Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chore: Rest API query parameters handling #25648

Merged
merged 3 commits into from
May 26, 2022
Merged

Chore: Rest API query parameters handling #25648

merged 3 commits into from
May 26, 2022

Conversation

ggazzo
Copy link
Member

@ggazzo ggazzo commented May 26, 2022

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

@ggazzo ggazzo requested a review from a team as a code owner May 26, 2022 18:30
d-gubert
d-gubert previously approved these changes May 26, 2022
@ggazzo ggazzo merged commit 31ae30f into develop May 26, 2022
@ggazzo ggazzo deleted the chore/query branch May 26, 2022 22:11
@d-gubert d-gubert mentioned this pull request May 31, 2022
albuquerquefabio added a commit that referenced this pull request Jun 2, 2022
commit 19a996a
Author: Douglas Fabris <devfabris@gmail.com>
Date:   Thu Jun 2 11:58:46 2022 -0300

    [FIX] Unnecessary padding on teams channels footer (#25712)

commit 8274ba3
Author: Hugo Costa <hugocarreiracosta@gmail.com>
Date:   Thu Jun 2 11:00:52 2022 -0300

    [FIX] Messages spacing (#25631)

    * fix(fuselage): adding sequential param to Message Component

    * chore: updating fuselage version

    * fix: updating yarn.lock

    * fix yarn.lock

    * Update fuselage

    * remove dev deps

    Co-authored-by: gabriellsh <gabriel.henriques@rocket.chat>

commit d24789a
Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
Date:   Wed Jun 1 17:09:34 2022 -0300

    Chore: Custom Sounds Endpoints (#25633)

commit db257d3
Author: Murtaza Patrawala <34130764+murtaza98@users.noreply.github.com>
Date:   Wed Jun 1 22:11:12 2022 +0530

    [FIX] User's with non-agent role shown on voip agent association model (#25682)

commit c8fba6f
Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
Date:   Wed Jun 1 13:37:58 2022 -0300

    Fix CI

commit afbb708
Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
Date:   Wed Jun 1 13:09:17 2022 -0300

    fix CI

commit c5def57
Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
Date:   Wed Jun 1 12:27:08 2022 -0300

    Chore: Convert CreateChannelWithData (#25667)

commit bcd4b1b
Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
Date:   Wed Jun 1 12:25:58 2022 -0300

    Chore: Convert UserAutoCompleteMultiple (#25587)

    Co-authored-by: julia foresti <juliaforesti@julias-MacBook-Pro.local>

commit 08656e3
Author: amolghode1981 <86001342+amolghode1981@users.noreply.github.com>
Date:   Wed Jun 1 20:55:32 2022 +0530

    Chore: Converting files from app/livechat folder from JS to TS (#25658)

commit c2c1bf4
Author: Jean Brito <jeanfbrito@gmail.com>
Date:   Wed Jun 1 11:36:08 2022 -0300

    Chore: Convert sidebar/header/actions (#25581)

    Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

commit 44d6798
Author: Aleksander Nicacio da Silva <aleksander.silva@rocket.chat>
Date:   Tue May 31 23:00:14 2022 -0300

    Chore: Converting omnichannel installation files to ts (#25665)

commit cd32f09
Author: Jean Brito <jeanfbrito@gmail.com>
Date:   Tue May 31 22:55:02 2022 -0300

    Chore: Convert to TS omnichannel/agent (#25511)

    Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

commit 6b41aa6
Author: Jean Brito <jeanfbrito@gmail.com>
Date:   Tue May 31 22:52:51 2022 -0300

    Chore: Convert components/sidebar to TS (#25429)

    Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

commit 6c1a7b1
Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
Date:   Tue May 31 22:52:04 2022 -0300

    Chore: Convert apps/meteor/client/sidebar/header/index (#25671)

commit 5b81dba
Author: Tasso Evangelista <tasso.evangelista@rocket.chat>
Date:   Tue May 31 22:51:27 2022 -0300

    Chore: Migrate some small helper functions to TypeScript (#25666)

commit ad67cd3
Author: Douglas Gubert <douglas.gubert@gmail.com>
Date:   Tue May 31 22:50:13 2022 -0300

