Skip to content

feat: force End-to-End Encryption (E2EE) on private rooms#41095

Draft
milton-rucks wants to merge 1 commit into
developfrom
feat/force-e2ee-private-rooms
Draft

feat: force End-to-End Encryption (E2EE) on private rooms#41095
milton-rucks wants to merge 1 commit into
developfrom
feat/force-e2ee-private-rooms

Conversation

@milton-rucks

Copy link
Copy Markdown

Proposed changes (including videos or screenshots)

Adds a workspace setting that lets administrators in regulated / high-security environments enforce E2EE on every newly created private room, so users can no longer opt out or accidentally create an unencrypted private room.

New settingE2E_Force_Encryption_For_Private_Rooms (Admin → Settings → End-to-End Encryption)

  • Boolean, default false, public, gated by enableQuery: E2E_Enable = true
  • Label: Force_Encryption_For_Private_Rooms ("Force End-to-End Encryption (E2EE) on Private Rooms")
  • Description: Force_Encryption_For_Private_Rooms_Description

Behavior when enabled

  • Create-room modal (CreateChannelModal): for a private room the Encrypted toggle is forced on and disabled, with the hint "Enforced by workspace security policy."; public rooms keep the toggle off + disabled.
  • Server enforcement (central prepareCreateRoomCallback in app/e2e/server/beforeCreateRoom.ts): for private rooms (type === 'p') it forces encrypted: true, and rejects any request that explicitly passes encrypted: false (e.g. groups.create) with error code error-encrypted-private-rooms-enforced ("Workspace policy requires all private rooms to be encrypted.").

When disabled, the existing legacy behavior is fully retained (respects E2E_Enabled_Default_PrivateRooms and the user choice). Public rooms are never affected.

Files

  • apps/meteor/server/settings/e2e.ts — register the setting
  • apps/meteor/app/e2e/server/beforeCreateRoom.ts — server-side force + reject
  • apps/meteor/client/navbar/NavBarPagesGroup/actions/CreateChannelModal.tsx — modal state matrix (forced on / disabled)
  • apps/meteor/client/navbar/NavBarPagesGroup/actions/useEncryptedRoomDescription.ts — enforced hint text
  • packages/i18n/src/locales/en.i18n.json — 4 new keys (sorted; i18n check passes)
  • changeset included

Issue(s)

Steps to test or reproduce

  1. Admin → Settings → End-to-End Encryption: enable E2E Enable and Force End-to-End Encryption (E2EE) on Private Rooms.
  2. Open the create-channel modal, toggle Private on → the Encrypted toggle flips on, is greyed out, and shows "Enforced by workspace security policy." Toggle Private off (public) → Encrypted is off and disabled.
  3. API: POST /api/v1/groups.create with extraData.encrypted = false → rejected with error-encrypted-private-rooms-enforced. With encrypted: true or omitted → created encrypted. POST /api/v1/channels.create (public) is unaffected.

Verified end-to-end against a local server + MongoDB: groups.create with encrypted:false is rejected, encrypted:true/omitted creates an encrypted room, and public channel creation is unaffected.

Further comments

Enforcement is placed in the shared prepareCreateRoomCallback so it covers all private-room creation paths (REST groups.create, the createPrivateGroup method, teams) from a single point, rather than only the REST endpoint.

The client modal logic compiles cleanly but was not visually driven in a browser during development; the server enforcement, setting registration, and i18n were verified live.

🤖 Generated with Claude Code

Add a workspace setting `E2E_Force_Encryption_For_Private_Rooms` that lets
administrators in regulated/high-security environments enforce E2EE on every
newly created private room. When enabled, users can no longer opt out:
- the encryption toggle in the create-room modal is locked on for private
  rooms (and shows "Enforced by workspace security policy");
- the server forces `encrypted: true` and rejects any attempt to create a
  private room with `encrypted: false` (e.g. via `groups.create`) with the
  error `error-encrypted-private-rooms-enforced`.

Public rooms are unaffected, and when the setting is off the existing legacy
behavior (respecting `E2E_Enabled_Default_PrivateRooms` and user choice) is
retained.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dionisio-bot

dionisio-bot Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Looks like this PR is not ready to merge, because of the following issues:

  • This PR is missing the 'stat: QA assured' label
  • This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

@changeset-bot

changeset-bot Bot commented Jun 28, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: b4b0bb8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages
Name Type
@rocket.chat/meteor Minor
@rocket.chat/i18n Minor
@rocket.chat/core-typings Minor
@rocket.chat/rest-typings Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.


Milton Rucks seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@coderabbitai

coderabbitai Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a4658a9a-8440-4f99-9bad-b1b33c3e91dd

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jun 28, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 84.21053% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.14%. Comparing base (294ee5d) to head (b4b0bb8).

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##           develop   #41095      +/-   ##
===========================================
- Coverage    70.20%   70.14%   -0.06%     
===========================================
  Files         3368     3368              
  Lines       130022   130039      +17     
  Branches     22570    22536      -34     
===========================================
- Hits         91284    91221      -63     
- Misses       35425    35507      +82     
+ Partials      3313     3311       -2     
Flag Coverage Δ
e2e 59.30% <22.22%> (-0.11%) ⬇️
e2e-api 46.27% <100.00%> (-0.05%) ⬇️
unit 70.12% <83.33%> (-0.06%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants