Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(messenger_communities): block messages and reactions to token gated or spectated communities #4064

Merged
merged 1 commit into from
Oct 25, 2023
Merged

fix(messenger_communities): block messages and reactions to token gated or spectated communities #4064

merged 1 commit into from
Oct 25, 2023

Conversation

shinnok
Copy link
Contributor

@shinnok shinnok commented Sep 26, 2023
edited
Loading

Right now, if the QML UI control checks are disabled, the user can send messages to spectated, non-joined and, possibly, token-gated communities with invalid tokens?

Right now the PR is in draft stage with possible code culprits.

Closes status-im/status-desktop#11915

@ghost
Copy link

ghost commented Sep 26, 2023

Hey @shinnok, and thank you so much for making your first pull request in status-go! ❤️ Please help us make your experience better by filling out this brief questionnaire https://goo.gl/forms/uWqNcVpVz7OIopXg2

@status-im-auto
Copy link
Member

status-im-auto commented Sep 26, 2023
edited
Loading

Jenkins Builds

Click to see older builds (96)
Commit #️⃣ Finished (UTC) Duration Platform Result
✔️ bfb1846 #1 2023-09-26 15:36:49 ~3 min linux 📦zip
✔️ bfb1846 #1 2023-09-26 15:37:24 ~4 min ios 📦zip
✔️ bfb1846 #1 2023-09-26 15:38:55 ~6 min android 📦aar
✖️ bfb1846 #1 2023-09-26 15:51:06 ~18 min tests 📄log
✔️ 454911c #2 2023-10-04 15:11:51 ~3 min ios 📦zip
✔️ 454911c #2 2023-10-04 15:12:14 ~3 min linux 📦zip
✔️ 454911c #2 2023-10-04 15:13:21 ~4 min android 📦aar
✖️ 454911c #2 2023-10-04 15:28:23 ~19 min tests 📄log
✔️ d7134ba #3 2023-10-05 10:44:03 ~1 min linux 📦zip
✔️ d7134ba #3 2023-10-05 10:44:30 ~1 min android 📦aar
✔️ d7134ba #3 2023-10-05 10:46:34 ~3 min ios 📦zip
✖️ d7134ba #3 2023-10-05 10:58:28 ~15 min tests 📄log
✔️ 9d05479 #4 2023-10-05 15:06:28 ~1 min android 📦aar
✔️ 9d05479 #4 2023-10-05 15:07:25 ~2 min linux 📦zip
✔️ 9d05479 #4 2023-10-05 15:07:51 ~3 min ios 📦zip
✖️ 9d05479 #4 2023-10-05 15:23:15 ~18 min tests 📄log
✔️ 8e179c5 #5 2023-10-06 07:47:42 ~1 min linux 📦zip
✔️ 8e179c5 #5 2023-10-06 07:48:07 ~1 min android 📦aar
✔️ 8e179c5 #5 2023-10-06 07:48:58 ~2 min ios 📦zip
✖️ 8e179c5 #5 2023-10-06 08:01:38 ~15 min tests 📄log
✖️ 22a1984 #6 2023-10-06 14:31:14 ~1 min tests 📄log
