Rocket.chat: SendMessage ignores archive-flag

Created on 10 Dec 2018  路  8Comments  路  Source: RocketChat/Rocket.Chat

Description:

It is possible to send messages even if a room is archived. The client shows a 'This room is read only' message but via the api it is still possible to send messages because there is no backend check. Even some of the clients were still able to write messages because they did not receive an update for the room(?)/did not reload.

Steps to reproduce:

  1. Archive an existing room
  2. Send a message via the api or (in some cases) even the client. Reloading blocks the client but the api still works.

Expected behavior:

The backend should check for the archived-flag and reject the message

Actual behavior:

The message is saved as if the room was not archived

Server Setup Information:

  • Version of Rocket.Chat Server: 0.71.1
  • Operating System: debian 9.5
  • Deployment Method: docker
  • Number of Running Instances:1
  • DB Replicaset Oplog:
  • NodeJS Version:
  • MongoDB Version:
api rest
Source
picture smoehrle
👍2 😕1

Most helpful comment

Sorry for the long delay, I'll fix it for the next release. Thanks for let us know. :+1:

picture MarcosSpessatto on 8 Jan 2019
2

All 8 comments

this also happens with readonly rooms or rooms you've been muted in

:cold_sweat: don't let the vandals know...

vynmera picture vynmera on 10 Dec 2018

How did you manage to get this to work with readonly rooms and rooms you've been muted in?

For a room were I have been muted, I get something like this:
ddp_asyncio.exceptions.RemoteMethodError: [You can't send messages because you have been muted]
And when I set a room to readonly all users get automatically muted, even the owner. Only with admin privileges I'm still able to write.

smoehrle picture smoehrle on 12 Dec 2018

try the other API? theres 2 @smoehrle

vynmera picture vynmera on 12 Dec 2018

I just found this too on my side. The channels I archived which were still appearing to my other users (since I'm not updating the data about archived channels yet in realtime) allowed the messages that were sent after archive.

In my case I'm using chat.postMessage to send the messages and channels.archive to archive a channel

reyalpsirc picture reyalpsirc on 13 Dec 2018

@MarcosSpessatto fyi

graywolf336 picture graywolf336 on 18 Dec 2018
👍2

@MarcosSpessatto any news on this?

reyalpsirc picture reyalpsirc on 7 Jan 2019

Would, too, like to hear a status update. This is a bomb waiting to blow for every team.. (especially factoring in the readonly/muted)

vynmera picture vynmera on 7 Jan 2019
👍1

Sorry for the long delay, I'll fix it for the next release. Thanks for let us know. :+1:

MarcosSpessatto picture MarcosSpessatto on 8 Jan 2019
2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

antn89 picture antn89  路  3Comments
amayer5125 picture amayer5125  路  3Comments
ghost picture ghost  路  3Comments
neha1deshmukh picture neha1deshmukh  路  3Comments
Kiran-Rao picture Kiran-Rao  路  3Comments