    Merge master into develop & Set version to 5.0.0 (#25702)

commit 80fc5b7
Author: Douglas Gubert <douglas.gubert@gmail.com>
Date:   Tue May 31 17:05:29 2022 -0300

    Chore: Update Apps-Engine and Fuselage (#25700)

commit 88a8e8e
Author: Douglas Gubert <douglas.gubert@gmail.com>
Date:   Tue May 31 11:06:52 2022 -0300

    Regression: App event listeners broke Slackbridge integration and importers (#25689)

commit bf3483d
Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
Date:   Mon May 30 23:44:01 2022 -0300

    [FIX] Fix max-width message block (#25686)

commit b1d855e
Author: Sinyoung "Divinespear" Kang <divinespear@gmail.com>
Date:   Tue May 31 10:27:14 2022 +0900

    [FIX] Change form body parameter charset to UTF-8 to fix issue #25456 (#25673)

commit 51845b1
Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
Date:   Mon May 30 22:26:55 2022 -0300

    Regression: Fix sort field files.list (#25687)

    Co-authored-by: Fábio Albuquerque <albuquerquefabio@icloud.com>

commit 713120e
Author: Carlos Rodrigues <carlos.1994hrs@gmail.com>
Date:   Mon May 30 17:59:57 2022 -0300

    fix git conflict (#25684)

commit 62405c6
Author: Marcos Spessatto Defendi <marcos.defendi@rocket.chat>
Date:   Mon May 30 12:47:44 2022 -0300

    [FIX] Prevent federation crash on invite users as a non-owner user (#25683)

    * fix: prevent crashing when inviting someone as non-owner

    * chore: fix lint

commit d364be4
Author: Tasso Evangelista <tasso.evangelista@rocket.chat>
Date:   Mon May 30 11:21:16 2022 -0300

    Regression: Broken components on Federation and Engagement dashboards (#25653)

    * Fix odd typechecking issues with JSON modules

    * Avoid `data` as directory for modules

    * rename other `data` folder

    Co-authored-by: gabriellsh <gabriel.henriques@rocket.chat>

commit 4894fc2
Author: Douglas Fabris <devfabris@gmail.com>
Date:   Fri May 27 16:23:07 2022 -0300

    Regression: Update settings groups description (#25663)

commit 5a0d29f
Author: Hugo Costa <hugocarreiracosta@gmail.com>
Date:   Fri May 27 13:45:51 2022 -0300

    [FIX] Click to join button Jitsi Call (#25569)

    * fix: Click to join button Jitsi Call

    * Fix `yarn` references

    * fix: Old message Jitsi Button

    * Fix yarn references (again)

    * Update apps/meteor/app/action-links/client/lib/actionLinks.ts

    Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat>

    * fix: changing instance type

    Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat>

commit 78e57f5
Author: Fábio Albuquerque <albuquerquefabio@icloud.com>
Date:   Fri May 27 12:54:04 2022 -0300

    Regression: Endpoint types with Ajv Coercing data types (#25644)

commit 7dd89fc
Author: Kevin Aleman <kaleman960@gmail.com>
Date:   Fri May 27 02:20:57 2022 -0600

    Regression: Change logic to check if connection is online on unstable networks (#25618)

    * Change .race for .allsettled so rejections are handled better

    * improve to unstable check logic

    * CR suggestions

commit 195f90a
Author: Douglas Fabris <devfabris@gmail.com>
Date:   Thu May 26 23:37:56 2022 -0300

    Regression: Missing settings group descriptions (#25639)

commit 31ae30f
Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
Date:   Thu May 26 19:11:41 2022 -0300

    Chore: Rest API query parameters handling (#25648)

commit 052858d
Author: Aleksander Nicacio da Silva <aleksander.nsilva@gmail.com>
Date:   Thu May 26 18:36:07 2022 -0300

    Regression: VoIp wrap up modal not opening after call disconnect (#25651)

commit 3cd0cab
Author: Guilherme Jun Grillo <48109548+guijun13@users.noreply.github.com>
Date:   Thu May 26 15:39:15 2022 -0300

