.roomId;
+
 			await readMessages(roomId, this.userId, readThreads);
 
 			return API.v1.success();

apps/meteor/app/api/server/v1/users.ts

@@ -45,6 +45,7 @@ import { setUserAvatar } from '../../../lib/server/functions/setUserAvatar';
 import { setUsernameWithValidation } from '../../../lib/server/functions/setUsername';
 import { validateCustomFields } from '../../../lib/server/functions/validateCustomFields';
 import { validateNameChars } from '../../../lib/server/functions/validateNameChars';
+import { validateUsername } from '../../../lib/server/functions/validateUsername';
 import { notifyOnUserChange, notifyOnUserChangeAsync } from '../../../lib/server/lib/notifyListener';
 import { generateAccessToken } from '../../../lib/server/methods/createToken';
 import { settings } from '../../../settings/server';
@@ -651,6 +652,10 @@ API.v1.addRoute(
 				return API.v1.failure('Name contains invalid characters');
 			}
 
+			if (!validateUsername(this.bodyParams.username)) {
+				return API.v1.failure(`The username provided is not valid`);
+			}
+
 			if (!(await checkUsernameAvailability(this.bodyParams.username))) {
 				return API.v1.failure('Username is already in use');
 			}

apps/meteor/app/apps/server/bridges/messages.ts

@@ -1,4 +1,5 @@
 import type { IAppServerOrchestrator, IAppsMessage, IAppsUser } from '@rocket.chat/apps';
+import type { Reaction } from '@rocket.chat/apps-engine/definition/messages';
 import type { IRoom } from '@rocket.chat/apps-engine/definition/rooms';
 import type { ITypingDescriptor } from '@rocket.chat/apps-engine/server/bridges/MessageBridge';
 import { MessageBridge } from '@rocket.chat/apps-engine/server/bridges/MessageBridge';
@@ -10,6 +11,7 @@ import { deleteMessage } from '../../../lib/server/functions/deleteMessage';
 import { updateMessage } from '../../../lib/server/functions/updateMessage';
 import { executeSendMessage } from '../../../lib/server/methods/sendMessage';
 import notifications from '../../../notifications/server/lib/Notifications';
+import { executeSetReaction } from '../../../reactions/server/setReaction';
 
 export class AppMessageBridge extends MessageBridge {
 	constructor(private readonly orch: IAppServerOrchestrator) {
@@ -118,4 +120,24 @@ export class AppMessageBridge extends MessageBridge {
 				throw new Error('Unrecognized typing scope provided');
 		}
 	}
+
+	private isValidReaction(reaction: Reaction): boolean {
+		return reaction.startsWith(':') && reaction.endsWith(':');
+	}
+
+	protected async addReaction(messageId: string, userId: string, reaction: Reaction): Promise<void> {
+		if (!this.isValidReaction(reaction)) {
+			throw new Error('Invalid reaction');
+		}
+
+		return executeSetReaction(userId, reaction, messageId, true);
+	}
+
+	protected async removeReaction(messageId: string, userId: string, reaction: Reaction): Promise<void> {
+		if (!this.isValidReaction(reaction)) {
+			throw new Error('Invalid reaction');
+		}
+
+		return executeSetReaction(userId, reaction, messageId, false);
+	}
 }

apps/meteor/app/apps/server/converters/rooms.js

@@ -111,8 +111,8 @@ export class AppRoomsConverter {
 		return Object.assign(newRoom, room._unmappedProperties_);
 	}
 
-	async convertRoom(room) {
-		if (!room) {
+	async convertRoom(originalRoom) {
+		if (!originalRoom) {
 			return undefined;
 		}
 
@@ -134,6 +134,7 @@ export class AppRoomsConverter {
 			_USERNAMES: '_USERNAMES',
 			description: 'description',
 			source: 'source',
+			closer: 'closer',
 			isDefault: (room) => {
 				const result = !!room.default;
 				delete room.default;
@@ -210,6 +211,19 @@ export class AppRoomsConverter {
 
 				return this.orch.getConverters().get('departments').convertById(departmentId);
 			},
+			closedBy: async (room) => {
+				const { closedBy } = room;
+
+				if (!closedBy) {
+					return undefined;
+				}
+
+				delete room.closedBy;
+				if (originalRoom.closer === 'user') {
+					return this.orch.getConverters().get('users').convertById(closedBy._id);
+				}
+				return this.orch.getConverters().get('visitors').convertById(closedBy._id);
+			},
 			servedBy: async (room) => {
 				const { servedBy } = room;
 
@@ -245,7 +259,7 @@ export class AppRoomsConverter {
 			},
 		};
 
-		return transformMappedData(room, map);
+		return transformMappedData(originalRoom, map);
 	}
 
 	_convertTypeToApp(typeChar) {

apps/meteor/app/authorization/server/constant/permissions.ts

@@ -93,6 +93,10 @@ export const permissions = [
 		_id: 'view-l-room',
 		roles: ['livechat-manager', 'livechat-monitor', 'livechat-agent', 'admin'],
 	},
+	{
+		_id: 'create-livechat-contact',
+		roles: ['livechat-manager', 'livechat-monitor', 'livechat-agent', 'admin'],
+	},
 	{ _id: 'view-livechat-manager', roles: ['livechat-manager', 'livechat-monitor', 'admin'] },
 	{
 		_id: 'view-omnichannel-contact-center',