From 50e099c15eb9ceb4883a925cf97b6a7f1a0641a0 Mon Sep 17 00:00:00 2001
From: pierre-lehnen-rc <55164754+pierre-lehnen-rc@users.noreply.github.com>
Date: Wed, 20 Nov 2019 20:35:20 -0300
Subject: [PATCH] [NEW] Add ability to users reset their own E2E key (#15777)

---
 app/authorization/server/startup.js           |  1 -
 app/e2e/client/accountEncryption.html         | 26 ++++++++++++++++++-
 app/e2e/client/accountEncryption.js           | 13 ++++++++++
 app/e2e/server/index.js                       |  2 +-
 .../{resetUserE2EKey.js => resetOwnE2EKey.js} | 15 ++++-------
 app/theme/client/imports/general/forms.css    |  9 +++++++
 app/ui-flextab/client/tabs/userActions.js     | 15 -----------
 packages/rocketchat-i18n/i18n/en.i18n.json    |  3 ++-
 8 files changed, 55 insertions(+), 29 deletions(-)
 rename app/e2e/server/methods/{resetUserE2EKey.js => resetOwnE2EKey.js} (54%)

diff --git a/app/authorization/server/startup.js b/app/authorization/server/startup.js
index 2c22bc58945..bee328916eb 100644
--- a/app/authorization/server/startup.js
+++ b/app/authorization/server/startup.js
@@ -60,7 +60,6 @@ Meteor.startup(function() {
 		{ _id: 'mention-here',                  roles: ['admin', 'owner', 'moderator', 'user'] },
 		{ _id: 'mute-user',                     roles: ['admin', 'owner', 'moderator'] },
 		{ _id: 'remove-user',                   roles: ['admin', 'owner', 'moderator'] },
-		{ _id: 'reset-other-user-e2e-key',      roles: ['admin'] },
 		{ _id: 'run-import',                    roles: ['admin'] },
 		{ _id: 'run-migration',                 roles: ['admin'] },
 		{ _id: 'set-moderator',                 roles: ['admin', 'owner'] },
diff --git a/app/e2e/client/accountEncryption.html b/app/e2e/client/accountEncryption.html
index 33af27adc18..4a024352b58 100644
--- a/app/e2e/client/accountEncryption.html
+++ b/app/e2e/client/accountEncryption.html
@@ -13,7 +13,11 @@
 					<div class="section">
 						<div class="section-content border-component-color">
 
-							<div class="alert">
+							<div class="preferences-page__title">
+								<h1>{{_ "E2E_Encryption_Password_Change" }}</h1>
+							</div>
+
+							<div class="preferences-page__alert">
 								{{{_ "E2E_Encryption_Password_Explanation" }}}
 							</div>
 
@@ -40,6 +44,26 @@
 							</div>
 						</div>
 					</div>
+
+					<div class="section">
+						<div class="section-content border-component-color">
+							<div class="preferences-page__title">
+								<h1>{{_ "Reset_E2E_Key" }}</h1>
+							</div>
+
+							<div class="preferences-page__alert">
+								{{{_ "E2E_Reset_Key_Explanation" }}}
+							</div>
+
+							<div class="rc-input rc-w50 padded">
+								<label class="rc-input__label">
+									<div class="rc-input__wrapper">
+										<button class="rc-button rc-button--secondary" name="reset-e2e-key" type="button" data-button="create" form="encryption">{{_ "Reset_E2E_Key"}}</button>
+									</div>
+								</label>
+							</div>
+						</div>
+					</div>
 				</fieldset>
 
 				{{else}}
diff --git a/app/e2e/client/accountEncryption.js b/app/e2e/client/accountEncryption.js
index e05ac493fba..145244eb1c7 100644
--- a/app/e2e/client/accountEncryption.js
+++ b/app/e2e/client/accountEncryption.js
@@ -45,6 +45,11 @@ Template.accountEncryption.events({
 	'input [name=confirmation-encryptionKey]'(e, instance) {
 		instance.confirmationEncryptionKey.set(e.target.value);
 	},
+	'click button[name=reset-e2e-key]'(e, instance) {
+		e.preventDefault();
+
+		return instance.resetKey();
+	},
 	'submit form'(e, instance) {
 		e.preventDefault();
 
@@ -84,4 +89,12 @@ Template.accountEncryption.onCreated(function() {
 		this.find('[name=encryptionKey]').value = '';
 		this.find('[name=confirmation-encryptionKey]').value = '';
 	};
+
+	this.resetKey = function() {
+		Meteor.call('e2e.resetOwnE2EKey', (error, result) => {
+			if (result) {
+				toastr.success(t('User_e2e_key_was_reset'));
+			}
+		});
+	};
 });
diff --git a/app/e2e/server/index.js b/app/e2e/server/index.js
index 1d9e62648cc..6f2ab21df03 100644
--- a/app/e2e/server/index.js
+++ b/app/e2e/server/index.js
@@ -7,7 +7,7 @@ import './methods/getUsersOfRoomWithoutKey';
 import './methods/updateGroupKey';
 import './methods/setRoomKeyID';
 import './methods/fetchMyKeys';
-import './methods/resetUserE2EKey';
+import './methods/resetOwnE2EKey';
 import './methods/requestSubscriptionKeys';
 
 callbacks.add('afterJoinRoom', (user, room) => {
diff --git a/app/e2e/server/methods/resetUserE2EKey.js b/app/e2e/server/methods/resetOwnE2EKey.js
similarity index 54%
rename from app/e2e/server/methods/resetUserE2EKey.js
rename to app/e2e/server/methods/resetOwnE2EKey.js
index b1259a32b70..8286d5ab275 100644
--- a/app/e2e/server/methods/resetUserE2EKey.js
+++ b/app/e2e/server/methods/resetOwnE2EKey.js
@@ -1,19 +1,14 @@
 import { Meteor } from 'meteor/meteor';
 
 import { Users, Subscriptions } from '../../../models';
-import { hasPermission } from '../../../authorization';
 
 Meteor.methods({
-	'e2e.resetUserE2EKey'(userId) {
-		if (!Meteor.userId()) {
-			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
-				method: 'resetUserE2EKey',
-			});
-		}
+	'e2e.resetOwnE2EKey'() {
+		const userId = Meteor.userId();
 
-		if (hasPermission(Meteor.userId(), 'reset-other-user-e2e-key') !== true) {
-			throw new Meteor.Error('error-not-allowed', 'Not allowed', {
-				method: 'resetUserE2EKey',
+		if (!userId) {
+			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
+				method: 'resetOwnE2EKey',
 			});
 		}
 
diff --git a/app/theme/client/imports/general/forms.css b/app/theme/client/imports/general/forms.css
index 45a0d9ad247..fe059b34ad2 100644
--- a/app/theme/client/imports/general/forms.css
+++ b/app/theme/client/imports/general/forms.css
@@ -277,6 +277,15 @@
 
 		width: 100%;
 	}
+
+	&__title {
+		margin-top: 20px;
+		margin-bottom: 20px;
+	}
+
+	&__alert {
+		margin-bottom: 20px;
+	}
 }
 
 @media (width > 500px) {
diff --git a/app/ui-flextab/client/tabs/userActions.js b/app/ui-flextab/client/tabs/userActions.js
index 36db23341e0..dcd6ef6f03d 100644
--- a/app/ui-flextab/client/tabs/userActions.js
+++ b/app/ui-flextab/client/tabs/userActions.js
@@ -492,21 +492,6 @@ export const getActions = ({ user, directActions, hideAdminControls }) => {
 				name: t('Activate'),
 				action: prevent(getUser, ({ _id }) => Meteor.call('setUserActiveStatus', _id, true, success(() => toastr.success(t('User_has_been_activated'))))),
 			};
-		}, () => {
-			if (hideAdminControls || !hasPermission('reset-other-user-e2e-key')) {
-				return;
-			}
-			if (!settings.get('E2E_Enable')) {
-				return;
-			}
-
-			return {
-				group: 'admin',
-				icon: 'key',
-				id: 'reset-e2e',
-				name: t('Reset_E2E_Key'),
-				action: prevent(getUser, ({ _id }) => Meteor.call('e2e.resetUserE2EKey', _id, success(() => toastr.success(t('User_e2e_key_was_reset'))))),
-			};
 		}];
 
 	return actions;
diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json
index 305d1025482..063067b8cc9 100644
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -1158,9 +1158,11 @@
   "E2E_Enabled": "E2E Enabled",
   "E2E_Enable_alert": "This feature is currently in beta! Please report bugs to github.com/RocketChat/Rocket.Chat/issues and be aware of:<br/>- Encrypted messages of encrypted rooms will not be found by search operations.<br/>- The mobile apps may not support the encypted messages (they are implementing it).<br/>- Bots may not be able to see encrypted messages until they implement support for it.<br/>- Uploads will not be encrypted in this version.",
   "E2E_Enable_description": "Enable option to create encrypted groups and be able to change groups and direct messages to be encrypted",
+  "E2E_Encryption_Password_Change": "Change Encryption Password",
   "E2E_Encryption_Password_Explanation": "You can now create encrypted private groups and direct messages. You may also change existing private groups or DMs to encrypted.<br/><br/>This is end to end encryption so the key to encode/decode your messages will not be saved on the server. For that reason you need to store your password somewhere safe. You will be required to enter it on other devices you wish to use e2e encryption on.",
   "E2E_password_reveal_text": "You can now create encrypted private groups and direct messages. You may also change existing private groups or DMs to encrypted.<br/><br/>This is end to end encryption so the key to encode/decode your messages will not be saved on the server. For that reason you need to store this password somewhere safe.  You will be required to enter it on other devices you wish to use e2e encryption on. <a href=\"https://rocket.chat/docs/user-guides/end-to-end-encryption/\" target=\"_blank\">Learn more here!</a><br/><br/>Your password is: <span style=\"font-weight: bold;\">%s</span><br/><br/>This is an auto generated password, you can setup a new password for your encryption key any time from any browser you have entered the existing password.<br/>This password is only stored on this browser until you store the password and dismiss this message.",
   "E2E_password_request_text": "To access your encrypted private groups and direct messages, enter your encryption password. <br/>You need to enter this password to encode/decode your messages on every client you use, since the key is not stored on the server.",
+  "E2E_Reset_Key_Explanation": "This option will remove your current E2E key and log you out. <BR/>When you login again, Rocket.Chat will generate you a new key and restore your access to any encrypted room that has one or more members online.<BR/>Due to the nature of the E2E encryption, Rocket.Chat will not be able to restore access to any encrypted room that has no member online.",
   "Edit": "Edit",
   "Edit_Status": "Edit Status",
   "edit-message": "Edit Message",
@@ -2622,7 +2624,6 @@
   "Resend_verification_email": "Resend verification email",
   "Reset": "Reset",
   "Reset_E2E_Key": "Reset E2E Key",
-  "reset-other-user-e2e-key": "Reset Other User E2E Key",
   "Reset_password": "Reset password",
   "Reset_section_settings": "Reset Section Settings",
   "Reset_Connection": "Reset Connection",