    [FIX] Remove 'total' text in admin info page (#25638)

    * fix: rm intial 'total' from rooms & total groups

    * fix: change key of 'total messages' title

    * feat: cr8 'total_rooms'='Total Rooms' in en.i18n

    replace it from 'rooms' title in rooms group

    * fix: change pt-BR.i18n to remove initial 'total'

commit 6f3133f
Author: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Date:   Thu May 26 13:28:48 2022 -0300

    Chore: Increase performance and security of integrations’ scripts (#25641)

commit cbb0844
Author: Hugo Costa <hugocarreiracosta@gmail.com>
Date:   Thu May 26 12:12:32 2022 -0300

    [FIX] Quote message spacing (#25613)

    * fix: default margins for outer quote

    * fix: Removing condition to style differently the inner quote

    * fix: updating yarn.lock

commit 2452448
Author: Douglas Fabris <devfabris@gmail.com>
Date:   Wed May 25 15:10:07 2022 -0300

    Regression: Assets & Slack Bridge Setting Page not rendering (#25629)

    * fix: RoomPickSettingInput

    * fix: assets page broken

commit ca4c020
Author: Henrique Guimarães Ribeiro <henrique.jobs1@gmail.com>
Date:   Tue May 24 22:39:11 2022 -0300

    Regression: Subscription menu not appearing for non installed but subscribed apps (#25627)

    * fix: 🐛 Fix subscribe menu option not appearing

    Fixed a problem on which the AppMenu component did not appear for apps that had an active subscription but weren't installed, now the rendering of the component is also based on the isSubscribed flag, and the appearance of the uninstall and enable/disable options are based on the app.installed flag.

    * fix: 🐛 Fix AppMenu overflow error on Marketplace/AppRow

    Fixed a visual error on which the AppMenu component would overflow the right side of its container and have part of itself hidden.

    * fix: 🐛 FIx isSubscribed wrongful typing

    Fixed an oversight where I've typed isSubscribed as string instead of boolean
albuquerquefabio added a commit that referenced this pull request Jun 2, 2022
commit 0179e1b
Author: albuquerquefabio <albuquerquefabio@icloud.com>
Date:   Thu Jun 2 13:32:52 2022 -0300

    Squashed commit of the following:

    commit 19a996a
    Author: Douglas Fabris <devfabris@gmail.com>
    Date:   Thu Jun 2 11:58:46 2022 -0300

        [FIX] Unnecessary padding on teams channels footer (#25712)

    commit 8274ba3
    Author: Hugo Costa <hugocarreiracosta@gmail.com>
    Date:   Thu Jun 2 11:00:52 2022 -0300

        [FIX] Messages spacing (#25631)

        * fix(fuselage): adding sequential param to Message Component

        * chore: updating fuselage version

        * fix: updating yarn.lock

        * fix yarn.lock

        * Update fuselage

        * remove dev deps

        Co-authored-by: gabriellsh <gabriel.henriques@rocket.chat>

    commit d24789a
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Wed Jun 1 17:09:34 2022 -0300

        Chore: Custom Sounds Endpoints (#25633)

    commit db257d3
    Author: Murtaza Patrawala <34130764+murtaza98@users.noreply.github.com>
    Date:   Wed Jun 1 22:11:12 2022 +0530

        [FIX] User's with non-agent role shown on voip agent association model (#25682)

    commit c8fba6f
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Wed Jun 1 13:37:58 2022 -0300

        Fix CI

    commit afbb708
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Wed Jun 1 13:09:17 2022 -0300

        fix CI

    commit c5def57
    Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
    Date:   Wed Jun 1 12:27:08 2022 -0300

        Chore: Convert CreateChannelWithData (#25667)

    commit bcd4b1b
    Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
    Date:   Wed Jun 1 12:25:58 2022 -0300

        Chore: Convert UserAutoCompleteMultiple (#25587)

        Co-authored-by: julia foresti <juliaforesti@julias-MacBook-Pro.local>

    commit 08656e3
    Author: amolghode1981 <86001342+amolghode1981@users.noreply.github.com>
    Date:   Wed Jun 1 20:55:32 2022 +0530

        Chore: Converting files from app/livechat folder from JS to TS (#25658)

    commit c2c1bf4
    Author: Jean Brito <jeanfbrito@gmail.com>
    Date:   Wed Jun 1 11:36:08 2022 -0300

        Chore: Convert sidebar/header/actions (#25581)

        Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

    commit 44d6798
    Author: Aleksander Nicacio da Silva <aleksander.silva@rocket.chat>
    Date:   Tue May 31 23:00:14 2022 -0300

        Chore: Converting omnichannel installation files to ts (#25665)

    commit cd32f09
    Author: Jean Brito <jeanfbrito@gmail.com>
    Date:   Tue May 31 22:55:02 2022 -0300

        Chore: Convert to TS omnichannel/agent (#25511)

        Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

    commit 6b41aa6
    Author: Jean Brito <jeanfbrito@gmail.com>
    Date:   Tue May 31 22:52:51 2022 -0300

        Chore: Convert components/sidebar to TS (#25429)

        Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

    commit 6c1a7b1
    Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
    Date:   Tue May 31 22:52:04 2022 -0300

        Chore: Convert apps/meteor/client/sidebar/header/index (#25671)

    commit 5b81dba
    Author: Tasso Evangelista <tasso.evangelista@rocket.chat>
    Date:   Tue May 31 22:51:27 2022 -0300

        Chore: Migrate some small helper functions to TypeScript (#25666)

    commit ad67cd3
    Author: Douglas Gubert <douglas.gubert@gmail.com>
    Date:   Tue May 31 22:50:13 2022 -0300

        Merge master into develop & Set version to 5.0.0 (#25702)

    commit 80fc5b7
    Author: Douglas Gubert <douglas.gubert@gmail.com>
    Date:   Tue May 31 17:05:29 2022 -0300

        Chore: Update Apps-Engine and Fuselage (#25700)

    commit 88a8e8e
    Author: Douglas Gubert <douglas.gubert@gmail.com>
    Date:   Tue May 31 11:06:52 2022 -0300

        Regression: App event listeners broke Slackbridge integration and importers (#25689)

    commit bf3483d
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Mon May 30 23:44:01 2022 -0300

        [FIX] Fix max-width message block (#25686)

    commit b1d855e
    Author: Sinyoung "Divinespear" Kang <divinespear@gmail.com>
    Date:   Tue May 31 10:27:14 2022 +0900

        [FIX] Change form body parameter charset to UTF-8 to fix issue #25456 (#25673)

    commit 51845b1
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Mon May 30 22:26:55 2022 -0300

        Regression: Fix sort field files.list (#25687)

        Co-authored-by: Fábio Albuquerque <albuquerquefabio@icloud.com>

    commit 713120e
    Author: Carlos Rodrigues <carlos.1994hrs@gmail.com>
    Date:   Mon May 30 17:59:57 2022 -0300

        fix git conflict (#25684)

    commit 62405c6
    Author: Marcos Spessatto Defendi <marcos.defendi@rocket.chat>
    Date:   Mon May 30 12:47:44 2022 -0300

        [FIX] Prevent federation crash on invite users as a non-owner user (#25683)

        * fix: prevent crashing when inviting someone as non-owner

        * chore: fix lint

    commit d364be4
    Author: Tasso Evangelista <tasso.evangelista@rocket.chat>
    Date:   Mon May 30 11:21:16 2022 -0300

        Regression: Broken components on Federation and Engagement dashboards (#25653)

        * Fix odd typechecking issues with JSON modules

        * Avoid `data` as directory for modules

        * rename other `data` folder

        Co-authored-by: gabriellsh <gabriel.henriques@rocket.chat>

    commit 4894fc2
    Author: Douglas Fabris <devfabris@gmail.com>
    Date:   Fri May 27 16:23:07 2022 -0300

        Regression: Update settings groups description (#25663)

    commit 5a0d29f
    Author: Hugo Costa <hugocarreiracosta@gmail.com>
    Date:   Fri May 27 13:45:51 2022 -0300

        [FIX] Click to join button Jitsi Call (#25569)

