From df3a8b341b11f6a9982f28769449eade55fde2df Mon Sep 17 00:00:00 2001 From: yash-rajpal Date: Tue, 28 Oct 2025 21:54:14 +0530 Subject: [PATCH 1/2] fix and add tests --- .../authentication/server/startup/index.js | 6 +- apps/meteor/tests/end-to-end/api/users.ts | 134 ++++++++++++++++++ 2 files changed, 139 insertions(+), 1 deletion(-) diff --git a/apps/meteor/app/authentication/server/startup/index.js b/apps/meteor/app/authentication/server/startup/index.js index 345aa01e688ea..a56f237c6e527 100644 --- a/apps/meteor/app/authentication/server/startup/index.js +++ b/apps/meteor/app/authentication/server/startup/index.js @@ -307,7 +307,11 @@ Accounts.insertUserDoc = async function (options, user) { user.type = 'user'; } - if (settings.get('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In')) { + if ( + settings.get('Accounts_TwoFactorAuthentication_Enabled') && + settings.get('Accounts_TwoFactorAuthentication_By_Email_Enabled') && + settings.get('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In') + ) { user.services = user.services || {}; user.services.email2fa = { enabled: true, diff --git a/apps/meteor/tests/end-to-end/api/users.ts b/apps/meteor/tests/end-to-end/api/users.ts index aee958ce4f2cf..5e5790f97a832 100644 --- a/apps/meteor/tests/end-to-end/api/users.ts +++ b/apps/meteor/tests/end-to-end/api/users.ts @@ -693,6 +693,140 @@ describe('[Users]', () => { }); }); }); + + describe('default email2fa auto opt in configuration', () => { + let user: IUser; + + afterEach(async () => { + await deleteUser(user); + await updateSetting('Accounts_TwoFactorAuthentication_By_Email_Enabled', true); + await updateSetting('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In', true); + await updateSetting('Accounts_TwoFactorAuthentication_Enabled', true); + }); + + const dummyUser = { + email: 'email2fa_auto_opt_in@rocket.chat', + name: 'email2fa_auto_opt_in', + username: 'email2fa_auto_opt_in', + password, + }; + + it('should auto opt in new users for email2fa ', async () => { + await request + .post(api('users.create')) + .set(credentials) + .send(dummyUser) + .expect('Content-Type', 'application/json') + .expect(200) + .expect((res) => { + expect(res.body).to.have.property('success', true); + user = res.body.user; + }); + + const newUserCredentials = await login(dummyUser.username, dummyUser.password); + + await request + .get(api('users.info')) + .set(newUserCredentials) + .query({ + username: dummyUser.username, + }) + .expect('Content-Type', 'application/json') + .expect(200) + .expect((res) => { + expect(res.body).to.have.property('success', true); + expect(res.body).to.have.nested.property('user.services.email2fa.enabled', true); + }); + }); + + it('should not auto opt in new users for email2fa if email2fa is disabled', async () => { + await updateSetting('Accounts_TwoFactorAuthentication_By_Email_Enabled', false); + await request + .post(api('users.create')) + .set(credentials) + .send(dummyUser) + .expect('Content-Type', 'application/json') + .expect(200) + .expect((res) => { + expect(res.body).to.have.property('success', true); + user = res.body.user; + }); + + const newUserCredentials = await login(dummyUser.username, dummyUser.password); + + await request + .get(api('users.info')) + .set(newUserCredentials) + .query({ + username: dummyUser.username, + }) + .expect('Content-Type', 'application/json') + .expect(200) + .expect((res) => { + expect(res.body).to.have.property('success', true); + expect(res.body).to.not.have.nested.property('user.services.email2fa.enabled'); + }); + }); + + it('should not auto opt in new users for email2fa if two factor authentication is disabled', async () => { + await updateSetting('Accounts_TwoFactorAuthentication_Enabled', false); + await request + .post(api('users.create')) + .set(credentials) + .send(dummyUser) + .expect('Content-Type', 'application/json') + .expect(200) + .expect((res) => { + expect(res.body).to.have.property('success', true); + user = res.body.user; + }); + + const newUserCredentials = await login(dummyUser.username, dummyUser.password); + + await request + .get(api('users.info')) + .set(newUserCredentials) + .query({ + username: dummyUser.username, + }) + .expect('Content-Type', 'application/json') + .expect(200) + .expect((res) => { + expect(res.body).to.have.property('success', true); + expect(res.body).to.not.have.nested.property('user.services.email2fa.enabled'); + }); + }); + + it('should not auto opt in new users for email2fa if email2fa is enabled but auto opt in is disabled', async () => { + await updateSetting('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In', false); + + await request + .post(api('users.create')) + .set(credentials) + .send(dummyUser) + .expect('Content-Type', 'application/json') + .expect(200) + .expect((res) => { + expect(res.body).to.have.property('success', true); + user = res.body.user; + }); + + const newUserCredentials = await login(dummyUser.username, dummyUser.password); + + await request + .get(api('users.info')) + .set(newUserCredentials) + .query({ + username: dummyUser.username, + }) + .expect('Content-Type', 'application/json') + .expect(200) + .expect((res) => { + expect(res.body).to.have.property('success', true); + expect(res.body).to.not.have.nested.property('user.services.email2fa.enabled'); + }); + }); + }); }); describe('[/users.register]', () => { From b627bc0502d9c3929c2c6e4d2099870a57640461 Mon Sep 17 00:00:00 2001 From: yash-rajpal Date: Tue, 28 Oct 2025 23:12:40 +0530 Subject: [PATCH 2/2] add changeset --- .changeset/lucky-bulldogs-divide.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/lucky-bulldogs-divide.md diff --git a/.changeset/lucky-bulldogs-divide.md b/.changeset/lucky-bulldogs-divide.md new file mode 100644 index 0000000000000..7a28e7ccac816 --- /dev/null +++ b/.changeset/lucky-bulldogs-divide.md @@ -0,0 +1,5 @@ +--- +'@rocket.chat/meteor': patch +--- + +Fixes an issue related to creating new users, it should not auto opt in new users for email two factor authentication if any one of `Accounts_TwoFactorAuthentication_Enabled`, `Accounts_TwoFactorAuthentication_By_Email_Enabled` and `Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In` setting is disabled.