regression(federation): LDAP using wrong federation settings and username

[rodrigok]

https://rocketchat.atlassian.net/browse/FDR-239

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Refactor

  • Federated usernames now display with an @ prefix and include the home server domain (e.g., @username@domain), improving clarity in federated contexts.
  • Federation configuration labels in the admin settings have been updated for consistency and easier management.

• Bug Fixes

  • Improved handling of federated identity composition to ensure consistent user identification across federated servers.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 93d3c94

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[Copilot]

Pull Request Overview

This PR fixes a bug in LDAP federation integration where the system was using incorrect federation settings references and improper username formatting. The fix ensures proper Matrix federation configuration and correct username formatting with "@" prefixes.

• Updated federation setting references from Matrix-specific to generic Federation Service settings
• Fixed username formatting to include "@" prefix for federated users
• Added missing federation metadata fields (mui and origin)
• Removed unused helper method for federated username generation

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Walkthrough

Renames federation setting keys, updates federated user identifier composition to include @ and home server, augments federation-related user data with mui and origin, and removes the getFederatedUsername method. Logic now uses slugifyUsername and getFederationHomeServer with the new settings keys for federation checks and domain comparison.

Changes

Cohort / File(s)	Summary
LDAP federation settings and identifier updates apps/meteor/server/lib/ldap/Manager.ts	Renamed settings: Federation_Matrix_enabled → Federation_Service_Enabled, Federation_Matrix_homeserver_domain → Federation_Service_Domain. Federated username now prefixed with @ and includes home server; user data enriched with mui and origin. Removed getFederatedUsername; flow now uses slugifyUsername and getFederationHomeServer directly.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Client
  participant Server as Meteor Server
  participant LDAP as LDAPManager
  participant Settings
  participant Fed as Federation Service

  User->>Client: Initiate login/sync
  Client->>Server: Request authentication
  Server->>LDAP: Sync/authenticate via LDAP
  LDAP->>Settings: Read Federation_Service_Enabled / Federation_Service_Domain
  alt Federation enabled
    LDAP->>LDAP: slugifyUsername(requestUsername)
    LDAP->>Fed: getFederationHomeServer()
    note over LDAP,Fed: Compose federated ID with "@username:home.server"<br/>(replaces prior getFederatedUsername)
    LDAP->>LDAP: Attach mui, origin to user data
  else Federation disabled
    LDAP->>LDAP: Proceed without federation fields
  end
  LDAP-->>Server: User data (with/without federated fields)
  Server-->>Client: Auth result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

stat: QA assured

Suggested reviewers

• ggazzo

Poem

Thump-thump goes my fluffy heart,
New keys, new names—let’s hop to start!
“@” tags stitched with server pride,
mui and origin by my side.
Old helper gone—no time to lag,
Federation’s tidy in my carrot bag. 🥕🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Linked Issues Check	❓ Inconclusive	The pull request is linked to FDR-239: Support LDAP sync of users, but without the issue details it is unclear if all code requirements for user synchronization beyond federation settings were met.	Please provide a mapping of this PR’s changes to the specific requirements outlined in FDR-239 to confirm compliance.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Out of Scope Changes Check	✅ Passed	All file modifications are centered on federation key renaming and username logic within the LDAP manager, which align with the stated objective to enhance LDAP user synchronization, and no unrelated changes were introduced.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Title Check	✅ Passed	The title succinctly captures the primary change—addressing incorrect federation settings and username handling in LDAP—and directly reflects the key fixes made in the code, making it clear and specific enough for others to understand the main update from a glance.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/ldap-import-federated-users

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

apps/meteor/server/lib/ldap/Manager.ts (1)

199-207: Federation user data structure looks correct.

The implementation properly constructs Matrix-compliant identifiers (@username:homeserver) for federated users. The mui (Matrix User Identifier) and origin fields are correctly populated.

However, consider adding validation for the homeServer value before using it to construct identifiers, as invalid domain formats could lead to malformed MUIDs.

For example, you could add a simple domain validation:

 		...(homeServer && {
+			// Validate homeServer format before using it
+			...(!/^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(homeServer) && 
+				(() => { throw new Error(`Invalid homeServer format: ${homeServer}`); })()),
 			username: `@${username}:${homeServer}`,

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4bd409d and 93d3c94.

📒 Files selected for processing (1)

• apps/meteor/server/lib/ldap/Manager.ts (3 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-19T15:15:04.642Z

Learnt from: rodrigok
PR: RocketChat/Rocket.Chat#36991
File: apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts:219-221
Timestamp: 2025-09-19T15:15:04.642Z
Learning: The Federation_Matrix_homeserver_domain setting in apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts is part of the old federation system and is being deprecated/removed, so configuration issues with this setting should not be flagged for improvement.

Applied to files:

• apps/meteor/server/lib/ldap/Manager.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (2)

apps/meteor/server/lib/ldap/Manager.ts (2)

506-506: Consistent setting key update for federation domain.

The federation domain comparison now uses Federation_Service_Domain instead of Federation_Matrix_homeserver_domain, consistent with the setting key changes at line 493.

---

1-561: No remaining references to getFederatedUsername Removal is safe.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

Setting key renamed from old Matrix federation system.

The federation enabled check now uses Federation_Service_Enabled instead of the deprecated Federation_Matrix_enabled setting. This aligns with the migration away from the old federation system.

Based on learnings: The old Matrix federation settings are being deprecated/removed.

Ensure that:

1. The new Federation_Service_Enabled setting is properly defined in the settings registry
2. There's documentation or migration guidance for users upgrading from the old federation system

---

🏁 Script executed:

#!/bin/bash
# Description: Verify the new federation setting is defined and check for any remaining references to the old setting

# Search for Federation_Service_Enabled setting definition
echo "=== Searching for Federation_Service_Enabled setting definition ==="
rg -n "Federation_Service_Enabled" --type ts -g '!**/node_modules/**' -C 2

echo -e "\n=== Checking for remaining references to old Federation_Matrix_enabled ==="
rg -n "Federation_Matrix_enabled" --type ts -g '!**/node_modules/**'

Length of output: 5354

---

🏁 Script executed:

#!/bin/bash
echo "=== Searching for documentation referencing Federation_Service_Enabled ==="
rg -n "Federation_Service_Enabled" -g "*.md"

Length of output: 74

---

Remove deprecated Federation_Matrix_enabled references and add migration guide

• Update apps/meteor/server/services/federation/Settings.ts, apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Statistics.ts, and apps/meteor/client/hooks/useIsFederationEnabled.ts to use only Federation_Service_Enabled.
• Add documentation or upgrade notes for users migrating from the old Federation_Matrix_enabled setting.

🤖 Prompt for AI Agents

In apps/meteor/server/lib/ldap/Manager.ts around line 493, the code still checks
the deprecated Federation_Matrix_enabled setting; update references to use only
Federation_Service_Enabled and remove any legacy checks or fallbacks for
Federation_Matrix_enabled. Also update the three other files mentioned
(apps/meteor/server/services/federation/Settings.ts,
apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Statistics.ts,
apps/meteor/client/hooks/useIsFederationEnabled.ts) to read exclusively from
Federation_Service_Enabled, remove any code paths that reference
Federation_Matrix_enabled, and add a short upgrade note or migration guide in
the repository docs/UPGRADE or CHANGELOG describing how to migrate existing
Federation_Matrix_enabled values to Federation_Service_Enabled (e.g., copy or
map old value to new key during upgrade).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.36%. Comparing base (4bd409d) to head (93d3c94).
⚠️ Report is 2 commits behind head on release-7.11.0.

Additional details and impacted files

@@                Coverage Diff                 @@
##           release-7.11.0   #37209      +/-   ##
==================================================
- Coverage           66.37%   66.36%   -0.01%     
==================================================
  Files                3386     3386              
  Lines              115619   115618       -1     
  Branches            21351    21355       +4     
==================================================
- Hits                76739    76727      -12     
- Misses              36275    36283       +8     
- Partials             2605     2608       +3     

Flag	Coverage Δ
e2e	57.26% <ø> (-0.02%)	⬇️
unit	71.23% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.