        * fix: Click to join button Jitsi Call

        * Fix `yarn` references

        * fix: Old message Jitsi Button

        * Fix yarn references (again)

        * Update apps/meteor/app/action-links/client/lib/actionLinks.ts

        Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat>

        * fix: changing instance type

        Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat>

    commit 78e57f5
    Author: Fábio Albuquerque <albuquerquefabio@icloud.com>
    Date:   Fri May 27 12:54:04 2022 -0300

        Regression: Endpoint types with Ajv Coercing data types (#25644)

    commit 7dd89fc
    Author: Kevin Aleman <kaleman960@gmail.com>
    Date:   Fri May 27 02:20:57 2022 -0600

        Regression: Change logic to check if connection is online on unstable networks (#25618)

        * Change .race for .allsettled so rejections are handled better

        * improve to unstable check logic

        * CR suggestions

    commit 195f90a
    Author: Douglas Fabris <devfabris@gmail.com>
    Date:   Thu May 26 23:37:56 2022 -0300

        Regression: Missing settings group descriptions (#25639)

    commit 31ae30f
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Thu May 26 19:11:41 2022 -0300

        Chore: Rest API query parameters handling (#25648)

    commit 052858d
    Author: Aleksander Nicacio da Silva <aleksander.nsilva@gmail.com>
    Date:   Thu May 26 18:36:07 2022 -0300

        Regression: VoIp wrap up modal not opening after call disconnect (#25651)

    commit 3cd0cab
    Author: Guilherme Jun Grillo <48109548+guijun13@users.noreply.github.com>
    Date:   Thu May 26 15:39:15 2022 -0300

        [FIX] Remove 'total' text in admin info page (#25638)

        * fix: rm intial 'total' from rooms & total groups

        * fix: change key of 'total messages' title

        * feat: cr8 'total_rooms'='Total Rooms' in en.i18n

        replace it from 'rooms' title in rooms group

        * fix: change pt-BR.i18n to remove initial 'total'

    commit 6f3133f
    Author: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
    Date:   Thu May 26 13:28:48 2022 -0300

        Chore: Increase performance and security of integrations’ scripts (#25641)

    commit cbb0844
    Author: Hugo Costa <hugocarreiracosta@gmail.com>
    Date:   Thu May 26 12:12:32 2022 -0300

        [FIX] Quote message spacing (#25613)

        * fix: default margins for outer quote

        * fix: Removing condition to style differently the inner quote

        * fix: updating yarn.lock

    commit 2452448
    Author: Douglas Fabris <devfabris@gmail.com>
    Date:   Wed May 25 15:10:07 2022 -0300

        Regression: Assets & Slack Bridge Setting Page not rendering (#25629)

        * fix: RoomPickSettingInput

        * fix: assets page broken

    commit ca4c020
    Author: Henrique Guimarães Ribeiro <henrique.jobs1@gmail.com>
    Date:   Tue May 24 22:39:11 2022 -0300

        Regression: Subscription menu not appearing for non installed but subscribed apps (#25627)

        * fix: 🐛 Fix subscribe menu option not appearing

        Fixed a problem on which the AppMenu component did not appear for apps that had an active subscription but weren't installed, now the rendering of the component is also based on the isSubscribed flag, and the appearance of the uninstall and enable/disable options are based on the app.installed flag.

        * fix: 🐛 Fix AppMenu overflow error on Marketplace/AppRow

        Fixed a visual error on which the AppMenu component would overflow the right side of its container and have part of itself hidden.

        * fix: 🐛 FIx isSubscribed wrongful typing

        Fixed an oversight where I've typed isSubscribed as string instead of boolean
albuquerquefabio added a commit that referenced this pull request Jun 2, 2022
commit 0179e1b
Author: albuquerquefabio <albuquerquefabio@icloud.com>
Date:   Thu Jun 2 13:32:52 2022 -0300

    Squashed commit of the following:

    commit 19a996a
    Author: Douglas Fabris <devfabris@gmail.com>
    Date:   Thu Jun 2 11:58:46 2022 -0300

