Merge branch 'develop' into refactor/required-field-copy

RocketChat · Sep 13, 2024 · f60a840 · f60a840
2 parents 38b2824 + 98b6a20
commit f60a840
Show file tree

Hide file tree

Showing 783 changed files with 3,240 additions and 2,308 deletions.
diff --git a/.changeset/four-cherries-kneel.md b/.changeset/four-cherries-kneel.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Allow to use the token from `room.v` when requesting transcript instead of visitor token. Visitors may change their tokens at any time, rendering old conversations impossible to access for them (or for APIs depending on token) as the visitor token won't match the `room.v` token.
diff --git a/.changeset/healthy-rivers-nail.md b/.changeset/healthy-rivers-nail.md
@@ -0,0 +1,8 @@
+---
+"@rocket.chat/meteor": minor
+"@rocket.chat/i18n": minor
+"@rocket.chat/livechat": minor
+---
+
+Added new setting `Allow visitors to finish conversations` that allows admins to decide if omnichannel visitors can close a conversation or not. This doesn't affect agent's capabilities of room closing, neither apps using the livechat bridge to close rooms.
+However, if currently your integration relies on `livechat/room.close` endpoint for closing conversations, it's advised to use the authenticated version `livechat/room.closeByUser` of it before turning off this setting.
diff --git a/.changeset/khaki-cameras-glow.md b/.changeset/khaki-cameras-glow.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixes an issue where the retention policy warning keep displaying even if the retention is disabled inside the room
diff --git a/.changeset/many-balloons-scream.md b/.changeset/many-balloons-scream.md
@@ -0,0 +1,13 @@
+---
+'@rocket.chat/uikit-playground': minor
+'@rocket.chat/fuselage-ui-kit': minor
+'@rocket.chat/ui-theming': minor
+'@rocket.chat/ui-video-conf': minor
+'@rocket.chat/ui-composer': minor
+'@rocket.chat/gazzodown': minor
+'@rocket.chat/ui-avatar': minor
+'@rocket.chat/ui-client': minor
+'@rocket.chat/meteor': minor
+---
+
+Replaced new `SidebarV2` components under feature preview
diff --git a/.changeset/many-rules-shout.md b/.changeset/many-rules-shout.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
diff --git a/.changeset/nasty-tools-enjoy.md b/.changeset/nasty-tools-enjoy.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed a code issue on NPS service. It was passing `startAt` as the expiration date when creating a banner.
diff --git a/.changeset/pink-swans-teach.md b/.changeset/pink-swans-teach.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+fixed retention policy max age settings not being respected after upgrade
diff --git a/.changeset/short-drinks-itch.md b/.changeset/short-drinks-itch.md
@@ -0,0 +1,6 @@
+---
+'@rocket.chat/message-parser': patch
+'@rocket.chat/peggy-loader': patch
+---
+
+Improved the performance of the message parser
diff --git a/.changeset/tiny-geckos-kiss.md b/.changeset/tiny-geckos-kiss.md
@@ -0,0 +1,6 @@
+---
+'@rocket.chat/i18n': minor
+'@rocket.chat/meteor': minor
+---
+
+Added a new setting which allows workspace admins to disable email two factor authentication for SSO (OAuth) users. If enabled, SSO users won't be asked for email two factor authentication.
diff --git a/.changeset/wet-hats-walk.md b/.changeset/wet-hats-walk.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed issue that caused an infinite loading state when uploading a private app to Rocket.Chat
diff --git a/.github/workflows/ci-deploy-gh-pages-preview.yml b/.github/workflows/ci-deploy-gh-pages-preview.yml
@@ -0,0 +1,41 @@
+# .github/workflows/ci-preview.yml
+name: Deploy PR previews
+concurrency: preview-${{ github.ref }}
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - closed
+
+jobs:
+  deploy-preview:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: rharkor/[email protected]
+        if: github.event.action != 'closed'
+
+      - name: Setup NodeJS
+        uses: ./.github/actions/setup-node
+        if: github.event.action != 'closed'
+        with:
+          node-version: 14.21.3
+          cache-modules: true
+          install: true
+
+      - name: Build
+        if: github.event.action != 'closed'
+        run: |
+          yarn turbo run build-preview
+          yarn turbo run .:build-preview-move
+          npx indexifier .preview --html  --extensions .html  > .preview/index.html
+
+      - uses: rossjrw/pr-preview-action@v1
+        with:
+          source-dir: .preview
+          preview-branch: gh-pages
+          umbrella-dir: pr-preview
+          action: auto
diff --git a/.github/workflows/ci-deploy-gh-pages.yml b/.github/workflows/ci-deploy-gh-pages.yml
@@ -0,0 +1,38 @@
+# .github/workflows/ci-preview-deploy.yml
+name: Deploy GitHub Pages
+concurrency: preview-deploy-${{ github.ref }}
+on:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+jobs:
+  deploy-preview:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: rharkor/[email protected]
+
+      - name: Setup NodeJS
+        uses: ./.github/actions/setup-node
+        with:
+          node-version: 14.21.3
+          cache-modules: true
+          install: true
+
+      - name: Build
+        run: |
+          yarn turbo run build-preview
+          yarn turbo run .:build-preview-move
+          npx indexifier .preview --html  --extensions .html  > .preview/index.html
+          mv .preview ${{ github.ref_name }}
+          mkdir .preview
+          mv ${{ github.ref_name }} .preview
+
+      - name: Deploy
+        uses: peaceiris/actions-gh-pages@v4
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: .preview
+          keep_files: true
diff --git a/.gitignore b/.gitignore
@@ -47,6 +47,8 @@ yarn-error.log*
 .history
 .envrc
 
