Allow blocking invites from people you don't share a room with

Matrix currently has a significant moderation loophole, thanks to
invites. Right now, anyone can invite anyone to a room - and clients
like NeoChat will gladly display these rooms to them and even give you
a notification.

However, this creates a pretty easy attack since room names and avatars
are arbitrary and this is a known vector of harassment in the Matrix
community. There's currently no tools to block this server-side, so
let's try to improve the situation where we can.

This adds a new setting to the Security page, wherein it allows you to
block invites from people you don't share a room with. This prevents the
notification from appearing and NeoChat will attempt to leave the room
immediately.

Since this depends on MSC 2666 - a currently unstable feature - the
server may not support it and NeoChat will disable the setting in this
case.

src/CMakeLists.txt

@@ -134,6 +134,8 @@ add_library(neochat STATIC
     jobs/neochatdeletedevicejob.h
     jobs/neochatchangepasswordjob.cpp
     jobs/neochatchangepasswordjob.h
+    jobs/neochatgetcommonroomsjob.cpp
+    jobs/neochatgetcommonroomsjob.h
     mediasizehelper.cpp
     mediasizehelper.h
     eventhandler.cpp

src/jobs/neochatgetcommonroomsjob.cpp

@@ -0,0 +1,14 @@
+// SPDX-FileCopyrightText: 2024 Joshua Goins <josh@redstrate.com>
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+#include "neochatgetcommonroomsjob.h"
+
+using namespace Quotient;
+
+NeochatGetCommonRoomsJob::NeochatGetCommonRoomsJob(const QString &userId)
+    : BaseJob(HttpVerb::Get,
+              QStringLiteral("GetCommonRoomsJob"),
+              QStringLiteral("/_matrix/client/unstable/uk.half-shot.msc2666/user/mutual_rooms").toLatin1(),
+              QUrlQuery({{QStringLiteral("user_id"), userId}}))
+{
+}

src/jobs/neochatgetcommonroomsjob.h

@@ -0,0 +1,14 @@
+// SPDX-FileCopyrightText: 2024 Joshua Goins <josh@redstrate.com>
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+#pragma once
+
+#include <Quotient/jobs/basejob.h>
+#include <Quotient/omittable.h>
+
+// TODO: Upstream to libQuotient
+class NeochatGetCommonRoomsJob : public Quotient::BaseJob
+{
+public:
+    explicit NeochatGetCommonRoomsJob(const QString &userId);
+};

src/neochatconfig.kcfg

@@ -187,5 +187,11 @@
       <default>false</default>
     </entry>
   </group>
+  <group name="Security">
+    <entry name="RejectUnknownInvites" type="bool">
+      <label>Reject unknown invites</label>
+      <default>false</default>
+    </entry>
+  </group>
 </kcfg>
 

src/neochatconnection.cpp

@@ -25,6 +25,7 @@
 
 #include <Quotient/csapi/content-repo.h>
 #include <Quotient/csapi/profile.h>
+#include <Quotient/csapi/versions.h>
 #include <Quotient/database.h>
 #include <Quotient/jobs/downloadfilejob.h>
 #include <Quotient/qt_connection_util.h>
@@ -132,6 +133,21 @@ void NeoChatConnection::connectSignals()
         Q_EMIT homeNotificationsChanged();
         Q_EMIT homeHaveHighlightNotificationsChanged();
     });
+
+    // Fetch unstable features
+    // TODO: Expose unstableFeatures() in libQuotient
+    connect(
+        this,
+        &Connection::connected,
+        this,
+        [this] {
+            auto job = callApi<GetVersionsJob>(BackgroundRequest);
+            connect(job, &GetVersionsJob::success, this, [this, job] {
+                m_canCheckMutualRooms = job->unstableFeatures().contains("uk.half-shot.msc2666.query_mutual_rooms"_ls);
+                Q_EMIT canCheckMutualRoomsChanged();
+            });
+        },
+        Qt::SingleShotConnection);
 }
 
 int NeoChatConnection::badgeNotificationCount() const
@@ -200,6 +216,11 @@ QVariantList NeoChatConnection::getSupportedRoomVersions() const
     return supportedRoomVersions;
 }
 
+bool NeoChatConnection::canCheckMutualRooms() const
+{
+    return m_canCheckMutualRooms;
+}
+
 void NeoChatConnection::changePassword(const QString &currentPassword, const QString &newPassword)
 {
     auto job = callApi<NeochatChangePasswordJob>(newPassword, false);

src/neochatconnection.h

@@ -79,6 +79,11 @@ class NeoChatConnection : public Quotient::Connection
      */
     Q_PROPERTY(bool isOnline READ isOnline WRITE setIsOnline NOTIFY isOnlineChanged)
 
+    /**
+     * @brief Whether the server supports querying a user's mutual rooms.
+     */
+    Q_PROPERTY(bool canCheckMutualRooms READ canCheckMutualRooms NOTIFY canCheckMutualRoomsChanged)
+
 public:
     /**
      * @brief Defines the status after an attempt to change the password on an account.
@@ -95,6 +100,7 @@ public:
 
     Q_INVOKABLE void logout(bool serverSideLogout);
     Q_INVOKABLE QVariantList getSupportedRoomVersions() const;
+    bool canCheckMutualRooms() const;
 
