Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix!: Only room creator can set the E2EE room key for the first time #33520

Merged
merged 3 commits into from
Oct 11, 2024
Merged

fix!: Only room creator can set the E2EE room key for the first time #33520

merged 3 commits into from
Oct 11, 2024

Conversation

KevLehman
Copy link
Contributor

Proposed changes (including videos or screenshots)

  • Checks that room.u._id is the same as the user requesting. Currently anyone invited to the room can set the roomKeyID (and the E2EE key) before the owner gets the key, which can cause race conditions and leave the room in a bad state.

Issue(s)

https://rocketchat.atlassian.net/browse/E2EE2-79

Steps to test or reproduce

Further comments

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 10, 2024
edited
Loading

🦋 Changeset detected

Latest commit: b619923

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 35 packages
Name Type
@rocket.chat/meteor Major
@rocket.chat/core-typings Major
@rocket.chat/rest-typings Major
@rocket.chat/uikit-playground Patch
@rocket.chat/api-client Patch
@rocket.chat/apps Patch
@rocket.chat/core-services Patch
@rocket.chat/cron Patch
@rocket.chat/ddp-client Patch
@rocket.chat/freeswitch Patch
@rocket.chat/fuselage-ui-kit Major
@rocket.chat/gazzodown Major
@rocket.chat/livechat Patch
@rocket.chat/model-typings Patch
@rocket.chat/ui-contexts Major
@rocket.chat/account-service Patch
@rocket.chat/authorization-service Patch
@rocket.chat/ddp-streamer Patch
@rocket.chat/omnichannel-transcript Patch
@rocket.chat/presence-service Patch
@rocket.chat/queue-worker Patch
@rocket.chat/stream-hub-service Patch
@rocket.chat/license Patch
@rocket.chat/omnichannel-services Patch
@rocket.chat/pdf-worker Patch
@rocket.chat/presence Patch
rocketchat-services Patch
@rocket.chat/network-broker Patch
@rocket.chat/models Patch
@rocket.chat/ui-avatar Major
@rocket.chat/ui-client Major
@rocket.chat/ui-video-conf Major
@rocket.chat/ui-voip Major
@rocket.chat/web-ui-registration Major
@rocket.chat/instance-status Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@dionisio-bot dionisio-bot
Copy link
Contributor

dionisio-bot bot commented Oct 10, 2024
edited
Loading

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 10, 2024
edited
Loading

PR Preview Action v1.4.8
🚀 Deployed preview to https://RocketChat.github.io/Rocket.Chat/pr-preview/pr-33520/
on branch gh-pages at 2024-10-11 21:30 UTC

@codecov Codecov
Copy link

codecov bot commented Oct 10, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (release-7.0.0@7ce9407). Learn more about missing BASE report.

Additional details and impacted files

Impacted file tree graph

@@               Coverage Diff                @@
##             release-7.0.0   #33520   +/-   ##
================================================
  Coverage                 ?   75.70%           
================================================
  Files                    ?      432           
  Lines                    ?    19919           
  Branches                 ?     5084           
================================================
  Hits                     ?    15079           
  Misses                   ?     4269           
  Partials                 ?      571
Flag Coverage Δ
unit 75.70% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

@KevLehman KevLehman marked this pull request as ready for review October 10, 2024 15:29
@KevLehman KevLehman changed the title refactor!: Only room creator can set the E2EE room key for the first time fix: Only room creator can set the E2EE room key for the first time Oct 11, 2024
@MarcosSpessatto MarcosSpessatto changed the title fix: Only room creator can set the E2EE room key for the first time fix!: Only room creator can set the E2EE room key for the first time Oct 11, 2024
@KevLehman KevLehman added the stat: QA assured Means it has been tested and approved by a company insider label Oct 11, 2024
@KevLehman KevLehman added this to the 7.0 milestone Oct 11, 2024
@dionisio-bot dionisio-bot bot added the stat: ready to merge PR tested and approved waiting for merge label Oct 11, 2024
@ggazzo ggazzo requested review from a team as code owners October 11, 2024 15:56
@KevLehman KevLehman force-pushed the refactor/e2e-room-owner-only-one-to-set-key-on-room-start branch from e6e7faf to 9196ec4 Compare October 11, 2024 16:20
@KevLehman KevLehman force-pushed the refactor/e2e-room-owner-only-one-to-set-key-on-room-start branch from 9196ec4 to af9f94a Compare October 11, 2024 17:06
@KevLehman KevLehman force-pushed the refactor/e2e-room-owner-only-one-to-set-key-on-room-start branch 2 times, most recently from fa2b5a3 to ba4ed73 Compare October 11, 2024 20:17
MarcosSpessatto
MarcosSpessatto previously approved these changes Oct 11, 2024
View reviewed changes
Copy link
Member

@MarcosSpessatto MarcosSpessatto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should change this to a fix instead

@MarcosSpessatto MarcosSpessatto removed request for a team October 11, 2024 20:41
@ggazzo ggazzo dismissed MarcosSpessatto’s stale review October 11, 2024 20:51

The merge-base changed after approval.

@KevLehman KevLehman force-pushed the refactor/e2e-room-owner-only-one-to-set-key-on-room-start branch from ba4ed73 to 9260ef7 Compare October 11, 2024 20:58
@sampaiodiego sampaiodiego merged commit 4343d53 into release-7.0.0 Oct 11, 2024
4 of 5 checks passed
@sampaiodiego sampaiodiego deleted the refactor/e2e-room-owner-only-one-to-set-key-on-room-start branch October 11, 2024 21:08
ggazzo pushed a commit that referenced this pull request Oct 11, 2024
@KevLehman @ggazzo
fix!: Only room creator can set the E2EE room key for the first time (#…
09c1b34 
…33520)
ggazzo pushed a commit that referenced this pull request Oct 11, 2024
@KevLehman @ggazzo
fix!: Only room creator can set the E2EE room key for the first time (#…
3099c34 
…33520)
ggazzo pushed a commit that referenced this pull request Oct 14, 2024
@KevLehman @ggazzo
fix!: Only room creator can set the E2EE room key for the first time (#…
02f5e16 
…33520)
MartinSchoeler pushed a commit that referenced this pull request Oct 14, 2024
@KevLehman @MartinSchoeler
fix!: Only room creator can set the E2EE room key for the first time (#…
6f73796 
…33520)
ggazzo pushed a commit that referenced this pull request Oct 15, 2024
@KevLehman @ggazzo
fix!: Only room creator can set the E2EE room key for the first time (#…
8c7cad5 
…33520)
ggazzo pushed a commit that referenced this pull request Oct 17, 2024
@KevLehman @ggazzo
fix!: Only room creator can set the E2EE room key for the first time (#…
3415d8d 
…33520)
ggazzo pushed a commit that referenced this pull request Oct 17, 2024
@KevLehman @ggazzo
fix!: Only room creator can set the E2EE room key for the first time (#…
68eb22f 
…33520)
ggazzo pushed a commit that referenced this pull request Oct 17, 2024
@KevLehman @ggazzo
fix!: Only room creator can set the E2EE room key for the first time (#…
d7f3592 
…33520)
This was referenced Oct 20, 2024
Closed
Closed
Merged
abhinavkrin pushed a commit that referenced this pull request Oct 25, 2024
@KevLehman @abhinavkrin
fix!: Only room creator can set the E2EE room key for the first time (#…
1c9684d 
…33520)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sampaiodiego sampaiodiego sampaiodiego approved these changes

@MarcosSpessatto MarcosSpessatto MarcosSpessatto left review comments

Assignees
No one assigned
Labels
stat: QA assured Means it has been tested and approved by a company insider stat: ready to merge PR tested and approved waiting for merge
Projects
None yet
Milestone
7.0
Development

Successfully merging this pull request may close these issues.
3 participants
@KevLehman @sampaiodiego @MarcosSpessatto