From 43cac742ef5e267bb6234f7ca8b963acd562529f Mon Sep 17 00:00:00 2001
From: Tasso Evangelista <tasso.evangelista@rocket.chat>
Date: Fri, 5 Aug 2022 11:46:13 -0300
Subject: [PATCH] [FIX] Request at least one field in the payload of
`/v1/users.setStatus` (#26490)
---
apps/meteor/app/api/server/v1/users.ts | 14 ++++++++++----
apps/meteor/tests/end-to-end/api/01-users.js | 13 +++++++++++++
2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/apps/meteor/app/api/server/v1/users.ts b/apps/meteor/app/api/server/v1/users.ts
index 944f33dce8d..95769585399 100644
--- a/apps/meteor/app/api/server/v1/users.ts
+++ b/apps/meteor/app/api/server/v1/users.ts
@@ -978,10 +978,16 @@ API.v1.addRoute(
post() {
check(
this.bodyParams,
- Match.ObjectIncluding({
- status: Match.Maybe(String),
- message: Match.Maybe(String),
- }),
+ Match.OneOf(
+ Match.ObjectIncluding({
+ status: Match.Maybe(String),
+ message: String,
+ }),
+ Match.ObjectIncluding({
+ status: String,
+ message: Match.Maybe(String),
+ }),
+ ),
);
if (!settings.get('Accounts_AllowUserStatusMessageChange')) {
diff --git a/apps/meteor/tests/end-to-end/api/01-users.js b/apps/meteor/tests/end-to-end/api/01-users.js
index 50149d8fddf..ed30f8a0ce3 100644
--- a/apps/meteor/tests/end-to-end/api/01-users.js
+++ b/apps/meteor/tests/end-to-end/api/01-users.js
@@ -3278,6 +3278,19 @@ describe('[Users]', function () {
await updateSetting('Accounts_AllowInvisibleStatusOption', true);
});
+ it('should return an error when the payload is missing all supported fields', (done) => {
+ request
+ .post(api('users.setStatus'))
+ .set(credentials)
+ .send({})
+ .expect('Content-Type', 'application/json')
+ .expect(400)
+ .expect((res) => {
+ expect(res.body).to.have.property('success', false);
+ expect(res.body.error).to.be.equal('Match error: Failed Match.OneOf, Match.Maybe or Match.Optional validation');
+ })
+ .end(done);
+ });
});
describe('[/users.removeOtherTokens]', () => {
--
GitLab