        [FIX] Unnecessary padding on teams channels footer (#25712)

    commit 8274ba3
    Author: Hugo Costa <hugocarreiracosta@gmail.com>
    Date:   Thu Jun 2 11:00:52 2022 -0300

        [FIX] Messages spacing (#25631)

        * fix(fuselage): adding sequential param to Message Component

        * chore: updating fuselage version

        * fix: updating yarn.lock

        * fix yarn.lock

        * Update fuselage

        * remove dev deps

        Co-authored-by: gabriellsh <gabriel.henriques@rocket.chat>

    commit d24789a
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Wed Jun 1 17:09:34 2022 -0300

        Chore: Custom Sounds Endpoints (#25633)

    commit db257d3
    Author: Murtaza Patrawala <34130764+murtaza98@users.noreply.github.com>
    Date:   Wed Jun 1 22:11:12 2022 +0530

        [FIX] User's with non-agent role shown on voip agent association model (#25682)

    commit c8fba6f
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Wed Jun 1 13:37:58 2022 -0300

        Fix CI

    commit afbb708
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Wed Jun 1 13:09:17 2022 -0300

        fix CI

    commit c5def57
    Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
    Date:   Wed Jun 1 12:27:08 2022 -0300

        Chore: Convert CreateChannelWithData (#25667)

    commit bcd4b1b
    Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
    Date:   Wed Jun 1 12:25:58 2022 -0300

        Chore: Convert UserAutoCompleteMultiple (#25587)

        Co-authored-by: julia foresti <juliaforesti@julias-MacBook-Pro.local>

    commit 08656e3
    Author: amolghode1981 <86001342+amolghode1981@users.noreply.github.com>
    Date:   Wed Jun 1 20:55:32 2022 +0530

        Chore: Converting files from app/livechat folder from JS to TS (#25658)

    commit c2c1bf4
    Author: Jean Brito <jeanfbrito@gmail.com>
    Date:   Wed Jun 1 11:36:08 2022 -0300

        Chore: Convert sidebar/header/actions (#25581)

        Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

    commit 44d6798
    Author: Aleksander Nicacio da Silva <aleksander.silva@rocket.chat>
    Date:   Tue May 31 23:00:14 2022 -0300

        Chore: Converting omnichannel installation files to ts (#25665)

    commit cd32f09
    Author: Jean Brito <jeanfbrito@gmail.com>
    Date:   Tue May 31 22:55:02 2022 -0300

        Chore: Convert to TS omnichannel/agent (#25511)

        Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

    commit 6b41aa6
    Author: Jean Brito <jeanfbrito@gmail.com>
    Date:   Tue May 31 22:52:51 2022 -0300

        Chore: Convert components/sidebar to TS (#25429)

        Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com>

    commit 6c1a7b1
    Author: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com>
    Date:   Tue May 31 22:52:04 2022 -0300

        Chore: Convert apps/meteor/client/sidebar/header/index (#25671)

    commit 5b81dba
    Author: Tasso Evangelista <tasso.evangelista@rocket.chat>
    Date:   Tue May 31 22:51:27 2022 -0300

        Chore: Migrate some small helper functions to TypeScript (#25666)

    commit ad67cd3
    Author: Douglas Gubert <douglas.gubert@gmail.com>
    Date:   Tue May 31 22:50:13 2022 -0300

        Merge master into develop & Set version to 5.0.0 (#25702)

    commit 80fc5b7
    Author: Douglas Gubert <douglas.gubert@gmail.com>
    Date:   Tue May 31 17:05:29 2022 -0300

        Chore: Update Apps-Engine and Fuselage (#25700)

    commit 88a8e8e
    Author: Douglas Gubert <douglas.gubert@gmail.com>
    Date:   Tue May 31 11:06:52 2022 -0300

        Regression: App event listeners broke Slackbridge integration and importers (#25689)

    commit bf3483d
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Mon May 30 23:44:01 2022 -0300

        [FIX] Fix max-width message block (#25686)

    commit b1d855e
    Author: Sinyoung "Divinespear" Kang <divinespear@gmail.com>
    Date:   Tue May 31 10:27:14 2022 +0900

        [FIX] Change form body parameter charset to UTF-8 to fix issue #25456 (#25673)

    commit 51845b1
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Mon May 30 22:26:55 2022 -0300