+.preview
+
 *.sublime-workspace
 
 **/.vim/

diff --git a/.yarn/patches/react-i18next-npm-15.0.1-0812bb73aa.patch b/.yarn/patches/react-i18next-npm-15.0.1-0812bb73aa.patch
diff --git a/_templates/package/new/package.json.ejs.t b/_templates/package/new/package.json.ejs.t
@@ -19,6 +19,7 @@ to: packages/<%= name %>/package.json
 		"test": "jest",
 		"build": "rm -rf dist && tsc -p tsconfig.json",
 		"dev": "tsc -p tsconfig.json --watch --preserveWatchOutput"
+		"build-preview": "mkdir -p ../../.preview && cp -r ./dist ../../.preview/<%= name.toLowerCase() %>"
 	},
 	"main": "./dist/index.js",
 	"typings": "./dist/index.d.ts",

diff --git a/apps/meteor/app/2fa/server/code/EmailCheck.spec.ts b/apps/meteor/app/2fa/server/code/EmailCheck.spec.ts
@@ -0,0 +1,70 @@
+import { expect } from 'chai';
+import { describe, it } from 'mocha';
+import proxyquire from 'proxyquire';
+import sinon from 'sinon';
+
+const settingsMock = sinon.stub();
+
+const { EmailCheck } = proxyquire.noCallThru().load('./EmailCheck', {
+	'@rocket.chat/models': {
+		Users: {},
+	},
+	'meteor/accounts-base': {
+		Accounts: {
+			_bcryptRounds: () => '123',
+		},
+	},
+	'../../../../server/lib/i18n': {
+		i18n: {
+			t: (key: string) => key,
+		},
+	},
+	'../../../mailer/server/api': {
+		send: () => undefined,
+	},
+	'../../../settings/server': {
+		settings: {
+			get: settingsMock,
+		},
+	},
+});
+
+const normalUserMock = { services: { email2fa: { enabled: true } }, emails: [{ email: '[email protected]', verified: true }] };
+const normalUserWithUnverifiedEmailMock = {
+	services: { email2fa: { enabled: true } },
+	emails: [{ email: '[email protected]', verified: false }],
+};
+const OAuthUserMock = { services: { google: {} }, emails: [{ email: '[email protected]', verified: true }] };
+
+describe('EmailCheck', () => {
+	let emailCheck: typeof EmailCheck;
+	beforeEach(() => {
+		settingsMock.reset();
+
+		emailCheck = new EmailCheck();
+	});
+
+	it('should return EmailCheck is enabled for a normal user', () => {
+		settingsMock.returns(true);
+
+		const isEmail2FAEnabled = emailCheck.isEnabled(normalUserMock);
+
+		expect(isEmail2FAEnabled).to.be.equal(true);
+	});
+
+	it('should return EmailCheck is not enabled for a normal user with unverified email', () => {
+		settingsMock.returns(true);
+
+		const isEmail2FAEnabled = emailCheck.isEnabled(normalUserWithUnverifiedEmailMock);
+
+		expect(isEmail2FAEnabled).to.be.equal(false);
