fix: accept internal invites

ggazzo · ggazzo · commit e455f150caa3 · 2025-10-01T18:49:58.000-03:00
diff --git a/ee/packages/federation-matrix/src/FederationMatrix.ts b/ee/packages/federation-matrix/src/FederationMatrix.ts
@@ -26,7 +26,7 @@ import { Users, Subscriptions, Messages, Rooms } from '@rocket.chat/models';
 import emojione from 'emojione';
 
 import { getWellKnownRoutes } from './api/.well-known/server';
-import { getMatrixInviteRoutes } from './api/_matrix/invite';
+import { acceptInvite, getMatrixInviteRoutes } from './api/_matrix/invite';
 import { getKeyServerRoutes } from './api/_matrix/key/server';
 import { getMatrixMediaRoutes } from './api/_matrix/media';
 import { getMatrixProfilesRoutes } from './api/_matrix/profiles';
@@ -88,6 +88,24 @@ export const extractDomainFromMatrixUserId = (mxid: string): string => {
 	return mxid.substring(separatorIndex + 1);
 };
 
+/**
+ * Extract the username and the servername from a matrix user id
+ * if the serverName is the same as the serverName in the mxid, return only the username (rocket.chat regular username)
+ * otherwise, return the full mxid and the servername
+ */
+export const getUsernameServername = (mxid: string, serverName: string): [mxid: string, serverName: string, isLocal: boolean] => {
+	const senderServerName = extractDomainFromMatrixUserId(mxid);
+	// if the serverName is the same as the serverName in the mxid, return only the username (rocket.chat regular username)
+	if (serverName === senderServerName) {
+		const separatorIndex = mxid.indexOf(':', 1);
+		if (separatorIndex === -1) {
+			throw new Error(`Invalid federated username: ${mxid}`);
+		}
+		return [mxid.substring(1, separatorIndex), senderServerName, true]; // removers also the @
+	}
+
+	return [mxid, senderServerName, false];
+};
 /**
  * Helper function to create a federated user
  *
@@ -99,7 +117,7 @@ export async function createOrUpdateFederatedUser(options: {
 	name?: string;
 	origin: string;
 }): Promise<string> {
-	const { username, name = username } = options;
+	const { username, name = username, origin } = options;
 
 	const result = await Users.updateOne(
 		{
@@ -108,7 +126,7 @@ export async function createOrUpdateFederatedUser(options: {
 		{
 			$set: {
 				username,
-				name,
+				name: name || username,
 				type: 'user' as const,
 				status: UserStatus.OFFLINE,
 				active: true,
@@ -294,7 +312,12 @@ export class FederationMatrix extends ServiceClass implements IFederationMatrixS
 
 	async created(): Promise<void> {
 		try {
-			registerEvents(this.eventHandler, this.serverName, { typing: this.processEDUTyping, presence: this.processEDUPresence });
+			registerEvents(
+				this.eventHandler,
+				this.serverName,
+				{ typing: this.processEDUTyping, presence: this.processEDUPresence },
+				this.homeserverServices,
+			);
 		} catch (error) {
 			this.logger.warn('Homeserver module not available, running in limited mode');
 		}
@@ -669,24 +692,23 @@ export class FederationMatrix extends ServiceClass implements IFederationMatrixS
 		}
 	}
 
-	async inviteUsersToRoom(room: IRoomNativeFederated, usersUserName: string[], inviter: IUser): Promise<void> {
+	async inviteUsersToRoom(room: IRoomNativeFederated, matrixUsersUsername: string[], inviter: IUser): Promise<void> {
 		try {
 			const inviterUserId = `@${inviter.username}:${this.serverName}`;
 
 			await Promise.all(
-				usersUserName
-					.filter((username) => {
-						const isExternalUser = username.includes(':');
-						return isExternalUser;
-					})
-					.map(async (username) => {
-						const alreadyMember = await Subscriptions.findOneByRoomIdAndUsername(room._id, username, { projection: { _id: 1 } });
-						if (alreadyMember) {
-							return;
-						}
+				matrixUsersUsername.map(async (username) => {
+					if (validateFederatedUsername(username)) {
+						return this.homeserverServices.invite.inviteUserToRoom(username, room.federation.mrid, inviterUserId);
+					}
+					const result = await this.homeserverServices.invite.inviteUserToRoom(
+						`@${username}:${this.serverName}`,
+						room.federation.mrid,
+						inviterUserId,
+					);
 
