From a21beaa3cdc9d0878951df96b7f9d9ba6831c007 Mon Sep 17 00:00:00 2001 From: Kevin Aleman Date: Thu, 10 Oct 2024 08:12:39 -0600 Subject: [PATCH 1/3] refactor e2e rooms so that only creator can set the keys first time --- apps/meteor/app/e2e/client/rocketchat.e2e.room.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/meteor/app/e2e/client/rocketchat.e2e.room.js b/apps/meteor/app/e2e/client/rocketchat.e2e.room.js index 1b2357067028..b360e635243d 100644 --- a/apps/meteor/app/e2e/client/rocketchat.e2e.room.js +++ b/apps/meteor/app/e2e/client/rocketchat.e2e.room.js @@ -245,8 +245,8 @@ export class E2ERoom extends Emitter { try { const room = ChatRoom.findOne({ _id: this.roomId }); - if (!room.e2eKeyId) { - // TODO CHECK_PERMISSION + // Only room creator can set keys for room + if (!room.e2eKeyId && room.u._id === this.userId) { this.setState(E2ERoomState.CREATING_KEYS); await this.createGroupKey(); this.setState(E2ERoomState.READY); From 9260ef7a09e08f0e307221a96649484c0458233e Mon Sep 17 00:00:00 2001 From: Kevin Aleman Date: Fri, 11 Oct 2024 07:44:32 -0600 Subject: [PATCH 2/3] Create soft-planets-cross.md --- .changeset/soft-planets-cross.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/soft-planets-cross.md diff --git a/.changeset/soft-planets-cross.md b/.changeset/soft-planets-cross.md new file mode 100644 index 000000000000..5a170ea222c2 --- /dev/null +++ b/.changeset/soft-planets-cross.md @@ -0,0 +1,5 @@ +--- +"@rocket.chat/meteor": patch +--- + +Fixes a behavior of E2EE room creation that allowed any user on the room to define room keys before the room creator, causing race conditions. From b6199234347968ffde2c260f1fd0a0894fa8ecf4 Mon Sep 17 00:00:00 2001 From: Kevin Aleman Date: Fri, 11 Oct 2024 15:06:22 -0600 Subject: [PATCH 3/3] Update soft-planets-cross.md --- .changeset/soft-planets-cross.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/soft-planets-cross.md b/.changeset/soft-planets-cross.md index 5a170ea222c2..fc9b0bdfdacf 100644 --- a/.changeset/soft-planets-cross.md +++ b/.changeset/soft-planets-cross.md @@ -1,5 +1,5 @@ --- -"@rocket.chat/meteor": patch +"@rocket.chat/meteor": major --- Fixes a behavior of E2EE room creation that allowed any user on the room to define room keys before the room creator, causing race conditions.