Merge pull request #23532 from RocketChat/release-4.0.4

Release 4.0.4
4 years ago · 17db61995c
parent 6e49fc9466 f2234436b2
commit 17db61995c
15 changed files with 103 additions and 23 deletions
--- a/.docker/Dockerfile.rhel
+++ b/.docker/Dockerfile.rhel
@ -1,6 +1,6 @@
 FROM registry.access.redhat.com/ubi8/nodejs-12

-ENV RC_VERSION 4.0.3
+ENV RC_VERSION 4.0.4

 MAINTAINER buildmaster@rocket.chat

--- a/.github/history.json
+++ b/.github/history.json
@ -66220,6 +66220,40 @@
          ]
        }
      ]
+    },
+    "4.0.4": {
+      "node_version": "12.22.1",
+      "npm_version": "6.14.1",
+      "apps_engine_version": "1.28.0",
+      "mongo_versions": [
+        "3.6",
+        "4.0",
+        "4.2",
+        "4.4",
+        "5.0"
+      ],
+      "pull_requests": [
+        {
+          "pr": "23411",
+          "title": "[FIX] SAML Users' roles being reset to default on login",
+          "userLogin": "matheusbsilva137",
+          "description": "- Remove `roles` field update on `insertOrUpdateSAMLUser` function;\r\n- Add SAML `syncRoles` event;",
+          "milestone": "4.0.4",
+          "contributors": [
+            "matheusbsilva137",
+            "pierre-lehnen-rc"
+          ]
+        },
+        {
+          "pr": "23522",
+          "title": "[FIX] Queue error handling and unlocking behavior",
+          "userLogin": "KevLehman",
+          "milestone": "4.0.4",
+          "contributors": [
+            "KevLehman"
+          ]
+        }
+      ]
    }
  }
 }
--- a/.snapcraft/resources/prepareRocketChat
+++ b/.snapcraft/resources/prepareRocketChat
@ -1,6 +1,6 @@
 #!/bin/bash

-curl -SLf "https://releases.rocket.chat/4.0.3/download/" -o rocket.chat.tgz
+curl -SLf "https://releases.rocket.chat/4.0.4/download/" -o rocket.chat.tgz

 tar xf rocket.chat.tgz --strip 1

--- a/.snapcraft/snap/snapcraft.yaml
+++ b/.snapcraft/snap/snapcraft.yaml
@ -7,7 +7,7 @@
 # 5.  `snapcraft snap`

 name: rocketchat-server
-version: 4.0.3
+version: 4.0.4
 summary: Rocket.Chat server
 description: Have your own Slack like online chat, built with Meteor. https://rocket.chat/
 confinement: strict
--- a/HISTORY.md
+++ b/HISTORY.md
@ -1,4 +1,29 @@

+# 4.0.4
+`2021-10-21  ·  2 🐛  ·  3 👩‍💻👨‍💻`
+
+### Engine versions
+- Node: `12.22.1`
+- NPM: `6.14.1`
+- MongoDB: `3.6, 4.0, 4.2, 4.4, 5.0`
+- Apps-Engine: `1.28.0`
+
+### 🐛 Bug fixes
+
+
+- Queue error handling and unlocking behavior ([#23522](https://github.com/RocketChat/Rocket.Chat/pull/23522))
+
+- SAML Users' roles being reset to default on login ([#23411](https://github.com/RocketChat/Rocket.Chat/pull/23411))
+
+  - Remove `roles` field update on `insertOrUpdateSAMLUser` function;
  
+  - Add SAML `syncRoles` event;
+
+### 👩‍💻👨‍💻 Core Team 🤓
+
+- [@KevLehman](https://github.com/KevLehman)
+- [@matheusbsilva137](https://github.com/matheusbsilva137)
+- [@pierre-lehnen-rc](https://github.com/pierre-lehnen-rc)
+
 # 4.0.3
 `2021-10-18  ·  2 🐛  ·  2 👩‍💻👨‍💻`

--- a/app/meteor-accounts-saml/server/definition/ISAMLUser.ts
+++ b/app/meteor-accounts-saml/server/definition/ISAMLUser.ts
@ -1,7 +1,7 @@
 export interface ISAMLUser {
 	emailList: Array<string>;
 	fullName: string | null;
-	roles: Array<string>;
+	roles?: Array<string>;
 	eppn: string | null;

 	username?: string;
--- a/app/meteor-accounts-saml/server/lib/SAML.ts
+++ b/app/meteor-accounts-saml/server/lib/SAML.ts
@ -72,7 +72,7 @@ export class SAML {
 	}

 	public static insertOrUpdateSAMLUser(userObject: ISAMLUser): {userId: string; token: string} {
-		const { generateUsername, immutableProperty, nameOverwrite, mailOverwrite, channelsAttributeUpdate } = SAMLUtils.globalSettings;
+		const { generateUsername, immutableProperty, nameOverwrite, mailOverwrite, channelsAttributeUpdate, defaultUserRole = 'user' } = SAMLUtils.globalSettings;

 		let customIdentifierMatch = false;
 		let customIdentifierAttributeName: string | null = null;
@ -104,12 +104,14 @@ export class SAML {
 			verified: settings.get('Accounts_Verify_Email_For_External_Accounts'),
 		}));

-		const { roles } = userObject;
 		let { username } = userObject;

 		const active = !settings.get('Accounts_ManuallyApproveNewUsers');

 		if (!user) {
+			// If we received any role from the mapping, use them - otherwise use the default role for creation.
+			const roles = userObject.roles?.length ? userObject.roles : SAMLUtils.ensureArray<string>(defaultUserRole.split(','));
+
 			const newUser: Record<string, any> = {
 				name: userObject.fullName,
 				active,
@ -180,8 +182,9 @@ export class SAML {
 			updateData.name = userObject.fullName;
 		}

-		if (roles) {
-			updateData.roles = roles;
+		// When updating an user, we only update the roles if we received them from the mapping
+		if (userObject.roles?.length) {
+			updateData.roles = userObject.roles;
 		}

 		if (userObject.channels && channelsAttributeUpdate === true) {
--- a/app/meteor-accounts-saml/server/lib/Utils.ts
+++ b/app/meteor-accounts-saml/server/lib/Utils.ts
@ -410,7 +410,6 @@ export class SAMLUtils {
 	public static mapProfileToUserObject(profile: Record<string, any>): ISAMLUser {
 		const userDataMap = this.getUserDataMapping();
 		SAMLUtils.log('parsed userDataMap', userDataMap);
-		const { defaultUserRole = 'user' } = this.globalSettings;

 		if (userDataMap.identifier.type === 'custom') {
 			if (!userDataMap.identifier.attribute) {
@ -447,7 +446,6 @@ export class SAMLUtils {
 			},
 			emailList: this.ensureArray<string>(email),
 			fullName: name || profile.displayName || profile.username,
-			roles: this.ensureArray<string>(defaultUserRole.split(',')),
 			eppn: profile.eppn,
 			attributeList,
 			identifier: userDataMap.identifier,
@ -469,7 +467,6 @@ export class SAMLUtils {
 			}
 		}

-
 		this.events.emit('mapUser', { profile, userObject });

 		return userObject;
--- a/app/meteor-accounts-saml/tests/server.tests.ts
+++ b/app/meteor-accounts-saml/tests/server.tests.ts
@ -649,7 +649,7 @@ describe('SAML', () => {
 				expect(userObject).to.have.property('emailList').that.is.an('array').that.includes('testing@server.com');
 				expect(userObject).to.have.property('fullName').that.is.equal('[AnotherName]');
 				expect(userObject).to.have.property('username').that.is.equal('[AnotherUserName]');
-				expect(userObject).to.have.property('roles').that.is.an('array').with.members(['user']);
+				expect(userObject).to.not.have.property('roles');
 				expect(userObject).to.have.property('channels').that.is.an('array').with.members(['pets', 'pics', 'funny', 'random', 'babies']);
 			});

--- a/app/models/server/raw/OmnichannelQueue.ts
+++ b/app/models/server/raw/OmnichannelQueue.ts
@ -32,12 +32,22 @@ export class OmnichannelQueueRaw extends BaseRaw<IOmnichannelQueueStatus> {
 	}

 	async lockQueue() {
+		const date = new Date();
 		const result = await this.col.findOneAndUpdate({
 			_id: UNIQUE_QUEUE_ID,
-			locked: false,
+			$or: [{
+				locked: true,
+				lockedAt: {
+					$lte: new Date(date.getTime() - 5000),
+				},
+			}, {
+				locked: false,
+			}],
 		}, {
 			$set: {
 				locked: true,
+				// apply 5 secs lock lifetime
+				lockedAt: new Date(),
 			},
 		}, {
 			sort: {
@ -55,6 +65,9 @@ export class OmnichannelQueueRaw extends BaseRaw<IOmnichannelQueueStatus> {
 			$set: {
 				locked: false,
 			},
+			$unset: {
+				lockedAt: 1,
+			},
 		}, {
 			sort: {
 				_id: 1,
--- a/app/utils/rocketchat.info
+++ b/app/utils/rocketchat.info
@ -1,3 +1,3 @@
 {
-	"version": "4.0.3"
+	"version": "4.0.4"
 }
--- a/ee/app/livechat-enterprise/server/lib/LivechatEnterprise.js
+++ b/ee/app/livechat-enterprise/server/lib/LivechatEnterprise.js
@ -249,13 +249,22 @@ const queueWorker = {

 	async checkQueue(queue) {
 		queueLogger.debug(`Processing items for queue ${ queue || 'Public' }`);
-		if (await OmnichannelQueue.lockQueue()) {
-			await processWaitingQueue(queue);
-			queueLogger.debug(`Queue ${ queue || 'Public' } processed. Unlocking`);
-			await OmnichannelQueue.unlockQueue();
+		try {
+			if (await OmnichannelQueue.lockQueue()) {
+				await processWaitingQueue(queue);
+				queueLogger.debug(`Queue ${ queue || 'Public' } processed. Unlocking`);
+				await OmnichannelQueue.unlockQueue();
+			} else {
+				queueLogger.debug('Queue locked. Waiting');
+			}
+		} catch (e) {
+			queueLogger.error({
+				msg: `Error processing queue ${ queue || 'public' }`,
+				err: e,
+			});
+		} finally {
+			this.execute();
 		}
-
-		this.execute();
 	},
 };

--- a/ee/server/configuration/saml.ts
+++ b/ee/server/configuration/saml.ts
@ -5,7 +5,6 @@ import { settings } from '../../../app/settings/server';
 import { addSettings } from '../settings/saml';
 import { Users } from '../../../app/models/server';

-
 onLicense('saml-enterprise', () => {
 	SAMLUtils.events.on('mapUser', ({ profile, userObject }: { profile: Record<string, any>; userObject: ISAMLUser}) => {
 		const roleAttributeName = settings.get('SAML_Custom_Default_role_attribute_name') as string;
--- a/package-lock.json
+++ b/package-lock.json
@ -1,6 +1,6 @@
 {
  "name": "Rocket.Chat",
-  "version": "4.0.3",
+  "version": "4.0.4",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/package.json
+++ b/package.json
@ -1,7 +1,7 @@
 {
 	"name": "Rocket.Chat",
 	"description": "The Ultimate Open Source WebChat Platform",
-	"version": "4.0.3",
+	"version": "4.0.4",
 	"author": {
 		"name": "Rocket.Chat",
 		"url": "https://rocket.chat/"