From 7d4132bcf81c65f0d1f0fc6335050ff479289923 Mon Sep 17 00:00:00 2001
From: matheusbsilva137 <matheus_barbosa137@hotmail.com>
Date: Mon, 22 Apr 2024 12:12:19 -0300
Subject: [PATCH 1/6] fix: use settings' packageValue as a fallback to LDAP
 sync intervals

---
 apps/meteor/ee/server/configuration/ldap.ts | 6 +++++-
 apps/meteor/package.json                    | 1 +
 yarn.lock                                   | 8 ++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/apps/meteor/ee/server/configuration/ldap.ts b/apps/meteor/ee/server/configuration/ldap.ts
index 27c47fdec408..055401f40b05 100644
--- a/apps/meteor/ee/server/configuration/ldap.ts
+++ b/apps/meteor/ee/server/configuration/ldap.ts
@@ -1,6 +1,8 @@
 import type { IImportUser, ILDAPEntry, IUser } from '@rocket.chat/core-typings';
 import { cronJobs } from '@rocket.chat/cron';
 import { License } from '@rocket.chat/license';
+import { Settings } from '@rocket.chat/models';
+import { isValidCron } from 'cron-validator';
 import { Meteor } from 'meteor/meteor';
 
 import { settings } from '../../../app/settings/server';
@@ -28,7 +30,9 @@ Meteor.startup(async () => {
 				}
 
 				const settingValue = settings.get<string>(intervalSetting);
-				const schedule = ldapIntervalValuesToCronMap[settingValue] ?? settingValue;
+				const schedule =
+					ldapIntervalValuesToCronMap[settingValue] ??
+					(isValidCron(settingValue) ? settingValue : ((await Settings.findOneById(intervalSetting))?.packageValue as string));
 				if (schedule) {
 					if (schedule !== lastSchedule && (await cronJobs.has(jobName))) {
 						await cronJobs.remove(jobName);
diff --git a/apps/meteor/package.json b/apps/meteor/package.json
index 6218697fc752..3c84ce2a743f 100644
--- a/apps/meteor/package.json
+++ b/apps/meteor/package.json
@@ -324,6 +324,7 @@
 		"cookie-parser": "^1.4.6",
 		"cors": "^2.8.5",
 		"cron": "~1.8.2",
+		"cron-validator": "^1.3.1",
 		"css-vars-ponyfill": "^2.4.9",
 		"csv-parse": "^5.2.0",
 		"date-fns": "^2.28.0",
diff --git a/yarn.lock b/yarn.lock
index d673977ca191..b8d8930b3825 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -9734,6 +9734,7 @@ __metadata:
     cookie-parser: ^1.4.6
     cors: ^2.8.5
     cron: ~1.8.2
+    cron-validator: ^1.3.1
     cross-env: ^7.0.3
     css-vars-ponyfill: ^2.4.9
     csv-parse: ^5.2.0
@@ -20492,6 +20493,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cron-validator@npm:^1.3.1":
+  version: 1.3.1
+  resolution: "cron-validator@npm:1.3.1"
+  checksum: 82895b417bc35a96c8ad8501d2f236492403ba6e35c1112762e9573939eb15cd80bd0693d5ae95e3a15e15fc6442b1a6e6cc3dd0f740f0a3320b202082aeabec
+  languageName: node
+  linkType: hard
+
 "cron@npm:~1.8.2":
   version: 1.8.2
   resolution: "cron@npm:1.8.2"

From 3c8782a84ffa96b98a4e93ab6cf4a2a75e153ce0 Mon Sep 17 00:00:00 2001
From: matheusbsilva137 <matheus_barbosa137@hotmail.com>
Date: Mon, 22 Apr 2024 12:13:00 -0300
Subject: [PATCH 2/6] fix: add migration to update the packageValue of LDAP
 sync interval settings

---
 .../meteor/server/startup/migrations/index.ts |  1 +
 apps/meteor/server/startup/migrations/v308.ts | 31 +++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 apps/meteor/server/startup/migrations/v308.ts

diff --git a/apps/meteor/server/startup/migrations/index.ts b/apps/meteor/server/startup/migrations/index.ts
index ca749c3c2086..71ef63582e5b 100644
--- a/apps/meteor/server/startup/migrations/index.ts
+++ b/apps/meteor/server/startup/migrations/index.ts
@@ -40,5 +40,6 @@ import './v304';
 import './v305';
 import './v306';
 import './v307';
+import './v308';
 
 export * from './xrun';
diff --git a/apps/meteor/server/startup/migrations/v308.ts b/apps/meteor/server/startup/migrations/v308.ts
new file mode 100644
index 000000000000..fc27fdd31868
--- /dev/null
+++ b/apps/meteor/server/startup/migrations/v308.ts
@@ -0,0 +1,31 @@
+import type { ISetting } from '@rocket.chat/core-typings';
+import { Settings } from '@rocket.chat/models';
+import { isValidCron } from 'cron-validator';
+
+import { addMigration } from '../../lib/migrations';
+
+addMigration({
+	version: 308,
+	name: 'Update packageValue from LDAP interval settings',
+	async up() {
+		const newAvatarSyncPackageValue = '0 0 * * *';
+		const newAutoLogoutPackageValue = '*/5 * * * *';
+		const ldapAvatarSyncInterval = await Settings.findOneById<Pick<ISetting, 'value'>>('LDAP_Background_Sync_Avatars_Interval', {
+			projection: { value: 1 },
+		});
+		const ldapAutoLogoutInterval = await Settings.findOneById<Pick<ISetting, 'value'>>('LDAP_Sync_AutoLogout_Interval', {
+			projection: { value: 1 },
+		});
+		const isValidAvatarSyncInterval = ldapAvatarSyncInterval && isValidCron(ldapAvatarSyncInterval.value as string);
+		const isValidAutoLogoutInterval = ldapAutoLogoutInterval && isValidCron(ldapAutoLogoutInterval.value as string);
+
+		await Settings.updateOne(
+			{ _id: 'LDAP_Background_Sync_Avatars_Interval' },
+			{ $set: { packageValue: newAvatarSyncPackageValue, ...(!isValidAvatarSyncInterval && { value: newAvatarSyncPackageValue }) } },
+		);
+		await Settings.updateOne(
+			{ _id: 'LDAP_Sync_AutoLogout_Interval' },
+			{ $set: { packageValue: newAutoLogoutPackageValue, ...(!isValidAutoLogoutInterval && { value: newAutoLogoutPackageValue }) } },
+		);
+	},
+});

From 46164d091dd69442633a7f501662e8c73a4c6ed7 Mon Sep 17 00:00:00 2001
From: Matheus Barbosa Silva
 <36537004+matheusbsilva137@users.noreply.github.com>
Date: Mon, 22 Apr 2024 12:19:10 -0300
Subject: [PATCH 3/6] Create changeset

---
 .changeset/sixty-vans-grab.md | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 .changeset/sixty-vans-grab.md

diff --git a/.changeset/sixty-vans-grab.md b/.changeset/sixty-vans-grab.md
new file mode 100644
index 000000000000..3582685745ef
--- /dev/null
+++ b/.changeset/sixty-vans-grab.md
@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": major
+"@rocket.chat/i18n": patch
+---
+
+Fixed issue with LDAP sync triggering multiple cron jobs in case an invalid sync interval is provided

From 271f4b8e8e16e4e3781c10174656f9bac567e634 Mon Sep 17 00:00:00 2001
From: Matheus Barbosa Silva
 <36537004+matheusbsilva137@users.noreply.github.com>
Date: Thu, 9 May 2024 17:48:28 -0300
Subject: [PATCH 4/6] chore!: Improve permissions check on oauth-apps endpoints
 (#32338)

Co-authored-by: Marcos Spessatto Defendi <marcos.defendi@rocket.chat>
---
 apps/meteor/app/api/server/v1/oauthapps.ts | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/apps/meteor/app/api/server/v1/oauthapps.ts b/apps/meteor/app/api/server/v1/oauthapps.ts
index 97d489295d42..29e79d1ffa98 100644
--- a/apps/meteor/app/api/server/v1/oauthapps.ts
+++ b/apps/meteor/app/api/server/v1/oauthapps.ts
@@ -1,7 +1,6 @@
 import { OAuthApps } from '@rocket.chat/models';
 import { isUpdateOAuthAppParams, isOauthAppsGetParams, isOauthAppsAddParams, isDeleteOAuthAppParams } from '@rocket.chat/rest-typings';
 
-import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 import { apiDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger';
 import { addOAuthApp } from '../../../oauth2-server-config/server/admin/functions/addOAuthApp';
 import { API } from '../api';
@@ -20,7 +19,7 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'oauth-apps.get',
-	{ authRequired: true, validateParams: isOauthAppsGetParams },
+	{ authRequired: true, validateParams: isOauthAppsGetParams, permissionsRequired: ['manage-oauth-apps'] },
 	{
 		async get() {
 			const isOAuthAppsManager = await hasPermissionAsync(this.userId, 'manage-oauth-apps');

From 18db7434d713552b04226c3ff59fb9775a1ff0fe Mon Sep 17 00:00:00 2001
From: Matheus Barbosa Silva
 <36537004+matheusbsilva137@users.noreply.github.com>
Date: Tue, 6 Aug 2024 12:53:19 -0300
Subject: [PATCH 5/6] Fix changeset

---
 .changeset/sixty-vans-grab.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.changeset/sixty-vans-grab.md b/.changeset/sixty-vans-grab.md
index 3582685745ef..97b33b207a7f 100644
--- a/.changeset/sixty-vans-grab.md
+++ b/.changeset/sixty-vans-grab.md
@@ -1,6 +1,5 @@
 ---
 "@rocket.chat/meteor": major
-"@rocket.chat/i18n": patch
 ---
 
 Fixed issue with LDAP sync triggering multiple cron jobs in case an invalid sync interval is provided

From 816102ff620619d8caa90234064827c761aeb31e Mon Sep 17 00:00:00 2001
From: matheusbsilva137 <matheus_barbosa137@hotmail.com>
Date: Tue, 8 Oct 2024 13:58:58 -0300
Subject: [PATCH 6/6] remove unrelated changes

---
 apps/meteor/app/api/server/v1/oauthapps.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/meteor/app/api/server/v1/oauthapps.ts b/apps/meteor/app/api/server/v1/oauthapps.ts
index 29e79d1ffa98..97d489295d42 100644
--- a/apps/meteor/app/api/server/v1/oauthapps.ts
+++ b/apps/meteor/app/api/server/v1/oauthapps.ts
@@ -1,6 +1,7 @@
 import { OAuthApps } from '@rocket.chat/models';
 import { isUpdateOAuthAppParams, isOauthAppsGetParams, isOauthAppsAddParams, isDeleteOAuthAppParams } from '@rocket.chat/rest-typings';
 
+import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 import { apiDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger';
 import { addOAuthApp } from '../../../oauth2-server-config/server/admin/functions/addOAuthApp';
 import { API } from '../api';
@@ -19,7 +20,7 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'oauth-apps.get',
-	{ authRequired: true, validateParams: isOauthAppsGetParams, permissionsRequired: ['manage-oauth-apps'] },
+	{ authRequired: true, validateParams: isOauthAppsGetParams },
 	{
 		async get() {
 			const isOAuthAppsManager = await hasPermissionAsync(this.userId, 'manage-oauth-apps');