desktop icon indicating copy to clipboard operation
desktop copied to clipboard

Published 20 hours ago verified publisher icon mattermost

[MM-44004] Optionally turn off UTF-8 encoding for winreg if the system doesn't support it

Open devinbinnie opened this issue 2 years ago • 14 comments

Summary

It's possible that some system administrators may have cmd.exe disabled in a more controlled environment, but still might want to configure their Mattermost servers using GPO.

Our current library requires the use of cmd.exe to get the registry entries since some users use special characters which require UTF-8 encoding to add correctly to the app. This conflicts with what some others might want.

This PR adds some error-checking logic that tries to initialize the registry object with UTF-8 encoding disabled if it fails the first time.

Ticket Link

https://mattermost.atlassian.net/browse/MM-44004

Disable UTF-8 encoding for systems that don't support it correctly

devinbinnie avatar May 25 '22 16:05 devinbinnie

Building app in separate branch.

mattermod avatar May 25 '22 16:05 mattermod

Successfully building:
https://circleci.com/gh/mattermost/desktop/20168
https://circleci.com/gh/mattermost/desktop/20167
https://circleci.com/gh/mattermost/desktop/20165

mattermod avatar May 25 '22 16:05 mattermod

Artifact links:
https://output.circle-artifacts.com/output/job/7074fec3-f887-44a6-a8bc-86846d1bbfa2/artifacts/0/tmp/artifacts/mattermost-desktop-5.1.0-develop.1-mac-m1.dmg
https://output.circle-artifacts.com/output/job/7074fec3-f887-44a6-a8bc-86846d1bbfa2/artifacts/0/tmp/artifacts/mattermost-desktop-5.1.0-develop.1-mac-x64.dmg
https://output.circle-artifacts.com/output/job/2b80c278-ef3d-4fbb-87bf-a9c9871c059a/artifacts/0/tmp/artifacts/mattermost-desktop-setup-5.1.0-develop.1-win.exe
https://output.circle-artifacts.com/output/job/1b6296a1-86e2-4d88-b159-2bb84bd67b1d/artifacts/0/tmp/artifacts/mattermost-desktop-5.1.0-develop.1-linux-ia32.tar.gz
https://output.circle-artifacts.com/output/job/1b6296a1-86e2-4d88-b159-2bb84bd67b1d/artifacts/0/tmp/artifacts/mattermost-desktop-5.1.0-develop.1-linux-x64.tar.gz

mattermod avatar May 25 '22 17:05 mattermod

@hmhealey - I know Devin is out right now, but do you happen to know if there is a way to get a build of the msi installer for this?

coltoneshaw avatar Jun 01 '22 19:06 coltoneshaw

Actually, I can probably add the msi flag to the electron builder config, but i don't see it already so i'm wondering if we build it through another process that i'm missing.

coltoneshaw avatar Jun 01 '22 19:06 coltoneshaw

No, sorry. I don't have any experience with building the desktop app, particularly when it comes to building for Windows

hmhealey avatar Jun 02 '22 16:06 hmhealey

@devinbinnie - Can we have a .msi installer for this issue?

coltoneshaw avatar Jun 13 '22 13:06 coltoneshaw

The file .circleci/config.yml is in the blocklist for external contributors. Hence, these changes are not tested by the CI pipeline active until the build is re-triggered by a core committer or the PR is merged. Please be careful when reviewing it. /cc @mattermost/core-security @mattermost/core-build-engineers

mattermod avatar Jun 13 '22 15:06 mattermod

The file .circleci/config.yml is in the blocklist for external contributors. Hence, these changes are not tested by the CI pipeline active until the build is re-triggered by a core committer or the PR is merged. Please be careful when reviewing it. /cc @mattermost/core-security @mattermost/core-build-engineers

mattermod avatar Jun 13 '22 15:06 mattermod

@coltoneshaw Here you go!

https://output.circle-artifacts.com/output/job/5e9ea70a-a737-4269-83b3-937bedae1773/artifacts/0/packages/win-release/5.1.0-develop.1/mattermost-desktop-5.1.0-develop.1-x64.msi

devinbinnie avatar Jun 13 '22 17:06 devinbinnie

@devinbinnie - The customer was able to confirm here that this specific issue still exists with the latest version. It's attempting to call cmd.exe and getting blocked. Then once loading, showing the Add a server modal, meaning it's not getting anything from the registry.

coltoneshaw avatar Jun 30 '22 20:06 coltoneshaw

@coltoneshaw Can you have them send over the Desktop App logs? Also, make sure they're using the correct version, since the MSI installer installs to a different location than the EXE

devinbinnie avatar Jun 30 '22 20:06 devinbinnie

@devinbinnie - Of course, i'll see if I can get the logs and share them privately. The version should be right because they uninstalled the prior version and installed this one.

coltoneshaw avatar Jun 30 '22 20:06 coltoneshaw

@coltoneshaw Any progress on this from the customer?

devinbinnie avatar Jul 27 '22 20:07 devinbinnie

The file .circleci/config.yml is in the blocklist for external contributors. Hence, these changes are not tested by the CI pipeline active until the build is re-triggered by a core committer or the PR is merged. Please be careful when reviewing it. /cc @mattermost/core-security @mattermost/core-build-engineers

mattermost-build avatar Jan 12 '23 16:01 mattermost-build

The file .circleci/config.yml is in the blocklist for external contributors. Hence, these changes are not tested by the CI pipeline active until the build is re-triggered by a core committer or the PR is merged. Please be careful when reviewing it. /cc @mattermost/core-security @mattermost/core-build-engineers

mattermost-build avatar Jan 12 '23 17:01 mattermost-build

Just a quick update, and I'm going to play around with changes.

