Develop sync

.github/history-manual.json

@@ -123,5 +123,12 @@
 			"sampaiodiego",
 			"pierre-lehnen-rc"
 		]
+	}],
+	"4.1.1": [{
+		"title": "[FIX] Security Hotfix (https://docs.rocket.chat/guides/security/security-updates)",
+		"userLogin": "sampaiodiego",
+		"contributors": [
+			"sampaiodiego"
+		]
 	}]
 }

.github/history.json

@@ -67032,6 +67032,116 @@
         "5.0"
       ],
       "pull_requests": []
+    },
+    "4.1.1": {
+      "node_version": "12.22.1",
+      "npm_version": "6.14.1",
+      "apps_engine_version": "1.28.1",
+      "mongo_versions": [
+        "3.6",
+        "4.0",
+        "4.2",
+        "4.4",
+        "5.0"
+      ],
+      "pull_requests": [
+        {
+          "pr": "23607",
+          "title": "[FIX] App update flow failing in HA setups",
+          "userLogin": "d-gubert",
+          "description": "The flow for app updates is broken in specific scenarios with HA setups. Here we change the method calls in the Apps-Engine to avoid race conditions",
+          "milestone": "4.1.1",
+          "contributors": [
+            "d-gubert"
+          ]
+        },
+        {
+          "pr": "23627",
+          "title": "[FIX] LDAP users not being re-activated on login",
+          "userLogin": "pierre-lehnen-rc",
+          "milestone": "4.1.1",
+          "contributors": [
+            "pierre-lehnen-rc"
+          ]
+        },
+        {
+          "pr": "23608",
+          "title": "[FIX] Advanced LDAP Sync Features",
+          "userLogin": "pierre-lehnen-rc",
+          "milestone": "4.1.1",
+          "contributors": [
+            "pierre-lehnen-rc",
+            "web-flow"
+          ]
+        }
+      ]
+    },
+    "3.18.3": {
+      "node_version": "12.22.1",
+      "npm_version": "6.14.1",
+      "apps_engine_version": "1.27.1",
+      "mongo_versions": [
+        "3.4",
+        "3.6",
+        "4.0",
+        "4.2"
+      ],
+      "pull_requests": []
+    },
+    "4.0.6": {
+      "node_version": "12.22.1",
+      "npm_version": "6.14.1",
+      "apps_engine_version": "1.28.0",
+      "mongo_versions": [
+        "3.6",
+        "4.0",
+        "4.2",
+        "4.4",
+        "5.0"
+      ],
+      "pull_requests": []
+    },
+    "4.1.2": {
+      "node_version": "12.22.1",
+      "npm_version": "6.14.1",
+      "apps_engine_version": "1.28.1",
+      "mongo_versions": [
+        "3.6",
+        "4.0",
+        "4.2",
+        "4.4",
+        "5.0"
+      ],
+      "pull_requests": [
+        {
+          "pr": "23487",
+          "title": "[FIX] Notifications are not being filtered",
+          "userLogin": "matheusbsilva137",
+          "description": "- Add a migration to update the `Accounts_Default_User_Preferences_pushNotifications` setting's value to the `Accounts_Default_User_Preferences_mobileNotifications` setting's value;\r\n - Remove the `Accounts_Default_User_Preferences_mobileNotifications` setting (replaced by `Accounts_Default_User_Preferences_pushNotifications`);\r\n - Rename 'mobileNotifications' user's preference to 'pushNotifications'.",
+          "milestone": "4.1.2",
+          "contributors": [
+            "matheusbsilva137"
+          ]
+        },
+        {
+          "pr": "23661",
+          "title": "[FIX] Performance issues when running Omnichannel job queue dispatcher",
+          "userLogin": "renatobecker",
+          "milestone": "4.1.2",
+          "contributors": [
+            "renatobecker"
+          ]
+        },
+        {
+          "pr": "23587",
+          "title": "[FIX] Omnichannel status being changed on page refresh",
+          "userLogin": "KevLehman",
+          "milestone": "4.1.2",
+          "contributors": [
+            "KevLehman"
+          ]
+        }
+      ]
     }
   }
 }

HISTORY.md

@@ -1,6 +1,62 @@
 
+# 4.1.2
+`2021-11-08  ·  3 🐛  ·  3 👩‍💻👨‍💻`
+
+### Engine versions
+- Node: `12.22.1`
+- NPM: `6.14.1`
+- MongoDB: `3.6, 4.0, 4.2, 4.4, 5.0`
+- Apps-Engine: `1.28.1`
+
+### 🐛 Bug fixes
+
+
+- Notifications are not being filtered ([#23487](https://github.com/RocketChat/Rocket.Chat/pull/23487))
+
+  - Add a migration to update the `Accounts_Default_User_Preferences_pushNotifications` setting's value to the `Accounts_Default_User_Preferences_mobileNotifications` setting's value;
+   - Remove the `Accounts_Default_User_Preferences_mobileNotifications` setting (replaced by `Accounts_Default_User_Preferences_pushNotifications`);
+   - Rename 'mobileNotifications' user's preference to 'pushNotifications'.
+
+- Omnichannel status being changed on page refresh ([#23587](https://github.com/RocketChat/Rocket.Chat/pull/23587))
+
+- Performance issues when running Omnichannel job queue dispatcher ([#23661](https://github.com/RocketChat/Rocket.Chat/pull/23661))
+
+### 👩‍💻👨‍💻 Core Team 🤓
+
+- [@KevLehman](https://github.com/KevLehman)
+- [@matheusbsilva137](https://github.com/matheusbsilva137)
+- [@renatobecker](https://github.com/renatobecker)
+
+# 4.1.1
+`2021-11-05  ·  4 🐛  ·  3 👩‍💻👨‍💻`
+
+### Engine versions
+- Node: `12.22.1`
+- NPM: `6.14.1`
+- MongoDB: `3.6, 4.0, 4.2, 4.4, 5.0`
+- Apps-Engine: `1.28.1`
+
+### 🐛 Bug fixes
+
+
+- Advanced LDAP Sync Features ([#23608](https://github.com/RocketChat/Rocket.Chat/pull/23608))
+
+- App update flow failing in HA setups ([#23607](https://github.com/RocketChat/Rocket.Chat/pull/23607))
+
+  The flow for app updates is broken in specific scenarios with HA setups. Here we change the method calls in the Apps-Engine to avoid race conditions
+
+- LDAP users not being re-activated on login ([#23627](https://github.com/RocketChat/Rocket.Chat/pull/23627))
+
+- Security Hotfix (https://docs.rocket.chat/guides/security/security-updates)
+
+### 👩‍💻👨‍💻 Core Team 🤓
+
+- [@d-gubert](https://github.com/d-gubert)
+- [@pierre-lehnen-rc](https://github.com/pierre-lehnen-rc)
+- [@sampaiodiego](https://github.com/sampaiodiego)
+
 # 4.1.0
-`2021-10-27  ·  1 🎉  ·  4 🚀  ·  25 🐛  ·  38 🔍  ·  23 👩‍💻👨‍💻`
+`2021-10-28  ·  1 🎉  ·  4 🚀  ·  25 🐛  ·  38 🔍  ·  23 👩‍💻👨‍💻`
 
 ### Engine versions
 - Node: `12.22.1`
@@ -6345,7 +6401,7 @@
 - [@sampaiodiego](https://github.com/sampaiodiego)
 
 # 3.8.0
-`2020-11-14  ·  14 🎉  ·  4 🚀  ·  40 🐛  ·  54 🔍  ·  30 👩‍💻👨‍💻`
+`2020-11-13  ·  14 🎉  ·  4 🚀  ·  40 🐛  ·  54 🔍  ·  30 👩‍💻👨‍💻`
 
 ### Engine versions
 - Node: `12.18.4`

app/api/server/lib/integrations.js → app/api/server/lib/integrations.ts

@@ -1,7 +1,9 @@
 import { Integrations } from '../../../models/server/raw';
 import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
+import { IIntegration } from '../../../../definition/IIntegration';
+import { IUser } from '../../../../definition/IUser';
 
-const hasIntegrationsPermission = async (userId, integration) => {
+const hasIntegrationsPermission = async (userId: string, integration: IIntegration): Promise<boolean> => {
 	const type = integration.type === 'webhook-incoming' ? 'incoming' : 'outgoing';
 
 	if (await hasPermissionAsync(userId, `manage-${ type }-integrations`)) {
@@ -15,7 +17,15 @@ const hasIntegrationsPermission = async (userId, integration) => {
 	return false;
 };
 
-export const findOneIntegration = async ({ userId, integrationId, createdBy }) => {
+export const findOneIntegration = async ({
+	userId,
+	integrationId,
+	createdBy,
+}: {
+	userId: string;
+	integrationId: string;
+	createdBy: IUser;
+}): Promise<IIntegration> => {
 	const integration = await Integrations.findOneByIdAndCreatedByIfExists({ _id: integrationId, createdBy });
 	if (!integration) {
 		throw new Error('The integration does not exists.');

app/api/server/lib/webdav.ts

@@ -0,0 +1,16 @@
+import { WebdavAccounts } from '../../../models/server/raw';
+import { IWebdavAccount } from '../../../../definition/IWebdavAccount';
+
+export async function findWebdavAccountsByUserId({ uid }: { uid: string }): Promise<{ accounts: IWebdavAccount[] }> {
+	return {
+		accounts: await WebdavAccounts.findWithUserId(uid, {
+			projection: {
+				_id: 1,
+				username: 1,
+				// eslint-disable-next-line @typescript-eslint/camelcase
+				server_url: 1,
+				name: 1,
+			},
+		}).toArray(),
+	};
+}

app/api/server/v1/channels.js

@@ -2,7 +2,8 @@ import { Meteor } from 'meteor/meteor';
 import { Match, check } from 'meteor/check';
 import _ from 'underscore';
 
-import { Rooms, Subscriptions, Messages, Uploads, Integrations, Users } from '../../../models/server';
+import { Rooms, Subscriptions, Messages, Users } from '../../../models/server';
+import { Integrations, Uploads } from '../../../models/server/raw';
 import { canAccessRoom, hasPermission, hasAtLeastOnePermission, hasAllPermission } from '../../../authorization/server';
 import { mountIntegrationQueryBasedOnPermissions } from '../../../integrations/server/lib/mountQueriesBasedOnPermission';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
@@ -285,28 +286,28 @@ API.v1.addRoute('channels.files', { authRequired: true }, {
 			return file;
 		};
 
-		Meteor.runAsUser(this.userId, () => {
-			Meteor.call('canAccessRoom', findResult._id, this.userId);
-		});
+		if (!canAccessRoom(findResult, { _id: this.userId })) {
+			return API.v1.unauthorized();
+		}
 
 		const { offset, count } = this.getPaginationItems();
 		const { sort, fields, query } = this.parseJsonQuery();
 
 		const ourQuery = Object.assign({}, query, { rid: findResult._id });
 
-		const files = Uploads.find(ourQuery, {
+		const files = Promise.await(Uploads.find(ourQuery, {
 			sort: sort || { name: 1 },
 			skip: offset,
 			limit: count,
 			fields,
-		}).fetch();
+		}).toArray());
 
 		return API.v1.success({
 			files: files.map(addUserObjectToEveryObject),
 			count:
 			files.length,
 			offset,
-			total: Uploads.find(ourQuery).count(),
+			total: Promise.await(Uploads.find(ourQuery).count()),
 		});
 	},
 });
@@ -340,21 +341,24 @@ API.v1.addRoute('channels.getIntegrations', { authRequired: true }, {
 		}
 
 		const { offset, count } = this.getPaginationItems();
-		const { sort, fields, query } = this.parseJsonQuery();
+		const { sort, fields: projection, query } = this.parseJsonQuery();
 
 		ourQuery = Object.assign(mountIntegrationQueryBasedOnPermissions(this.userId), query, ourQuery);
-		const integrations = Integrations.find(ourQuery, {
+		const cursor = Integrations.find(ourQuery, {
 			sort: sort || { _createdAt: 1 },
 			skip: offset,
 			limit: count,
-			fields,
-		}).fetch();
+			projection,
+		});
+
+		const integrations = Promise.await(cursor.toArray());
+		const total = Promise.await(cursor.count());
 
 		return API.v1.success({
 			integrations,
 			count: integrations.length,
 			offset,
-			total: Integrations.find(ourQuery).count(),
+			total,
 		});
 	},
 });

app/api/server/v1/chat.js

@@ -3,7 +3,7 @@ import { Meteor } from 'meteor/meteor';
 import { Match, check } from 'meteor/check';
 
 import { Messages } from '../../../models';
-import { canAccessRoom, hasPermission } from '../../../authorization';
+import { canAccessRoom, hasPermission } from '../../../authorization/server';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
 import { processWebhookMessage } from '../../../lib/server';
 import { executeSendMessage } from '../../../lib/server/methods/sendMessage';
@@ -404,12 +404,12 @@ API.v1.addRoute('chat.getPinnedMessages', { authRequired: true }, {
 		if (!roomId) {
 			throw new Meteor.Error('error-roomId-param-not-provided', 'The required "roomId" query param is missing.');
 		}
-		const room = Meteor.call('canAccessRoom', roomId, this.userId);
-		if (!room) {
+
+		if (!canAccessRoom({ _id: roomId }, { _id: this.userId })) {
 			throw new Meteor.Error('error-not-allowed', 'Not allowed');
 		}
 
-		const cursor = Messages.findPinnedByRoom(room._id, {
+		const cursor = Messages.findPinnedByRoom(roomId, {
 			skip: offset,
 			limit: count,
 		});