Merge pull request #33087 from RocketChat/release-6.11.2

Release 6.11.2
RocketChat · Sep 3, 2024 · 7c4d287 · 7c4d287
2 parents 12e000d + a9b1ca8
commit 7c4d287
Show file tree

Hide file tree

Showing 29 changed files with 583 additions and 231 deletions.
diff --git a/.changeset/bump-patch-1724077277110.md b/.changeset/bump-patch-1724077277110.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Bump @rocket.chat/meteor version.
diff --git a/.changeset/gentle-bugs-think.md b/.changeset/gentle-bugs-think.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Prevent `processRoomAbandonment` callback from erroring out when a room was inactive during a day Business Hours was not configured for.
diff --git a/.changeset/orange-clocks-wait.md b/.changeset/orange-clocks-wait.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
diff --git a/.changeset/strong-rings-rush.md b/.changeset/strong-rings-rush.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Restored tooltips to the unit edit department field selected options
diff --git a/.changeset/two-bikes-crash.md b/.changeset/two-bikes-crash.md
@@ -0,0 +1,7 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixed an issue related to setting Accounts_ForgetUserSessionOnWindowClose, this setting was not working as expected.
+
+The new meteor 2.16 release introduced a new option to configure the Accounts package and choose between the local storage or session storage. They also changed how Meteor.\_localstorage works internally. Due to these changes in Meteor, our setting to use session storage wasn't working as expected. This PR fixes this issue and configures the Accounts package according to the workspace settings.
diff --git a/.changeset/wise-avocados-taste.md b/.changeset/wise-avocados-taste.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixes an issue where multi-step modals were closing unexpectedly
diff --git a/apps/meteor/app/lib/server/functions/getModifiedHttpHeaders.ts b/apps/meteor/app/lib/server/functions/getModifiedHttpHeaders.ts
@@ -0,0 +1,20 @@
+export const getModifiedHttpHeaders = (httpHeaders: Record<string, any>) => {
+	const modifiedHttpHeaders = { ...httpHeaders };
+
+	if ('x-auth-token' in modifiedHttpHeaders) {
+		modifiedHttpHeaders['x-auth-token'] = '[redacted]';
+	}
+
+	if (modifiedHttpHeaders.cookie) {
+		const cookies = modifiedHttpHeaders.cookie.split('; ');
+		const modifiedCookies = cookies.map((cookie: string) => {
+			if (cookie.startsWith('rc_token=')) {
+				return 'rc_token=[redacted]';
+			}
+			return cookie;
+		});
+		modifiedHttpHeaders.cookie = modifiedCookies.join('; ');
+	}
+
+	return modifiedHttpHeaders;
+};
diff --git a/apps/meteor/app/lib/server/lib/debug.js b/apps/meteor/app/lib/server/lib/debug.js
@@ -7,6 +7,7 @@ import _ from 'underscore';
 import { getMethodArgs } from '../../../../server/lib/logger/logPayloads';
 import { metrics } from '../../../metrics/server';
 import { settings } from '../../../settings/server';
+import { getModifiedHttpHeaders } from '../functions/getModifiedHttpHeaders';
 
 const logger = new Logger('Meteor');
 
@@ -41,7 +42,7 @@ const traceConnection = (enable, filter, prefix, name, connection, userId) => {
 		console.log(name, {
 			id: connection.id,
 			clientAddress: connection.clientAddress,
-			httpHeaders: connection.httpHeaders,
+			httpHeaders: getModifiedHttpHeaders(connection.httpHeaders),
 			userId,
 		});
 	} else {

diff --git a/apps/meteor/app/livechat/server/api/v1/room.ts b/apps/meteor/app/livechat/server/api/v1/room.ts
@@ -31,63 +31,72 @@ import { findVisitorInfo } from '../lib/visitors';
 
 const isAgentWithInfo = (agentObj: ILivechatAgent | { hiddenInfo: boolean }): agentObj is ILivechatAgent => !('hiddenInfo' in agentObj);
 