-						await this.homeserverServices.invite.inviteUserToRoom(username, room.federation.mrid, inviterUserId);
-					}),
+					return acceptInvite(result.event, username, this.homeserverServices);
+				}),
 			);
 		} catch (error) {
 			this.logger.error({ msg: 'Failed to invite an user to Matrix:', err: error });
diff --git a/ee/packages/federation-matrix/src/api/_matrix/invite.ts b/ee/packages/federation-matrix/src/api/_matrix/invite.ts
@@ -1,5 +1,5 @@
 import { Room } from '@rocket.chat/core-services';
-import type { IUser } from '@rocket.chat/core-typings';
+import { isUserNativeFederated, type IUser } from '@rocket.chat/core-typings';
 import type {
 	HomeserverServices,
 	RoomService,
@@ -12,7 +12,7 @@ import { Router } from '@rocket.chat/http-router';
 import { Users, Rooms } from '@rocket.chat/models';
 import { ajv } from '@rocket.chat/rest-typings/dist/v1/Ajv';
 
-import { createOrUpdateFederatedUser } from '../../FederationMatrix';
+import { createOrUpdateFederatedUser, getUsernameServername } from '../../FederationMatrix';
 
 const EventBaseSchema = {
 	type: 'object',
@@ -279,15 +279,52 @@ export async function joinRoom({
 	}
 
 	await Room.addUserToRoom(internalRoomId, { _id: user._id }, { _id: senderUserId, username: inviteEvent.sender });
-
-	// TODO is this needed?
-	// if (isDM) {
-	// 	await MatrixBridgedRoom.createOrUpdateByLocalRoomId(internalRoomId, inviteEvent.roomId, matrixRoom.origin);
-	// }
 }
 
 export const startJoiningRoom = runWithBackoff(joinRoom);
 
+// This is a special case where inside rocket chat we invite users inside rockechat, so if the sender or the invitee are external iw should throw an error
+export const acceptInvite = async (
+	inviteEvent: PersistentEventBase<RoomVersion, 'm.room.member'>,
+	username: string,
+	services: HomeserverServices,
+) => {
+	if (!inviteEvent.stateKey) {
+		throw new Error('join event has missing state key, unable to determine user to join');
+	}
+
+	const internalMappedRoom = await Rooms.findOne({ 'federation.mrid': inviteEvent.roomId });
+	if (!internalMappedRoom) {
+		throw new Error('room not found not processing invite');
+	}
+
+	const inviter = await Users.findOneByUsername<Pick<IUser, '_id' | 'username'>>(
+		getUsernameServername(inviteEvent.sender, services.config.serverName)[0],
+		{
+			projection: { _id: 1, username: 1 },
+		},
+	);
+
+	if (!inviter) {
+		throw new Error('Sender user ID not found');
+	}
+	if (isUserNativeFederated(inviter)) {
+		throw new Error('Sender user is native federated');
+	}
+
+	const user = await Users.findOneByUsername<Pick<IUser, '_id' | 'username'>>(username, { projection: { _id: 1 } });
+
+	// we cannot accept invites from users that are external
+	if (!user) {
+		throw new Error('User not found');
+	}
+	if (isUserNativeFederated(user)) {
+		throw new Error('User is native federated');
+	}
+
+	await services.room.joinUser(inviteEvent.roomId, inviteEvent.stateKey);
+};
+
 export const getMatrixInviteRoutes = (services: HomeserverServices) => {
 	const { invite, state, room } = services;
 
diff --git a/ee/packages/federation-matrix/src/events/index.ts b/ee/packages/federation-matrix/src/events/index.ts
@@ -1,5 +1,5 @@
 import type { Emitter } from '@rocket.chat/emitter';
-import type { HomeserverEventSignatures } from '@rocket.chat/federation-sdk';
+import type { HomeserverEventSignatures, HomeserverServices } from '@rocket.chat/federation-sdk';
 
 import { edus } from './edu';
 import { member } from './member';
@@ -12,11 +12,12 @@ export function registerEvents(
 	emitter: Emitter<HomeserverEventSignatures>,
 	serverName: string,
 	eduProcessTypes: { typing: boolean; presence: boolean },
+	services: HomeserverServices,
 ) {
 	ping(emitter);
 	message(emitter, serverName);
 	reaction(emitter);
-	member(emitter);
+	member(emitter, services);
 	edus(emitter, eduProcessTypes);
 	room(emitter);
 }
diff --git a/ee/packages/federation-matrix/src/events/member.ts b/ee/packages/federation-matrix/src/events/member.ts
@@ -1,9 +1,10 @@
 import { Room } from '@rocket.chat/core-services';
-import { UserStatus } from '@rocket.chat/core-typings';
 import type { Emitter } from '@rocket.chat/emitter';
-import type { HomeserverEventSignatures } from '@rocket.chat/federation-sdk';
+import type { HomeserverEventSignatures, HomeserverServices } from '@rocket.chat/federation-sdk';
 import { Logger } from '@rocket.chat/logger';
-import { Rooms, Users } from '@rocket.chat/models';
+import { Rooms, Subscriptions, Users } from '@rocket.chat/models';
+
+import { createOrUpdateFederatedUser, getUsernameServername } from '../FederationMatrix';
 
 const logger = new Logger('federation-matrix:member');
 
@@ -39,60 +40,55 @@ async function membershipLeaveAction(data: HomeserverEventSignatures['homeserver
 	}
 }
 
-async function membershipJoinAction(data: HomeserverEventSignatures['homeserver.matrix.membership']) {
+async function membershipJoinAction(data: HomeserverEventSignatures['homeserver.matrix.membership'], services: HomeserverServices) {
 	const room = await Rooms.findOne({ 'federation.mrid': data.room_id });
 	if (!room) {
 		logger.warn(`No bridged room found for room_id: ${data.room_id}`);
 		return;
 	}
 
-	const internalUsername = data.sender;
-	const localUser = await Users.findOneByUsername(internalUsername);
+	const [username, serverName, isLocal] = getUsernameServername(data.sender, services.config.serverName);
+
+	// for local users we must to remove the @ and the server domain
+	const localUser = isLocal && (await Users.findOneByUsername(username));
+
 	if (localUser) {
+		const subscription = await Subscriptions.findOneByRoomIdAndUserId(room._id, localUser._id);
+		if (subscription) {
+			return;
+		}
 		await Room.addUserToRoom(room._id, localUser);
 		return;
 	}
 
-	const [, serverName] = data.sender.split(':');
 	if (!serverName) {
 		throw new Error('Invalid sender format, missing server name');
 	}
 
-	const { insertedId } = await Users.insertOne({
-		username: internalUsername,
-		type: 'user',
-		status: UserStatus.OFFLINE,
-		active: true,
-		roles: ['user'],
-		name: data.content.displayname || internalUsername,
-		requirePasswordChange: false,
-		createdAt: new Date(),
-		_updatedAt: new Date(),
-		federated: true,
-		federation: {
-			version: 1,
-			mui: data.sender,
-			origin: serverName,
-		},
+	const insertedId = await createOrUpdateFederatedUser({
+		username: data.state_key as `@${string}:${string}`,
+		origin: serverName,
+		name: data.content.displayname || (data.state_key as `@${string}:${string}`),
 	});
 
 	const user = await Users.findOneById(insertedId);
+
 	if (!user) {
 		console.warn(`User with ID ${insertedId} not found after insertion`);
 		return;
 	}
 	await Room.addUserToRoom(room._id, user);
 }
 
-export function member(emitter: Emitter<HomeserverEventSignatures>) {
+export function member(emitter: Emitter<HomeserverEventSignatures>, services: HomeserverServices) {
 	emitter.on('homeserver.matrix.membership', async (data) => {
 		try {
 			if (data.content.membership === 'leave') {
 				return membershipLeaveAction(data);
 			}
 
 			if (data.content.membership === 'join') {
-				return membershipJoinAction(data);
+				return membershipJoinAction(data, services);
 			}
 
 			logger.debug(`Ignoring membership event with membership: ${data.content.membership}`);
