Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into impr…

…ove/ui-caching

* 'develop' of github.com:RocketChat/Rocket.Chat:
  fix: Remove monitors query restrictions on update (#30550)
  chore: license v3 invalidation (#30585)
  chore: `CreateDirectMessage` a11y form improvements (#30581)
  chore: `CreateDiscussion` a11y improvements (#30583)
  chore: License v3 - behavior and limited reached triggers (#30561)
  chore: Improve `groups.create` endpoint for large amounts of members (#30499)
  feat: Monitors able to forward chats without joining (#30549)
  feat: Deployment Fingerprint (#30411)
  chore: fix flaky agents & custom fields tables tests (#30580)

.changeset/dull-trainers-drive.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+fix: Remove model-level query restrictions for monitors

.changeset/selfish-hounds-pay.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+fix: Monitors now able to forward a chat without taking it first

.changeset/tidy-bears-applaud.md

@@ -0,0 +1,10 @@
+---
+"@rocket.chat/meteor": minor
+"@rocket.chat/core-typings": minor
+"@rocket.chat/model-typings": minor
+"@rocket.chat/rest-typings": minor
+---
+
+Create a deployment fingerprint to identify possible deployment changes caused by database cloning. A question to the admin will confirm if it's a regular deployment change or an intent of a new deployment and correct identification values as needed.
+The fingerprint is composed by `${siteUrl}${dbConnectionString}` and hashed via `sha256` in `base64`.
+An environment variable named `AUTO_ACCEPT_FINGERPRINT`, when set to `true`, can be used to auto-accept an expected fingerprint change as a regular deployment update.

apps/meteor/app/api/server/v1/channels.ts

@@ -670,7 +670,14 @@ async function createChannelValidator(params: {
 
 async function createChannel(
 	userId: string,
-	params: { name?: string; members?: string[]; customFields?: Record<string, any>; extraData?: Record<string, any>; readOnly?: boolean },
+	params: {
+		name?: string;
+		members?: string[];
+		customFields?: Record<string, any>;
+		extraData?: Record<string, any>;
+		readOnly?: boolean;
+		excludeSelf?: boolean;
+	},
 ): Promise<{ channel: IRoom }> {
 	const readOnly = typeof params.readOnly !== 'undefined' ? params.readOnly : false;
 	const id = await createChannelMethod(
@@ -680,6 +687,7 @@ async function createChannel(
 		readOnly,
 		params.customFields,
 		params.extraData,
+		params.excludeSelf,
 	);
 
 	return {

apps/meteor/app/api/server/v1/groups.ts

@@ -1,4 +1,4 @@
-import { Team } from '@rocket.chat/core-services';
+import { Team, isMeteorError } from '@rocket.chat/core-services';
 import type { IIntegration, IUser, IRoom, RoomType } from '@rocket.chat/core-typings';
 import { Integrations, Messages, Rooms, Subscriptions, Uploads, Users } from '@rocket.chat/models';
 import { check, Match } from 'meteor/check';
@@ -302,10 +302,6 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async post() {
-			if (!(await hasPermissionAsync(this.userId, 'create-p'))) {
-				return API.v1.unauthorized();
-			}
-
 			if (!this.bodyParams.name) {
 				return API.v1.failure('Body param "name" is required');
 			}
@@ -323,24 +319,32 @@ API.v1.addRoute(
 
 			const readOnly = typeof this.bodyParams.readOnly !== 'undefined' ? this.bodyParams.readOnly : false;
 
-			const result = await createPrivateGroupMethod(
-				this.userId,
-				this.bodyParams.name,
-				this.bodyParams.members ? this.bodyParams.members : [],
-				readOnly,
-				this.bodyParams.customFields,
-				this.bodyParams.extraData,
-			);
-
-			const room = await Rooms.findOneById(result.rid, { projection: API.v1.defaultFieldsToExclude });
+			try {
+				const result = await createPrivateGroupMethod(
+					this.user,
+					this.bodyParams.name,
+					this.bodyParams.members ? this.bodyParams.members : [],
+					readOnly,
+					this.bodyParams.customFields,
+					this.bodyParams.extraData,
+					this.bodyParams.excludeSelf ?? false,
+				);
+
+				const room = await Rooms.findOneById(result.rid, { projection: API.v1.defaultFieldsToExclude });
+				if (!room) {
+					throw new Meteor.Error('error-room-not-found', 'The required "roomId" or "roomName" param provided does not match any group');
+				}
 
-			if (!room) {
-				throw new Meteor.Error('error-room-not-found', 'The required "roomId" or "roomName" param provided does not match any group');
+				return API.v1.success({
+					group: await composeRoomWithLastMessage(room, this.userId),
+				});
+			} catch (error: unknown) {
+				if (isMeteorError(error) && error.reason === 'error-not-allowed') {
+					return API.v1.unauthorized();
+				}
 			}
 
-			return API.v1.success({
-				group: await composeRoomWithLastMessage(room, this.userId),
-			});
+			return API.v1.internalError();
 		},
 	},
 );

apps/meteor/app/api/server/v1/misc.ts

@@ -1,13 +1,14 @@
 import crypto from 'crypto';
 
 import type { IUser } from '@rocket.chat/core-typings';
-import { Users } from '@rocket.chat/models';
+import { Settings, Users } from '@rocket.chat/models';
 import {
 	isShieldSvgProps,
 	isSpotlightProps,
 	isDirectoryProps,
 	isMethodCallProps,
 	isMethodCallAnonProps,
+	isFingerprintProps,
 	isMeteorCall,
 	validateParamsPwGetPolicyRest,
 } from '@rocket.chat/rest-typings';
@@ -16,6 +17,7 @@ import EJSON from 'ejson';
 import { check } from 'meteor/check';
 import { DDPRateLimiter } from 'meteor/ddp-rate-limiter';
 import { Meteor } from 'meteor/meteor';
+import { v4 as uuidv4 } from 'uuid';
 
 import { i18n } from '../../../../server/lib/i18n';
 import { SystemLogger } from '../../../../server/lib/logger/system';
@@ -643,3 +645,75 @@ API.v1.addRoute(
 		},
 	},
 );
+
+/**
+ * @openapi
+ *  /api/v1/fingerprint:
+ *    post:
+ *      description: Update Fingerprint definition as a new workspace or update of configuration
+ *      security:
+ *        $ref: '#/security/authenticated'
+ *      requestBody:
+ *        content:
+ *          application/json:
+ *            schema:
+ *              type: object
+ *              properties:
+ *                setDeploymentAs:
+ *                  type: string
+ *            example: |
+ *              {
+ *                 "setDeploymentAs": "new-workspace"
+ *              }
+ *      responses:
+ *        200:
+ *          description: Workspace successfully configured
+ *          content:
+ *            application/json:
+ *              schema:
+ *                $ref: '#/components/schemas/ApiSuccessV1'
+ *        default:
+ *          description: Unexpected error
+ *          content:
+ *            application/json:
+ *              schema:
+ *                $ref: '#/components/schemas/ApiFailureV1'
+ */
+API.v1.addRoute(
+	'fingerprint',
+	{
+		authRequired: true,
+		validateParams: isFingerprintProps,
+	},
+	{
+		async post() {
+			check(this.bodyParams, {
+				setDeploymentAs: String,
+			});
+
+			if (this.bodyParams.setDeploymentAs === 'new-workspace') {
+				await Promise.all([
+					Settings.resetValueById('uniqueID', process.env.DEPLOYMENT_ID || uuidv4()),
+					// Settings.resetValueById('Cloud_Url'),
+					Settings.resetValueById('Cloud_Service_Agree_PrivacyTerms'),
+					Settings.resetValueById('Cloud_Workspace_Id'),
+					Settings.resetValueById('Cloud_Workspace_Name'),
+					Settings.resetValueById('Cloud_Workspace_Client_Id'),
+					Settings.resetValueById('Cloud_Workspace_Client_Secret'),
+					Settings.resetValueById('Cloud_Workspace_Client_Secret_Expires_At'),
+					Settings.resetValueById('Cloud_Workspace_Registration_Client_Uri'),
+					Settings.resetValueById('Cloud_Workspace_PublicKey'),
+					Settings.resetValueById('Cloud_Workspace_License'),
+					Settings.resetValueById('Cloud_Workspace_Had_Trial'),
+					Settings.resetValueById('Cloud_Workspace_Access_Token'),
+					Settings.resetValueById('Cloud_Workspace_Access_Token_Expires_At', new Date(0)),
+					Settings.resetValueById('Cloud_Workspace_Registration_State'),
+				]);
+			}
+
+			await Settings.updateValueById('Deployment_FingerPrint_Verified', true);
+
+			return API.v1.success({});
+		},
+	},
+);

apps/meteor/app/apps/server/bridges/rooms.ts

@@ -55,7 +55,11 @@ export class AppRoomBridge extends RoomBridge {
 	}
 
 	private async createPrivateGroup(userId: string, room: ICoreRoom, members: string[]): Promise<string> {
-		return (await createPrivateGroupMethod(userId, room.name || '', members, room.ro, room.customFields, this.prepareExtraData(room))).rid;
+		const user = await Users.findOneById(userId);
+		if (!user) {
+			throw new Error('Invalid user');
+		}
+		return (await createPrivateGroupMethod(user, room.name || '', members, room.ro, room.customFields, this.prepareExtraData(room))).rid;
 	}
 
 	protected async getById(roomId: string, appId: string): Promise<IRoom> {

apps/meteor/app/cloud/server/functions/buildRegistrationData.ts

@@ -7,6 +7,8 @@ import { LICENSE_VERSION } from '../license';
 
 export type WorkspaceRegistrationData<T> = {
 	uniqueId: string;
+	deploymentFingerprintHash: string;
+	deploymentFingerprintVerified: boolean;
 	workspaceId: string;
 	address: string;
 	contactName: string;
@@ -50,6 +52,8 @@ export async function buildWorkspaceRegistrationData<T extends string | undefine
 	const npsEnabled = settings.get<string>('NPS_survey_enabled');
 	const agreePrivacyTerms = settings.get<string>('Cloud_Service_Agree_PrivacyTerms');
 	const setupWizardState = settings.get<string>('Show_Setup_Wizard');
+	const deploymentFingerprintHash = settings.get<string>('Deployment_FingerPrint_Hash');
+	const deploymentFingerprintVerified = settings.get<boolean>('Deployment_FingerPrint_Verified');
 
 	const firstUser = await Users.getOldest({ projection: { name: 1, emails: 1 } });
 	const contactName = firstUser?.name || '';
@@ -59,6 +63,8 @@ export async function buildWorkspaceRegistrationData<T extends string | undefine
 
 	return {
 		uniqueId: stats.uniqueId,
+		deploymentFingerprintHash,
+		deploymentFingerprintVerified,
 		workspaceId,
 		address,
 		contactName,

apps/meteor/app/discussion/server/methods/createDiscussion.ts

@@ -156,7 +156,7 @@ const create = async ({
 	const discussion = await createRoom(
 		type,
 		name,
-		user.username as string,
+		user,
 		[...new Set(invitedUsers)].filter(Boolean),
 		false,
 		false,

apps/meteor/app/importer/server/classes/ImportDataConverter.ts

@@ -1034,7 +1034,11 @@ export class ImportDataConverter {
 					return;
 				}
 				if (roomData.t === 'p') {
-					roomInfo = await createPrivateGroupMethod(startedByUserId, roomData.name, members, false, {}, {}, true);
+					const user = await Users.findOneById(startedByUserId);
+					if (!user) {
+						throw new Error('importer-channel-invalid-creator');
+					}
+					roomInfo = await createPrivateGroupMethod(user, roomData.name, members, false, {}, {}, true);
 				} else {
 					roomInfo = await createChannelMethod(startedByUserId, roomData.name, members, false, {}, {}, true);
 				}

apps/meteor/app/lib/server/functions/addUserToDefaultChannels.ts

@@ -12,7 +12,7 @@ export const addUserToDefaultChannels = async function (user: IUser, silenced?:
 	}).toArray();
 	for await (const room of defaultRooms) {
 		if (!(await Subscriptions.findOneByRoomIdAndUserId(room._id, user._id, { projection: { _id: 1 } }))) {
-			const autoTranslateConfig = await getSubscriptionAutotranslateDefaultConfig(user);
+			const autoTranslateConfig = getSubscriptionAutotranslateDefaultConfig(user);
 			// Add a subscription to this user
 			await Subscriptions.createWithRoomAndUser(room, user, {
 				ts: new Date(),

apps/meteor/app/lib/server/functions/addUserToRoom.ts

@@ -71,7 +71,7 @@ export const addUserToRoom = async function (
 		await callbacks.run('beforeJoinRoom', userToBeAdded, room);
 	}
 
-	const autoTranslateConfig = await getSubscriptionAutotranslateDefaultConfig(userToBeAdded);
+	const autoTranslateConfig = getSubscriptionAutotranslateDefaultConfig(userToBeAdded);
 
 	await Subscriptions.createWithRoomAndUser(room, userToBeAdded as IUser, {
 		ts: now,