fix(communities)_: ensure read-only channels are not encrypted
fixes: status-im/status-desktop#14748
This commit is contained in:
Patryk Osmaczko
osmaczko
parent
03de0a2c6e
commit
0db114f544
|
|
@ -1736,27 +1736,32 @@ func (o *Community) HasTokenPermissions() bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *Community) channelEncrypted(channelID string) bool {
|
func (o *Community) channelEncrypted(channelID string) bool {
|
||||||
return o.channelHasTokenPermissions(o.ChatID(channelID))
|
chatID := o.ChatID(channelID)
|
||||||
|
|
||||||
|
hasPermission := false
|
||||||
|
viewableByEveryone := false
|
||||||
|
|
||||||
|
for _, p := range o.tokenPermissions() {
|
||||||
|
if !includes(p.ChatIds, chatID) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
hasPermission = true
|
||||||
|
|
||||||
|
if p.Type == protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL &&
|
||||||
|
len(p.TokenCriteria) == 0 {
|
||||||
|
viewableByEveryone = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return hasPermission && !viewableByEveryone
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *Community) ChannelEncrypted(channelID string) bool {
|
func (o *Community) ChannelEncrypted(channelID string) bool {
|
||||||
return o.ChannelHasTokenPermissions(o.ChatID(channelID))
|
|
||||||
}
|
|
||||||
|
|
||||||
func (o *Community) channelHasTokenPermissions(chatID string) bool {
|
|
||||||
for _, tokenPermission := range o.tokenPermissions() {
|
|
||||||
if includes(tokenPermission.ChatIds, chatID) {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
func (o *Community) ChannelHasTokenPermissions(chatID string) bool {
|
|
||||||
o.mutex.Lock()
|
o.mutex.Lock()
|
||||||
defer o.mutex.Unlock()
|
defer o.mutex.Unlock()
|
||||||
return o.channelHasTokenPermissions(chatID)
|
return o.channelEncrypted(channelID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TokenPermissionsByType(permissions map[string]*CommunityTokenPermission, permissionType protobuf.CommunityTokenPermission_Type) []*CommunityTokenPermission {
|
func TokenPermissionsByType(permissions map[string]*CommunityTokenPermission, permissionType protobuf.CommunityTokenPermission_Type) []*CommunityTokenPermission {
|
||||||
|
|
|
||||||
|
|
@ -120,7 +120,7 @@ func (s *CommunityEncryptionDescriptionSuite) description() *protobuf.CommunityD
|
||||||
"channel-level-permission": &protobuf.CommunityTokenPermission{
|
"channel-level-permission": &protobuf.CommunityTokenPermission{
|
||||||
Id: "channel-level-permission",
|
Id: "channel-level-permission",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: []*protobuf.TokenCriteria{},
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{types.EncodeHex(crypto.CompressPubkey(&s.identity.PublicKey)) + "channelB"},
|
ChatIds: []string{types.EncodeHex(crypto.CompressPubkey(&s.identity.PublicKey)) + "channelB"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -219,7 +219,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{"some-chat-id"},
|
ChatIds: []string{"some-chat-id"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -231,7 +231,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{"some-chat-id"},
|
ChatIds: []string{"some-chat-id"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -244,7 +244,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id-1",
|
Id: "some-id-1",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{"some-chat-id"},
|
ChatIds: []string{"some-chat-id"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -252,7 +252,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id-1",
|
Id: "some-id-1",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{"some-chat-id"},
|
ChatIds: []string{"some-chat-id"},
|
||||||
},
|
},
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
|
|
@ -284,7 +284,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id-2",
|
Id: "some-id-2",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{"some-chat-id"},
|
ChatIds: []string{"some-chat-id"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -304,7 +304,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{""},
|
ChatIds: []string{""},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -316,7 +316,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{""},
|
ChatIds: []string{""},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -342,7 +342,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestCommunityLevelKeyActions_Permiss
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id-2",
|
Id: "some-id-2",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{""},
|
ChatIds: []string{""},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -645,7 +645,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -662,7 +662,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -680,7 +680,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -688,7 +688,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -708,7 +708,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -716,7 +716,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestChannelLevelKeyActions() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -813,7 +813,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestNilOrigin() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id-2",
|
Id: "some-id-2",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
@ -892,7 +892,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestControlNodeChange() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id",
|
Id: "some-id",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -925,7 +925,7 @@ func (s *CommunityEncryptionKeyActionSuite) TestControlNodeChange() {
|
||||||
&protobuf.CommunityTokenPermission{
|
&protobuf.CommunityTokenPermission{
|
||||||
Id: "some-id-2",
|
Id: "some-id-2",
|
||||||
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
TokenCriteria: make([]*protobuf.TokenCriteria, 0),
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
ChatIds: []string{chatID},
|
ChatIds: []string{chatID},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -748,6 +748,43 @@ func (s *CommunitySuite) TestChannelTokenPermissionsByType() {
|
||||||
s.Require().Equal(result[0].ChatIds, viewAndPostPermissions[0].ChatIds)
|
s.Require().Equal(result[0].ChatIds, viewAndPostPermissions[0].ChatIds)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *CommunitySuite) TestChannelEncrypted() {
|
||||||
|
org := s.buildCommunity(&s.identity.PublicKey)
|
||||||
|
someChannelID := "some-channel-id"
|
||||||
|
someChatID := org.ChatID(someChannelID)
|
||||||
|
|
||||||
|
s.Require().False(org.ChannelEncrypted(someChannelID))
|
||||||
|
|
||||||
|
_, err := org.UpsertTokenPermission(&protobuf.CommunityTokenPermission{
|
||||||
|
Id: "A",
|
||||||
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_AND_POST_CHANNEL,
|
||||||
|
TokenCriteria: []*protobuf.TokenCriteria{},
|
||||||
|
ChatIds: []string{someChatID},
|
||||||
|
})
|
||||||
|
s.Require().NoError(err)
|
||||||
|
s.Require().True(org.channelEncrypted(someChannelID))
|
||||||
|
|
||||||
|
_, err = org.UpsertTokenPermission(&protobuf.CommunityTokenPermission{
|
||||||
|
Id: "B",
|
||||||
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
|
TokenCriteria: []*protobuf.TokenCriteria{&protobuf.TokenCriteria{}},
|
||||||
|
ChatIds: []string{someChatID},
|
||||||
|
})
|
||||||
|
s.Require().NoError(err)
|
||||||
|
s.Require().True(org.channelEncrypted(someChannelID))
|
||||||
|
|
||||||
|
// Channels with `view` permission without token requirements shouldn't be encrypted.
|
||||||
|
// See: https://github.com/status-im/status-desktop/issues/14748
|
||||||
|
_, err = org.UpsertTokenPermission(&protobuf.CommunityTokenPermission{
|
||||||
|
Id: "C",
|
||||||
|
Type: protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
|
||||||
|
TokenCriteria: []*protobuf.TokenCriteria{},
|
||||||
|
ChatIds: []string{someChatID},
|
||||||
|
})
|
||||||
|
s.Require().NoError(err)
|
||||||
|
s.Require().False(org.channelEncrypted(someChannelID))
|
||||||
|
}
|
||||||
|
|
||||||
func (s *CommunitySuite) emptyCommunityDescription() *protobuf.CommunityDescription {
|
func (s *CommunitySuite) emptyCommunityDescription() *protobuf.CommunityDescription {
|
||||||
return &protobuf.CommunityDescription{
|
return &protobuf.CommunityDescription{
|
||||||
Permissions: &protobuf.CommunityPermissions{},
|
Permissions: &protobuf.CommunityPermissions{},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue