Merge branch 'develop' into fix-rest-api-chat-postmessage-validations

.docker/Dockerfile

@@ -1,6 +1,6 @@
 FROM rocketchat/base:8
 
-ENV RC_VERSION 0.62.0-develop
+ENV RC_VERSION 0.63.0-develop
 
 MAINTAINER [email protected]
 

.eslintignore

@@ -18,4 +18,5 @@ packages/rocketchat-videobridge/client/public/external_api.js
 packages/rocketchat-theme/client/vendor/
 private/moment-locales/
 public/livechat/
-public/recorderWorker.js
+public/mp3-realtime-worker.js
+public/lame.min.js

.sandstorm/sandstorm-pkgdef.capnp

@@ -21,7 +21,7 @@ const pkgdef :Spk.PackageDefinition = (
 
 		appVersion = 62,  # Increment this for every release.
 
-		appMarketingVersion = (defaultText = "0.62.0-develop"),
+		appMarketingVersion = (defaultText = "0.63.0-develop"),
 		# Human-readable representation of appVersion. Should match the way you
 		# identify versions of your app in documentation and marketing.
 

.travis/snap.sh

@@ -17,7 +17,7 @@ elif [[ $TRAVIS_TAG ]]; then
     RC_VERSION=$TRAVIS_TAG
 else
     CHANNEL=edge
-    RC_VERSION=0.62.0-develop
+    RC_VERSION=0.63.0-develop
 fi
 
 echo "Preparing to trigger a snap release for $CHANNEL channel"

README.md

@@ -363,7 +363,11 @@ Read about [how it all started](https://blog.blackducksoftware.com/rocket-chat-e
 
 ## Issues
 
-[Github Issues](https://github.com/RocketChat/Rocket.Chat/issues) are used to track todos, bugs, feature requests, and more.
+[Github Issues](https://github.com/RocketChat/Rocket.Chat/issues) are used to track bugs and tasks on the roadmap.
+
+## Feature Requests
+
+[Feature Request Forums](https://forums.rocket.chat/c/feature-requests) are used to suggest, discuss and upvote feature suggestions. 
 
 ### Stack Overflow
 

client/routes/router.js

@@ -95,19 +95,6 @@ FlowRouter.route('/account/:group?', {
 	}]
 });
 
-FlowRouter.route('/history/private', {
-	name: 'privateHistory',
-
-	subscriptions(/*params, queryParams*/) {
-		this.register('privateHistory', Meteor.subscribe('privateHistory'));
-	},
-
-	action() {
-		Session.setDefault('historyFilter', '');
-		BlazeLayout.render('main', {center: 'privateHistory'});
-	}
-});
-
 FlowRouter.route('/terms-of-service', {
 	name: 'terms-of-service',
 

imports/message-read-receipt/server/hooks.js

@@ -2,6 +2,11 @@ import { ReadReceipt } from './lib/ReadReceipt';
 
 RocketChat.callbacks.add('afterSaveMessage', (message, room) => {
 
+	// skips this callback if the message was edited
+	if (message.editedAt) {
+		return message;
+	}
+
 	// set subscription as read right after message was sent
 	RocketChat.models.Subscriptions.setAsReadByRoomIdAndUserId(room._id, message.u._id);
 

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "Rocket.Chat",
 	"description": "The Ultimate Open Source WebChat Platform",
-	"version": "0.62.0-develop",
+	"version": "0.63.0-develop",
 	"author": {
 		"name": "Rocket.Chat",
 		"url": "https://rocket.chat/"
@@ -166,6 +166,7 @@
 		"tar-stream": "^1.5.5",
 		"toastr": "^2.1.4",
 		"twilio": "^2.9.1",
+		"twit": "^2.2.9",
 		"ua-parser-js": "^0.7.17",
 		"underscore": "^1.8.3",
 		"underscore.string": "^3.3.4",

packages/rocketchat-2fa/server/lib/totp.js

@@ -13,30 +13,39 @@ RocketChat.TOTP = {
 	},
 
 	verify({ secret, token, backupTokens, userId }) {
-		let verified;
-
 		// validates a backup code
 		if (token.length === 8 && backupTokens) {
 			const hashedCode = SHA256(token);
 			const usedCode = backupTokens.indexOf(hashedCode);
 
 			if (usedCode !== -1) {
-				verified = true;
-
 				backupTokens.splice(usedCode, 1);
 
