diff --git a/package.json b/package.json index 5238246908b..dc56f1e493e 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "babel-runtime": "^6.23.0", "bcrypt": "^1.0.2", "codemirror": "^5.25.2", - "file-type": "^4.2.0", + "file-type": "^4.3.0", "highlight.js": "^9.11.0", "jquery": "^3.2.1", "mime-db": "^1.27.0", @@ -74,7 +74,7 @@ "moment": "^2.18.1", "moment-timezone": "^0.5.13", "photoswipe": "^4.1.2", - "prom-client": "^8.1.1", + "prom-client": "^9.0.0", "semver": "^5.3.0", "toastr": "^2.1.2" } diff --git a/packages/rocketchat-api/server/v1/helpers/getUserFromParams.js b/packages/rocketchat-api/server/v1/helpers/getUserFromParams.js index 01c075ea0ab..f3e4c81950b 100644 --- a/packages/rocketchat-api/server/v1/helpers/getUserFromParams.js +++ b/packages/rocketchat-api/server/v1/helpers/getUserFromParams.js @@ -2,32 +2,29 @@ RocketChat.API.v1.helperMethods.set('getUserFromParams', function _getUserFromParams() { const doesntExist = { _doesntExist: true }; let user; + let params; switch (this.request.method) { case 'POST': case 'PUT': - if (this.bodyParams.userId && this.bodyParams.userId.trim()) { - user = RocketChat.models.Users.findOneById(this.bodyParams.userId) || doesntExist; - } else if (this.bodyParams.username && this.bodyParams.username.trim()) { - user = RocketChat.models.Users.findOneByUsername(this.bodyParams.username) || doesntExist; - } else if (this.bodyParams.user && this.bodyParams.user.trim()) { - user = RocketChat.models.Users.findOneByUsername(this.bodyParams.user) || doesntExist; - } + params = this.bodyParams; break; default: - if (this.queryParams.userId && this.queryParams.userId.trim()) { - user = RocketChat.models.Users.findOneById(this.queryParams.userId) || doesntExist; - } else if (this.queryParams.username && this.queryParams.username.trim()) { - user = RocketChat.models.Users.findOneByUsername(this.queryParams.username) || doesntExist; - } else if (this.queryParams.user && this.queryParams.user.trim()) { - user = RocketChat.models.Users.findOneByUsername(this.queryParams.user) || doesntExist; - } + params = this.queryParams; break; } - if (!user) { + if (params.userId && params.userId.trim()) { + user = RocketChat.models.Users.findOneById(params.userId) || doesntExist; + } else if (params.username && params.username.trim()) { + user = RocketChat.models.Users.findOneByUsername(params.username) || doesntExist; + } else if (params.user && params.user.trim()) { + user = RocketChat.models.Users.findOneByUsername(params.user) || doesntExist; + } else { throw new Meteor.Error('error-user-param-not-provided', 'The required "userId" or "username" param was not provided'); - } else if (user._doesntExist) { + } + + if (user._doesntExist) { throw new Meteor.Error('error-invalid-user', 'The required "userId" or "username" param provided does not match any users'); } diff --git a/packages/rocketchat-api/server/v1/helpers/isUserFromParams.js b/packages/rocketchat-api/server/v1/helpers/isUserFromParams.js index f0b24a78096..28c8bf4ee5e 100644 --- a/packages/rocketchat-api/server/v1/helpers/isUserFromParams.js +++ b/packages/rocketchat-api/server/v1/helpers/isUserFromParams.js @@ -1,5 +1,18 @@ RocketChat.API.v1.helperMethods.set('isUserFromParams', function _isUserFromParams() { - return (this.queryParams.userId && this.userId === this.queryParams.userId) || - (this.queryParams.username && this.user.username === this.queryParams.username) || - (this.queryParams.user && this.user.username === this.queryParams.user); + let params; + + switch (this.request.method) { + case 'POST': + case 'PUT': + params = this.bodyParams; + break; + default: + params = this.queryParams; + break; + } + + return (!params.userId && !params.username && !params.user) || + (params.userId && this.userId === params.userId) || + (params.username && this.user.username === params.username) || + (params.user && this.user.username === params.user); }); diff --git a/packages/rocketchat-file-upload/lib/FileUploadBase.js b/packages/rocketchat-file-upload/lib/FileUploadBase.js index 62263dd0c6d..24a304cf288 100644 --- a/packages/rocketchat-file-upload/lib/FileUploadBase.js +++ b/packages/rocketchat-file-upload/lib/FileUploadBase.js @@ -2,8 +2,8 @@ /* exported FileUploadBase */ UploadFS.config.defaultStorePermissions = new UploadFS.StorePermissions({ - insert(userId/*, doc*/) { - return userId; + insert(userId, doc) { + return userId || (doc && doc.message_id && doc.message_id.indexOf('slack-') === 0); // allow inserts from slackbridge (message_id = slack-timestamp-milli) }, update(userId, doc) { return RocketChat.authz.hasPermission(Meteor.userId(), 'delete-message', doc.rid) || (RocketChat.settings.get('Message_AllowDeleting') && userId === doc.userId); diff --git a/packages/rocketchat-slackbridge/slackbridge.js b/packages/rocketchat-slackbridge/slackbridge.js index 2dd320a735f..b4bfa1686de 100644 --- a/packages/rocketchat-slackbridge/slackbridge.js +++ b/packages/rocketchat-slackbridge/slackbridge.js @@ -80,8 +80,9 @@ class SlackBridge { if (!_.isEmpty(slackMsgTxt)) { slackMsgTxt = slackMsgTxt.replace(//g, '@all'); slackMsgTxt = slackMsgTxt.replace(//g, '@all'); - slackMsgTxt = slackMsgTxt.replace(/>/g, '<'); - slackMsgTxt = slackMsgTxt.replace(/</g, '>'); + slackMsgTxt = slackMsgTxt.replace(//g, '@here'); + slackMsgTxt = slackMsgTxt.replace(/>/g, '>'); + slackMsgTxt = slackMsgTxt.replace(/</g, '<'); slackMsgTxt = slackMsgTxt.replace(/&/g, '&'); slackMsgTxt = slackMsgTxt.replace(/:simple_smile:/g, ':smile:'); slackMsgTxt = slackMsgTxt.replace(/:memo:/g, ':pencil:'); @@ -594,7 +595,6 @@ class SlackBridge { const fileId = Meteor.fileStore.create(details); if (fileId) { Meteor.fileStore.write(stream, fileId, (err, file) => { - console.log('fileStore.write', file); if (err) { throw new Error(err); } else {