+	});
+
+	it('should return EmailCheck is not enabled for a OAuth user with setting being false', () => {
+		settingsMock.returns(true);
+
+		const isEmail2FAEnabled = emailCheck.isEnabled(OAuthUserMock);
+
+		expect(isEmail2FAEnabled).to.be.equal(false);
+	});
+});
diff --git a/apps/meteor/app/2fa/server/code/EmailCheck.ts b/apps/meteor/app/2fa/server/code/EmailCheck.ts
@@ -1,4 +1,4 @@
-import type { IUser } from '@rocket.chat/core-typings';
+import { isOAuthUser, type IUser } from '@rocket.chat/core-typings';
 import { Users } from '@rocket.chat/models';
 import { Random } from '@rocket.chat/random';
 import bcrypt from 'bcrypt';
@@ -24,6 +24,10 @@ export class EmailCheck implements ICodeCheck {
 			return false;
 		}
 
+		if (!settings.get('Accounts_twoFactorAuthentication_email_available_for_OAuth_users') && isOAuthUser(user)) {
+			return false;
+		}
+
 		if (!user.services?.email2fa?.enabled) {
 			return false;
 		}
@@ -34,7 +38,7 @@ export class EmailCheck implements ICodeCheck {
 	private async send2FAEmail(address: string, random: string, user: IUser): Promise<void> {
 		const language = user.language || settings.get('Language') || 'en';
 
-		const t = (s: string): string => i18n.t(s, { lng: language });
+		const t = i18n.getFixedT(language);
 
 		await Mailer.send({
 			to: address,

diff --git a/apps/meteor/app/2fa/server/code/index.ts b/apps/meteor/app/2fa/server/code/index.ts
@@ -45,14 +45,10 @@ function getAvailableMethodNames(user: IUser): string[] {
 export async function getUserForCheck(userId: string): Promise<IUser | null> {
 	return Users.findOneById(userId, {
 		projection: {
-			'emails': 1,
-			'language': 1,
-			'createdAt': 1,
-			'services.totp': 1,
-			'services.email2fa': 1,
-			'services.emailCode': 1,
-			'services.password': 1,
-			'services.resume.loginTokens': 1,
+			emails: 1,
+			language: 1,
+			createdAt: 1,
+			services: 1,
 		},
 	});
 }

diff --git a/apps/meteor/app/2fa/server/functions/resetTOTP.ts b/apps/meteor/app/2fa/server/functions/resetTOTP.ts
@@ -22,7 +22,7 @@ const sendResetNotification = async function (uid: string): Promise<void> {
 		return;
 	}
 
-	const t = (s: string): string => i18n.t(s, { lng: language });
+	const t = i18n.getFixedT(language);
 	const text = `
 	${t('Your_TOTP_has_been_reset')}
 

diff --git a/apps/meteor/app/api/server/v1/misc.ts b/apps/meteor/app/api/server/v1/misc.ts
@@ -1,6 +1,6 @@
 import crypto from 'crypto';
 