✔️ 22a1984 #6 2023-10-06 14:31:28 ~1 min linux 📦zip
✔️ 22a1984 #6 2023-10-06 14:31:38 ~1 min android 📦aar
✔️ 22a1984 #6 2023-10-06 14:32:58 ~2 min ios 📦zip
✖️ 39789d9 #7 2023-10-09 09:37:05 ~59 sec tests 📄log
✔️ 39789d9 #7 2023-10-09 09:37:46 ~1 min android 📦aar
✔️ 39789d9 #7 2023-10-09 09:37:51 ~1 min linux 📦zip
✔️ 39789d9 #7 2023-10-09 09:39:13 ~3 min ios 📦zip
✔️ dace1b2 #8 2023-10-11 11:08:59 ~1 min linux 📦zip
✖️ dace1b2 #8 2023-10-11 11:09:41 ~2 min tests 📄log
✔️ dace1b2 #8 2023-10-11 11:10:56 ~3 min ios 📦zip
✔️ dace1b2 #8 2023-10-11 11:13:00 ~5 min android 📦aar
✔️ 372bc11 #9 2023-10-11 13:41:51 ~2 min linux 📦zip
✔️ 372bc11 #9 2023-10-11 13:42:15 ~2 min android 📦aar
✔️ 372bc11 #9 2023-10-11 13:43:24 ~3 min ios 📦zip
✖️ 372bc11 #9 2023-10-11 13:55:51 ~16 min tests 📄log
✔️ cfd7a3e #10 2023-10-12 09:14:59 ~1 min linux 📦zip
✔️ cfd7a3e #10 2023-10-12 09:15:31 ~2 min android 📦aar
✔️ cfd7a3e #10 2023-10-12 09:16:39 ~3 min ios 📦zip
✖️ cfd7a3e #10 2023-10-12 09:28:06 ~14 min tests 📄log
✔️ fd675b8 #11 2023-10-12 14:32:12 ~1 min android 📦aar
✔️ fd675b8 #11 2023-10-12 14:33:37 ~2 min ios 📦zip
✔️ fd675b8 #11 2023-10-12 14:33:59 ~3 min linux 📦zip
✖️ fd675b8 #11 2023-10-12 14:45:40 ~14 min tests 📄log
✔️ 67badfc #12 2023-10-12 15:51:23 ~1 min linux 📦zip
✔️ 67badfc #12 2023-10-12 15:51:48 ~2 min android 📦aar
✔️ 67badfc #12 2023-10-12 15:52:41 ~2 min ios 📦zip
✖️ 67badfc #12 2023-10-12 16:06:11 ~16 min tests 📄log
✔️ f388ab2 #13 2023-10-13 08:11:00 ~1 min linux 📦zip
✔️ f388ab2 #13 2023-10-13 08:11:13 ~1 min android 📦aar
✔️ f388ab2 #13 2023-10-13 08:12:58 ~3 min ios 📦zip
✖️ f388ab2 #13 2023-10-13 08:24:31 ~14 min tests 📄log
✖️ f388ab2 #14 2023-10-13 09:55:49 ~9 min tests 📄log
✖️ f388ab2 #15 2023-10-13 10:27:56 ~13 min tests 📄log
✖️ f388ab2 #16 2023-10-13 11:07:58 ~24 min tests 📄log
✖️ f388ab2 #17 2023-10-13 14:23:25 ~24 min tests 📄log
✖️ f388ab2 #18 2023-10-16 09:56:56 ~24 min tests 📄log
✖️ f388ab2 #19 2023-10-17 06:57:41 ~24 min tests 📄log
✔️ 3d5ab9c #14 2023-10-17 09:03:43 ~1 min linux 📦zip
✔️ 3d5ab9c #14 2023-10-17 09:03:56 ~1 min android 📦aar
✖️ 3d5ab9c #20 2023-10-17 09:04:18 ~2 min tests 📄log
✔️ 3d5ab9c #14 2023-10-17 09:05:34 ~3 min ios 📦zip
✔️ 0453246 #15 2023-10-17 13:40:48 ~1 min linux 📦zip
✔️ 0453246 #15 2023-10-17 13:40:59 ~1 min android 📦aar
✔️ 0453246 #15 2023-10-17 13:43:18 ~3 min ios 📦zip
✖️ 0453246 #21 2023-10-17 14:12:12 ~32 min tests 📄log
✖️ 0453246 #22 2023-10-17 15:05:57 ~30 min tests 📄log
✖️ 0453246 #23 2023-10-18 13:28:53 ~30 min tests 📄log
✔️ 794607f #16 2023-10-18 15:48:06 ~1 min linux 📦zip
✔️ 794607f #16 2023-10-18 15:49:59 ~3 min ios 📦zip
✔️ 794607f #16 2023-10-18 15:52:13 ~5 min android 📦aar
✖️ 794607f #24 2023-10-18 16:12:30 ~25 min tests 📄log
✖️ 48ddf61 #25 2023-10-20 14:17:00 ~54 sec tests 📄log
✔️ 48ddf61 #17 2023-10-20 14:17:27 ~1 min linux 📦zip
✔️ 48ddf61 #17 2023-10-20 14:17:49 ~1 min android 📦aar
✔️ 48ddf61 #17 2023-10-20 14:19:28 ~3 min ios 📦zip
✔️ 5eb9234 #18 2023-10-20 14:41:43 ~1 min linux 📦zip
✔️ 5eb9234 #18 2023-10-20 14:42:16 ~1 min android 📦aar
✔️ 5eb9234 #18 2023-10-20 14:43:44 ~3 min ios 📦zip
✖️ 5eb9234 #26 2023-10-20 14:49:52 ~9 min tests 📄log
✖️ 5eb9234 #27 2023-10-20 15:33:49 ~30 min tests 📄log
✔️ 5eb9234 #28 2023-10-23 08:29:07 ~33 min tests 📄log
✔️ 5f30482 #19 2023-10-23 08:47:05 ~2 min linux 📦zip
✔️ 5f30482 #19 2023-10-23 08:47:50 ~3 min ios 📦zip
✔️ 5f30482 #19 2023-10-23 08:48:41 ~4 min android 📦aar
✔️ 5f30482 #29 2023-10-23 09:16:30 ~32 min tests 📄log
✔️ b69d5b0 #20 2023-10-23 09:19:36 ~1 min linux 📦zip
✔️ b69d5b0 #20 2023-10-23 09:20:15 ~2 min android 📦aar
✔️ b69d5b0 #20 2023-10-23 09:21:34 ~3 min ios 📦zip
✖️ b69d5b0 #30 2023-10-23 09:50:41 ~32 min tests 📄log
✔️ b69d5b0 #31 2023-10-23 10:45:38 ~32 min tests 📄log
✔️ a69e1cb #21 2023-10-24 14:06:02 ~1 min linux 📦zip
✔️ a69e1cb #21 2023-10-24 14:06:39 ~2 min android 📦aar
✖️ a69e1cb #32 2023-10-24 14:07:16 ~2 min tests 📄log
✔️ a69e1cb #21 2023-10-24 14:07:52 ~3 min ios 📦zip
✖️ a69e1cb #33 2023-10-24 15:01:21 ~27 min tests 📄log
Commit #️⃣ Finished (UTC) Duration Platform Result
✔️ 55ba45e #22 2023-10-24 15:54:53 ~3 min ios 📦zip
✔️ 55ba45e #22 2023-10-24 15:55:33 ~4 min android 📦aar
✔️ 55ba45e #22 2023-10-24 15:58:05 ~6 min linux 📦zip
✖️ 55ba45e #34 2023-10-24 15:58:59 ~7 min tests 📄log
✔️ 55ba45e #35 2023-10-24 16:43:25 ~31 min tests 📄log
✔️ 4fe5a2c #23 2023-10-25 10:35:41 ~3 min linux 📦zip
✔️ 4fe5a2c #23 2023-10-25 10:36:36 ~4 min ios 📦zip
✔️ 4fe5a2c #23 2023-10-25 10:37:02 ~4 min android 📦aar
✔️ 4fe5a2c #36 2023-10-25 11:07:41 ~35 min tests 📄log

@shinnok shinnok mentioned this pull request Sep 26, 2023
Closed
@shinnok shinnok changed the title Block messages and reactions to token gated or non-joined communities feat(messenger_communities): block messages and reactions to token gated or non-joined communities Sep 26, 2023
@shinnok shinnok changed the title feat(messenger_communities): block messages and reactions to token gated or non-joined communities feat(messenger_communities): block messages and reactions to token gated or spectated communities Sep 26, 2023
jrainville
jrainville reviewed Sep 26, 2023
View reviewed changes
Copy link
Member

@jrainville jrainville left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The line in CanPost seems like the right culprit for the Sender side.

We should also do a similar check on the receiver side.
The entry point for that is in messenger_handlers.go > dispatchToHandler.
That's where we dispatch the received message to the right handler.
In this case, it would be handleChatMessageProtobuf.

Pro tip: using fmt.Println("...") is a good way to add logs to status-go that will show up in the console when running Status Desktop.

But even better is using the Go tests. You'll find a lot of useful tests in community_test.go. For example TestCanPost. TestValidateRequestToJoin might be a good one to validate that messages only work for those joined, but maybe it's better to create a new test case.

protocol/communities/community.go Outdated Show resolved Hide resolved
protocol/communities/community.go Outdated Show resolved Hide resolved
protocol/messenger.go Outdated Show resolved Hide resolved
@shinnok shinnok changed the title feat(messenger_communities): block messages and reactions to token gated or spectated communities fix(messenger_communities): block messages and reactions to token gated or spectated communities Sep 27, 2023
@shinnok
Copy link
Contributor Author

shinnok commented Oct 9, 2023

I can't get the SendPinMessage() call to go through even though I have PinMessageAllMembersEnabled set to true.

39789d9 (#4064)

https://github.com/status-im/status-go/blob/fix/11915/send-message-to-gated-community/protocol/messenger_pin_messages.go#L42

Not sure how critical it is to get the TestPinMessageInCommunityChat working for this particular issue, thus I'm enabling this PR for review and also welcome to help on investigating why isn't the community message pin working in the test suite, when it is fine otherwise.

@shinnok shinnok marked this pull request as ready for review October 9, 2023 10:13
@shinnok shinnok requested a review from osmaczko October 9, 2023 10:13
osmaczko
osmaczko reviewed Oct 9, 2023
View reviewed changes
Copy link
Contributor

@osmaczko osmaczko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good in general 👍 some minor things to address.

protocol/communities_messenger_test.go Outdated Show resolved Hide resolved
protocol/communities_messenger_test.go Outdated Show resolved Hide resolved
protocol/communities_messenger_test.go Outdated Show resolved Hide resolved
jrainville
jrainville reviewed Oct 10, 2023
View reviewed changes
Copy link
Member

@jrainville jrainville left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, though there is a small cleanup needed.

As we discussed in our 1-1, the Pin message test can be added in another PR, because it seems like the Setting to let users pin in a community is not being saved correctly on the receiver side, so it's worth another issue.

protocol/messenger.go Outdated Show resolved Hide resolved
@osmaczko
Copy link
Contributor

it seems like the Setting to let users pin in a community is not being saved correctly on the receiver side

I believe the root cause is different: #4064 (comment)

@jrainville
Copy link
Member

it seems like the Setting to let users pin in a community is not being saved correctly on the receiver side

I believe the root cause is different: #4064 (comment)

Yeah I know. When I was in the 1-1 with him, we did add the saveCommunity call. Even though I checked that the owner's DB did have the right value afterwards, Alice's DB didn't have it. So, it seems like maybe members don,t save settings correctly?

Or maybe we do not publish community settings with advertiseCommunity?

@osmaczko
Copy link
Contributor

it seems like the Setting to let users pin in a community is not being saved correctly on the receiver side

I believe the root cause is different: #4064 (comment)

Yeah I know. When I was in the 1-1 with him, we did add the saveCommunity call. Even though I checked that the owner's DB did have the right value afterwards, Alice's DB didn't have it. So, it seems like maybe members don,t save settings correctly?

Or maybe we do not publish community settings with advertiseCommunity?

The saveCommunity should be executed on the control node side before it is advertised to the users. The admin settings are a part of the CommunityDescription. The description sent by the control node should be identical on the receiver side because the proto lib handles unmarshaling. I would try to investigate what admin settings (CommunityDescription) is distributed exactly.

@shinnok shinnok force-pushed the fix/11915/send-message-to-gated-community branch from 39789d9 to dace1b2 Compare October 11, 2023 11:07
@shinnok
Copy link
Contributor Author

shinnok commented Oct 11, 2023

I've created issue #4138 to further investigate the channel message pin issue and forked the new test method TestPinMessageInCommunityChat to PR #4139.

The current squashed commit contains the sufficient changes to block messages, reactions and pins to channels for which the user is not a member, both for him and other members. Please review again.

@shinnok shinnok force-pushed the fix/11915/send-message-to-gated-community branch from dace1b2 to 372bc11 Compare October 11, 2023 13:39
@jrainville jrainville force-pushed the fix/11915/send-message-to-gated-community branch from fd675b8 to 67badfc Compare October 12, 2023 15:49
@shinnok shinnok force-pushed the fix/11915/send-message-to-gated-community branch from 3d5ab9c to 0453246 Compare October 17, 2023 13:39
@shinnok shinnok force-pushed the fix/11915/send-message-to-gated-community branch from 48ddf61 to 5eb9234 Compare October 20, 2023 14:40
@jrainville jrainville mentioned this pull request Oct 20, 2023
Closed
@shinnok shinnok force-pushed the fix/11915/send-message-to-gated-community branch from 5f30482 to b69d5b0 Compare October 23, 2023 09:17
jrainville
jrainville reviewed Oct 23, 2023
View reviewed changes
Copy link
Member

@jrainville jrainville left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, the order of conditions in canPost can be improved a little

protocol/communities/community.go Outdated Show resolved Hide resolved
@shinnok shinnok requested a review from osmaczko October 24, 2023 16:55
@jrainville jrainville mentioned this pull request Oct 24, 2023
Open
This was referenced Oct 24, 2023
Closed
Merged
osmaczko
osmaczko approved these changes Oct 24, 2023
View reviewed changes
Copy link
Contributor

@osmaczko osmaczko left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

protocol/messenger_activity_center_test.go Outdated Show resolved Hide resolved
@shinnok
Copy link
Contributor Author

shinnok commented Oct 25, 2023

Attaching a video showing the changes in effect, the top left Status instance has adjustments in this PR in place, the bottom right doesn't, but instead has the QML UI checks disabled for sending, reacting and pinning. This effectively verifies that the receiving side effectively blocks non-member actions, however, once applied, this patch also denies non-member actions on the sender's side for efficiency. Testing this exact same workflow without this patch on either side, but with the UI checks disabled, will allow a non-member to send, react and pin before being approved in a on-request community or before spectating for no-request community.

output.mp4
  • video is encoded to H.265/HEVC due to size/length, might help to download and play with VLC/Mplayer instead of the browser *

@shinnok
Check community>chat membership according to new requirement
4fe5a2c 
Which specifies that if a user is not a community member & a
chat member, he can't post, react or pin messages in that chat.

Notes:
- also fix&cleanup associated failing tests.
- refactor Community.CanPost() to reflect the new requirement.
- grant code is not fully implemented and is to be removed later.

Fixes #11915
@shinnok shinnok force-pushed the fix/11915/send-message-to-gated-community branch from 55ba45e to 4fe5a2c Compare October 25, 2023 10:32
@jrainville jrainville merged commit 3805662 into develop Oct 25, 2023
2 checks passed
@jrainville jrainville deleted the fix/11915/send-message-to-gated-community branch October 25, 2023 14:26
@ajayesivan ajayesivan mentioned this pull request Oct 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrainville jrainville jrainville approved these changes

@osmaczko osmaczko osmaczko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Able to send reaction in token gated communities
4 participants
@shinnok @status-im-auto @osmaczko @jrainville