-API.v1.addRoute('livechat/room', {
-	async get() {
-		// I'll temporary use check for validation, as validateParams doesnt support what's being done here
-		const extraCheckParams = await onCheckRoomParams({
-			token: String,
-			rid: Match.Maybe(String),
-			agentId: Match.Maybe(String),
-		});
-
-		check(this.queryParams, extraCheckParams as any);
-
-		const { token, rid, agentId, ...extraParams } = this.queryParams;
-
-		const guest = token && (await findGuest(token));
-		if (!guest) {
-			throw new Error('invalid-token');
-		}
-
-		if (!rid) {
-			const room = await LivechatRooms.findOneOpenByVisitorToken(token, {});
-			if (room) {
-				return API.v1.success({ room, newRoom: false });
-			}
-
-			let agent: SelectedAgent | undefined;
-			const agentObj = agentId && (await findAgent(agentId));
-			if (agentObj) {
-				if (isAgentWithInfo(agentObj)) {
-					const { username = undefined } = agentObj;
-					agent = { agentId, username };
-				} else {
-					agent = { agentId };
-				}
+API.v1.addRoute(
+	'livechat/room',
+	{
+		rateLimiterOptions: {
+			numRequestsAllowed: 5,
+			intervalTimeInMS: 60000,
+		},
+	},
+	{
+		async get() {
+			// I'll temporary use check for validation, as validateParams doesnt support what's being done here
+			const extraCheckParams = await onCheckRoomParams({
+				token: String,
+				rid: Match.Maybe(String),
+				agentId: Match.Maybe(String),
+			});
+
+			check(this.queryParams, extraCheckParams as any);
+
+			const { token, rid, agentId, ...extraParams } = this.queryParams;
+
+			const guest = token && (await findGuest(token));
+			if (!guest) {
+				throw new Error('invalid-token');
 			}
 
-			const roomInfo = {
-				source: {
-					type: isWidget(this.request.headers) ? OmnichannelSourceType.WIDGET : OmnichannelSourceType.API,
-				},
-			};
+			if (!rid) {
+				const room = await LivechatRooms.findOneOpenByVisitorToken(token, {});
+				if (room) {
+					return API.v1.success({ room, newRoom: false });
+				}
 
-			const newRoom = await LivechatTyped.createRoom({ visitor: guest, roomInfo, agent, extraData: extraParams });
+				let agent: SelectedAgent | undefined;
+				const agentObj = agentId && (await findAgent(agentId));
+				if (agentObj) {
+					if (isAgentWithInfo(agentObj)) {
+						const { username = undefined } = agentObj;
+						agent = { agentId, username };
+					} else {
+						agent = { agentId };
+					}
+				}
 
-			return API.v1.success({
-				room: newRoom,
-				newRoom: true,
-			});
-		}
+				const roomInfo = {
+					source: {
+						type: isWidget(this.request.headers) ? OmnichannelSourceType.WIDGET : OmnichannelSourceType.API,
+					},
+				};
+
+				const newRoom = await LivechatTyped.createRoom({ visitor: guest, roomInfo, agent, extraData: extraParams });
 
-		const froom = await LivechatRooms.findOneOpenByRoomIdAndVisitorToken(rid, token, {});
-		if (!froom) {
-			throw new Error('invalid-room');
-		}
+				return API.v1.success({
+					room: newRoom,
+					newRoom: true,
+				});
+			}
+
+			const froom = await LivechatRooms.findOneOpenByRoomIdAndVisitorToken(rid, token, {});
+			if (!froom) {
+				throw new Error('invalid-room');
+			}
 
-		return API.v1.success({ room: froom, newRoom: false });
+			return API.v1.success({ room: froom, newRoom: false });
+		},
 	},
-});
+);
 
 // Note: use this route if a visitor is closing a room
 // If a RC user(like eg agent) is closing a room, use the `livechat/room.closeByUser` route