Merge branch 'develop' into release-8.0.0

Author: ggazzo

.changeset/rotten-pugs-trade.md

@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": patch
+"@rocket.chat/tools": patch
+---
+
+Adds improvements to the push notifications logic; the logic now truncates messages and titles larger than 240, and 65 characters respectively.

.github/actions/setup-node/action.yml

@@ -69,6 +69,14 @@ runs:
       with:
         deno-version: ${{ inputs.deno-version }}
 
+    - name: Configure mongodb-memory-server cache
+      shell: bash
+      run: |
+        CACHE_DIR="${GITHUB_WORKSPACE}/node_modules/.cache/mongodb-memory-server"
+        mkdir -p "$CACHE_DIR"
+        echo "MONGOMS_DOWNLOAD_DIR=$CACHE_DIR" >> $GITHUB_ENV
+        echo "MONGOMS_PREFER_GLOBAL_PATH=false" >> $GITHUB_ENV
+
     - name: yarn login
       shell: bash
       if: inputs.NPM_TOKEN

apps/meteor/app/push/server/push.ts

@@ -1,7 +1,7 @@
 import type { IAppsTokens, RequiredField, Optional, IPushNotificationConfig } from '@rocket.chat/core-typings';
 import { AppsTokens } from '@rocket.chat/models';
 import { serverFetch as fetch } from '@rocket.chat/server-fetch';
-import { pick } from '@rocket.chat/tools';
+import { pick, truncateString } from '@rocket.chat/tools';
 import Ajv from 'ajv';
 import { JWT } from 'google-auth-library';
 import { Match, check } from 'meteor/check';
@@ -15,6 +15,9 @@ import { settings } from '../../settings/server';
 
 export const _matchToken = Match.OneOf({ apn: String }, { gcm: String });
 
+const PUSH_TITLE_LIMIT = 65;
+const PUSH_MESSAGE_BODY_LIMIT = 240;
+
 const ajv = new Ajv({
 	coerceTypes: true,
 });
@@ -459,8 +462,10 @@ class PushClass {
 			createdBy: '<SERVER>',
 			sent: false,
 			sending: 0,
+			title: truncateString(options.title, PUSH_TITLE_LIMIT),
+			text: truncateString(options.text, PUSH_MESSAGE_BODY_LIMIT),
 
-			...pick(options, 'from', 'title', 'text', 'userId', 'payload', 'badge', 'sound', 'notId', 'priority'),
+			...pick(options, 'from', 'userId', 'payload', 'badge', 'sound', 'notId', 'priority'),
 
 			...(this.hasApnOptions(options)
 				? {

apps/meteor/ee/server/lib/audit/methods.ts

@@ -163,6 +163,12 @@ Meteor.methods<ServerMethods>({
 		if (type === 'u') {
 			const usersId = await getUsersIdFromUserName(usernames);
 			query['u._id'] = { $in: usersId };
+
+			const abacRooms = await Rooms.findAllPrivateRoomsWithAbacAttributes({ projection: { _id: 1 } })
+				.map((doc) => doc._id)
+				.toArray();
+
+			query.rid = { $nin: abacRooms };
 		} else {
 			const roomInfo = await getRoomInfoByAuditParams({ type, roomId: rid, users: usernames, visitor, agent, userId: user._id });
 			if (!roomInfo) {

apps/meteor/tests/end-to-end/api/abac.ts

@@ -416,6 +416,167 @@ const addAbacAttributesToUserDirectly = async (userId: string, abacAttributes: I
 				});
 		});
 
