Skip to content

feat: Add OpenAPI Support to ldap API #35986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
ahmed-n-abdeltwab wants to merge 6 commits into
base: develop
Choose a base branch
from
Draft

feat: Add OpenAPI Support to ldap API #35986

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a79d36d
fix: the test was using POST instead of GET, updated the method
ahmed-n-abdeltwab Aug 7, 2025
ecc4d9f
feat: add openapi support for ldap APIs
ahmed-n-abdeltwab Aug 7, 2025
3cbb447
fix: remove unused ldap from rest-typings
ahmed-n-abdeltwab Aug 7, 2025
8df3d3c
Create breezy-months-destroy.md
ahmed-n-abdeltwab Aug 7, 2025
7ae3756
Merge branch 'develop' into feat/openapi-ldap
ahmed-n-abdeltwab Aug 7, 2025
2929e03
Merge branch 'develop' into feat/openapi-ldap
ahmed-n-abdeltwab Sep 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .changeset/breezy-months-destroy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
"@rocket.chat/meteor": patch
"@rocket.chat/rest-typings": patch
---

Add OpenAPI support for the Rocket.Chat ldap APIs endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
120 changes: 100 additions & 20 deletions apps/meteor/app/api/server/v1/ldap.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,42 +1,116 @@
import { LDAP } from '@rocket.chat/core-services';
import {
ajv,
validateUnauthorizedErrorResponse,
validateBadRequestErrorResponse,
validateForbiddenErrorResponse,
} from '@rocket.chat/rest-typings';
import { Match, check } from 'meteor/check';

import { SystemLogger } from '../../../../server/lib/logger/system';
import { settings } from '../../../settings/server';
import type { ExtractRoutesFromAPI } from '../ApiClass';
import { API } from '../api';

API.v1.addRoute(
'ldap.testConnection',
{ authRequired: true, permissionsRequired: ['test-admin-options'] },
{
async post() {
type ldapTestSearchProps = {
username: string;
};

const ldapTestSearchPropsSchema = {
type: 'object',
properties: {
username: {
type: 'string',
},
},
required: ['username'],
additionalProperties: false,
};

const isLdapTestSearch = ajv.compile<ldapTestSearchProps>(ldapTestSearchPropsSchema);

const ldapEndpoints = API.v1
.get(
'ldap.testConnection',
{
authRequired: true,
permissionsRequired: ['test-admin-options'],
response: {
200: ajv.compile<{
message: string;
}>({
type: 'object',
properties: {
message: {
type: 'string',
enum: ['LDAP_Connection_successful'],
},
success: {
type: 'boolean',
enum: [true],
description: 'Whether the connection was successful or not',
},
},
required: ['success', 'message'],
additionalProperties: false,
}),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,
403: validateForbiddenErrorResponse,
},
},
async function action() {
if (!this.userId) {
throw new Error('error-invalid-user');
throw new Meteor.Error('error-invalid-user');
}

if (settings.get<boolean>('LDAP_Enable') !== true) {
throw new Error('LDAP_disabled');
throw new Meteor.Error('LDAP_disabled');
}

try {
await LDAP.testConnection();
} catch (error) {
SystemLogger.error(error);
throw new Error('Connection_failed');
throw new Meteor.Error('Connection_failed');
}

return API.v1.success({
message: 'LDAP_Connection_successful' as const,
});
},
},
);

API.v1.addRoute(
'ldap.testSearch',
{ authRequired: true, permissionsRequired: ['test-admin-options'] },
{
async post() {
)
.post(
'ldap.testSearch',
{
authRequired: true,
permissionsRequired: ['test-admin-options'],
body: isLdapTestSearch,
response: {
200: ajv.compile<{
message: string;
}>({
type: 'object',
properties: {
message: {
type: 'string',
enum: ['LDAP_User_Found'],
},
success: {
type: 'boolean',
enum: [true],
description: 'Whether the connection was successful or not',
},
},
required: ['success', 'message'],
additionalProperties: false,
}),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,
403: validateForbiddenErrorResponse,
},
},
async function action() {
check(
this.bodyParams,
Match.ObjectIncluding({
Expand All @@ -45,11 +119,11 @@ API.v1.addRoute(
);

if (!this.userId) {
throw new Error('error-invalid-user');
throw new Meteor.Error('error-invalid-user');
}

if (settings.get('LDAP_Enable') !== true) {
throw new Error('LDAP_disabled');
throw new Meteor.Error('LDAP_disabled');
}