     /**
      * @brief Change the password for an account.
@@ -196,6 +202,7 @@ Q_SIGNALS:
     void passwordStatus(NeoChatConnection::PasswordStatus status);
     void userConsentRequired(QUrl url);
     void badgeNotificationCountChanged(NeoChatConnection *connection, int count);
+    void canCheckMutualRoomsChanged();
 
 private:
     bool m_isOnline = true;
@@ -208,4 +215,6 @@ private:
     int m_badgeNotificationCount = 0;
 
     QHash<QUrl, LinkPreviewer *> m_linkPreviewers;
+
+    bool m_canCheckMutualRooms = false;
 };

src/neochatroom.cpp

@@ -41,6 +41,7 @@
 #include "events/joinrulesevent.h"
 #include "events/pollevent.h"
 #include "filetransferpseudojob.h"
+#include "jobs/neochatgetcommonroomsjob.h"
 #include "neochatconfig.h"
 #include "notificationsmanager.h"
 #include "roomlastmessageprovider.h"
@@ -129,14 +130,38 @@ NeoChatRoom::NeoChatRoom(Connection *connection, QString roomId, JoinState joinS
                 return;
             }
             auto roomMemberEvent = currentState().get<RoomMemberEvent>(localMember().id());
-            QImage avatar_image;
+
-            if (roomMemberEvent && !member(roomMemberEvent->senderId()).avatarUrl().isEmpty()) {
+            auto showNotification = [this, roomMemberEvent] {
-                avatar_image = memberAvatar(roomMemberEvent->senderId()).get(this->connection(), 128, [] {});
+                QImage avatar_image;
+                if (roomMemberEvent && !member(roomMemberEvent->senderId()).avatarUrl().isEmpty()) {
+                    avatar_image = memberAvatar(roomMemberEvent->senderId()).get(this->connection(), 128, [] {});
+                } else {
+                    qWarning() << "using this room's avatar";
+                    avatar_image = avatar(128);
+                }
+
+                NotificationsManager::instance().postInviteNotification(this,
+                                                                        displayName(),
+                                                                        member(roomMemberEvent->senderId()).htmlSafeDisplayName(),
+                                                                        avatar_image);
+            };
+
+            if (NeoChatConfig::rejectUnknownInvites()) {
+                auto job = this->connection()->callApi<NeochatGetCommonRoomsJob>(roomMemberEvent->senderId());
+                connect(job, &BaseJob::result, this, [this, job, roomMemberEvent, showNotification] {
+                    QJsonObject replyData = job->jsonData();
+                    if (replyData.contains(QStringLiteral("joined"))) {
+                        const bool inAnyOfOurRooms = !replyData[QStringLiteral("joined")].toArray().isEmpty();
+                        if (inAnyOfOurRooms) {
+                            showNotification();
+                        } else {
+                            leaveRoom();
+                        }
+                    }
+                });
             } else {
-                qWarning() << "using this room's avatar";
+                showNotification();
-                avatar_image = avatar(128);
             }
-            NotificationsManager::instance().postInviteNotification(this, displayName(), member(roomMemberEvent->senderId()).htmlSafeDisplayName(), avatar_image);
         },
         Qt::SingleShotConnection);
     connect(this, &Room::changed, this, [this] {
@@ -1313,7 +1338,6 @@ void NeoChatRoom::setPushNotificationState(PushNotificationState::State state)
 
     m_currentPushNotificationState = state;
     Q_EMIT pushNotificationStateChanged(m_currentPushNotificationState);
-
 }
 
 void NeoChatRoom::updatePushNotificationState(QString type)

src/settings/NeoChatSecurityPage.qml

@@ -16,6 +16,32 @@ FormCard.FormCardPage {
 
     title: i18nc("@title", "Security")
 
+    FormCard.FormHeader {
+        title: i18nc("@title:group", "Invitations")
+    }
+    FormCard.FormCard {
+        FormCard.FormCheckDelegate {
+            text: i18nc("@option:check", "Reject invitations from unknown users")
+            description: connection.canCheckMutualRooms ? i18n("If enabled, NeoChat will reject invitations from from users you don't share a room with.") : i18n("Your server does not support this setting.")
+            checked: Config.rejectUnknownInvites
+            enabled: !Config.isRejectUnknownInvitesImmutable && connection.canCheckMutualRooms
+            onToggled: {
+                Config.rejectUnknownInvites = checked;
+                Config.save();
+            }
+        }
+    }
+    FormCard.FormHeader {
+        title: i18nc("@title:group", "Ignored Users")
+    }
+    FormCard.FormCard {
+        FormCard.FormButtonDelegate {
+            text: i18nc("@action:button", "Manage ignored users")
+            onClicked: root.ApplicationWindow.window.pageStack.push(ignoredUsersDialogComponent, {}, {
+                title: i18nc("@title:window", "Ignored Users")
+            });
+        }
+    }
     FormCard.FormHeader {
         title: i18nc("@title", "Keys")
     }
@@ -33,17 +59,6 @@ FormCard.FormCardPage {
             description: i18n("Device id")
         }
     }
-    FormCard.FormHeader {
-        title: i18nc("@title:group", "Ignored Users")
-    }
-    FormCard.FormCard {
-        FormCard.FormButtonDelegate {
-            text: i18nc("@action:button", "Manage ignored users")
-            onClicked: pageStack.pushDialogLayer(ignoredUsersDialogComponent, {}, {
-                title: i18nc("@title:window", "Ignored Users")
-            });
-        }
-    }
 
     Component {
         id: ignoredUsersDialogComponent