Merge branch 'develop' into fix/apply-strong-if-asterisk

RocketChat · Aug 20, 2024 · 5814d01 · 5814d01
2 parents b3919d0 + f20be47
commit 5814d01
Show file tree

Hide file tree

Showing 7 changed files with 53 additions and 1 deletion.
diff --git a/.changeset/new-mayflies-wait.md b/.changeset/new-mayflies-wait.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Deactivating users who federated will now be permanent.
diff --git a/apps/meteor/app/lib/server/functions/setUserActiveStatus.ts b/apps/meteor/app/lib/server/functions/setUserActiveStatus.ts
@@ -1,6 +1,7 @@
+import { Federation, FederationEE, License } from '@rocket.chat/core-services';
 import type { IUser, IUserEmail } from '@rocket.chat/core-typings';
 import { isUserFederated, isDirectMessageRoom } from '@rocket.chat/core-typings';
-import { Rooms, Users, Subscriptions } from '@rocket.chat/models';
+import { Rooms, Users, Subscriptions, MatrixBridgedUser } from '@rocket.chat/models';
 import { Accounts } from 'meteor/accounts-base';
 import { check } from 'meteor/check';
 import { Meteor } from 'meteor/meteor';
@@ -58,6 +59,22 @@ export async function setUserActiveStatus(userId: string, active: boolean, confi
 		});
 	}
 
+	if (user.active !== active) {
+		const remoteUser = await MatrixBridgedUser.getExternalUserIdByLocalUserId(userId);
+
+		if (remoteUser) {
+			if (active) {
+				throw new Meteor.Error('error-not-allowed', 'Deactivated federated users can not be re-activated', {
+					method: 'setUserActiveStatus',
+				});
+			}
+
+			const federation = (await License.hasValidLicense()) ? FederationEE : Federation;
+
+			await federation.deactivateRemoteUser(remoteUser);
+		}
+	}
+
 	// Users without username can't do anything, so there is no need to check for owned rooms
 	if (user.username != null && !active) {
 		const userAdmin = await Users.findOneAdmin(userId || '');

diff --git a/apps/meteor/ee/server/local-services/federation/service.ts b/apps/meteor/ee/server/local-services/federation/service.ts
@@ -215,4 +215,8 @@ export class FederationServiceEE extends AbstractBaseFederationServiceEE impleme
 	async stopped(): Promise<void> {
 		return super.stopped();
 	}
+
+	async deactivateRemoteUser(userId: string) {
+		return super.deactivateRemoteUser(userId);
+	}
 }
diff --git a/apps/meteor/server/services/federation/domain/IFederationBridge.ts b/apps/meteor/server/services/federation/domain/IFederationBridge.ts
@@ -110,4 +110,5 @@ export interface IFederationBridge {
 		externalUserId: string,
 		externalRoomId: string,
 	): Promise<{ creator: { id: string; username: string }; name: string; joinedMembers: string[] } | undefined>;
+	deactivateUser(externalUserId: string): Promise<void>;
 }
diff --git a/apps/meteor/server/services/federation/infrastructure/matrix/Bridge.ts b/apps/meteor/server/services/federation/infrastructure/matrix/Bridge.ts
@@ -752,4 +752,17 @@ export class MatrixBridge implements IFederationBridge {
 			'de.sorunome.msc2409.push_ephemeral': registrationFile.enableEphemeralEvents,
 		};
 	}
+
+	public async deactivateUser(uid: string) {
+		/*
+		 * https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3accountdeactivate
+		 * Using { erase: false } since rocket.chat side on deactivation we do not delete anything.
+		 */
+		const resp = await this.bridgeInstance
+			.getIntent()
+			.matrixClient.doRequest('POST', '/_matrix/client/v3/account/deactivate', { user_id: uid }, { erase: false });
+		if (resp.id_server_unbind_result !== 'success') {
+			throw new Error('Failed to deactivate matrix user');
+		}
+	}
 }
diff --git a/apps/meteor/server/services/federation/service.ts b/apps/meteor/server/services/federation/service.ts
@@ -238,6 +238,10 @@ export abstract class AbstractFederationService extends ServiceClassInternal {
 	protected async verifyMatrixIds(matrixIds: string[]): Promise<Map<string, string>> {
 		return this.bridge.verifyInviteeIds(matrixIds);
 	}
+
+	protected async deactivateRemoteUser(remoteUserId: string) {
+		return this.bridge.deactivateUser(remoteUserId);
+	}
 }
 
 abstract class AbstractBaseFederationService extends AbstractFederationService {
@@ -342,4 +346,8 @@ export class FederationService extends AbstractBaseFederationService implements
 	public async created(): Promise<void> {
 		return super.created();
 	}
+
+	public async deactivateRemoteUser(userId: string) {
+		return super.deactivateRemoteUser(userId);
+	}
 }
diff --git a/packages/core-services/src/types/IFederationService.ts b/packages/core-services/src/types/IFederationService.ts
@@ -4,6 +4,8 @@ export interface IFederationService {
 	createDirectMessageRoomAndInviteUser(internalInviterId: string, internalRoomId: string, externalInviteeId: string): Promise<void>;
 
 	verifyMatrixIds(matrixIds: string[]): Promise<Map<string, string>>;
+
+	deactivateRemoteUser(userId: string): Promise<void>;
 }
 
 export interface IFederationJoinExternalPublicRoomInput {
@@ -38,4 +40,6 @@ export interface IFederationServiceEE {
 	joinExternalPublicRoom(input: IFederationJoinExternalPublicRoomInput): Promise<void>;
 
 	verifyMatrixIds(matrixIds: string[]): Promise<Map<string, string>>;
+
+	deactivateRemoteUser(userId: string): Promise<void>;
 }