Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File uploading by App returns unexpected error #22974

Closed
pedrodeandrade opened this issue Aug 19, 2021 · 1 comment · Fixed by #23393
Closed

File uploading by App returns unexpected error #22974

pedrodeandrade opened this issue Aug 19, 2021 · 1 comment · Fixed by #23393

Comments

@pedrodeandrade
Copy link

Description:

When trying to upload a file in behalf of a user in a Livechat room using a app it returns a
error saying it's forbidden.

unsuccessfulUpload

When trying to upload a file using an app on a RocketChat server below 3.16.0 version it works as expected

successfulUpload

When I try to upload a file with a visitor token instead of a user it works correctly no matter the RocketChat version.

Here is the error message and stack trace that is returned by the server:
"{\"message\":\"Forbidden [forbidden]\",\"stack\":\"Error: Forbidden [forbidden]\\n at Object.<anonymous> (packages/jalik:ufs/ufs-store.js:339:12)\\n at packages/matb33:collection-hooks/insert.js:16:28\\n at Array.forEach (<anonymous>)\\n at Object.<anonymous> (packages/matb33:collection-hooks/insert.js:15:22)\\n at Object.collection.<computed> [as insert] (packages/matb33:collection-hooks/collection-hooks.js:93:21)\\n at ns.Collection.insert (packages/mongo/collection.js:523:39)\\n at ns.Collection.Mongo.Collection.<computed> [as insert] (packages/dispatch_run-as-user.js:325:19)\\n at BaseDb.insert (app/models/server/models/_BaseDb.js:278:33)\\n at ns.Collection.model.insert (app/models/server/models/_BaseDb.js:129:16)\\n at GridFSStore.Store.self.create (packages/jalik:ufs/ufs-store.js:202:33)\\n at FileUploadClass._doInsert (app/file-upload/server/lib/FileUpload.js:573:29)\\n at FileUploadClass.insert (app/file-upload/server/lib/FileUpload.js:613:15)\\n at FileUploadClass.insertSync (packages/meteor.js:306:21)\\n at app/apps/server/bridges/uploads.ts:59:36\\n at runWithEnvironment (packages/meteor.js:1286:24)\\n at packages/meteor.js:1299:14\\n at new Promise (<anonymous>)\\n at app/apps/server/bridges/uploads.ts:57:10\\n at /app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40\"}"

Steps to reproduce

  1. Create a app with a endpoint to upload a file in a room. The image below represents how I am doing the upload:

fileUpload

  1. Start a Livechat chat

  2. Send a request to the endpoint passing the file, the ID of the Livechat room and the username of the user that is uploading the file

Expected behavior:

It should upload a file in a Livechat room in behalf of a user

Actual behavior:

It returns a error saying it's forbidden

Server Setup Information:

  • Version of Rocket.Chat Server: 3.17.1 Enterprise
  • Operating System: Linux
  • Deployment Method: Docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: v12.22.1
  • MongoDB Version: 4.0.22

Client Setup Information:

  • Desktop App or Browser Version: Brave 1.24.82
  • Operating System: Linux Mint 20
@yashovardhan
Copy link

Hey there,

Thanks a lot for reporting this. Since you're an enterprise customer, can you please generate a support ticket? This way your issue will be dealt with on priority. In the meantime I'll try to get this checked as soon as possible from my side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants