fix(communities)_: ensure read-only channels are not encrypted

fixes: status-im/status-desktop#14748
2024-05-15 10:43:15 +02:00 · 2024-05-15 10:43:15 +02:00 · 0db114f544
parent 03de0a2c6e
commit 0db114f544
4 changed files with 72 additions and 30 deletions
--- a/protocol/communities/community.go
+++ b/protocol/communities/community.go
@ -1736,27 +1736,32 @@ func (o *Community) HasTokenPermissions() bool {
 }

 func (o *Community) channelEncrypted(channelID string) bool {
-	return o.channelHasTokenPermissions(o.ChatID(channelID))
-}
+	chatID := o.ChatID(channelID)

-func (o *Community) ChannelEncrypted(channelID string) bool {
-	return o.ChannelHasTokenPermissions(o.ChatID(channelID))
-}
+	hasPermission := false
+	viewableByEveryone := false

-func (o *Community) channelHasTokenPermissions(chatID string) bool {
-	for _, tokenPermission := range o.tokenPermissions() {
-		if includes(tokenPermission.ChatIds, chatID) {
-			return true
+	for _, p := range o.tokenPermissions() {
+		if !includes(p.ChatIds, chatID) {
+			continue
+		}
+
+		hasPermission = true
+
+		if p.Type == protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL &&
+			len(p.TokenCriteria) == 0 {
+			viewableByEveryone = true
+			break
 		}
 	}

-	return false
+	return hasPermission && !viewableByEveryone
 }

-func (o *Community) ChannelHasTokenPermissions(chatID string) bool {
+func (o *Community) ChannelEncrypted(channelID string) bool {
 	o.mutex.Lock()
 	defer o.mutex.Unlock()
-	return o.channelHasTokenPermissions(chatID)
+	return o.channelEncrypted(channelID)
 }

 func TokenPermissionsByType(permissions map[string]*CommunityTokenPermission, permissionType protobuf.CommunityTokenPermission_Type) []*CommunityTokenPermission {
--- a/protocol/communities/community_description_encryption_test.go
+++ b/protocol/communities/community_description_encryption_test.go
@ -120,7 +120,7 @@ func (s *CommunityEncryptionDescriptionSuite) description() *protobuf.CommunityD
 			"channel-level-permission": &protobuf.CommunityTokenPermission{
 				Id:            "channel-level-permission",
 				Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-				TokenCriteria: []*protobuf.TokenCriteria{},
+				TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 				ChatIds:       []string{types.EncodeHex(crypto.CompressPubkey(&s.identity.PublicKey)) + "channelB"},
 			},
 		},
--- a/protocol/communities/community_encryption_key_action_test.go
+++ b/protocol/communities/community_encryption_key_action_test.go
@ -219,7 +219,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{"some-chat-id"},
 				},
 			},
@ -231,7 +231,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{"some-chat-id"},
 				},
 			},
@ -244,7 +244,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id-1",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{"some-chat-id"},
 				},
 			},
@ -252,7 +252,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id-1",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{"some-chat-id"},
 				},
 				&protobuf.CommunityTokenPermission{
@ -284,7 +284,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id-2",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{"some-chat-id"},
 				},
 			},
@ -304,7 +304,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{""},
 				},
 			},
@ -316,7 +316,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{""},
 				},
 			},
@ -342,7 +342,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id-2",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{""},
 				},
 			},
@ -645,7 +645,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{chatID},
 				},
 			},
@ -662,7 +662,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{chatID},
 				},
 			},
@ -680,7 +680,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{chatID},
 				},
 			},
@ -688,7 +688,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{chatID},
 				},
 			},
@ -708,7 +708,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{chatID},
 				},
 			},
@ -716,7 +716,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{chatID},
 				},
 			},
@ -813,7 +813,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestNilOrigin() {
 		&protobuf.CommunityTokenPermission{
 			Id:            "some-id-2",
 			Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-			TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+			TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 			ChatIds:       []string{chatID},
 		},
 	}
@ -892,7 +892,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestControlNodeChange() {
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{chatID},
 				},
 			},
@ -925,7 +925,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestControlNodeChange() {
 				&protobuf.CommunityTokenPermission{
 					Id:            "some-id-2",
 					Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
-					TokenCriteria: make([]*protobuf.TokenCriteria, 0),
+					TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
 					ChatIds:       []string{chatID},
 				},
 			},
--- a/protocol/communities/community_test.go
+++ b/protocol/communities/community_test.go
@ -748,6 +748,43 @@ func (s *CommunitySuite) TestChannelTokenPermissionsByType() {
 	s.Require().Equal(result[0].ChatIds, viewAndPostPermissions[0].ChatIds)
 }

+func (s *CommunitySuite) TestChannelEncrypted() {
+	org := s.buildCommunity(&s.identity.PublicKey)
+	someChannelID := "some-channel-id"
+	someChatID := org.ChatID(someChannelID)
+
+	s.Require().False(org.ChannelEncrypted(someChannelID))
+
+	_, err := org.UpsertTokenPermission(&protobuf.CommunityTokenPermission{
+		Id:            "A",
+		Type:          protobuf.CommunityTokenPermission_CAN_VIEW_AND_POST_CHANNEL,
+		TokenCriteria: []*protobuf.TokenCriteria{},
+		ChatIds:       []string{someChatID},
+	})
+	s.Require().NoError(err)
+	s.Require().True(org.channelEncrypted(someChannelID))
+
+	_, err = org.UpsertTokenPermission(&protobuf.CommunityTokenPermission{
+		Id:            "B",
+		Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
+		TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
+		ChatIds:       []string{someChatID},
+	})
+	s.Require().NoError(err)
+	s.Require().True(org.channelEncrypted(someChannelID))
+
+	// Channels with `view` permission without token requirements shouldn't be encrypted.
+	// See: https://github.com/status-im/status-desktop/issues/14748
+	_, err = org.UpsertTokenPermission(&protobuf.CommunityTokenPermission{
+		Id:            "C",
+		Type:          protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
+		TokenCriteria: []*protobuf.TokenCriteria{},
+		ChatIds:       []string{someChatID},
+	})
+	s.Require().NoError(err)
+	s.Require().False(org.channelEncrypted(someChannelID))
+}
+
 func (s *CommunitySuite) emptyCommunityDescription() *protobuf.CommunityDescription {
 	return &protobuf.CommunityDescription{
 		Permissions: &protobuf.CommunityPermissions{},