feat: Don't apply chat name and avatar changes from non-members

Non-members can't modify the member list (incl. adding themselves), modify an ephemeral timer, so they shouldn't be able to change the group name or avatar, just for consistency. Even if messages are reordered and a group name change from a new member arrives before its addition, the new group name will be applied on a receipt of the next message following the addition message because Chat-Group-Name-Timestamp increases. While Delta Chat groups aimed for chatting with trusted contacts, accepting group changes from everyone knowing Chat-Group-Id means that if any of the past members have the key compromised, the group should be recreated which looks impractical.
2026-04-02 05:22:14 +03:00 · 2025-07-04 18:22:56 -03:00
parent 1a2e355bb8
commit 374a5ef687
2 changed files with 16 additions and 12 deletions
--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
@@ -2899,17 +2899,17 @@ async fn apply_group_changes(
        }
    }

-    apply_chat_name_and_avatar_changes(
-        context,
-        mime_parser,
-        from_id,
-        chat,
-        &mut send_event_chat_modified,
-        &mut better_msg,
-    )
-    .await?;
-
    if is_from_in_chat {
+        apply_chat_name_and_avatar_changes(
+            context,
+            mime_parser,
+            from_id,
+            chat,
+            &mut send_event_chat_modified,
+            &mut better_msg,
+        )
+        .await?;
+
        if chat.member_list_is_stale(context).await? {
            info!(context, "Member list is stale.");
            let mut new_members: HashSet<ContactId> =
--- a/src/receive_imf/receive_imf_tests.rs
+++ b/src/receive_imf/receive_imf_tests.rs
@@ -4212,14 +4212,18 @@ async fn test_keep_member_list_if_possibly_nomember() -> Result<()> {
    let fiona_chat_id = fiona.recv_msg(&alice.pop_sent_msg().await).await.chat_id;
    fiona_chat_id.accept(&fiona).await?;

-    send_text_msg(&fiona, fiona_chat_id, "hi".to_string()).await?;
+    SystemTime::shift(Duration::from_secs(60));
+    chat::set_chat_name(&fiona, fiona_chat_id, "Renamed").await?;
    bob.recv_msg(&fiona.pop_sent_msg().await).await;

-    // Bob missed the message adding fiona, but mustn't recreate the member list.
+    // Bob missed the message adding fiona, but mustn't recreate the member list or apply the group
+    // name change.
    assert_eq!(get_chat_contacts(&bob, bob_chat_id).await?.len(), 2);
    assert!(is_contact_in_chat(&bob, bob_chat_id, ContactId::SELF).await?);
    let bob_alice_contact = bob.add_or_lookup_contact_id(&alice).await;
    assert!(is_contact_in_chat(&bob, bob_chat_id, bob_alice_contact).await?);
+    let chat = Chat::load_from_db(&bob, bob_chat_id).await?;
+    assert_eq!(chat.get_name(), "Group");
    Ok(())
 }