Merge branch 'develop' into develop-uploadfile

README.md

@@ -81,7 +81,7 @@ Join thousands of members worldwide 24/7 in our [community server](https://open.
 
 [![Rocket.Chat](https://open.rocket.chat/api/v1/shield.svg?type=channel&name=Rocket.Chat&channel=dev)](https://open.rocket.chat/channel/dev) for developers needing help from the community to developing new features.
 
-You can also join the conversation at [Twitter](https://twitter.com/RocketChat), [Facebook](https://www.facebook.com/RocketChatApp) or [Google Plus](https://plus.google.com/+RocketChatApp).
+You can also join the conversation at [Twitter](https://twitter.com/RocketChat) and [Facebook](https://www.facebook.com/RocketChatApp).
 
 # Desktop Apps
 Download the Native Cross-Platform Desktop Application at [Rocket.Chat.Electron](https://github.com/RocketChat/Rocket.Chat.Electron/releases)

app/api/server/v1/channels.js

@@ -762,7 +762,7 @@ API.v1.addRoute('channels.setDefault', { authRequired: true }, {
 
 API.v1.addRoute('channels.setDescription', { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.description || !this.bodyParams.description.trim()) {
+		if (!this.bodyParams.hasOwnProperty('description')) {
 			return API.v1.failure('The bodyParam "description" is required');
 		}
 
@@ -782,6 +782,7 @@ API.v1.addRoute('channels.setDescription', { authRequired: true }, {
 	},
 });
 
+
 API.v1.addRoute('channels.setJoinCode', { authRequired: true }, {
 	post() {
 		if (!this.bodyParams.joinCode || !this.bodyParams.joinCode.trim()) {
@@ -802,7 +803,7 @@ API.v1.addRoute('channels.setJoinCode', { authRequired: true }, {
 
 API.v1.addRoute('channels.setPurpose', { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.purpose || !this.bodyParams.purpose.trim()) {
+		if (!this.bodyParams.hasOwnProperty('purpose')) {
 			return API.v1.failure('The bodyParam "purpose" is required');
 		}
 
@@ -846,7 +847,7 @@ API.v1.addRoute('channels.setReadOnly', { authRequired: true }, {
 
 API.v1.addRoute('channels.setTopic', { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.topic || !this.bodyParams.topic.trim()) {
+		if (!this.bodyParams.hasOwnProperty('topic')) {
 			return API.v1.failure('The bodyParam "topic" is required');
 		}
 
@@ -868,7 +869,7 @@ API.v1.addRoute('channels.setTopic', { authRequired: true }, {
 
 API.v1.addRoute('channels.setAnnouncement', { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.announcement || !this.bodyParams.announcement.trim()) {
+		if (!this.bodyParams.hasOwnProperty('announcement')) {
 			return API.v1.failure('The bodyParam "announcement" is required');
 		}
 

app/api/server/v1/groups.js

@@ -664,7 +664,7 @@ API.v1.addRoute('groups.setCustomFields', { authRequired: true }, {
 
 API.v1.addRoute('groups.setDescription', { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.description || !this.bodyParams.description.trim()) {
+		if (!this.bodyParams.hasOwnProperty('description')) {
 			return API.v1.failure('The bodyParam "description" is required');
 		}
 
@@ -682,7 +682,7 @@ API.v1.addRoute('groups.setDescription', { authRequired: true }, {
 
 API.v1.addRoute('groups.setPurpose', { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.purpose || !this.bodyParams.purpose.trim()) {
+		if (!this.bodyParams.hasOwnProperty('purpose')) {
 			return API.v1.failure('The bodyParam "purpose" is required');
 		}
 
@@ -722,7 +722,7 @@ API.v1.addRoute('groups.setReadOnly', { authRequired: true }, {
 
 API.v1.addRoute('groups.setTopic', { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.topic || !this.bodyParams.topic.trim()) {
+		if (!this.bodyParams.hasOwnProperty('topic')) {
 			return API.v1.failure('The bodyParam "topic" is required');
 		}
 
@@ -762,7 +762,7 @@ API.v1.addRoute('groups.setType', { authRequired: true }, {
 
 API.v1.addRoute('groups.setAnnouncement', { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.announcement || !this.bodyParams.announcement.trim()) {
+		if (!this.bodyParams.hasOwnProperty('announcement')) {
 			return API.v1.failure('The bodyParam "announcement" is required');
 		}
 

app/api/server/v1/im.js

@@ -352,7 +352,7 @@ API.v1.addRoute(['dm.open', 'im.open'], { authRequired: true }, {
 
 API.v1.addRoute(['dm.setTopic', 'im.setTopic'], { authRequired: true }, {
 	post() {
-		if (!this.bodyParams.topic || !this.bodyParams.topic.trim()) {
+		if (!this.bodyParams.hasOwnProperty('topic')) {
 			return API.v1.failure('The bodyParam "topic" is required');
 		}
 

app/api/server/v1/users.js

@@ -160,7 +160,8 @@ API.v1.addRoute('users.info', { authRequired: true }, {
 		}
 
 		user = result[0];
-		if (fields.userRooms === 1 && hasPermission(this.userId, 'view-other-user-channels')) {
+		const myself = user._id === this.userId;
+		if (fields.userRooms === 1 && (myself || hasPermission(this.userId, 'view-other-user-channels'))) {
 			user.rooms = Subscriptions.findByUserId(user._id, {
 				fields: {
 					rid: 1,

app/custom-oauth/server/custom_oauth_server.js

@@ -73,6 +73,7 @@ export class CustomOAuth {
 		this.tokenSentVia = options.tokenSentVia;
 		this.identityTokenSentVia = options.identityTokenSentVia;
 		this.usernameField = (options.usernameField || '').trim();
+		this.nameField = (options.nameField || '').trim();
 		this.avatarField = (options.avatarField || '').trim();
 		this.mergeUsers = options.mergeUsers;
 		this.mergeRoles = options.mergeRoles || false;
@@ -299,7 +300,11 @@ export class CustomOAuth {
 			identity.avatarUrl = this.getAvatarUrl(identity);
 		}
 
-		identity.name = this.getName(identity);
+		if (this.nameField) {
+			identity.name = this.getCustomName(identity);
+		} else {
+			identity.name = this.getName(identity);
+		}
 
 		return identity;
 	}
@@ -321,6 +326,20 @@ export class CustomOAuth {
 		return username;
 	}
 
+	getCustomName(data) {
+		let customName = '';
+
+		customName = this.nameField.split('.').reduce(function(prev, curr) {
+			return prev ? prev[curr] : undefined;
+		}, data);
+
+		if (!customName) {
+			return this.getName(data);
+		}
+
+		return customName;
+	}
+
 	getAvatarUrl(data) {
 		const avatarUrl = this.avatarField.split('.').reduce(function(prev, curr) {
 			return prev ? prev[curr] : undefined;
@@ -384,6 +403,10 @@ export class CustomOAuth {
 				user.username = this.getUsername(user.services[this.name]);
 			}
 
+			if (this.nameField) {
+				user.name = this.getCustomName(user.services[this.name]);
+			}
+
 			if (this.mergeRoles) {
 				user.roles = mapRolesFromSSO(user.services[this.name], this.rolesClaim);
 			}

app/custom-sounds/client/admin/adminSounds.html

@@ -34,7 +34,7 @@
 						<tbody>
 							{{#each customsounds}}
 							<tr>
-								<td width="95%">
+								<td width="80%">
 									<div class="rc-table-wrapper">
 										<div class="rc-table-info">
 											<span class="rc-table-title">
@@ -43,11 +43,13 @@
 										</div>
 									</div>
 								</td>
-								<td width="5%">
-									<div class="rc-table-wrapper">
-										{{>icon _id=_id icon="play" block="icon-play-circled"}}
-									</div>
-								</td>
+                                                                <td width="20%">
+                                                                        <div class="rc-table-wrapper">
+                                                                                {{>icon _id=_id icon="play" block="icon-play-circled"}}
+                                                                                {{>icon _id=_id icon="pause" block="icon-pause-circled"}}
+                                                                                {{>icon _id=_id icon="ban" block="icon-reset-circled"}}
+                                                                        </div>
+                                                                </td>
 							</tr>
 							{{else}}
 								{{# with searchText}}

app/custom-sounds/client/admin/adminSounds.js

@@ -146,4 +146,20 @@ Template.adminSounds.events({
 			$audio[0].play();
 		}
 	},
+	'click .icon-pause-circled'(e) {
+		e.preventDefault();
+		e.stopPropagation();
+		const audio = document.getElementById(this._id);
+		if (audio && !audio.paused) {
+			audio.pause();
+		}
+	},
+	'click .icon-reset-circled'(e) {
+		e.preventDefault();
+		e.stopPropagation();
+		const audio = document.getElementById(this._id);
+		if (audio) {
+			audio.currentTime = 0;
+		}
+	},
 });

app/emoji-custom/server/methods/insertOrUpdateEmoji.js

@@ -1,6 +1,7 @@
 import { Meteor } from 'meteor/meteor';
 import _ from 'underscore';
 import s from 'underscore.string';
+import limax from 'limax';
 
 import { hasPermission } from '../../../authorization';
 import { Notifications } from '../../../notifications';
@@ -17,6 +18,9 @@ Meteor.methods({
 			throw new Meteor.Error('error-the-field-is-required', 'The field Name is required', { method: 'insertOrUpdateEmoji', field: 'Name' });
 		}
 
+		emojiData.name = limax(emojiData.name, { replacement: '_' });
+		emojiData.aliases = limax(emojiData.aliases, { replacement: '_' });
+
 		// allow all characters except colon, whitespace, comma, >, <, &, ", ', /, \, (, )
 		// more practical than allowing specific sets of characters; also allows foreign languages
 		const nameValidation = /[\s,:><&"'\/\\\(\)]/;

app/emoji-custom/server/methods/uploadEmojiCustom.js

@@ -1,4 +1,5 @@
 import { Meteor } from 'meteor/meteor';
+import limax from 'limax';
 
 import { Notifications } from '../../../notifications';
 import { hasPermission } from '../../../authorization';
@@ -11,6 +12,7 @@ Meteor.methods({
 			throw new Meteor.Error('not_authorized');
 		}
 
+		emojiData.name = limax(emojiData.name, { replacement: '_' });
 		// delete aliases for notification purposes. here, it is a string rather than an array
 		delete emojiData.aliases;
 		const file = new Buffer(binaryContent, 'binary');

app/lib/server/methods/removeOAuthService.js

@@ -35,6 +35,7 @@ Meteor.methods({
 		settings.removeById(`Accounts_OAuth_Custom-${ name }-button_color`);
 		settings.removeById(`Accounts_OAuth_Custom-${ name }-login_style`);
 		settings.removeById(`Accounts_OAuth_Custom-${ name }-username_field`);
+		settings.removeById(`Accounts_OAuth_Custom-${ name }-name_field`);
 		settings.removeById(`Accounts_OAuth_Custom-${ name }-avatar_field`);
 		settings.removeById(`Accounts_OAuth_Custom-${ name }-roles_claim`);
 		settings.removeById(`Accounts_OAuth_Custom-${ name }-merge_roles`);

app/lib/server/startup/oAuthServicesUpdate.js

@@ -47,6 +47,7 @@ function _OAuthServicesUpdate() {
 				data.tokenSentVia = settings.get(`${ service.key }-token_sent_via`);
 				data.identityTokenSentVia = settings.get(`${ service.key }-identity_token_sent_via`);
 				data.usernameField = settings.get(`${ service.key }-username_field`);
+				data.nameField = settings.get(`${ service.key }-name_field`);
 				data.avatarField = settings.get(`${ service.key }-avatar_field`);
 				data.rolesClaim = settings.get(`${ service.key }-roles_claim`);
 				data.mergeUsers = settings.get(`${ service.key }-merge_users`);
@@ -61,6 +62,7 @@ function _OAuthServicesUpdate() {
 					tokenSentVia: data.tokenSentVia,
 					identityTokenSentVia: data.identityTokenSentVia,
 					usernameField: data.usernameField,
+					nameField: data.nameField,
 					avatarField: data.avatarField,
 					rolesClaim: data.rolesClaim,
 					mergeUsers: data.mergeUsers,

app/livechat/server/config.js

@@ -157,7 +157,7 @@ Meteor.startup(function() {
 		i18nLabel: 'Webhook_URL',
 	});
 
