You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When trying to upload a file in behalf of a user in a Livechat room using a app it returns a
error saying it's forbidden.
When trying to upload a file using an app on a RocketChat server below 3.16.0 version it works as expected
When I try to upload a file with a visitor token instead of a user it works correctly no matter the RocketChat version.
Here is the error message and stack trace that is returned by the server: "{\"message\":\"Forbidden [forbidden]\",\"stack\":\"Error: Forbidden [forbidden]\\n at Object.<anonymous> (packages/jalik:ufs/ufs-store.js:339:12)\\n at packages/matb33:collection-hooks/insert.js:16:28\\n at Array.forEach (<anonymous>)\\n at Object.<anonymous> (packages/matb33:collection-hooks/insert.js:15:22)\\n at Object.collection.<computed> [as insert] (packages/matb33:collection-hooks/collection-hooks.js:93:21)\\n at ns.Collection.insert (packages/mongo/collection.js:523:39)\\n at ns.Collection.Mongo.Collection.<computed> [as insert] (packages/dispatch_run-as-user.js:325:19)\\n at BaseDb.insert (app/models/server/models/_BaseDb.js:278:33)\\n at ns.Collection.model.insert (app/models/server/models/_BaseDb.js:129:16)\\n at GridFSStore.Store.self.create (packages/jalik:ufs/ufs-store.js:202:33)\\n at FileUploadClass._doInsert (app/file-upload/server/lib/FileUpload.js:573:29)\\n at FileUploadClass.insert (app/file-upload/server/lib/FileUpload.js:613:15)\\n at FileUploadClass.insertSync (packages/meteor.js:306:21)\\n at app/apps/server/bridges/uploads.ts:59:36\\n at runWithEnvironment (packages/meteor.js:1286:24)\\n at packages/meteor.js:1299:14\\n at new Promise (<anonymous>)\\n at app/apps/server/bridges/uploads.ts:57:10\\n at /app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40\"}"
Steps to reproduce
Create a app with a endpoint to upload a file in a room. The image below represents how I am doing the upload:
Start a Livechat chat
Send a request to the endpoint passing the file, the ID of the Livechat room and the username of the user that is uploading the file
Expected behavior:
It should upload a file in a Livechat room in behalf of a user
Actual behavior:
It returns a error saying it's forbidden
Server Setup Information:
Version of Rocket.Chat Server: 3.17.1 Enterprise
Operating System: Linux
Deployment Method: Docker
Number of Running Instances: 1
DB Replicaset Oplog:
NodeJS Version: v12.22.1
MongoDB Version: 4.0.22
Client Setup Information:
Desktop App or Browser Version: Brave 1.24.82
Operating System: Linux Mint 20
The text was updated successfully, but these errors were encountered:
Thanks a lot for reporting this. Since you're an enterprise customer, can you please generate a support ticket? This way your issue will be dealt with on priority. In the meantime I'll try to get this checked as soon as possible from my side.
Description:
When trying to upload a file in behalf of a user in a Livechat room using a app it returns a
error saying it's forbidden.
When trying to upload a file using an app on a RocketChat server below 3.16.0 version it works as expected
When I try to upload a file with a visitor token instead of a user it works correctly no matter the RocketChat version.
Here is the error message and stack trace that is returned by the server:
"{\"message\":\"Forbidden [forbidden]\",\"stack\":\"Error: Forbidden [forbidden]\\n at Object.<anonymous> (packages/jalik:ufs/ufs-store.js:339:12)\\n at packages/matb33:collection-hooks/insert.js:16:28\\n at Array.forEach (<anonymous>)\\n at Object.<anonymous> (packages/matb33:collection-hooks/insert.js:15:22)\\n at Object.collection.<computed> [as insert] (packages/matb33:collection-hooks/collection-hooks.js:93:21)\\n at ns.Collection.insert (packages/mongo/collection.js:523:39)\\n at ns.Collection.Mongo.Collection.<computed> [as insert] (packages/dispatch_run-as-user.js:325:19)\\n at BaseDb.insert (app/models/server/models/_BaseDb.js:278:33)\\n at ns.Collection.model.insert (app/models/server/models/_BaseDb.js:129:16)\\n at GridFSStore.Store.self.create (packages/jalik:ufs/ufs-store.js:202:33)\\n at FileUploadClass._doInsert (app/file-upload/server/lib/FileUpload.js:573:29)\\n at FileUploadClass.insert (app/file-upload/server/lib/FileUpload.js:613:15)\\n at FileUploadClass.insertSync (packages/meteor.js:306:21)\\n at app/apps/server/bridges/uploads.ts:59:36\\n at runWithEnvironment (packages/meteor.js:1286:24)\\n at packages/meteor.js:1299:14\\n at new Promise (<anonymous>)\\n at app/apps/server/bridges/uploads.ts:57:10\\n at /app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40\"}"
Steps to reproduce
Start a Livechat chat
Send a request to the endpoint passing the file, the ID of the Livechat room and the username of the user that is uploading the file
Expected behavior:
It should upload a file in a Livechat room in behalf of a user
Actual behavior:
It returns a error saying it's forbidden
Server Setup Information:
Client Setup Information:
The text was updated successfully, but these errors were encountered: