fix(federation): leave a room is not propagating

[rodrigok]

https://rocketchat.atlassian.net/browse/FDR-236

Reverts 3a85856

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Bug Fixes
  • Prevented remote/federated users from being removed by non-local actors; such removal requests are ignored.
  • Made leaving federated rooms more reliable when local membership data is missing or out of sync.
• New Features
  • Leave workflows and callbacks now include optional "kicker" information, improving auditability of removals.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 559c7da

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[Copilot]

Pull Request Overview

This PR reverts a previous change that was preventing federation room leave operations from propagating properly. The fix removes a subscription check that was incorrectly blocking legitimate leave room operations in the federation matrix service.

• Removes subscription validation that was preventing room leave operations from executing
• Allows federation room leave events to propagate correctly by removing the early return condition

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Walkthrough

Added an optional kicker parameter to federated leave flows and updated callback and service signatures to pass { user, kicker? }. FederationMatrix.leaveRoom now ignores remote (federated) kickers and no longer requires a local subscription check before invoking the homeserver leave. Call sites were updated to forward the kicker.

Changes

Cohort / File(s)	Summary
FederationMatrix change ee/packages/federation-matrix/src/FederationMatrix.ts	Added optional kicker?: IUser to leaveRoom. If kicker is a federated (remote) user, the leave is ignored with a debug log. Removed prior local subscription existence guard before invoking Matrix leave.
Callback signature / callers apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts, apps/meteor/app/lib/server/functions/removeUserFromRoom.ts, apps/meteor/ee/server/hooks/federation/index.ts	Changed afterLeaveRoom callback type to accept (data: { user: IUser; kicker?: IUser }, room: IRoom). Callers now pass { user, kicker: options?.byUser } and forward kicker into FederationMatrix.leaveRoom(room._id, user, kicker).
Service interface packages/core-services/src/types/IFederationMatrixService.ts	Updated leaveRoom signature to leaveRoom(rid, user, kicker?) to match implementation change.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant RC as Rocket.Chat
  participant Callbacks as afterLeaveRoomCallback
  participant FM as FederationMatrix
  participant HS as Homeserver

  User->>RC: leave room (local action / kick)
  RC->>Callbacks: afterLeaveRoomCallback.run({ user, kicker? }, room)
  Callbacks->>FM: leaveRoom(roomId, user, kicker?)
  alt kicker is federated (remote)
    Note right of FM #f6f8fa: debug log and ignore remote kicker
    FM-->>RC: no-op (ignored)
  else room is federated & kicker allowed
    FM->>HS: matrix.leave(roomId, user)
    HS-->>FM: result (success / error)
    FM-->>RC: propagate result
  end
  RC-->>User: acknowledge leave (or no-op)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat(federation): accept remote join at 3rd party #37072 — Propagates a "kicker" (byUser) through leave/kick callbacks and federated leave handling.

Suggested labels

stat: QA assured

Suggested reviewers

• sampaiodiego
• ricardogarim

Poem

Thump, thump — a rabbit hops away,
I pass the kicker in my play.
If far away, I pause and log,
No noisy kick, no needless clog.
Carrot cheers for tidy leave today! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Linked Issues Check	⚠️ Warning	Although the PR updates method signatures to pass a kicker through the leave flow, it does not implement generating or broadcasting a system message on leave nor explicitly remove the user from the members list on federated peers as required by FDR-236.	Add the logic to create and propagate the leave system message to federated peers and ensure the user is removed from all member lists in accordance with the linked issue objectives.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly summarizes the main change by indicating this PR fixes a federation issue where leaving a room wasn’t propagating across peers, concisely reflects the core purpose, and adheres to the project’s conventional commit style.
Out of Scope Changes Check	✅ Passed	All changes are limited to extending the leave room flow for federation by threading through a new kicker parameter and updating related callbacks and service interfaces, with no unrelated functionality modified.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/federation-not-propagating-leaving

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8b7c3ca and 559c7da.

📒 Files selected for processing (2)

• apps/meteor/app/lib/server/functions/removeUserFromRoom.ts (1 hunks)
• apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

apps/meteor/app/lib/server/functions/removeUserFromRoom.ts (1)

apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts (1)

• afterLeaveRoomCallback (5-5)

apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts (1)

apps/meteor/lib/callbacks/callbacksBase.ts (1)

• Callbacks (24-234)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (2)

apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts (1)

5-5: Breaking change: ensure backward compatibility for plugins.

The callback signature change from (user, room) to (data: { user, kicker? }, room) is a breaking change. While this aligns with the federation fix objectives (to propagate kicker information to federated peers), any plugins or custom code using this callback will need updates.

Consider:

1. Documenting this breaking change in release notes for plugin authors
2. Verifying that all internal consumers have been updated (see verification script in removeUserFromRoom.ts review)
3. Confirming that the federation logic properly consumes the kicker field to fix the reported issue (FDR-236)

Since the actual federation handler code (FederationMatrix.leaveRoom) isn't in the provided files, please verify that it correctly:

• Extracts user and kicker from the data object
• Propagates the leave event to federated peers with proper member list updates
• Generates system messages across federated servers

apps/meteor/app/lib/server/functions/removeUserFromRoom.ts (1)

76-76: Ensure all afterLeaveRoomCallback consumers accept the new { user, kicker? } object.

• apps/meteor/app/integrations/server/triggers.ts: the roomLeft integration handler now receives (data, room) instead of (user, room); update its logic accordingly.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.38%. Comparing base (4bd409d) to head (559c7da).
⚠️ Report is 3 commits behind head on release-7.11.0.

Additional details and impacted files

@@               Coverage Diff               @@
##           release-7.11.0   #37206   +/-   ##
===============================================
  Coverage           66.37%   66.38%           
===============================================
  Files                3386     3386           
  Lines              115619   115619           
  Branches            21351    21359    +8     
===============================================
+ Hits                76739    76748    +9     
+ Misses              36275    36265   -10     
- Partials             2605     2606    +1     

Flag	Coverage Δ
e2e	57.25% <ø> (-0.04%)	⬇️
unit	71.26% <ø> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

ee/packages/federation-matrix/src/FederationMatrix.ts (1)

736-740: Consider logging kicker details for ignored removals

When we drop a remote-initiated removal, having the kicker’s identifiers in the debug line would make federation investigations easier without altering behavior.

-		if (kicker && isUserNativeFederated(kicker)) {
-			this.logger.debug('Only local users can remove others, ignoring action');
+		if (kicker && isUserNativeFederated(kicker)) {
+			this.logger.debug('Only local users can remove others, ignoring action', {
+				kicker: kicker.username ?? kicker._id,
+				target: user.username ?? user._id,
+				roomId,
+			});

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 62c6dd5 and 8b7c3ca.

📒 Files selected for processing (5)

• apps/meteor/app/lib/server/functions/removeUserFromRoom.ts (1 hunks)
• apps/meteor/ee/server/hooks/federation/index.ts (1 hunks)
• apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts (1 hunks)
• ee/packages/federation-matrix/src/FederationMatrix.ts (1 hunks)
• packages/core-services/src/types/IFederationMatrixService.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (5)

apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts (3)

apps/meteor/lib/callbacks/callbacksBase.ts (1)

• Callbacks (24-234)

packages/core-typings/src/IUser.ts (1)

• IUser (186-255)

packages/core-typings/src/IRoom.ts (1)

• IRoom (21-95)

apps/meteor/app/lib/server/functions/removeUserFromRoom.ts (1)

apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts (1)

• afterLeaveRoomCallback (5-5)

ee/packages/federation-matrix/src/FederationMatrix.ts (1)

packages/core-typings/src/IUser.ts (2)

• IUser (186-255)
• isUserNativeFederated (276-277)

apps/meteor/ee/server/hooks/federation/index.ts (2)

packages/core-typings/src/IRoom.ts (1)

• IRoom (21-95)

ee/packages/federation-matrix/src/FederationMatrix.ts (1)

• FederationMatrix (137-1006)

packages/core-services/src/types/IFederationMatrixService.ts (2)

packages/core-typings/src/IRoom.ts (1)

• IRoomFederated (109-112)

packages/core-typings/src/IUser.ts (1)

• IUser (186-255)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (4)

packages/core-services/src/types/IFederationMatrixService.ts (1)

13-13: Interface signature aligned with new payload

Extending leaveRoom to accept the optional kicker keeps the service contract in sync with the new callback shape, so implementing classes can act on the extra context.

apps/meteor/lib/callbacks/afterLeaveRoomCallback.ts (1)

5-5: Callback payload matches federation flow

Typing the first argument as { user, kicker? } mirrors how callers now package the context and keeps the callbacks API coherent.

apps/meteor/app/lib/server/functions/removeUserFromRoom.ts (1)

75-77: Propagating kicker context is spot on

Passing { user, kicker: options?.byUser } gives downstream hooks the info they need to differentiate self-leave from removals without touching the surrounding flow.

apps/meteor/ee/server/hooks/federation/index.ts (1)

124-127: Handler update keeps federation bridge informed

Destructuring the callback payload and forwarding kicker to leaveRoom makes sure the bridge can differentiate self-leaves from removals without disturbing existing guard logic.