Skip to content

Added parameter to disallow creating of rooms with public access #8082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
pboguslawski wants to merge 3 commits into from
Closed

Added parameter to disallow creating of rooms with public access #8082

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a38fdfd
Added parameter to disallow creating of rooms with public access
pboguslawski Oct 2, 2022
09e53ea
Merge master into master-IB#1126215
pboguslawski Oct 2, 2022
4c645ce
Adding e-mail addresses to room disabled when public rooms are disall…
pboguslawski Oct 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions lib/Controller/RoomController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
/**
* @copyright Copyright (c) 2016 Lukas Reschke <[email protected]>
* @copyright Copyright (c) 2016 Joas Schilling <[email protected]>
* @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
*
* @author Lukas Reschke <[email protected]>
* @author Joas Schilling <[email protected]>
Expand Down Expand Up @@ -1115,6 +1116,11 @@ public function addParticipantToRoom(string $newParticipant, string $source = 'u

$this->participantService->addCircle($this->room, $circle, $participants);
} elseif ($source === 'emails') {
// E-mails cannot be added if public rooms are disabled.
if ($this->config->getAppValue('spreed', 'public_rooms_allowed', 'yes') === 'no') {
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}

$data = [];
if ($this->roomService->setType($this->room, Room::TYPE_PUBLIC)) {
$data = ['type' => $this->room->getType()];
Expand Down
8 changes: 8 additions & 0 deletions lib/Manager.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016 Joas Schilling <[email protected]>
* @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
*
* @license GNU AGPL version 3 or any later version
*
Expand Down Expand Up @@ -156,6 +157,7 @@ public function createRoomObject(array $row): Room {
}

return new Room(
$this->config,
$this,
$this->db,
$this->dispatcher,
Expand Down Expand Up @@ -908,6 +910,12 @@ public function getChangelogRoom(string $userId): Room {
* @return Room
*/
public function createRoom(int $type, string $name = '', string $objectType = '', string $objectId = ''): Room {

// Force group room if public room was requested and public rooms are disallowed.
if (($type === Room::TYPE_PUBLIC) && ($this->config->getAppValue('spreed', 'public_rooms_allowed', 'yes') === 'no')) {
$type = Room::TYPE_GROUP;
Copy link
Member

@nickvergessen nickvergessen Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if we should simply convert it. Or just error with a 400 Bad Request and a message the clients can display.

Copy link
Contributor Author

@pboguslawski pboguslawski Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conversion was choosen because spreed code ignores errors returned by modified functions and this seems to be safer. Conversion should never happen because function should be not available in UI also (and if bad guys will try to modify POST, will get group conversation which should not hurt regular users).

Copy link
Member

@nickvergessen nickvergessen Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That assumes all clients got updated in the meantime :)

Copy link
Contributor Author

@pboguslawski pboguslawski Oct 3, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, we use web UI only - feel free to extend it for other required areas if necessary (not experienced enough in nc devel to propose it now).

Copy link
Member

@nickvergessen nickvergessen Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can fix it with one step by moving it to RoomService::createConversation and throwing an exception or basically adjust this list here:

spreed/lib/Service/RoomService.php

Lines 141 to 147 in 2200896

if (!\in_array($type, [
Room::TYPE_GROUP,
Room::TYPE_PUBLIC,
Room::TYPE_CHANGELOG,
], true)) {
throw new InvalidArgumentException('type');
}

Copy link
Contributor Author

@pboguslawski pboguslawski Oct 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

type is property of Room not RoomService so verification should take place in Room class to avoid future problems (i.e. code outside of RoomService will create/change room of disabled type). Seems that now Room::setType and Room constructor are the best places for this verification but code using it should properly handle errors when disabled type is passed. Please let me know if its possible to just throw exception in Room methods mentioned above without messing with room type conversions (there should not be any other trash left after such exception - not sure if it would be safe now).

}

$token = $this->getNewToken();

$insert = $this->db->getQueryBuilder();
Expand Down
12 changes: 11 additions & 1 deletion lib/Room.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
/**
* @copyright Copyright (c) 2016 Lukas Reschke <[email protected]>
* @copyright Copyright (c) 2016 Joas Schilling <[email protected]>
* @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
*
* @author Lukas Reschke <[email protected]>
* @author Joas Schilling <[email protected]>
Expand Down Expand Up @@ -38,6 +39,7 @@
use OCA\Talk\Service\RoomService;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Comments\IComment;
use OCP\IConfig;
use OCP\DB\QueryBuilder\IQueryBuilder;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\IDBConnection;
Expand Down Expand Up @@ -185,8 +187,10 @@ class Room {

protected ?string $currentUser = null;
protected ?Participant $participant = null;
protected IConfig $config;

public function __construct(Manager $manager,
public function __construct(IConfig $config,
Manager $manager,
IDBConnection $db,
IEventDispatcher $dispatcher,
ITimeFactory $timeFactory,
Expand Down Expand Up @@ -216,6 +220,7 @@ public function __construct(Manager $manager,
?\DateTime $lobbyTimer,
string $objectType,
string $objectId) {
$this->config = $config;
$this->manager = $manager;
$this->db = $db;
$this->dispatcher = $dispatcher;
Expand Down Expand Up @@ -257,6 +262,11 @@ public function getType(): int {
}

public function setType(int $type): void {
// Force group room if public room was requested and public rooms are disallowed.
if (($type === self::TYPE_PUBLIC) && ($this->config->getAppValue('spreed', 'public_rooms_allowed', 'yes') === 'no')) {
$type = self::TYPE_GROUP;
}
Comment on lines +265 to +268
Copy link
Member

@nickvergessen nickvergessen Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not correct. You want to do this change on the RoomService, not the model.
But see comment above.

Copy link
Contributor Author

@pboguslawski pboguslawski Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Modified places where choosen to avoid problems with lack of return errors handling. If you still recommend moving it elswhere - please suggest detailed change.

Copy link
Member

@nickvergessen nickvergessen Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per above, you should do it only in the RoomService

Copy link
Contributor Author

@pboguslawski pboguslawski Oct 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't see any mention of setType in RoomService and this method may be called so must verify room type also.


$this->type = $type;
}

Expand Down
6 changes: 6 additions & 0 deletions lib/Settings/Admin/AdminSettings.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
declare(strict_types=1);
/**
* @copyright Copyright (c) 2019 Joas Schilling <[email protected]>
* @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
*
* @license GNU AGPL version 3 or any later version
*
Expand Down Expand Up @@ -146,6 +147,11 @@ protected function initMatterbridge(): void {
'matterbridge_enable',
$this->serverConfig->getAppValue('spreed', 'enable_matterbridge', '0') === '1'
);

$this->initialState->provideInitialState(
'public_rooms_allowed',
$this->serverConfig->getAppValue('spreed', 'public_rooms_allowed', 'yes') === 'yes'
Copy link
Member

@nickvergessen nickvergessen Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to expose this to the mobile clients as a capability so they can also hide the features accordingly.

Copy link
Contributor Author

@pboguslawski pboguslawski Oct 3, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This mod was created for web UI. Not experienced in nextcloud devel nor using mobile app so please suggest required changes if necessary.

Copy link
Member

@nickvergessen nickvergessen Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically add a line like this which in addition also checks your config:

spreed/lib/Capabilities.php

Line 151 in 91d3bd8

$capabilities['config']['conversations']['can-create'] = $user instanceof IUser && !$this->talkConfig->isNotAllowedToCreateConversations($user);

Copy link
Contributor Author

@pboguslawski pboguslawski Oct 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not experienced with capabilities in Nextcloud - please create change suggestion and will just accept it to this PR or make separate PR to adjust it.

);
}

protected function initStunServers(): void {
Expand Down
11 changes: 11 additions & 0 deletions lib/TInitialState.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
declare(strict_types=1);
/**
* @copyright Copyright (c) 2020 Joas Schilling <[email protected]>
* @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
*
* @license GNU AGPL version 3 or any later version
*
Expand Down Expand Up @@ -105,6 +106,11 @@ protected function publishInitialStateForUser(IUser $user, IRootFolder $rootFold
$appManager->isEnabledForUser('circles', $user)
);

$this->initialState->provideInitialState(
'public_rooms_allowed',
$this->serverConfig->getAppValue('spreed', 'public_rooms_allowed', 'yes') === 'yes'
);

$this->initialState->provideInitialState(
'guests_accounts_enabled',
$appManager->isEnabledForUser('guests', $user)
Expand Down Expand Up @@ -158,6 +164,11 @@ protected function publishInitialStateForUser(IUser $user, IRootFolder $rootFold
'enable_matterbridge',
$this->serverConfig->getAppValue('spreed', 'enable_matterbridge', '0') === '1'
);

$this->initialState->provideInitialState(
'public_rooms_allowed',
$this->serverConfig->getAppValue('spreed', 'public_rooms_allowed', 'yes') === 'yes'
);
}

protected function publishInitialStateForGuest(): void {
Expand Down
12 changes: 8 additions & 4 deletions src/components/ConversationSettings/ConversationSettingsDialog.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<!--
- @copyright Copyright (c) 2020 Vincent Petry <[email protected]>
- @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
-
- @author Vincent Petry <[email protected]>
-
Expand Down Expand Up @@ -54,7 +55,7 @@
</NcAppSettingsSection>

<!-- Guest access -->
<NcAppSettingsSection v-if="canFullModerate"
<NcAppSettingsSection v-if="canFullModerate && publicRoomsEnabled"
id="guests"
:title="t('spreed', 'Guests access')">
<LinkShareSettings ref="linkShareSettings" />
Expand Down Expand Up @@ -148,6 +149,7 @@ export default {
return {
showSettings: false,
matterbridgeEnabled: loadState('spreed', 'enable_matterbridge'),
publicRoomsEnabled: loadState('spreed', 'public_rooms_allowed'),
isEditingDescription: false,
isDescriptionLoading: false,
showDeviceChecker: false,
Expand Down Expand Up @@ -225,9 +227,11 @@ export default {
handleShowSettings({ token }) {
this.$store.dispatch('updateConversationSettingsToken', token)
this.showSettings = true
this.$nextTick(() => {
this.$refs.linkShareSettings.$el.focus()
})
if (loadState('spreed', 'public_rooms_allowed')) {
this.$nextTick(() => {
this.$refs.linkShareSettings.$el.focus()
})
}
},

handleHideSettings() {
Expand Down
5 changes: 4 additions & 1 deletion src/components/LeftSidebar/NewGroupConversation/NewGroupConversation.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<!--
- @copyright Copyright (c) 2019 Marco Ambrosini <[email protected]>
- @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
-
- @author Marco Ambrosini <[email protected]>
-
Expand Down Expand Up @@ -45,7 +46,7 @@
<template v-if="page === 0">
<SetConversationName v-model="conversationNameInput"
@click-enter="handleEnter" />
<NcCheckboxRadioSwitch :checked.sync="isPublic">
<NcCheckboxRadioSwitch :checked.sync="isPublic" v-if="publicRoomsEnabled">
{{ t('spreed', 'Allow guests to join via link') }}
</NcCheckboxRadioSwitch>
<!-- Password protection -->
Expand Down Expand Up @@ -138,6 +139,7 @@ import isInCall from '../../../mixins/isInCall.js'
import participant from '../../../mixins/participant.js'
import Tooltip from '@nextcloud/vue/dist/Directives/Tooltip.js'
import { EventBus } from '../../../services/EventBus.js'
import { loadState } from '@nextcloud/initial-state'

export default {

Expand Down Expand Up @@ -177,6 +179,7 @@ export default {
password: '',
passwordProtect: false,
listable: CONVERSATION.LISTABLE.NONE,
publicRoomsEnabled: loadState('spreed', 'public_rooms_allowed'),
}
},

Expand Down
10 changes: 9 additions & 1 deletion ...ponents/RightSidebar/Participants/ParticipantsSearchResults/ParticipantsSearchResults.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<!--
- @copyright Copyright (c) 2020 Marco Ambrosini <[email protected]>
- @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
-
- @author Marco Ambrosini <[email protected]>
-
Expand Down Expand Up @@ -34,7 +35,7 @@
@click="handleClickParticipant" />
</template>

<template v-if="addableEmails.length !== 0">
<template v-if="addableEmails.length !== 0 && publicRoomsEnabled">
<NcAppNavigationCaption :title="t('spreed', 'Add emails')" />
<ParticipantsList :items="addableEmails"
@click="handleClickParticipant" />
Expand Down Expand Up @@ -102,6 +103,7 @@ import NcAppNavigationCaption from '@nextcloud/vue/dist/Components/NcAppNavigati
import Hint from '../../../Hint.vue'
import AccountPlus from 'vue-material-design-icons/AccountPlus.vue'
import NcButton from '@nextcloud/vue/dist/Components/NcButton.js'
import { loadState } from '@nextcloud/initial-state'

export default {
name: 'ParticipantsSearchResults',
Expand Down Expand Up @@ -163,6 +165,12 @@ export default {
},
},

data() {
return {
publicRoomsEnabled: loadState('spreed', 'public_rooms_allowed'),
}
},

computed: {
sourcesWithoutResults() {
return !this.addableUsers.length
Expand Down
3 changes: 3 additions & 0 deletions tests/php/Service/RoomServiceTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
declare(strict_types=1);
/**
* @copyright Copyright (c) 2020 Joas Schilling <[email protected]>
* @copyright Copyright (c) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
*
* @license GNU AGPL version 3 or any later version
*
Expand Down Expand Up @@ -38,6 +39,7 @@
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\BackgroundJob\IJobList;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\IConfig;
use OCP\IDBConnection;
use OCP\IUser;
use OCP\Security\IHasher;
Expand Down Expand Up @@ -359,6 +361,7 @@ public function testVerifyPassword(): void {
);

$room = new Room(
$this->createMock(IConfig::class),
$this->createMock(Manager::class),
$this->createMock(IDBConnection::class),
$dispatcher,
Expand Down