[FIX] Deactivate users that are the last owner of a room using REST A…

…PI (#18864) * test: add e2e tests for REST API user deactivation * fix(app): read confirmRelinquish from HTTP request * chore(app): remove unnecessary console.log
RocketChat · Sep 17, 2020 · 0147927 · 0147927
1 parent 457b967
commit 0147927
Show file tree

Hide file tree

Showing 3 changed files with 561 additions and 36 deletions.
diff --git a/app/api/server/v1/users.js b/app/api/server/v1/users.js
@@ -98,8 +98,10 @@ API.v1.addRoute('users.deleteOwnAccount', { authRequired: true }, {
 			throw new Meteor.Error('error-not-allowed', 'Not allowed');
 		}
 
+		const { confirmRelinquish = false } = this.requestParams();
+
 		Meteor.runAsUser(this.userId, () => {
-			Meteor.call('deleteUserOwnAccount', password);
+			Meteor.call('deleteUserOwnAccount', password, confirmRelinquish);
 		});
 
 		return API.v1.success();
@@ -133,7 +135,8 @@ API.v1.addRoute('users.setActiveStatus', { authRequired: true }, {
 		}
 
 		Meteor.runAsUser(this.userId, () => {
-			Meteor.call('setUserActiveStatus', this.bodyParams.userId, this.bodyParams.activeStatus, this.bodyParams.confirmRelinquish);
+			const { userId, activeStatus, confirmRelinquish = false } = this.bodyParams;
+			Meteor.call('setUserActiveStatus', userId, activeStatus, confirmRelinquish);
 		});
 		return API.v1.success({ user: Users.findOneById(this.bodyParams.userId, { fields: { active: 1 } }) });
 	},
@@ -463,8 +466,10 @@ API.v1.addRoute('users.update', { authRequired: true, twoFactorRequired: true },
 		}
 
 		if (typeof this.bodyParams.data.active !== 'undefined') {
+			const { userId, data: { active }, confirmRelinquish = false } = this.bodyParams;
+
 			Meteor.runAsUser(this.userId, () => {
-				Meteor.call('setUserActiveStatus', this.bodyParams.userId, this.bodyParams.data.active);
+				Meteor.call('setUserActiveStatus', userId, active, confirmRelinquish);
 			});
 		}
 		const { fields } = this.parseJsonQuery();

diff --git a/tests/data/rooms.helper.js b/tests/data/rooms.helper.js
@@ -1,6 +1,6 @@
 import { api, credentials, request } from './api-data';
 
-export const createRoom = ({ name, type, username }) => {
+export const createRoom = ({ name, type, username, members = [] }) => {
 	if (!type) {
 		throw new Error('"type" is required in "createRoom" test helper');
 	}
@@ -18,7 +18,10 @@ export const createRoom = ({ name, type, username }) => {
 
 	return request.post(api(endpoints[type]))
 		.set(credentials)
-		.send(params);
+		.send({
+			...params,
+			members,
+		});
 };
 
 export const closeRoom = ({ type, roomId }) => {