+		describe('Audit messages by user and ABAC-managed rooms', () => {
+			let auditUser: IUser;
+			let auditUserCreds: Credentials;
+			let auditRoom: IRoom;
+			const auditAttrKey = `audit_attr_${Date.now()}`;
+			let startDate: Date;
+			let endDate: Date;
+
+			before(async () => {
+				startDate = new Date();
+				endDate = new Date(startDate.getTime() + 1000 * 60);
+
+				auditUser = await createUser();
+				auditUserCreds = await login(auditUser.username, password);
+
+				await request
+					.post(`${v1}/abac/attributes`)
+					.set(credentials)
+					.send({ key: auditAttrKey, values: ['v1'] })
+					.expect(200);
+
+				await addAbacAttributesToUserDirectly(auditUser._id, [{ key: auditAttrKey, values: ['v1'] }]);
+				await addAbacAttributesToUserDirectly(credentials['X-User-Id'], [{ key: auditAttrKey, values: ['v1'] }]);
+
+				const roomRes = await createRoom({ type: 'p', name: `abac-audit-user-room-${Date.now()}`, members: [auditUser.username!] });
+				auditRoom = roomRes.body.group as IRoom;
+
+				await request
+					.post(`${v1}/abac/rooms/${auditRoom._id}/attributes/${auditAttrKey}`)
+					.set(credentials)
+					.send({ values: ['v1'] })
+					.expect(200);
+			});
+
+			after(async () => {
+				await deleteRoom({ type: 'p', roomId: auditRoom._id });
+				await deleteUser(auditUser);
+			});
+
+			it("should return no messages when auditing a user that's part of an ABAC-managed room", async () => {
+				await request
+					.post(`${v1}/chat.sendMessage`)
+					.set(auditUserCreds)
+					.send({ message: { rid: auditRoom._id, msg: 'audit message in abac room' } })
+					.expect(200);
+
+				await request
+					.post(methodCall('auditGetMessages'))
+					.set(credentials)
+					.send({
+						message: JSON.stringify({
+							method: 'auditGetMessages',
+							params: [
+								{
+									type: 'u',
+									msg: 'audit message in abac room',
+									startDate: { $date: startDate },
+									endDate: { $date: endDate },
+									rid: '',
+									users: [auditUser.username],
+									visitor: '',
+									agent: '',
+								},
+							],
+							id: 'abac-audit-1',
+							msg: 'method',
+						}),
+					})
+					.expect(200)
+					.expect((res) => {
+						const parsed = JSON.parse(res.body.message);
+						expect(parsed).to.have.property('result');
+						expect(parsed.result).to.be.an('array').that.is.empty;
+					});
+			});
+
+			it('should return no messages when auditing a user that WAS part of an ABAC-managed room', async () => {
+				await request
+					.post(`${v1}/chat.sendMessage`)
+					.set(auditUserCreds)
+					.send({ message: { rid: auditRoom._id, msg: 'audit message before removal' } })
+					.expect(200);
+
+				await request.post(`${v1}/groups.kick`).set(credentials).send({ roomId: auditRoom._id, username: auditUser.username }).expect(200);
+
+				await request
+					.post(methodCall('auditGetMessages'))
+					.set(credentials)
+					.send({
+						message: JSON.stringify({
+							method: 'auditGetMessages',
+							params: [
+								{
+									type: 'u',
+									msg: 'audit message before removal',
+									startDate: { $date: startDate },
+									endDate: { $date: endDate },
+									rid: '',
+									users: [auditUser.username],
+									visitor: '',
+									agent: '',
+								},
+							],
+							id: 'abac-audit-2',
+							msg: 'method',
+						}),
+					})
+					.expect(200)
+					.expect((res) => {
+						const parsed = JSON.parse(res.body.message);
+						expect(parsed).to.have.property('result');
+						expect(parsed.result).to.be.an('array').that.is.empty;
+					});
+			});
+
+			it("should return messages when auditing a user that is part of a room that's no longer ABAC-managed", async () => {
+				await request
+					.post(`${v1}/groups.invite`)
+					.set(credentials)
+					.send({ roomId: auditRoom._id, usernames: [auditUser.username] })
+					.expect(200);
+
+				await request.delete(`${v1}/abac/rooms/${auditRoom._id}/attributes/${auditAttrKey}`).set(credentials).expect(200);
+
+				await request
+					.post(`${v1}/chat.sendMessage`)
+					.set(auditUserCreds)
+					.send({ message: { rid: auditRoom._id, msg: 'audit message after room no longer abac' } })
+					.expect(200);
+
+				await request
+					.post(methodCall('auditGetMessages'))
+					.set(credentials)
+					.send({
+						message: JSON.stringify({
+							method: 'auditGetMessages',
+							params: [
+								{
+									type: 'u',
+									msg: 'audit message after room no longer abac',
+									startDate: { $date: startDate },
+									endDate: { $date: endDate },
+									rid: '',
+									users: [auditUser.username],
+									visitor: '',
+									agent: '',
+								},
+							],
+							id: 'abac-audit-3',
+							msg: 'method',
+						}),
+					})
+					.expect(200)
+					.expect((res) => {
+						const parsed = JSON.parse(res.body.message);
+						expect(parsed).to.have.property('result');
+						expect(parsed.result).to.be.an('array').with.lengthOf.greaterThan(0);
+					});
+			});
+		});
+
 		it('PUT room attribute should replace values and keep inUse=true', async () => {
 			await request
 				.put(`${v1}/abac/rooms/${testRoom._id}/attributes/${updatedKey}`)

apps/meteor/tests/end-to-end/api/audit.ts

@@ -136,7 +136,7 @@ import { IS_EE } from '../../e2e/config/constants';
 
 					expect(message.result).to.be.an('array').with.lengthOf.greaterThan(1);
 					const entry = message.result.find((audition: any) => {
-						return audition.fields.rids.includes(testChannel._id);
+						return audition.fields?.rids?.includes(testChannel._id);
 					});
 					expect(entry).to.have.property('u').that.is.an('object').deep.equal({
 						_id: 'rocketchat.internal.admin.test',

apps/meteor/tests/unit/app/push/push.spec.ts

@@ -0,0 +1,112 @@
+import type { IPushNotificationConfig } from '@rocket.chat/core-typings/src/IPushNotificationConfig';
+import { pick, truncateString } from '@rocket.chat/tools';
+import { expect } from 'chai';
+import proxyquire from 'proxyquire';
+import sinon from 'sinon';
+
+const loggerStub = { debug: sinon.stub(), warn: sinon.stub(), error: sinon.stub(), info: sinon.stub(), log: sinon.stub() };
+const settingsStub = { get: sinon.stub().returns('') };
+
+const { Push } = proxyquire.noCallThru().load('../../../../app/push/server/push', {
+	'./logger': { logger: loggerStub },
+	'../../settings/server': { settings: settingsStub },
+	'@rocket.chat/tools': { pick, truncateString },
+	'meteor/check': {
+		check: sinon.stub(),
+		Match: {
+			Optional: () => sinon.stub(),
+			Integer: Number,
+			OneOf: () => sinon.stub(),
+			test: sinon.stub().returns(true),
+		},
+	},
+	'meteor/meteor': {
+		Meteor: {
+			absoluteUrl: sinon.stub().returns('http://localhost'),
+		},
+	},
+});
+
+describe('Push Notifications [PushClass]', () => {
+	afterEach(() => {
+		sinon.restore();
+	});
+
+	describe('send()', () => {
+		let sendNotificationStub: sinon.SinonStub;
+		beforeEach(() => {
+			sendNotificationStub = sinon.stub(Push, 'sendNotification').resolves({ apn: [], gcm: [] });
+		});
+
+		it('should call sendNotification with required fields', async () => {
+			const options: IPushNotificationConfig = {
+				from: 'test',
+				title: 'title',
+				text: 'body',
+				userId: 'user1',
+				apn: { category: 'MESSAGE' },
+				gcm: { style: 'inbox', image: 'url' },
+			};
+
+			await Push.send(options);
+
+			expect(sendNotificationStub.calledOnce).to.be.true;
+
+			const notification = sendNotificationStub.firstCall.args[0];
+			expect(notification.from).to.equal('test');
+			expect(notification.title).to.equal('title');
+			expect(notification.text).to.equal('body');
+			expect(notification.userId).to.equal('user1');
+		});
+
+		it('should truncate text if longer than 240 chars', async () => {
+			const longText = 'a'.repeat(300);
+			const options: IPushNotificationConfig = {
+				from: 'test',
+				title: 'title',
+				text: longText,
+				userId: 'user1',
+				apn: { category: 'MESSAGE' },
+				gcm: { style: 'inbox', image: 'url' },
+			};
+
+			await Push.send(options);
+
+			const notification = sendNotificationStub.firstCall.args[0];
+
+			expect(notification.text.length).to.equal(240);
+		});
+
+		it('should truncate title if longer than 65 chars', async () => {
+			const longTitle = 'a'.repeat(100);
+			const options: IPushNotificationConfig = {
+				from: 'test',
+				title: longTitle,
+				text: 'bpdu',
+				userId: 'user1',
+				apn: { category: 'MESSAGE' },
+				gcm: { style: 'inbox', image: 'url' },
+			};
+
+			await Push.send(options);
+
+			const notification = sendNotificationStub.firstCall.args[0];
+
+			expect(notification.title.length).to.equal(65);
+		});
+
+		it('should throw if userId is missing', async () => {
+			const options = {
+				from: 'test',
+				title: 'title',
+				text: 'body',
+				apn: { category: 'MESSAGE' },
+				gcm: { style: 'inbox', image: 'url' },
+			};
+
+			await expect(Push.send(options)).to.be.rejectedWith('No userId found');
+
+			expect(sendNotificationStub.called).to.be.false;
+		});
+	});
+});

ee/packages/abac/package.json

@@ -17,6 +17,12 @@
 		"testunit": "jest",
 		"typecheck": "tsc --noEmit --skipLibCheck"
 	},
+	"config": {
+		"mongodbMemoryServer": {
+			"downloadDir": "../../../node_modules/.cache/mongodb-memory-server",
+			"preferGlobalPath": false
+		}
+	},
 	"volta": {
 		"extends": "../../../package.json"
 	},

packages/model-typings/src/models/IRoomsModel.ts

@@ -232,6 +232,7 @@ export interface IRoomsModel extends IBaseModel<IRoom> {
 	findByType(type: IRoom['t'], options?: FindOptions<IRoom>): FindCursor<IRoom>;
 	findByTypeInIds(type: IRoom['t'], ids: string[], options?: FindOptions<IRoom>): FindCursor<IRoom>;
 	findPrivateRoomsByIdsWithAbacAttributes(ids: string[], options?: FindOptions<IRoom>): FindCursor<IRoom>;
+	findAllPrivateRoomsWithAbacAttributes(options?: FindOptions<IRoom>): FindCursor<IRoom>;
 	findBySubscriptionUserId(userId: string, options?: FindOptions<IRoom>): Promise<FindCursor<IRoom>>;
 	findBySubscriptionUserIdUpdatedAfter(userId: string, updatedAfter: Date, options?: FindOptions<IRoom>): Promise<FindCursor<IRoom>>;
 	findByNameAndTypeNotDefault(

packages/models/src/models/Rooms.ts

@@ -1278,6 +1278,15 @@ export class RoomsRaw extends BaseRaw<IRoom> implements IRoomsModel {
 		return this.find(query, options);
 	}
 
+	findAllPrivateRoomsWithAbacAttributes(options: FindOptions<IRoom> = {}): FindCursor<IRoom> {
+		const query: Filter<IRoom> = {
+			t: 'p',
+			abacAttributes: { $exists: true, $ne: [] },
+		};
+
+		return this.find(query, options);
+	}
+
 	async findBySubscriptionUserId(userId: IUser['_id'], options: FindOptions<IRoom> = {}): Promise<FindCursor<IRoom>> {
 		const data = (await Subscriptions.findByUserId(userId, { projection: { rid: 1 } }).toArray()).map((item) => item.rid);