        Regression: Fix sort field files.list (#25687)

        Co-authored-by: Fábio Albuquerque <albuquerquefabio@icloud.com>

    commit 713120e
    Author: Carlos Rodrigues <carlos.1994hrs@gmail.com>
    Date:   Mon May 30 17:59:57 2022 -0300

        fix git conflict (#25684)

    commit 62405c6
    Author: Marcos Spessatto Defendi <marcos.defendi@rocket.chat>
    Date:   Mon May 30 12:47:44 2022 -0300

        [FIX] Prevent federation crash on invite users as a non-owner user (#25683)

        * fix: prevent crashing when inviting someone as non-owner

        * chore: fix lint

    commit d364be4
    Author: Tasso Evangelista <tasso.evangelista@rocket.chat>
    Date:   Mon May 30 11:21:16 2022 -0300

        Regression: Broken components on Federation and Engagement dashboards (#25653)

        * Fix odd typechecking issues with JSON modules

        * Avoid `data` as directory for modules

        * rename other `data` folder

        Co-authored-by: gabriellsh <gabriel.henriques@rocket.chat>

    commit 4894fc2
    Author: Douglas Fabris <devfabris@gmail.com>
    Date:   Fri May 27 16:23:07 2022 -0300

        Regression: Update settings groups description (#25663)

    commit 5a0d29f
    Author: Hugo Costa <hugocarreiracosta@gmail.com>
    Date:   Fri May 27 13:45:51 2022 -0300

        [FIX] Click to join button Jitsi Call (#25569)

        * fix: Click to join button Jitsi Call

        * Fix `yarn` references

        * fix: Old message Jitsi Button

        * Fix yarn references (again)

        * Update apps/meteor/app/action-links/client/lib/actionLinks.ts

        Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat>

        * fix: changing instance type

        Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat>

    commit 78e57f5
    Author: Fábio Albuquerque <albuquerquefabio@icloud.com>
    Date:   Fri May 27 12:54:04 2022 -0300

        Regression: Endpoint types with Ajv Coercing data types (#25644)

    commit 7dd89fc
    Author: Kevin Aleman <kaleman960@gmail.com>
    Date:   Fri May 27 02:20:57 2022 -0600

        Regression: Change logic to check if connection is online on unstable networks (#25618)

        * Change .race for .allsettled so rejections are handled better

        * improve to unstable check logic

        * CR suggestions

    commit 195f90a
    Author: Douglas Fabris <devfabris@gmail.com>
    Date:   Thu May 26 23:37:56 2022 -0300

        Regression: Missing settings group descriptions (#25639)

    commit 31ae30f
    Author: Guilherme Gazzo <guilhermegazzo@gmail.com>
    Date:   Thu May 26 19:11:41 2022 -0300

        Chore: Rest API query parameters handling (#25648)

    commit 052858d
    Author: Aleksander Nicacio da Silva <aleksander.nsilva@gmail.com>
    Date:   Thu May 26 18:36:07 2022 -0300

        Regression: VoIp wrap up modal not opening after call disconnect (#25651)

    commit 3cd0cab
    Author: Guilherme Jun Grillo <48109548+guijun13@users.noreply.github.com>
    Date:   Thu May 26 15:39:15 2022 -0300

        [FIX] Remove 'total' text in admin info page (#25638)

        * fix: rm intial 'total' from rooms & total groups

        * fix: change key of 'total messages' title

        * feat: cr8 'total_rooms'='Total Rooms' in en.i18n

        replace it from 'rooms' title in rooms group

        * fix: change pt-BR.i18n to remove initial 'total'

    commit 6f3133f
    Author: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
    Date:   Thu May 26 13:28:48 2022 -0300

        Chore: Increase performance and security of integrations’ scripts (#25641)

    commit cbb0844
    Author: Hugo Costa <hugocarreiracosta@gmail.com>
    Date:   Thu May 26 12:12:32 2022 -0300

        [FIX] Quote message spacing (#25613)

        * fix: default margins for outer quote

        * fix: Removing condition to style differently the inner quote

        * fix: updating yarn.lock

    commit 2452448
    Author: Douglas Fabris <devfabris@gmail.com>
    Date:   Wed May 25 15:10:07 2022 -0300

        Regression: Assets & Slack Bridge Setting Page not rendering (#25629)

        * fix: RoomPickSettingInput

        * fix: assets page broken

    commit ca4c020
    Author: Henrique Guimarães Ribeiro <henrique.jobs1@gmail.com>
    Date:   Tue May 24 22:39:11 2022 -0300

        Regression: Subscription menu not appearing for non installed but subscribed apps (#25627)

        * fix: 🐛 Fix subscribe menu option not appearing

        Fixed a problem on which the AppMenu component did not appear for apps that had an active subscription but weren't installed, now the rendering of the component is also based on the isSubscribed flag, and the appearance of the uninstall and enable/disable options are based on the app.installed flag.

        * fix: 🐛 Fix AppMenu overflow error on Marketplace/AppRow

        Fixed a visual error on which the AppMenu component would overflow the right side of its container and have part of itself hidden.

        * fix: 🐛 FIx isSubscribed wrongful typing

        Fixed an oversight where I've typed isSubscribed as string instead of boolean
@casalsgh casalsgh added this to the 5.0.0 milestone Jun 21, 2022
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Aug 28, 2022
SAPI's find_rc_user_by_sapi_user_id is now failing
    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

I believe this is related to
	RocketChat#25722
	"API Invalid query parameter provided"
and caused by
	commit 31ae30f
	RocketChat#25648
	"Chore: Rest API query parameters handling"
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Sep 5, 2022
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

		`/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the issue

		RocketChat#25722
		"API Invalid query parameter provided"

and is caused by

		RocketChat#25648
		"Chore: Rest API query parameters handling"
		commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Sep 12, 2022
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Sep 13, 2022
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Aug 2, 2023
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Aug 10, 2023
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Aug 31, 2023
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Nov 29, 2023
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Dec 4, 2023
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Dec 4, 2023
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Feb 6, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Feb 9, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Apr 4, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Jun 3, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Jun 17, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Jul 1, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Sep 19, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Dec 5, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Dec 5, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Dec 5, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
nmagedman added a commit to seekingalpha/Rocket.Chat that referenced this pull request Dec 10, 2024
SAPI’s `find_rc_user_by_sapi_user_id` calls RC’s `users.list` API endpoint with

    `/api/v1/users.list?query={"customFields.sa_id": #{sapi_user_id}}`

This call fails under vanilla RC 4.8.4 with

    Error: Invalid attribute: customFields.sa_id [error-invalid-query]
    at Object.get (app/api/server/v1/users.js:330:11)

This problem is related to the Upstream issue RocketChat#25722

    "API Invalid query parameter provided"

and is caused by Upstream PR RocketChat#25648

    "Chore: Rest API query parameters handling"
    commit 31ae30f

which limited which MongoDB query filters may be passed in via the RC API.
That PR was correct to restrict the query, but did not whitelist enough fields.
SAPI’s current integration with RocketChat depends on `customFields` being exposed.

Security Considerations:
Although none of SAPI’s customFields contain sensitive data, other RC installations
might indeed store sensitive data there.  It’s not clear, therefore, whether this
patch should be PR’d upstream.

=====

UPDATE:
Apparently Upstream wasn't didn't share my security concern.  They accepted
a PR that was identical to one of the two changes that were here, namely
    apps/meteor/app/api/server/v1/users.ts
    ```
           inclusiveFieldsKeys.includes('name') && 'name.*',
           inclusiveFieldsKeys.includes('type') && 'type.*',
    +      inclusiveFieldsKeys.includes('customFields') && 'customFields.*',
         ].filter(Boolean) as string[],
    ```
See https://github.com/RocketChat/Rocket.Chat/pull/27423/files

My patch also has a second change, adding customFields to
    apps/meteor/app/api/server/lib/users.ts#getNonEmptyFields()
Since it wasn't included in the upstream PR, maybe it isn't actually needed?
I'm keeping it for now, but we should experiement and see if we can safely drop it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants