Add token controlled access channels

RocketChat · rodrigok · Dec 4, 2017 · Aug 24, 2017 · Oct 16, 2017 · Oct 23, 2017
commit 2aa247ab263408cfe0711f0225cbb60f1bed92da
diff --git a/.meteor/packages b/.meteor/packages
@@ -118,6 +118,7 @@ rocketchat:spotify
 rocketchat:statistics
 rocketchat:streamer
 rocketchat:theme
+rocketchat:tokenpass
 rocketchat:tooltip
 rocketchat:tutum
 rocketchat:ui

diff --git a/.meteor/versions b/.meteor/versions
@@ -212,6 +212,7 @@ rocketchat:spotify@0.0.1
 rocketchat:statistics@0.0.1
 rocketchat:streamer@0.5.0
 rocketchat:theme@0.0.1
+rocketchat:tokenpass@0.0.1
 rocketchat:tooltip@0.0.1
 rocketchat:tutum@0.0.1
 rocketchat:ui@0.1.0

diff --git a/packages/rocketchat-channel-settings/client/lib/ChannelSettings.js b/packages/rocketchat-channel-settings/client/lib/ChannelSettings.js
@@ -25,7 +25,7 @@ RocketChat.ChannelSettings = new class {
 		const allOptions = _.toArray(this.options.get());
 		const allowedOptions = _.compact(_.map(allOptions, function(option) {
 			const ret = {...option};
-			if (option.validation == null || option.validation()) {
+			if (option.validation == null || option.validation(currentData)) {
 				ret.data = Object.assign({}, typeof option.data === 'function' ? option.data() : option.data, currentData);
 				return ret;
 			}

diff --git a/packages/rocketchat-channel-settings/client/stylesheets/channel-settings.css b/packages/rocketchat-channel-settings/client/stylesheets/channel-settings.css
@@ -44,7 +44,6 @@
 			position: absolute;
 			top: -1px;
 			right: 10px;
-			bottom: 0;
 
 			border-radius: 0 4px 4px 0;
 

diff --git a/packages/rocketchat-channel-settings/client/views/channelSettings.js b/packages/rocketchat-channel-settings/client/views/channelSettings.js
@@ -425,6 +425,9 @@ Template.channelSettings.onCreated(function() {
 		const room = ChatRoom.findOne(this.data && this.data.rid);
 		const field = this.editing.get();
 		let value;
+		if (!this.settings[field]) {
+			return;
+		}
 		if (this.settings[field].type === 'select') {
 			value = this.$(`.channel-settings form [name=${ field }]:checked`).val();
 		} else if (this.settings[field].type === 'boolean') {

diff --git a/packages/rocketchat-channel-settings/server/methods/saveRoomSettings.js b/packages/rocketchat-channel-settings/server/methods/saveRoomSettings.js
@@ -10,7 +10,7 @@ Meteor.methods({
 				method: 'saveRoomSettings'
 			});
 		}
-		if (!['roomName', 'roomTopic', 'roomAnnouncement', 'roomDescription', 'roomType', 'readOnly', 'reactWhenReadOnly', 'systemMessages', 'default', 'joinCode'].some((s) => s === setting)) {
+		if (!['roomName', 'roomTopic', 'roomAnnouncement', 'roomDescription', 'roomType', 'readOnly', 'reactWhenReadOnly', 'systemMessages', 'default', 'joinCode', 'tokenpass'].some((s) => s === setting)) {
 			throw new Meteor.Error('error-invalid-settings', 'Invalid settings provided', {
 				method: 'saveRoomSettings'
 			});
@@ -65,6 +65,16 @@ Meteor.methods({
 						RocketChat.saveRoomType(rid, value, Meteor.user());
 					}
 					break;
+				case 'tokenpass':
+					check(value, {
+						require: String,
+						tokens: [{
+							token: String,
+							balance: String
+						}]
+					});
+					RocketChat.saveRoomTokenpass(rid, value);
+					break;
 				case 'readOnly':
 					if (value !== room.ro) {
 						RocketChat.saveRoomReadOnly(rid, value, Meteor.user());

diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -96,6 +96,10 @@
   "Accounts_OAuth_Meteor_callback_url": "Meteor Callback URL",
   "Accounts_OAuth_Meteor_id": "Meteor Id",
   "Accounts_OAuth_Meteor_secret": "Meteor Secret",
+  "Accounts_OAuth_Tokenpass": "Tokenpass Login",
+  "Accounts_OAuth_Tokenpass_callback_url": "Tokenpass Callback URL",
+  "Accounts_OAuth_Tokenpass_id": "Tokenpass Id",
+  "Accounts_OAuth_Tokenpass_secret": "Tokenpass Secret",
   "Accounts_OAuth_Twitter": "Twitter Login",
   "Accounts_OAuth_Twitter_callback_url": "Twitter Callback URL",
   "Accounts_OAuth_Twitter_id": "Twitter Id",
@@ -159,6 +163,7 @@
   "All_channels": "All channels",
   "All_logs": "All logs",
   "All_messages": "All messages",
+  "All_added_tokens_will_be_required_by_the_user": "All added tokens will be required by the user",
   "Allow_Invalid_SelfSigned_Certs": "Allow Invalid Self-Signed Certs",
   "Allow_Invalid_SelfSigned_Certs_Description": "Allow invalid and self-signed SSL certificate's for link validation and previews.",
   "Allow_switching_departments": "Allow visitor to switch departments",
@@ -203,6 +208,8 @@
   "API_Shield_Types": "Shield Types",
   "API_Shield_Types_Description": "Types of shields to enable as a comma separated list, choose from `online`, `channel` or `*` for all",
   "API_Token": "API Token",
+  "API_Tokenpass_URL": "Tokenpass Server URL",
+  "API_Tokenpass_URL_Description": "Example: https://domain.com (excluding trailing slash)",
   "API_Upper_Count_Limit": "Max Record Amount",
   "API_Upper_Count_Limit_Description": "What is the maximum number of records the REST API should return (when not unlimited)?",
   "API_User_Limit": "User Limit for adding all Users to Channel",
@@ -221,6 +228,7 @@
   "Are_you_sure_you_want_to_delete_your_account": "Are you sure you want to delete your account?",
   "Assign_admin": "Assigning admin",
   "at": "at",
+  "At_least_one_added_token_is_required_by_the_user": "At least one added token is required by the user",
   "AtlassianCrowd": "Atlassian Crowd",
   "Attachment_File_Uploaded": "File Uploaded",
   "Attribute_handling": "Attribute handling",
@@ -319,6 +327,7 @@
   "Channel_Archived": "Channel with name `#%s` has been archived successfully",
   "Channel_doesnt_exist": "The channel `#%s` does not exist.",
   "Channel_name": "Channel name",
+  "Channel_Name_Placeholder": "Type channel name",
   "Channel_to_listen_on": "Channel to listen on",
   "Channel_Unarchived": "Channel with name `#%s` has been Unarchived successfully",
   "Channels": "Channels",
@@ -356,6 +365,7 @@
   "Color": "Color",
   "Commands": "Commands",
   "Comment_to_leave_on_closing_session": "Comment to leave on closing session",
+  "Common_Access": "Common Access",
   "Compact": "Compact",
   "Confirm_password": "Confirm your password",
   "Conversation": "Conversation",
@@ -1123,6 +1133,7 @@
   "Meta_msvalidate01": "MSValidate.01",
   "Meta_robots": "Robots",
   "Min_length_is": "Min length is %s",
+  "Minimum_balance": "Minimum balance",
   "minutes": "minutes",
   "Mobile": "Mobile",
   "Mobile_Notifications_Default_Alert": "Mobile Notifications Default Alert",
@@ -1515,6 +1526,8 @@
   "Report_exclamation_mark": "Report!",
   "Report_sent": "Report sent",
   "Report_this_message_question_mark": "Report this message?",
+  "Require_all_tokens": "Require all tokens",
+  "Require_any_token": "Require any token",
   "Require_password_change": "Require password change",
   "Resend_verification_email": "Resend verification email",
   "Reset": "Reset",
@@ -1540,6 +1553,7 @@
   "Room_has_been_deleted": "Room has been deleted",
   "Room_has_been_archived": "Room has been archived",
   "Room_has_been_unarchived": "Room has been unarchived",
+  "Room_tokenpass_config_changed_successfully": "Room tokenpass configuration changed successfully",
   "Room_type_of_default_rooms_cant_be_changed": "This is a default room and the type can not be changed, please consult with your administrator.",
   "Room_default_change_to_private_will_be_default_no_more": "This is a default channel and changing it to a private group will cause it to no longer be a default channel. Do you want to proceed?",
   "Room_Info": "Room Info",
@@ -1803,6 +1817,17 @@
   "to_see_more_details_on_how_to_integrate": "to see more details on how to integrate.",
   "To_users": "To Users",
   "Toggle_original_translated": "Toggle original/translated",
+  "Token_Access": "Token Access",
+  "Token_Controlled_Access": "Token Controlled Access",
+  "Token_required": "Token required",
+  "Tokenpass_Channels": "Tokenpass Channels",
+  "Tokens_Minimum_Needed_Balance": "Minimum needed token balance",
+  "Tokens_Minimum_Needed_Balance_Description": "Set minimum needed balance on each token. Blank or \"0\" for not limit.",
+  "Tokens_Minimum_Needed_Balance_Placeholder": "Balance value",
+  "Tokens_Required": "Tokens required",
+  "Tokens_Required_Input_Description": "Type one or more tokens asset names separated by comma.",
+  "Tokens_Required_Input_Error": "Invalid typed tokens.",
+  "Tokens_Required_Input_Placeholder": "Tokens asset names",
   "Topic": "Topic",
   "Travel_and_Places": "Travel & Places",
   "Transcript_Enabled": "Ask visitor if they would like a transcript after chat closed",

diff --git a/packages/rocketchat-lib/server/methods/createPrivateGroup.js b/packages/rocketchat-lib/server/methods/createPrivateGroup.js
@@ -1,5 +1,5 @@
 Meteor.methods({
-	createPrivateGroup(name, members, readOnly = false, customFields = {}) {
+	createPrivateGroup(name, members, readOnly = false, customFields = {}, extraData = {}) {
 		check(name, String);
 		check(members, Match.Optional([String]));
 
@@ -11,6 +11,17 @@ Meteor.methods({
 			throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'createPrivateGroup' });
 		}
 
-		return RocketChat.createRoom('p', name, Meteor.user() && Meteor.user().username, members, readOnly, {customFields});
+		// validate extra data schema
+		check(extraData, Match.ObjectIncluding({
+			tokenpass: Match.Maybe({
+				require: String,
+				tokens: [{
+					token: String,
+					balance: String
+				}]
+			})
+		}));
+
+		return RocketChat.createRoom('p', name, Meteor.user() && Meteor.user().username, members, readOnly, {customFields, ...extraData});
 	}
 });
diff --git a/packages/rocketchat-lib/server/methods/joinRoom.js b/packages/rocketchat-lib/server/methods/joinRoom.js
@@ -1,6 +1,5 @@
 Meteor.methods({
 	joinRoom(rid, code) {
-
 		check(rid, String);
 
 		if (!Meteor.userId()) {
@@ -13,14 +12,24 @@ Meteor.methods({
 			throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'joinRoom' });
 		}
 
-		if ((room.t !== 'c') || (RocketChat.authz.hasPermission(Meteor.userId(), 'view-c-room') !== true)) {
-			throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'joinRoom' });
-		}
+		// TODO we should have a 'beforeJoinRoom' call back so external services can do their own validations
+		const user = Meteor.user();
+		if (room.tokenpass && user && user.services && user.services.tokenpass) {
+			const balances = RocketChat.updateUserTokenpassBalances(user);
+
+			if (!RocketChat.Tokenpass.validateAccess(room.tokenpass, balances)) {
+				throw new Meteor.Error('error-not-allowed', 'Token required', { method: 'joinRoom' });
+			}
+		} else {
+			if ((room.t !== 'c') || (RocketChat.authz.hasPermission(Meteor.userId(), 'view-c-room') !== true)) {
+				throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'joinRoom' });
+			}
 
-		if ((room.joinCodeRequired === true) && (code !== room.joinCode) && !RocketChat.authz.hasPermission(Meteor.userId(), 'join-without-join-code')) {
-			throw new Meteor.Error('error-code-invalid', 'Invalid Code', { method: 'joinRoom' });
+			if ((room.joinCodeRequired === true) && (code !== room.joinCode) && !RocketChat.authz.hasPermission(Meteor.userId(), 'join-without-join-code')) {
+				throw new Meteor.Error('error-code-invalid', 'Invalid Code', { method: 'joinRoom' });
+			}
 		}
 
-		return RocketChat.addUserToRoom(rid, Meteor.user());
+		return RocketChat.addUserToRoom(rid, user);
 	}
 });
diff --git a/packages/rocketchat-lib/startup/defaultRoomTypes.js b/packages/rocketchat-lib/startup/defaultRoomTypes.js
@@ -33,6 +33,7 @@ RocketChat.roomTypes.add('channels', 30, {
 		return ['unread', 'category'].includes(preferences.roomsListExhibitionMode) && preferences.mergeChannels;
 	}
 });
+
 // public
 RocketChat.roomTypes.add('c', 30, {
 	icon: 'hashtag',
@@ -102,6 +103,10 @@ RocketChat.roomTypes.add('p', 40, {
 		const user = Meteor.user();
 		const preferences = (user && user.settings && user.settings.preferences && user.settings.preferences) || {};
 		return !preferences.roomsListExhibitionMode || ['unread', 'category'].includes(preferences.roomsListExhibitionMode) && !preferences.mergeChannels && RocketChat.authz.hasAllPermission('view-p-room');
+	},
+
+	showJoinLink() {
+		return true;
 	}
 });
 

diff --git a/packages/rocketchat-theme/client/imports/components/chip.css b/packages/rocketchat-theme/client/imports/components/chip.css
@@ -1,6 +1,6 @@
 .chip-container {
 	margin: 15px;
-
+	font-size: 15px;
 	list-style-type: none;
 }
 

diff --git a/packages/rocketchat-theme/client/imports/components/modal/full-modal.css b/packages/rocketchat-theme/client/imports/components/modal/full-modal.css
@@ -9,6 +9,8 @@
 	height: 100%;
 	justify-content: center;
 
+	overflow-y: auto;
+
 	&__wrapper {
 		position: relative;
 

diff --git a/packages/rocketchat-theme/client/imports/forms/button.css b/packages/rocketchat-theme/client/imports/forms/button.css
@@ -64,3 +64,9 @@
 		}
 	}
 }
+
+@media (width < 780px) {
+	.rc-button--full {
+		width: 100%;
+	}
+}
diff --git a/packages/rocketchat-theme/client/imports/forms/switch.css b/packages/rocketchat-theme/client/imports/forms/switch.css
@@ -9,6 +9,17 @@
 	&__input {
 		display: none;
 
+		&:checked {
+			& + .rc-switch__button {
+				border-color: #26d198;
+				background-color: var(--color-success);
+
+				& .rc-switch__button-inside {
+					transform: translate3d(1px, 1px, 0);
+				}
+			}
+		}
+
 		&:disabled {
 			& + .rc-switch__button {
 				cursor: default;
@@ -21,17 +32,6 @@
 				cursor: default;
 			}
 		}
-
-		&:checked {
-			& + .rc-switch__button {
-				border-color: #26d198;
-				background-color: var(--color-success);
-
-				& .rc-switch__button-inside {
-					transform: translate3d(1px, 1px, 0);
-				}
-			}
-		}
 	}
 
 	&__button {

diff --git a/packages/rocketchat-theme/client/imports/forms/tags.css b/packages/rocketchat-theme/client/imports/forms/tags.css
@@ -12,6 +12,10 @@
 	flex-wrap: wrap;
 	justify-content: flex-start;
 
+	&--no-icon {
+		padding: 0;
+	}
+
 	&__tag {
 		display: flex;
 
@@ -22,13 +26,13 @@
 		background: var(--tags-background);
 		align-items: center;
 
-		&-avatar {
+		&-image {
 			width: var(--tags-avatar-size);
 			height: var(--tags-avatar-size);
 			margin-right: 0.5rem;
 		}
 
-		&-username {
+		&-text {
 			margin-right: 0.5rem;
 		}
 

diff --git a/packages/rocketchat-theme/client/imports/general/base.css b/packages/rocketchat-theme/client/imports/general/base.css
@@ -102,9 +102,9 @@ button {
 
 .rc-icon {
 	width: 1em;
-  height: 1em;
+	height: 1em;
 
 	vertical-align: -0.15em;
 
-  overflow: hidden;
+	overflow: hidden;
 }
diff --git a/packages/rocketchat-theme/client/imports/general/forms.css b/packages/rocketchat-theme/client/imports/general/forms.css
@@ -141,10 +141,29 @@
 	font-size: var(--input-font-size);
 }
 
+.rc-form-fieldset {
+	padding: var(--default-padding);
+
+	border-width: var(--input-border-width);
+	border-color: var(--input-border-color);
+	border-radius: var(--input-border-radius);
+	background-color: transparent;
+
+	&--error {
+		color: var(--input-error-color);
+		border-color: var(--input-error-color);
+	}
+}
+
 .rc-form-legend {
+	margin: 0 -5px;
+
+	padding: 0 5px;
+
 	color: #2d343d;
 
 	font-size: 1rem;
+	font-weight: 500;
 }
 
 .rc-grid {

diff --git a/packages/rocketchat-theme/client/imports/general/variables.css b/packages/rocketchat-theme/client/imports/general/variables.css
@@ -41,6 +41,7 @@
 	--status-busy: var(--color-error);
 	--status-invisible: var(--color-gray-medium);
 	--status-invisible-sidebar: var(--color-darkest);
+	--default-padding: 1rem;
 	--default-small-padding: 1rem;
 
 	/*

diff --git a/packages/rocketchat-tokenpass/README.md b/packages/rocketchat-tokenpass/README.md
@@ -0,0 +1,3 @@
+# Tokenpass OAuth Flow
+
+An implementation of the Tokenpass OAuth flow with Tokenpass using RocketChat CustomOAuth. See the [Tokenpass API Reference](http://apidocs.tokenly.com/tokenpass/#oauth-integration) for more details.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Tokenpass OAuth Flow

		An implementation of the Tokenpass OAuth flow with Tokenpass using RocketChat CustomOAuth. See the [Tokenpass API Reference](http://apidocs.tokenly.com/tokenpass/#oauth-integration) for more details.