Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Allow any user in e2ee room to create and propagate room keys #34038

Merged
merged 3 commits into from
Dec 6, 2024
Merged

fix: Allow any user in e2ee room to create and propagate room keys #34038

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a1a7a96
Allow any user in room to create and propagate room keys
KevLehman Nov 22, 2024
d9f1a2b
Create chilly-pants-hunt.md
KevLehman Nov 25, 2024
2fff08f
Merge branch 'develop' into fix/e2e-anyone-creates-keys
kodiakhq[bot] Dec 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/chilly-pants-hunt.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@rocket.chat/meteor": patch
---

Removes a validation that allowed only the room creator to propagate E2EE room keys. This was causing issues when the rooms were created via apps or some other integration, as the creator may not be online or able to create E2EE keys
12 changes: 1 addition & 11 deletions apps/meteor/app/e2e/client/rocketchat.e2e.room.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -325,9 +325,8 @@
}

try {
const room = Rooms.findOne({ _id: this.roomId })!;

Check warning on line 328 in apps/meteor/app/e2e/client/rocketchat.e2e.room.ts

View workflow job for this annotation

GitHub Actions / 🔎 Code Check / Code Lint 

Forbidden non-null assertion
// Only room creator can set keys for room
if (!room.e2eKeyId && this.userShouldCreateKeys(room)) {
if (!room.e2eKeyId) {
this.setState(E2ERoomState.CREATING_KEYS);
await this.createGroupKey();
this.setState(E2ERoomState.READY);
Expand All @@ -343,15 +342,6 @@
}
}

userShouldCreateKeys(room: any) {
// On DMs, we'll allow any user to set the keys
if (room.t === 'd') {
return true;
}

return room.u._id === this.userId;
}

isSupportedRoomType(type: any) {
return roomCoordinator.getRoomDirectives(type).allowRoomSettingChange({}, RoomSettingsEnum.E2E);
}
Expand Down Expand Up @@ -392,7 +382,7 @@

// Import session key for use.
try {
const key = await importAESKey(JSON.parse(this.sessionKeyExportedString!));

Check warning on line 385 in apps/meteor/app/e2e/client/rocketchat.e2e.room.ts

View workflow job for this annotation

GitHub Actions / 🔎 Code Check / Code Lint 

Forbidden non-null assertion
// Key has been obtained. E2E is now in session.
this.groupSessionKey = key;
} catch (error) {
Expand Down Expand Up @@ -420,7 +410,7 @@
await sdk.rest.post('/v1/e2e.updateGroupKey', {
rid: this.roomId,
uid: this.userId,
key: await this.encryptGroupKeyForParticipant(e2e.publicKey!),

Check warning on line 413 in apps/meteor/app/e2e/client/rocketchat.e2e.room.ts

View workflow job for this annotation

GitHub Actions / 🔎 Code Check / Code Lint 

Forbidden non-null assertion
} as any);
await this.encryptKeyForOtherParticipants();
} catch (error) {
Expand Down Expand Up @@ -475,7 +465,7 @@

const usersSuggestedGroupKeys = { [this.roomId]: [] as any[] };
for await (const user of users) {
const encryptedGroupKey = await this.encryptGroupKeyForParticipant(user.e2e!.public_key!);

Check warning on line 468 in apps/meteor/app/e2e/client/rocketchat.e2e.room.ts

View workflow job for this annotation

GitHub Actions / 🔎 Code Check / Code Lint 

Forbidden non-null assertion
const oldKeys = await this.encryptOldKeysForParticipant(user.e2e?.public_key, decryptedOldGroupKeys);

usersSuggestedGroupKeys[this.roomId].push({ _id: user._id, key: encryptedGroupKey, ...(oldKeys && { oldKeys }) });
Expand Down
Loading