fix: Can't remove channel's password to join #31507
Conversation
🦋 Changeset detectedLatest commit: b1f03f7 The changes in this PR will be included in the next version bump. This PR includes changesets to release 30 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
dougfabris
changed the title
There was a problem hiding this comment.
@Spiral-Memory Nice catch, thank you so much for helping us!
dionisio-bot
bot
added
stat: ready to merge
dionisio-bot
bot
added
stat: ready to merge
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## develop #31507 +/- ##
===========================================
- Coverage 55.08% 53.24% -1.84%
===========================================
Files 1537 1575 +38
Lines 30324 27063 -3261
Branches 6234 5769 -465
===========================================
- Hits 16704 14411 -2293
+ Misses 12332 11412 -920
+ Partials 1288 1240 -48
Flags with carried forward coverage won't be shown. Click here to find out more. |
dionisio-bot
bot
added
stat: ready to merge
|
@dougfabris , Thank you so much for reviewing my changes and approving them. It's my very first PR in this repository to get merged, and I am really happy that I could be of some use in helping the application. I would like to request you to please review two more of my PRs: PR #1265 and PR #1262 in the Fuselage repository if possible. They were raised a week before, and I believe they might be helpful as well. Additionally, I would like to report a security issue in the Rocket Chat application related with password protected channel only. However, I am uncertain whether to report it in the bug section or the security vulnerability section. Could you please guide me on this? Also, can I work on that issue? |
* 'develop' of github.com:RocketChat/Rocket.Chat: (143 commits) fix: Marketplace apps installed as private showing as installed (#31514) test: fix messaging flaky test (#31512) fix: change the push sound sent when the push is from video conference (#30910) fix: ensure sessionId on Sessions documents (#31487) chore: handle rocket.cat creation and deletion (#31170) chore(agenda): Changes in Agenda API (#31427) refactor: Pay the debt of some TODO comments (#30338) feat: Room header keyboard navigability (#31516) fix: Cron job for clearing OEmbed cache isn't working (#31336) refactor(client): Handling of custom statuses (#31500) fix: Prevent `Fallback forward departments` feature to go on loop when configured as circular chain (#31328) feat: Add `push.test` endpoint (#31289) chore: split UserProvider into two: User and Authentication (#31513) fix: Can't remove channel's password to join (#31507) chore: convert CAS integration code to typescript (#31492) feat: Composer keyboard navigability (#31510) fix: Render warning in Logs - (MessageType.render is deprecated. Use MessageType.message instead) (#31426) feat: Convert emoji shortname to unicode on notification emails. (#31225) chore: Normalize `ButtonGroup` (#31499) chore: improve type definitions for login service configurations (#31491) ...
|
@Spiral-Memory Sure, I will take a look as soon as possible. |
Thank you for your reply. Sir, I have reported the security issue on GitHub in the security vulnerability section. You can have a look; it's still in the triage phase. Also, HackerOne is not accepting submissions, I believe. |
Proposed changes (including videos or screenshots)
The issue arises from a minor detail: when the password box is empty, the condition
data.joinCoderesults in a falsy value. As a result, no key with the namejoinCodeis sent, preventing the password from unsetting. The backend, however, expects an empty string ('') to unset the password. To resolve this, a small fix was implemented. ThegetDirtyFieldsreturns a key ofjoinCodeRequiredwhen the password to access toggle changes. So, i used that property to create a new condition to check for the existence of this key. If it exists, an object namedjoinCodewith an empty string value is created and sent to the backend to address the issue.Issue(s)
Closes #31506
2024-01-21.21-28-26.mp4
Steps to test or reproduce
The steps to reproduce is mentioned in the issue I created, which is #31506.
Further comments
Just a very small but important fix.