await LDAP.testSearch(this.bodyParams.username);
Expand All @@ -58,5 +132,11 @@ API.v1.addRoute(
message: 'LDAP_User_Found' as const,
});
},
},
);
);

export type LdapEndpoints = ExtractRoutesFromAPI<typeof ldapEndpoints>;

declare module '@rocket.chat/rest-typings' {
// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-interface
interface Endpoints extends LdapEndpoints {}
}
74 changes: 56 additions & 18 deletions apps/meteor/ee/server/api/ldap.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,36 +1,74 @@
import {
ajv,
validateUnauthorizedErrorResponse,
validateBadRequestErrorResponse,
validateForbiddenErrorResponse,
} from '@rocket.chat/rest-typings';

import type { ExtractRoutesFromAPI } from '../../../app/api/server/ApiClass';
import { API } from '../../../app/api/server/api';
import { hasPermissionAsync } from '../../../app/authorization/server/functions/hasPermission';
import { settings } from '../../../app/settings/server';
import { LDAPEE } from '../sdk';

API.v1.addRoute(
const ldapEndpoints = API.v1.post(
'ldap.syncNow',
{
authRequired: true,
forceTwoFactorAuthenticationForNonEnterprise: true,
twoFactorRequired: true,
body: ajv.compile<undefined>(false),
// license: ['ldap-enterprise'],
response: {
200: ajv.compile<{
message: string;
}>({
type: 'object',
properties: {
message: {
type: 'string',
enum: ['Sync_in_progress'],
},
success: {
type: 'boolean',
enum: [true],
description: 'Whether the connection was successful or not',
},
},
required: ['success', 'message'],
additionalProperties: false,
}),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,
403: validateForbiddenErrorResponse,
},
},
{
async post() {
if (!this.userId) {
throw new Error('error-invalid-user');
}

if (!(await hasPermissionAsync(this.userId, 'sync-auth-services-users'))) {
throw new Error('error-not-authorized');
}
async function action() {
if (!this.userId) {
throw new Meteor.Error('error-invalid-user');
}

if (settings.get('LDAP_Enable') !== true) {
throw new Error('LDAP_disabled');
}
if (!(await hasPermissionAsync(this.userId, 'sync-auth-services-users'))) {
throw new Meteor.Error('error-not-authorized');
}

await LDAPEE.sync();
await LDAPEE.syncAvatars();
if (settings.get('LDAP_Enable') !== true) {
throw new Meteor.Error('LDAP_disabled');
}

return API.v1.success({
message: 'Sync_in_progress' as const,
});
},
await LDAPEE.sync();
await LDAPEE.syncAvatars();

return API.v1.success({
message: 'Sync_in_progress' as const,
});
},
);

export type LdapEndpoints = ExtractRoutesFromAPI<typeof ldapEndpoints>;

declare module '@rocket.chat/rest-typings' {
// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-interface
interface Endpoints extends LdapEndpoints {}
}
2 changes: 1 addition & 1 deletion apps/meteor/tests/end-to-end/api/LDAP.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ describe('LDAP', function () {
it('should not allow testing LDAP connection if user does NOT have the test-admin-options permission', async () => {
await updatePermission('test-admin-options', []);
await request
.post(api('ldap.testConnection'))
.get(api('ldap.testConnection'))
.set(credentials)
.expect('Content-Type', 'application/json')
.expect(403)
Expand Down
2 changes: 0 additions & 2 deletions packages/rest-typings/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import type { InstancesEndpoints } from './v1/instances';
import type { IntegrationsEndpoints } from './v1/integrations';
import type { IntegrationHooksEndpoints } from './v1/integrations/hooks';
import type { InvitesEndpoints } from './v1/invites';
import type { LDAPEndpoints } from './v1/ldap';
import type { LicensesEndpoints } from './v1/licenses';
import type { MailerEndpoints } from './v1/mailer';
import type { MeEndpoints } from './v1/me';
Expand Down Expand Up @@ -63,7 +62,6 @@ export interface Endpoints
EmojiCustomEndpoints,
GroupsEndpoints,
ImEndpoints,
LDAPEndpoints,
RoomsEndpoints,
PushEndpoints,
RolesEndpoints,
Expand Down
40 changes: 0 additions & 40 deletions packages/rest-typings/src/v1/ldap.ts
View file
Open in desktop

This file was deleted.

Loading