From 0d4c0bdbdfd7a892eed214ef00658c308ae0c3e6 Mon Sep 17 00:00:00 2001 From: Jean Brito Date: Tue, 3 Oct 2023 13:07:05 -0300 Subject: [PATCH 1/3] Update to Electron 24.8.5 patching CVE-2023-5217 --- package.json | 2 +- yarn.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 52fc2213d..7252d2557 100644 --- a/package.json +++ b/package.json @@ -111,7 +111,7 @@ "chokidar": "^3.5.3", "conventional-changelog-cli": "^2.2.2", "convert-svg-to-png": "^0.5.0", - "electron": "24.8.3", + "electron": "24.8.5", "electron-builder": "^23.6.0", "electron-devtools-installer": "^3.2.0", "electron-notarize": "^1.2.2", diff --git a/yarn.lock b/yarn.lock index 8fe5aaccf..fac457bec 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9967,16 +9967,16 @@ __metadata: languageName: node linkType: hard -"electron@npm:24.8.3": - version: 24.8.3 - resolution: "electron@npm:24.8.3" +"electron@npm:24.8.5": + version: 24.8.5 + resolution: "electron@npm:24.8.5" dependencies: "@electron/get": ^2.0.0 "@types/node": ^18.11.18 extract-zip: ^2.0.1 bin: electron: cli.js - checksum: bbc2e281461cae811537962e4ee6beabd7f9111f3cfdad02cc22081830533161277af1329c04cf917d85f3c69879a04fa3bec5f9db68f137192fbba7157566ec + checksum: f4be9639c3eb681f987f3d13bbfce72f81f2f1e1ad0c1fee860053ba80659c861f980bec6a14c049915729c2d5dd111281897ee82a7334dc5745ced697ed2d1c languageName: node linkType: hard @@ -16909,7 +16909,7 @@ __metadata: chokidar: ^3.5.3 conventional-changelog-cli: ^2.2.2 convert-svg-to-png: ^0.5.0 - electron: 24.8.3 + electron: 24.8.5 electron-builder: ^23.6.0 electron-devtools-installer: ^3.2.0 electron-dl: ^3.5.0 From 18174e235dd54e711e75c34f9cd4a7db9b9e3441 Mon Sep 17 00:00:00 2001 From: Jean Brito Date: Tue, 3 Oct 2023 13:08:44 -0300 Subject: [PATCH 2/3] Version 3.9.9 --- electron-builder.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/electron-builder.json b/electron-builder.json index 06f015c42..68bd07f30 100644 --- a/electron-builder.json +++ b/electron-builder.json @@ -23,7 +23,7 @@ "mas" ], "icon": "build/icon.icns", - "bundleVersion": "118", + "bundleVersion": "119", "helperBundleId": "chat.rocket.electron.helper", "type": "distribution", "artifactName": "rocketchat-${version}-${os}.${ext}", diff --git a/package.json b/package.json index 7252d2557..c1f7611fe 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,7 @@ "productName": "Rocket.Chat", "name": "rocketchat", "description": "Official OSX, Windows, and Linux Desktop Clients for Rocket.Chat", - "version": "3.9.8", + "version": "3.9.9", "author": "Rocket.Chat Support ", "copyright": "© 2016-2023, Rocket.Chat", "homepage": "https://rocket.chat", From 0e71f31a4e917f5f94bc9df29befc86b2321293d Mon Sep 17 00:00:00 2001 From: Jean Brito Date: Fri, 13 Oct 2023 09:21:58 -0300 Subject: [PATCH 3/3] fix: Add authentication to room deeplink (#2751) --- src/deepLinks/main.ts | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/deepLinks/main.ts b/src/deepLinks/main.ts index 37446fcc9..aee0cb413 100644 --- a/src/deepLinks/main.ts +++ b/src/deepLinks/main.ts @@ -67,6 +67,8 @@ type AuthenticationParams = { type OpenRoomParams = { host: string; path?: string; + token?: string; + userId?: string; }; type InviteParams = { @@ -138,7 +140,12 @@ const performAuthentication = async ({ }); // https://developer.rocket.chat/rocket.chat/deeplink#channel-group-dm -const performOpenRoom = async ({ host, path }: OpenRoomParams): Promise => +const performOpenRoom = async ({ + host, + path, + token, + userId, +}: OpenRoomParams): Promise => performOnServer(host, async (serverUrl) => { if (!path) { return; @@ -146,8 +153,14 @@ const performOpenRoom = async ({ host, path }: OpenRoomParams): Promise => if (!/^\/?(direct|group|channel|livechat)\/[0-9a-zA-Z-_.]+/.test(path)) { return; } + const url = new URL(path, serverUrl); + if (token && userId) { + url.searchParams.append('resumeToken', token); + url.searchParams.append('userId', userId); + } + const webContents = await getWebContents(serverUrl); - webContents.loadURL(new URL(path, serverUrl).href); + webContents.loadURL(url.href); }); const performInvite = async ({ host, path }: InviteParams): Promise => @@ -191,8 +204,10 @@ const processDeepLink = async (deepLink: string): Promise => { case 'room': { const host = args.get('host') ?? undefined; const path = args.get('path') ?? undefined; + const token = args.get('token') ?? undefined; + const userId = args.get('userId') ?? undefined; if (host && path) { - await performOpenRoom({ host, path }); + await performOpenRoom({ host, path, token, userId }); } break; }