 				// mark the code as used (remove it from the list)
 				RocketChat.models.Users.update2FABackupCodesByUserId(userId, backupTokens);
+				return true;
 			}
-		} else {
-			verified = speakeasy.totp.verify({
+
+			return false;
+		}
+
+		const maxDelta = RocketChat.settings.get('Accounts_TwoFactorAuthentication_MaxDelta');
+		if (maxDelta) {
+			const verifiedDelta = speakeasy.totp.verifyDelta({
 				secret,
 				encoding: 'base32',
-				token
+				token,
+				window: maxDelta
 			});
+
+			return verifiedDelta !== undefined;
 		}
 
-		return verified;
+		return speakeasy.totp.verify({
+			secret,
+			encoding: 'base32',
+			token
+		});
 	},
 
 	generateCodes() {

packages/rocketchat-api/package.js

@@ -33,6 +33,7 @@ Package.onUse(function(api) {
 	api.addFiles('server/v1/subscriptions.js', 'server');
 	api.addFiles('server/v1/chat.js', 'server');
 	api.addFiles('server/v1/commands.js', 'server');
+	api.addFiles('server/v1/emoji-custom.js', 'server');
 	api.addFiles('server/v1/groups.js', 'server');
 	api.addFiles('server/v1/im.js', 'server');
 	api.addFiles('server/v1/integrations.js', 'server');

packages/rocketchat-api/server/v1/channels.js

@@ -330,7 +330,14 @@ RocketChat.API.v1.addRoute('channels.history', { authRequired: true }, {
 
 		let result;
 		Meteor.runAsUser(this.userId, () => {
-			result = Meteor.call('getChannelHistory', { rid: findResult._id, latest: latestDate, oldest: oldestDate, inclusive, count, unreads });
+			result = Meteor.call('getChannelHistory', {
+				rid: findResult._id,
+				latest: latestDate,
+				oldest: oldestDate,
+				inclusive,
+				count,
+				unreads
+			});
 		});
 
 		if (!result) {
@@ -417,15 +424,15 @@ RocketChat.API.v1.addRoute('channels.list', { authRequired: true }, {
 		action() {
 			const { offset, count } = this.getPaginationItems();
 			const { sort, fields, query } = this.parseJsonQuery();
+			const hasPermissionToSeeAllPublicChannels = RocketChat.authz.hasPermission(this.userId, 'view-c-room');
 
 			const ourQuery = Object.assign({}, query, { t: 'c' });
 
-			//Special check for the permissions
-			if (RocketChat.authz.hasPermission(this.userId, 'view-joined-room')) {
+			if (RocketChat.authz.hasPermission(this.userId, 'view-joined-room') && !hasPermissionToSeeAllPublicChannels) {
 				ourQuery.usernames = {
-					$in: [ this.user.username ]
+					$in: [this.user.username]
 				};
-			} else if (!RocketChat.authz.hasPermission(this.userId, 'view-c-room')) {
+			} else if (!hasPermissionToSeeAllPublicChannels) {
 				return RocketChat.API.v1.unauthorized();
 			}
 
@@ -476,7 +483,11 @@ RocketChat.API.v1.addRoute('channels.list.joined', { authRequired: true }, {
 
 RocketChat.API.v1.addRoute('channels.members', { authRequired: true }, {
 	get() {
-		const findResult = findChannelByIdOrName({ params: this.requestParams(), checkedArchived: false, returnUsernames: true });
+		const findResult = findChannelByIdOrName({
+			params: this.requestParams(),
+			checkedArchived: false,
+			returnUsernames: true
+		});
 
 		const { offset, count } = this.getPaginationItems();
 		const { sort } = this.parseJsonQuery();
@@ -625,7 +636,7 @@ RocketChat.API.v1.addRoute('channels.rename', { authRequired: true }, {
 			return RocketChat.API.v1.failure('The bodyParam "name" is required');
 		}
 
-		const findResult = findChannelByIdOrName({ params: { roomId: this.bodyParams.roomId} });
+		const findResult = findChannelByIdOrName({ params: { roomId: this.bodyParams.roomId } });
 
 		if (findResult.name === this.bodyParams.name) {
 			return RocketChat.API.v1.failure('The channel name is the same as what it would be renamed to.');
@@ -747,6 +758,24 @@ RocketChat.API.v1.addRoute('channels.setTopic', { authRequired: true }, {
 	}
 });
 
+RocketChat.API.v1.addRoute('channels.setAnnouncement', { authRequired: true }, {
+	post() {
+		if (!this.bodyParams.announcement || !this.bodyParams.announcement.trim()) {
+			return RocketChat.API.v1.failure('The bodyParam "announcement" is required');
+		}
+
+		const findResult = findChannelByIdOrName({ params: this.requestParams() });
+
+		Meteor.runAsUser(this.userId, () => {
+			Meteor.call('saveRoomSettings', findResult._id, 'roomAnnouncement', this.bodyParams.announcement);
+		});
+
+		return RocketChat.API.v1.success({
+			announcement: this.bodyParams.announcement
+		});
+	}
+});
+
 RocketChat.API.v1.addRoute('channels.setType', { authRequired: true }, {
 	post() {
 		if (!this.bodyParams.type || !this.bodyParams.type.trim()) {
@@ -784,3 +813,76 @@ RocketChat.API.v1.addRoute('channels.unarchive', { authRequired: true }, {
 		return RocketChat.API.v1.success();
 	}
 });
+
+RocketChat.API.v1.addRoute('channels.getAllUserMentionsByChannel', { authRequired: true }, {
+	get() {
+		const { roomId } = this.requestParams();
+		const { offset, count } = this.getPaginationItems();
+		const { sort } = this.parseJsonQuery();
+
+		if (!roomId) {
+			return RocketChat.API.v1.failure('The request param "roomId" is required');
+		}
+
+		const mentions = Meteor.runAsUser(this.userId, () => Meteor.call('getUserMentionsByChannel', {
+			roomId,
+			options: {
+				sort: sort ? sort : { ts: 1 },
+				skip: offset,
+				limit: count
+			}
+		}));
+
+		const allMentions = Meteor.runAsUser(this.userId, () => Meteor.call('getUserMentionsByChannel', {
+			roomId,
+			options: {}
+		}));
+
+		return RocketChat.API.v1.success({
+			mentions,
+			count: mentions.length,
+			offset,
+			total: allMentions.length
+		});
+	}
+});
+
+RocketChat.API.v1.addRoute('channels.notifications', { authRequired: true }, {
+	get() {
+		const { roomId } = this.requestParams();
+
+		if (!roomId) {
+			return RocketChat.API.v1.failure('The \'roomId\' param is required');
+		}
+
+		const subscription = RocketChat.models.Subscriptions.findOneByRoomIdAndUserId(roomId, this.userId, {
+			fields: {
+				_room: 0,
+				_user: 0,
+				$loki: 0
+			}
+		});
+
+		return RocketChat.API.v1.success({
+			subscription
+		});
+	},
+	post() {
+		const saveNotifications = (notifications, roomId) => {
+			Object.keys(notifications).map((notificationKey) => {
+				Meteor.runAsUser(this.userId, () => Meteor.call('saveNotificationSettings', roomId, notificationKey, notifications[notificationKey]));
+			});
+		};
+		const { roomId, notifications } = this.bodyParams;
+
+		if (!roomId) {
+			return RocketChat.API.v1.failure('The \'roomId\' param is required');
+		}
+
+		if (!notifications || Object.keys(notifications).length === 0) {
+			return RocketChat.API.v1.failure('The \'notifications\' param is required');
+		}
+
+		saveNotifications(notifications, roomId);
+	}
+});

packages/rocketchat-api/server/v1/emoji-custom.js

@@ -0,0 +1,7 @@
+RocketChat.API.v1.addRoute('emoji-custom', { authRequired: true }, {
+	get() {
+		const emojis = Meteor.call('listEmojiCustom');
+
+		return RocketChat.API.v1.success({ emojis });
+	}
+});

packages/rocketchat-api/server/v1/misc.js

@@ -18,6 +18,29 @@ RocketChat.API.v1.addRoute('info', { authRequired: false }, {
 	}
 });
 
+RocketChat.API.v1.addRoute('settings.oauth', { authRequired: false }, {
+	get() {
+		const mountOAuthServices = () => {
+			const oAuthServicesEnabled = ServiceConfiguration.configurations.find({}).fetch();
+
+			return oAuthServicesEnabled.map((service) => {
+				return {
+					id: service._id,
+					name: service.service,
+					appId: service.appId || service.clientId,
+					buttonLabelText: service.buttonLabelText || '',
+					buttonColor: service.buttonColor || '',
+					buttonLabelColor: service.buttonLabelColor || ''
+				};
+			});
+		};
+
+		return RocketChat.API.v1.success({
+			services: mountOAuthServices()
+		});
+	}
+});
+
 RocketChat.API.v1.addRoute('me', { authRequired: true }, {
 	get() {
 		const me = _.pick(this.user, [