Release 3.1.1

.docker/Dockerfile.rhel

@@ -1,6 +1,6 @@
 FROM registry.access.redhat.com/rhscl/nodejs-8-rhel7
 
-ENV RC_VERSION 3.1.0
+ENV RC_VERSION 3.1.1
 
 MAINTAINER buildmaster@rocket.chat
 

.github/history.json

@@ -42397,6 +42397,101 @@
           ]
         }
       ]
+    },
+    "3.1.1": {
+      "node_version": "12.16.1",
+      "npm_version": "6.13.4",
+      "mongo_versions": [
+        "3.4",
+        "3.6",
+        "4.0"
+      ],
+      "pull_requests": [
+        {
+          "pr": "17278",
+          "title": "[FIX] SAML assertion signature enforcement",
+          "userLogin": "pierre-lehnen-rc",
+          "milestone": "3.1.1",
+          "contributors": [
+            "pierre-lehnen-rc",
+            "sampaiodiego"
+          ]
+        },
+        {
+          "pr": "17299",
+          "title": "[FIX] User search on directory not working correctly",
+          "userLogin": "rodrigok",
+          "milestone": "3.1.1",
+          "contributors": [
+            "rodrigok"
+          ]
+        },
+        {
+          "pr": "17275",
+          "title": "[FIX] 404 error when clicking an username",
+          "userLogin": "pierre-lehnen-rc",
+          "milestone": "3.1.1",
+          "contributors": [
+            "pierre-lehnen-rc"
+          ]
+        },
+        {
+          "pr": "17287",
+          "title": "Update Apps-Engine to stable version",
+          "userLogin": "d-gubert",
+          "milestone": "3.1.1",
+          "contributors": [
+            "d-gubert"
+          ]
+        },
+        {
+          "pr": "17286",
+          "title": "[FIX] Avatar on sidebar when showing real names",
+          "userLogin": "ggazzo",
+          "milestone": "3.1.1",
+          "contributors": [
+            "ggazzo"
+          ]
+        },
+        {
+          "pr": "17283",
+          "title": "[FIX] Directory default tab",
+          "userLogin": "ggazzo",
+          "milestone": "3.1.1",
+          "contributors": [
+            "ggazzo"
+          ]
+        },
+        {
+          "pr": "17282",
+          "title": "[FIX] Discussions created from inside DMs were not working and some errors accessing recently created rooms",
+          "userLogin": "rodrigok",
+          "milestone": "3.1.1",
+          "contributors": [
+            "rodrigok",
+            "sampaiodiego"
+          ]
+        },
+        {
+          "pr": "17288",
+          "title": " [FIX] Omnichannel SMS / WhatsApp integration errors due to missing location data",
+          "userLogin": "renatobecker",
+          "milestone": "3.1.1",
+          "contributors": [
+            "renatobecker",
+            "web-flow"
+          ]
+        },
+        {
+          "pr": "17302",
+          "title": "[FIX] LDAP users lose session on refresh",
+          "userLogin": "pierre-lehnen-rc",
+          "milestone": "3.1.1",
+          "contributors": [
+            "pierre-lehnen-rc"
+          ]
+        }
+      ]
     }
   }
 }

HISTORY.md

@@ -1,4 +1,48 @@
 
+# 3.1.1
+`2020-04-14  ·  8 🐛  ·  1 🔍  ·  6 👩‍💻👨‍💻`
+
+### Engine versions
+- Node: `12.16.1`
+- NPM: `6.13.4`
+- MongoDB: `3.4, 3.6, 4.0`
+
+### 🐛 Bug fixes
+
+
+- SAML assertion signature enforcement ([#17278](https://github.com/RocketChat/Rocket.Chat/pull/17278))
+
+- User search on directory not working correctly ([#17299](https://github.com/RocketChat/Rocket.Chat/pull/17299))
+
+- 404 error when clicking an username ([#17275](https://github.com/RocketChat/Rocket.Chat/pull/17275))
+
+- Avatar on sidebar when showing real names ([#17286](https://github.com/RocketChat/Rocket.Chat/pull/17286))
+
+- Directory default tab ([#17283](https://github.com/RocketChat/Rocket.Chat/pull/17283))
+
+- Discussions created from inside DMs were not working and some errors accessing recently created rooms ([#17282](https://github.com/RocketChat/Rocket.Chat/pull/17282))
+
+- Omnichannel SMS / WhatsApp integration errors due to missing location data ([#17288](https://github.com/RocketChat/Rocket.Chat/pull/17288))
+
+- LDAP users lose session on refresh ([#17302](https://github.com/RocketChat/Rocket.Chat/pull/17302))
+
+<details>
+<summary>🔍 Minor changes</summary>
+
+
+- Update Apps-Engine to stable version ([#17287](https://github.com/RocketChat/Rocket.Chat/pull/17287))
+
+</details>
+
+### 👩‍💻👨‍💻 Core Team 🤓
+
+- [@d-gubert](https://github.com/d-gubert)
+- [@ggazzo](https://github.com/ggazzo)
+- [@pierre-lehnen-rc](https://github.com/pierre-lehnen-rc)
+- [@renatobecker](https://github.com/renatobecker)
+- [@rodrigok](https://github.com/rodrigok)
+- [@sampaiodiego](https://github.com/sampaiodiego)
+
 # 3.1.0
 `2020-04-09  ·  23 🎉  ·  22 🚀  ·  71 🐛  ·  86 🔍  ·  41 👩‍💻👨‍💻`
 

app/discussion/server/methods/createDiscussion.js

@@ -5,6 +5,7 @@ import { hasAtLeastOnePermission, canAccessRoom } from '../../../authorization/s
 import { Messages, Rooms } from '../../../models/server';
 import { createRoom, addUserToRoom, sendMessage, attachMessage } from '../../../lib/server';
 import { settings } from '../../../settings/server';
+import { roomTypes } from '../../../utils/server';
 
 const getParentRoom = (rid) => {
 	const room = Rooms.findOne(rid);
@@ -86,7 +87,8 @@ const create = ({ prid, pmid, t_name, reply, users }) => {
 	// auto invite the replied message owner
 	const invitedUsers = message ? [message.u.username, ...users] : users;
 
-	const discussion = createRoom(p_room.t, name, user.username, [...new Set(invitedUsers)], false, {
+	const type = roomTypes.getConfig(p_room.t).getDiscussionType();
+	const discussion = createRoom(type, name, user.username, [...new Set(invitedUsers)], false, {
 		fname: t_name,
 		description: message.msg, // TODO discussions remove
 		topic: p_room.name, // TODO discussions remove

app/ldap/server/loginHandler.js

@@ -158,7 +158,7 @@ callbacks.add('beforeValidateLogin', (login) => {
 		return login;
 	}
 
-	if (login.type === 'ldap') {
+	if (login.type === 'ldap' || login.type === 'resume') {
 		return login;
 	}
 

app/lib/lib/roomTypes/direct.js

@@ -186,16 +186,23 @@ export class DirectMessageRoomType extends RoomTypeConfig {
 	}
 
 	getAvatarPath(roomData, subData) {
+		if (!roomData && !subData) {
+			return '';
+		}
+
 		if (this.isGroupChat(roomData)) {
 			return getAvatarURL({ username: roomData.uids.length + roomData.usernames.join() });
 		}
 
-		if (roomData) {
-			return getUserAvatarURL(roomData.name || this.roomName(roomData));
+		const sub = subData || Subscriptions.findOne({ rid: roomData._id }, { fields: { name: 1 } });
+
+		if (sub && sub.name) {
+			return getUserAvatarURL(sub.name);
 		}
 
-		const sub = subData || Subscriptions.findOne({ rid: roomData._id }, { fields: { name: 1 } });
-		return getUserAvatarURL(sub.name || this.roomName(roomData));
+		if (roomData) {
+			return getUserAvatarURL(roomData.name || this.roomName(roomData)); // rooms should have no name for direct messages...
+		}
 	}
 
 	includeInDashboard() {

app/lib/lib/roomTypes/public.js

@@ -133,4 +133,8 @@ export class PublicRoomType extends RoomTypeConfig {
 
 		return getAvatarURL({ username: `@${ this.roomName(roomData) }` });
 	}
+
+	getDiscussionType() {
+		return 'c';
+	}
 }

app/lib/server/startup/settings.js

@@ -97,9 +97,8 @@ settings.addGroup('Accounts', function() {
 		type: 'boolean',
 		public: true,
 	});
-	this.add('Accounts_SearchFields', '', {
+	this.add('Accounts_SearchFields', 'username, name, bio', {
 		type: 'string',
-		public: true,
 	});
 	this.add('Accounts_Directory_DefaultView', 'channels', {
 		type: 'select',

app/livechat/imports/server/rest/sms.js

@@ -40,7 +40,7 @@ const defineVisitor = (smsNumber) => {
 };
 
 const normalizeLocationSharing = (payload) => {
-	const { extra: { fromLatitude: latitude, fromLongitude: longitude } } = payload;
+	const { extra: { fromLatitude: latitude, fromLongitude: longitude } = { } } = payload;
 	if (!latitude || !longitude) {
 		return;
 	}

app/meteor-accounts-saml/server/saml_rocketchat.js

@@ -62,6 +62,19 @@ Meteor.methods({
 			multiline: true,
 			i18nLabel: 'SAML_Custom_Public_Cert',
 		});
+		settings.add(`SAML_Custom_${ name }_signature_validation_type`, 'All', {
+			type: 'select',
+			values: [
+				{ key: 'Response', i18nLabel: 'SAML_Custom_signature_validation_response' },
+				{ key: 'Assertion', i18nLabel: 'SAML_Custom_signature_validation_assertion' },
+				{ key: 'Either', i18nLabel: 'SAML_Custom_signature_validation_either' },
+				{ key: 'All', i18nLabel: 'SAML_Custom_signature_validation_all' },
+			],
+			group: 'SAML',
+			section: name,
+			i18nLabel: 'SAML_Custom_signature_validation_type',
+			i18nDescription: 'SAML_Custom_signature_validation_type_description',
+		});
 		settings.add(`SAML_Custom_${ name }_private_key`, '', {
 			type: 'string',
 			group: 'SAML',
@@ -238,6 +251,7 @@ const getSamlConfigs = function(service) {
 			// People often overlook the instruction to remove the header and footer of the certificate on this specific setting, so let's do it for them.
 			cert: normalizeCert(settings.get(`${ service.key }_cert`)),
 		},
+		signatureValidationType: settings.get(`${ service.key }_signature_validation_type`),
 		userDataFieldMap: settings.get(`${ service.key }_user_data_fieldmap`),
 		allowedClockDrift: settings.get(`${ service.key }_allowed_clock_drift`),
 	};
@@ -290,6 +304,7 @@ const configureSamlService = function(samlConfigs) {
 		roleAttributeName: samlConfigs.roleAttributeName,
 		roleAttributeSync: samlConfigs.roleAttributeSync,
 		allowedClockDrift: samlConfigs.allowedClockDrift,
+		signatureValidationType: samlConfigs.signatureValidationType,
 	};
 };
 

app/meteor-accounts-saml/server/saml_utils.js

@@ -347,6 +347,10 @@ SAML.prototype.validateSignatureChildren = function(xml, cert, parent) {
 		signature = sign;
 	}
 
+	if (!signature) {
+		return false;
+	}
+
 	return this.validateSignature(xml, cert, signature);
 };
 
@@ -564,19 +568,43 @@ SAML.prototype.verifySignatures = function(response, assertion, xml) {
 		return;
 	}
 
-	debugLog('Verify Document Signature');
-	if (!this.validateResponseSignature(xml, this.options.cert, response)) {
-		debugLog('Document Signature WRONG');
-		throw new Error('Invalid Signature');
+	const signatureType = this.options.signatureValidationType;
+
+	const checkEither = signatureType === 'Either';
+	const checkResponse = signatureType === 'Response' || signatureType === 'All' || checkEither;
+	const checkAssertion = signatureType === 'Assertion' || signatureType === 'All' || checkEither;
+	let anyValidSignature = false;
+
+	if (checkResponse) {
+		debugLog('Verify Document Signature');
+		if (!this.validateResponseSignature(xml, this.options.cert, response)) {
+			if (!checkEither) {
+				debugLog('Document Signature WRONG');
+				throw new Error('Invalid Signature');
+			}
+		} else {
+			anyValidSignature = true;
+		}
+		debugLog('Document Signature OK');
+	}
+
+	if (checkAssertion) {
+		debugLog('Verify Assertion Signature');
+		if (!this.validateAssertionSignature(xml, this.options.cert, assertion)) {
+			if (!checkEither) {
+				debugLog('Assertion Signature WRONG');
+				throw new Error('Invalid Assertion signature');
+			}
+		} else {
+			anyValidSignature = true;
+		}
+		debugLog('Assertion Signature OK');
 	}
-	debugLog('Document Signature OK');
 
-	debugLog('Verify Assertion Signature');
-	if (!this.validateAssertionSignature(xml, this.options.cert, assertion)) {
-		debugLog('Assertion Signature WRONG');
-		throw new Error('Invalid Assertion signature');
+	if (checkEither && !anyValidSignature) {
+		debugLog('No Valid Signature');
+		throw new Error('No valid SAML Signature found');
 	}
-	debugLog('Assertion Signature OK');
 };
 
 SAML.prototype.getSubject = function(assertion) {

app/models/server/models/Users.js

@@ -30,7 +30,7 @@ export class Users extends Base {
 
 		this.tryEnsureIndex({ roles: 1 }, { sparse: 1 });
 		this.tryEnsureIndex({ name: 1 });
-		this.tryEnsureIndex({ name: 'text', username: 'text', bio: 'text' }, { default_language: 'none', language_override: 'documentLanguage' });
+		this.tryEnsureIndex({ bio: 1 });
 		this.tryEnsureIndex({ createdAt: 1 });
 		this.tryEnsureIndex({ lastLogin: 1 });
 		this.tryEnsureIndex({ status: 1 });
@@ -641,21 +641,16 @@ export class Users extends Base {
 		const searchFields = forcedSearchFields || settings.get('Accounts_SearchFields').trim().split(',');
 
 		const orStmt = _.reduce(searchFields, function(acc, el) {
-			el = el.trim();
-			if (el && !['name', 'username', 'bio'].includes(el)) {
-				acc.push({ [el]: termRegex });
-			}
+			acc.push({ [el.trim()]: termRegex });
 			return acc;
 		}, []);
 
 		const query = {
 			$and: [
 				{
 					active: true,
-					$or: [{
-						$text: { $search: searchTerm },
-					}, ...orStmt],
 					username: { $exists: true, $nin: exceptions },
+					$or: orStmt,
 				},
 				...extraQuery,
 			],