-	settings.add('Livechat_secret_token', false, {
+	settings.add('Livechat_secret_token', '', {
 		type: 'string',
 		group: 'Livechat',
 		section: 'CRM_Integration',

app/livechat/server/hooks/sendToCRM.js

@@ -6,9 +6,8 @@ import { Livechat } from '../lib/Livechat';
 const msgNavType = 'livechat_navigation_history';
 
 const crmEnabled = () => {
-	const secretToken = settings.get('Livechat_secret_token');
 	const webhookUrl = settings.get('Livechat_webhookUrl');
-	return secretToken !== '' && secretToken !== undefined && webhookUrl !== '' && webhookUrl !== undefined;
+	return webhookUrl !== '' && webhookUrl !== undefined;
 };
 
 const sendMessageType = (msgType) => {

app/livechat/server/lib/Livechat.js

@@ -583,12 +583,11 @@ export const Livechat = {
 
 	sendRequest(postData, callback, trying = 1) {
 		try {
-			const options = {
-				headers: {
-					'X-RocketChat-Livechat-Token': settings.get('Livechat_secret_token'),
-				},
-				data: postData,
-			};
+			const options = { data: postData };
+			const secretToken = settings.get('Livechat_secret_token');
+			if (secretToken !== '' && secretToken !== undefined) {
+				Object.assign(options, { headers: { 'X-RocketChat-Livechat-Token': secretToken } });
+			}
 			return HTTP.post(settings.get('Livechat_webhookUrl'), options);
 		} catch (e) {
 			Livechat.logger.webhook.error(`Response error on ${ trying } try ->`, e);
@@ -726,8 +725,7 @@ export const Livechat = {
 
 	removeGuest(_id) {
 		check(_id, String);
-
-		const guest = LivechatVisitors.findById(_id);
+		const guest = LivechatVisitors.findOneById(_id);
 		if (!guest) {
 			throw new Meteor.Error('error-invalid-guest', 'Invalid guest', { method: 'livechat:removeGuest' });
 		}
@@ -737,12 +735,13 @@ export const Livechat = {
 	},
 
 	cleanGuestHistory(_id) {
-		const guest = LivechatVisitors.findById(_id);
+		const guest = LivechatVisitors.findOneById(_id);
 		if (!guest) {
 			throw new Meteor.Error('error-invalid-guest', 'Invalid guest', { method: 'livechat:cleanGuestHistory' });
 		}
 
 		const { token } = guest;
+		check(token, String);
 
 		Rooms.findByVisitorToken(token).forEach((room) => {
 			Messages.removeFilesByRoomId(room._id);

app/livechat/server/lib/QueueMethods.js

@@ -65,6 +65,12 @@ export const QueueMethods = {
 			desktopNotifications: 'all',
 			mobilePushNotifications: 'all',
 			emailNotifications: 'all',
+			v: {
+				_id: guest._id,
+				username: guest.username,
+				token: message.token,
+				status: guest.status,
+			},
 		};
 
 		if (guest.department) {

app/livechat/server/methods/takeInquiry.js

@@ -1,7 +1,7 @@
 import { Meteor } from 'meteor/meteor';
 
 import { hasPermission } from '../../../authorization';
-import { Users, Rooms, Subscriptions, Messages } from '../../../models';
+import { Users, Rooms, Subscriptions, Messages, LivechatVisitors } from '../../../models';
 import { LivechatInquiry } from '../../lib/LivechatInquiry';
 import { Livechat } from '../lib/Livechat';
 
@@ -25,6 +25,12 @@ Meteor.methods({
 			ts: new Date(),
 		};
 
+		const { v: { _id: visitorId } = {} } = inquiry;
+		const guest = LivechatVisitors.findOneById(visitorId);
+		if (!guest) {
+			throw new Meteor.Error('error-invalid-guest', 'Invalid guest', { method: 'livechat:takeInquiry' });
+		}
+
 		// add subscription
 		const subscriptionData = {
 			rid: inquiry.rid,
@@ -42,6 +48,12 @@ Meteor.methods({
 			desktopNotifications: 'all',
 			mobilePushNotifications: 'all',
 			emailNotifications: 'all',
+			v: {
+				_id: guest._id,
+				username: guest.username,
+				token: guest.token,
+				status: guest.status || 'online',
+			},
 		};
 
 		Subscriptions.insert(subscriptionData);