-import type { IUser } from '@rocket.chat/core-typings';
+import { isOAuthUser, type IUser } from '@rocket.chat/core-typings';
 import { Settings, Users } from '@rocket.chat/models';
 import {
 	isShieldSvgProps,
@@ -26,7 +26,7 @@ import { hasPermissionAsync } from '../../../authorization/server/functions/hasP
 import { passwordPolicy } from '../../../lib/server';
 import { notifyOnSettingChangedById } from '../../../lib/server/lib/notifyListener';
 import { settings } from '../../../settings/server';
-import { getDefaultUserFields } from '../../../utils/server/functions/getDefaultUserFields';
+import { getBaseUserFields } from '../../../utils/server/functions/getBaseUserFields';
 import { isSMTPConfigured } from '../../../utils/server/functions/isSMTPConfigured';
 import { getURL } from '../../../utils/server/getURL';
 import { API } from '../api';
@@ -176,15 +176,19 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async get() {
-			const fields = getDefaultUserFields();
-			const { services, ...user } = (await Users.findOneById(this.userId, { projection: fields })) as IUser;
+			const userFields = { ...getBaseUserFields(), services: 1 };
+			const { services, ...user } = (await Users.findOneById(this.userId, { projection: userFields })) as IUser;
 
 			return API.v1.success(
 				await getUserInfo({
 					...user,
+					isOAuthUser: isOAuthUser({ ...user, services }),
 					...(services && {
 						services: {
-							...services,
+							...(services.github && { github: services.github }),
+							...(services.gitlab && { gitlab: services.gitlab }),
+							...(services.email2fa?.enabled && { email2fa: { enabled: services.email2fa.enabled } }),
+							...(services.totp?.enabled && { totp: { enabled: services.totp.enabled } }),
 							password: {
 								// The password hash shouldn't be leaked but the client may need to know if it exists.
 								exists: Boolean(services?.password?.bcrypt),

diff --git a/apps/meteor/app/authorization/server/functions/canDeleteMessage.ts b/apps/meteor/app/authorization/server/functions/canDeleteMessage.ts
@@ -1,7 +1,8 @@
-import type { IUser } from '@rocket.chat/core-typings';
+import type { IUser, IRoom } from '@rocket.chat/core-typings';
 import { Rooms } from '@rocket.chat/models';
 
 import { getValue } from '../../../settings/server/raw';
+import { canAccessRoomAsync } from './canAccessRoom';
 import { hasPermissionAsync } from './hasPermission';
 
 const elapsedTime = (ts: Date): number => {
@@ -13,6 +14,25 @@ export const canDeleteMessageAsync = async (
 	uid: string,
 	{ u, rid, ts }: { u: Pick<IUser, '_id' | 'username'>; rid: string; ts: Date },
 ): Promise<boolean> => {
+	const room = await Rooms.findOneById<Pick<IRoom, '_id' | 'ro' | 'unmuted' | 't' | 'teamId' | 'prid'>>(rid, {
+		projection: {
+			_id: 1,
+			ro: 1,
+			unmuted: 1,
+			t: 1,
+			teamId: 1,
+			prid: 1,
+		},
+	});
+
+	if (!room) {
+		return false;
+	}
+
+	if (!(await canAccessRoomAsync(room, { _id: uid }))) {
+		return false;
+	}
+
 	const forceDelete = await hasPermissionAsync(uid, 'force-delete-message', rid);
 
 	if (forceDelete) {
@@ -45,12 +65,6 @@ export const canDeleteMessageAsync = async (
 		}
 	}
 
-	const room = await Rooms.findOneById(rid, { projection: { ro: 1, unmuted: 1 } });
-
-	if (!room) {
-		return false;
-	}
-
 	if (room.ro === true && !(await hasPermissionAsync(uid, 'post-readonly', rid))) {
 		// Unless the user was manually unmuted
 		if (u.username && !(room.unmuted || []).includes(u.username)) {