I can repro this 100% of the time now.

  1. Open Local Group Policy Editor
  2. User config > Admin Templates > system > Prevent access to the command prompt
  3. Set that to enabled, and block script access too.
  4. Set some group policy things, I did the default server.
  5. Open Mattermost and you won't see the default server
  6. Go in and enable cmd access again (step 2)
  7. open mattermost and you'll see the default server.
  8. Repeat as many times as you want.

coltoneshaw avatar Jan 12 '23 18:01 coltoneshaw

/update-branch

devinbinnie avatar Jan 17 '23 17:01 devinbinnie

The file .circleci/config.yml is in the blocklist for external contributors. Hence, these changes are not tested by the CI pipeline active until the build is re-triggered by a core committer or the PR is merged. Please be careful when reviewing it. /cc @mattermost/core-security @mattermost/core-build-engineers

mattermost-build avatar Jan 17 '23 17:01 mattermost-build

The file .circleci/config.yml is in the blocklist for external contributors. Hence, these changes are not tested by the CI pipeline active until the build is re-triggered by a core committer or the PR is merged. Please be careful when reviewing it. /cc @mattermost/core-security @mattermost/core-build-engineers

mattermost-build avatar Jan 17 '23 18:01 mattermost-build

Building app in separate branch.

mattermost-build avatar Jan 17 '23 18:01 mattermost-build

Successfully building:
https://circleci.com/gh/mattermost/desktop/27152
https://circleci.com/gh/mattermost/desktop/27151
https://circleci.com/gh/mattermost/desktop/27150

mattermost-build avatar Jan 17 '23 18:01 mattermost-build

@coltoneshaw I added some changes. Turns out the winreg-utf8 library won't work regardless of whether you turn UTF-8 on or off, so I've elected to just toggle between the two libraries and will enforce the requirement that if you need UTF-8 enabled server names then you can't disable the command prompt.

devinbinnie avatar Jan 17 '23 18:01 devinbinnie

@devinbinnie - Thanks! Let me test it and let you know

coltoneshaw avatar Jan 17 '23 19:01 coltoneshaw

Artifact links:
https://output.circle-artifacts.com/output/job/81af690c-b247-4c41-9a39-57ae7ba29e1a/artifacts/0/tmp/artifacts/mattermost-desktop-5.3.0-develop.1-linux-arm64.tar.gz
https://output.circle-artifacts.com/output/job/81af690c-b247-4c41-9a39-57ae7ba29e1a/artifacts/0/tmp/artifacts/mattermost-desktop-5.3.0-develop.1-linux-x64.tar.gz
https://output.circle-artifacts.com/output/job/65b31198-586d-49ab-bef1-65b7df5098b6/artifacts/0/tmp/artifacts/mattermost-desktop-5.3.0-develop.1-mac-m1.dmg
https://output.circle-artifacts.com/output/job/65b31198-586d-49ab-bef1-65b7df5098b6/artifacts/0/tmp/artifacts/mattermost-desktop-5.3.0-develop.1-mac-x64.dmg
https://output.circle-artifacts.com/output/job/416dd944-85c3-4ead-8590-3da8943a8252/artifacts/0/tmp/artifacts/mattermost-desktop-5.3.0-develop.1-win-arm64.zip
https://output.circle-artifacts.com/output/job/416dd944-85c3-4ead-8590-3da8943a8252/artifacts/0/tmp/artifacts/mattermost-desktop-5.3.0-develop.1-win-ia32.zip
https://output.circle-artifacts.com/output/job/416dd944-85c3-4ead-8590-3da8943a8252/artifacts/0/tmp/artifacts/mattermost-desktop-5.3.0-develop.1-win-x64.zip

mattermost-build avatar Jan 17 '23 19:01 mattermost-build

@devinbinnie - On a test with cmd.exe fully blocked the app appears to still not read the registry. If i enable cmd.exe the app works fine. I'm testing with the above repro steps.

coltoneshaw avatar Jan 17 '23 19:01 coltoneshaw

mattermostlogs.log

[2023-01-17 11:32:36.431] [error] Error reading the registry HKCU \Software\Policies\Mattermost EnableServerManagement utf8: false ProcessUncleanExitError: QUERY command exited with code 1:

ERROR: The system was unable to find the specified registry key or value.
    at mkErrorMsg (C:\Users\Colton\Downloads\mattermost-desktop-5.3.0-develop.1-win-x64\resources\app.asar\index.js:44444:10)
    at ChildProcess.<anonymous> (C:\Users\Colton\Downloads\mattermost-desktop-5.3.0-develop.1-win-x64\resources\app.asar\index.js:44825:10)
    at ChildProcess.emit (node:events:527:28)
    at maybeClose (node:internal/child_process:1092:16)
    at ChildProcess._handle.onexit (node:internal/child_process:302:5)

Seems to still try utf8 but also flip back and forth? I see it pulled my config but it doesn't shot anything in the UI

coltoneshaw avatar Jan 17 '23 19:01 coltoneshaw

/update-branch

devinbinnie avatar Jan 17 '23 23:01 devinbinnie

The file .circleci/config.yml is in the blocklist for external contributors. Hence, these changes are not tested by the CI pipeline active until the build is re-triggered by a core committer or the PR is merged. Please be careful when reviewing it. /cc @mattermost/core-security @mattermost/core-build-engineers

mattermost-build avatar Jan 17 '23 23:01 mattermost-build

@devinbinnie - I think I just replicated the customers behavior using applocker and can confirm it's still broken. Give me a few to debug and i'll upload logs too.

coltoneshaw avatar Jan 18 '23 18:01 coltoneshaw