Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into mess…

…age-template-2

* 'develop' of github.com:RocketChat/Rocket.Chat: (29 commits)
  Bump vm2 from 3.9.5 to 3.9.7 in /ee/server/services (#24509)
  [IMPROVE] ChatBox Text to File Description (#24451)
  Chore: Update Meteor to 2.5.6 (#24461)
  Chore: Update ws package (#24477)
  Bump underscore.string from 3.3.5 to 3.3.6 in /ee/server/services (#24498)
  Bump follow-redirects from 1.14.7 to 1.14.8 in /ee/server/services (#24491)
  Language update from LingoHub 🤖 (#24493)
  Covert to typescript the unarchive slash commands files (#24331)
  [IMPROVE] Add tooltips on action buttons of Canned Response message composer (#24483)
  Chore: Delete unused file (NewAdminInfoPage.js) (#24196)
  [IMPROVE][ENTERPRISE] Improve how micro services are loaded (#24388)
  [IMPROVE] Add return button in chats opened from the list of current chats (#24458)
  Bump express from 4.17.1 to 4.17.2 in /ee/server/services (#24469)
  Bump cookie from 0.4.1 to 0.4.2 in /ee/server/services (#24472)
  [IMPROVE] Close modal on esc and outside click (#24275)
  Chore(deps-dev): Bump ts-node in /ee/server/services (#24435)
  [IMPROVE] Add user to room on "Click to Join!" button press (#24041)
  [FIX] Implement client errors on ddp-streamer (#24310)
  Bump body-parser from 1.19.0 to 1.19.1 in /ee/server/services (#23963)
  Bump jaeger-client from 3.18.1 to 3.19.0 in /ee/server/services (#23961)
  ...

.docker-mongo/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:14.18.2-bullseye-slim
+FROM node:14.18.3-bullseye-slim
 
 LABEL maintainer="buildmaster@rocket.chat"
 

.docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:14.18.2-bullseye-slim
+FROM node:14.18.3-bullseye-slim
 
 LABEL maintainer="buildmaster@rocket.chat"
 

.github/workflows/build_and_test.yml

@@ -30,10 +30,10 @@ jobs:
         echo "github.event_name: ${{ github.event_name }}"
         cat $GITHUB_EVENT_PATH
 
-    - name: Use Node.js 14.18.2
+    - name: Use Node.js 14.18.3
       uses: actions/setup-node@v2
       with:
-        node-version: "14.18.2"
+        node-version: "14.18.3"
 
     - uses: actions/checkout@v2
 
@@ -186,7 +186,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: ["14.18.2"]
+        node-version: ["14.18.3"]
         mongodb-version: ["3.6", "4.0", "4.2", "4.4","5.0"]
 
     steps:
@@ -324,10 +324,10 @@ jobs:
         path: ~/.meteor
         key: ${{ runner.OS }}-meteor-${{ hashFiles('.meteor/release', '.github/workflows/build_and_test.yml') }}
 
-    - name: Use Node.js 14.18.2
+    - name: Use Node.js 14.18.3
       uses: actions/setup-node@v2
       with:
-        node-version: "14.18.2"
+        node-version: "14.18.3"
 
     - name: Install Meteor
       run: |
@@ -467,7 +467,7 @@ jobs:
         aws s3 cp $ROCKET_DEPLOY_DIR/ s3://download.rocket.chat/build/ --recursive
 
         curl -H "Content-Type: application/json" -H "X-Update-Token: $UPDATE_TOKEN" -d \
-            "{\"nodeVersion\": \"14.18.2\", \"compatibleMongoVersions\": [\"3.6\", \"4.0\", \"4.2\", \"4.4\", \"5.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"$RC_RELEASE\"}" \
+            "{\"nodeVersion\": \"14.18.3\", \"compatibleMongoVersions\": [\"3.6\", \"4.0\", \"4.2\", \"4.4\", \"5.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"$RC_RELEASE\"}" \
             https://releases.rocket.chat/update
 
         # Makes build fail if the release isn't there
@@ -609,10 +609,10 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-    - name: Use Node.js 14.18.2
+    - name: Use Node.js 14.18.3
       uses: actions/setup-node@v2
       with:
-        node-version: "14.18.2"
+        node-version: "14.18.3"
 
     - name: Login to DockerHub
       uses: docker/login-action@v1

.meteor/packages

@@ -67,7 +67,7 @@ littledata:synced-cron
 
 edgee:slingshot
 jalik:ufs-local@1.0.2
-accounts-base@2.2.0
+accounts-base@2.2.1
 accounts-oauth@1.4.0
 autoupdate@1.8.0
 babel-compiler@7.8.0
@@ -76,7 +76,7 @@ htmljs
 less
 matb33:collection-hooks
 meteorhacks:inject-initial
-oauth@2.1.0
+oauth@2.1.1
 oauth2@1.3.1
 routepolicy@1.1.1
 sha@1.0.9

.meteor/release

@@ -1 +1 @@
-METEOR@2.5.3
+METEOR@2.5.6

.meteor/versions

@@ -1,4 +1,4 @@
-accounts-base@2.2.0
+accounts-base@2.2.1
 accounts-facebook@1.3.3
 accounts-github@1.5.0
 accounts-google@1.4.0

.snapcraft/resources/preparenode

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-node_version="v14.18.2"
+node_version="v14.18.3"
 
 unamem="$(uname -m)"
 if [[ $unamem == *aarch64* ]]; then

app/action-links/server/lib/actionLinks.js

@@ -1,6 +1,16 @@
 import { Meteor } from 'meteor/meteor';
 
-import { Messages, Subscriptions } from '../../../models/server';
+import { getMessageForUser } from '../../../../server/lib/messages/getMessageForUser';
+
+function getMessageById(messageId) {
+	try {
+		return Promise.await(getMessageForUser(messageId, Meteor.userId()));
+	} catch (e) {
+		throw new Meteor.Error(e.message, 'Invalid message', {
+			function: 'actionLinks.getMessage',
+		});
+	}
+}
 
 // Action Links namespace creation.
 export const actionLinks = {
@@ -9,30 +19,14 @@ export const actionLinks = {
 		actionLinks.actions[name] = funct;
 	},
 	getMessage(name, messageId) {
-		const userId = Meteor.userId();
-		if (!userId) {
-			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
-				function: 'actionLinks.getMessage',
-			});
-		}
+		const message = getMessageById(messageId);
 
-		const message = Messages.findOne({ _id: messageId });
 		if (!message) {
 			throw new Meteor.Error('error-invalid-message', 'Invalid message', {
 				function: 'actionLinks.getMessage',
 			});
 		}
 
-		const subscription = Subscriptions.findOne({
-			'rid': message.rid,
-			'u._id': userId,
-		});
-		if (!subscription) {
-			throw new Meteor.Error('error-not-allowed', 'Not allowed', {
-				function: 'actionLinks.getMessage',
-			});
-		}
-
 		if (!message.actionLinks || !message.actionLinks[name]) {
 			throw new Meteor.Error('error-invalid-actionlink', 'Invalid action link', {
 				function: 'actionLinks.getMessage',

app/api/server/v1/chat.js

@@ -3,7 +3,7 @@ import { Meteor } from 'meteor/meteor';
 import { Match, check } from 'meteor/check';
 
 import { Messages } from '../../../models';
-import { canAccessRoom, hasPermission } from '../../../authorization/server';
+import { canAccessRoom, canAccessRoomId, roomAccessAttributes, hasPermission } from '../../../authorization/server';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
 import { processWebhookMessage } from '../../../lib/server';
 import { executeSendMessage } from '../../../lib/server/methods/sendMessage';
@@ -496,7 +496,7 @@ API.v1.addRoute(
 				throw new Meteor.Error('error-roomId-param-not-provided', 'The required "roomId" query param is missing.');
 			}
 
-			if (!canAccessRoom({ _id: roomId }, { _id: this.userId })) {
+			if (!canAccessRoomId(roomId, this.userId)) {
 				throw new Meteor.Error('error-not-allowed', 'Not allowed');
 			}
 
@@ -535,17 +535,16 @@ API.v1.addRoute(
 				throw new Meteor.Error('error-not-allowed', 'Threads Disabled');
 			}
 			const user = Users.findOneById(this.userId, { fields: { _id: 1 } });
-			const room = Rooms.findOneById(rid, { fields: { t: 1, _id: 1 } });
+			const room = Rooms.findOneById(rid, { fields: { ...roomAccessAttributes, t: 1, _id: 1 } });
+
 			if (!canAccessRoom(room, user)) {
 				throw new Meteor.Error('error-not-allowed', 'Not Allowed');
 			}
 
 			const typeThread = {
 				_hidden: { $ne: true },
 				...(type === 'following' && { replies: { $in: [this.userId] } }),
-				...(type === 'unread' && {
-					_id: { $in: Subscriptions.findOneByRoomIdAndUserId(room._id, user._id).tunread },
-				}),
+				...(type === 'unread' && { _id: { $in: Subscriptions.findOneByRoomIdAndUserId(room._id, user._id).tunread } }),
 				msg: new RegExp(escapeRegExp(text), 'i'),
 			};
 
@@ -595,18 +594,16 @@ API.v1.addRoute(
 				updatedSinceDate = new Date(updatedSince);
 			}
 			const user = Users.findOneById(this.userId, { fields: { _id: 1 } });
-			const room = Rooms.findOneById(rid, { fields: { t: 1, _id: 1 } });
+			const room = Rooms.findOneById(rid, { fields: { ...roomAccessAttributes, t: 1, _id: 1 } });
+
 			if (!canAccessRoom(room, user)) {
 				throw new Meteor.Error('error-not-allowed', 'Not Allowed');
 			}
 			const threadQuery = Object.assign({}, query, { rid, tcount: { $exists: true } });
 			return API.v1.success({
 				threads: {
 					update: Messages.find({ ...threadQuery, _updatedAt: { $gt: updatedSinceDate } }, { fields, sort }).fetch(),
-					remove: Messages.trashFindDeletedAfter(updatedSinceDate, threadQuery, {
-						fields,
-						sort,
-					}).fetch(),
+					remove: Messages.trashFindDeletedAfter(updatedSinceDate, threadQuery, { fields, sort }).fetch(),
 				},
 			});
 		},
@@ -633,7 +630,7 @@ API.v1.addRoute(
 				throw new Meteor.Error('error-invalid-message', 'Invalid Message');
 			}
 			const user = Users.findOneById(this.userId, { fields: { _id: 1 } });
-			const room = Rooms.findOneById(thread.rid, { fields: { t: 1, _id: 1 } });
+			const room = Rooms.findOneById(thread.rid, { fields: { ...roomAccessAttributes, t: 1, _id: 1 } });
 
 			if (!canAccessRoom(room, user)) {
 				throw new Meteor.Error('error-not-allowed', 'Not Allowed');
@@ -690,7 +687,7 @@ API.v1.addRoute(
 				throw new Meteor.Error('error-invalid-message', 'Invalid Message');
 			}
 			const user = Users.findOneById(this.userId, { fields: { _id: 1 } });
-			const room = Rooms.findOneById(thread.rid, { fields: { t: 1, _id: 1 } });
+			const room = Rooms.findOneById(thread.rid, { fields: { ...roomAccessAttributes, t: 1, _id: 1 } });
 
 			if (!canAccessRoom(room, user)) {
 				throw new Meteor.Error('error-not-allowed', 'Not Allowed');

app/api/server/v1/commands.js

@@ -4,7 +4,7 @@ import objectPath from 'object-path';
 
 import { slashCommands } from '../../../utils/server';
 import { Messages } from '../../../models/server';
-import { canAccessRoom } from '../../../authorization/server';
+import { canAccessRoomId } from '../../../authorization/server';
 import { API } from '../api';
 
 API.v1.addRoute(
@@ -201,7 +201,7 @@ API.v1.addRoute(
 				return API.v1.failure('The command provided does not exist (or is disabled).');
 			}
 
-			if (!canAccessRoom({ _id: body.roomId }, user)) {
+			if (!canAccessRoomId(body.roomId, user._id)) {
 				return API.v1.unauthorized();
 			}
 
@@ -255,7 +255,7 @@ API.v1.addRoute(
 				return API.v1.failure('The command provided does not exist (or is disabled).');
 			}
 
-			if (!canAccessRoom({ _id: query.roomId }, user)) {
+			if (!canAccessRoomId(query.roomId, user._id)) {
 				return API.v1.unauthorized();
 			}
 
@@ -310,7 +310,7 @@ API.v1.addRoute(
 				return API.v1.failure('The command provided does not exist (or is disabled).');
 			}
 
-			if (!canAccessRoom({ _id: body.roomId }, user)) {
+			if (!canAccessRoomId(body.roomId, user._id)) {
 				return API.v1.unauthorized();
 			}
 

app/api/server/v1/groups.js

@@ -5,7 +5,13 @@ import { Match, check } from 'meteor/check';
 import { mountIntegrationQueryBasedOnPermissions } from '../../../integrations/server/lib/mountQueriesBasedOnPermission';
 import { Subscriptions, Rooms, Messages, Users } from '../../../models/server';
 import { Integrations, Uploads } from '../../../models/server/raw';
-import { hasPermission, hasAtLeastOnePermission, canAccessRoom, hasAllPermission } from '../../../authorization/server';
+import {
+	hasPermission,
+	hasAtLeastOnePermission,
+	canAccessRoom,
+	hasAllPermission,
+	roomAccessAttributes,
+} from '../../../authorization/server';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
 import { API } from '../api';
 import { Team } from '../../../../server/sdk';
@@ -19,6 +25,7 @@ export function findPrivateGroupByIdOrName({ params, userId, checkedArchived = t
 
 	const roomOptions = {
 		fields: {
+			...roomAccessAttributes,
 			t: 1,
 			ro: 1,
 			name: 1,

app/api/server/v1/rooms.js

@@ -12,7 +12,7 @@ import {
 	findChannelAndPrivateAutocompleteWithPagination,
 } from '../lib/rooms';
 import { sendFile, sendViaEmail } from '../../../../server/lib/channelExport';
-import { canAccessRoom, hasPermission } from '../../../authorization/server';
+import { canAccessRoom, canAccessRoomId, hasPermission } from '../../../authorization/server';
 import { Media } from '../../../../server/sdk';
 import { settings } from '../../../settings/server/index';
 import { getUploadFormData } from '../lib/getUploadFormData';
@@ -81,7 +81,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		post() {
-			if (!canAccessRoom({ _id: this.urlParams.rid }, { _id: this.userId })) {
+			if (!canAccessRoomId(this.urlParams.rid, this.userId)) {
 				return API.v1.unauthorized();
 			}
 

app/apps/server/converters/rooms.js

@@ -41,6 +41,7 @@ export class AppRoomsConverter {
 				_id: visitor._id,
 				username: visitor.username,
 				token: visitor.token,
+				status: visitor.status,
 			};
 		}
 

app/apps/server/converters/visitors.js

@@ -33,6 +33,7 @@ export class AppVisitorsConverter {
 			phone: 'phone',
 			visitorEmails: 'visitorEmails',
 			livechatData: 'livechatData',
+			status: 'status',
 		};
 
 		return transformMappedData(visitor, map);
@@ -50,6 +51,7 @@ export class AppVisitorsConverter {
 			token: visitor.token,
 			phone: visitor.phone,
 			livechatData: visitor.livechatData,
+			status: visitor.status,
 			...(visitor.visitorEmails && { visitorEmails: visitor.visitorEmails }),
 			...(visitor.department && { department: visitor.department }),
 		};

app/authorization/server/functions/canAccessRoom.ts

@@ -2,5 +2,15 @@ import { Authorization } from '../../../../server/sdk';
 import { IAuthorization } from '../../../../server/sdk/types/IAuthorization';
 
 export const canAccessRoomAsync = Authorization.canAccessRoom;
+export const canAccessRoomIdAsync = Authorization.canAccessRoomId;
+export const roomAccessAttributes = {
+	_id: 1,
+	t: 1,
+	teamId: 1,
+	prid: 1,
+	tokenpass: 1,
+};
 
 export const canAccessRoom = (...args: Parameters<IAuthorization['canAccessRoom']>): boolean => Promise.await(canAccessRoomAsync(...args));
+export const canAccessRoomId = (...args: Parameters<IAuthorization['canAccessRoomId']>): boolean =>
+	Promise.await(canAccessRoomIdAsync(...args));

app/authorization/server/index.js

@@ -1,5 +1,5 @@
 import { addUserRoles } from './functions/addUserRoles';
-import { canAccessRoom, roomAccessValidators } from './functions/canAccessRoom';
+import { canAccessRoom, canAccessRoomId, roomAccessAttributes, roomAccessValidators } from './functions/canAccessRoom';
 import { canSendMessage, validateRoomMessagePermissions } from './functions/canSendMessage';
 import { getRoles } from './functions/getRoles';
 import { getUsersInRole } from './functions/getUsersInRole';
@@ -26,6 +26,8 @@ export {
 	roomAccessValidators,
 	addUserRoles,
 	canAccessRoom,
+	canAccessRoomId,
+	roomAccessAttributes,
 	hasAllPermission,
 	hasAtLeastOnePermission,
 	hasPermission,

app/e2e/server/methods/getUsersOfRoomWithoutKey.js

@@ -1,7 +1,7 @@
 import { Meteor } from 'meteor/meteor';
 import { check } from 'meteor/check';
 
-import { canAccessRoom } from '../../../authorization/server';
+import { canAccessRoomId } from '../../../authorization/server';
 import { Subscriptions, Users } from '../../../models/server';
 
 Meteor.methods({
@@ -21,10 +21,8 @@ Meteor.methods({
 			});
 		}
 
-		if (!canAccessRoom({ _id: rid }, { _id: userId })) {
-			throw new Meteor.Error('error-invalid-room', 'Invalid room', {
-				method: 'e2e.getUsersOfRoomWithoutKey',
-			});
+		if (!canAccessRoomId(rid, userId)) {
+			throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'e2e.getUsersOfRoomWithoutKey' });
 		}
 
 		const subscriptions = Subscriptions.findByRidWithoutE2EKey(rid, {