Skip to content

fix!: title and value properties should be required on attachments.fields #37233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ggazzo merged 5 commits into from
Dec 20, 2025
Merged

fix!: title and value properties should be required on attachments.fields #37233

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f067eac
attachment field params should be required by api endpoint
yash-rajpal Oct 6, 2025
af53a18
add tests
yash-rajpal Oct 6, 2025
1f043d1
add changeset
yash-rajpal Oct 6, 2025
f4ba099
remove client fix
yash-rajpal Oct 15, 2025
ac92f9d
update changeset
yash-rajpal Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/hungry-fans-wait.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@rocket.chat/meteor': minor
---

Validates attachment fields to require `title` and `value` properties on APIs `chat.postMessage` and `chat.sendMessage`.
4 changes: 2 additions & 2 deletions apps/meteor/app/lib/server/functions/sendMessage.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,8 @@ const validateAttachmentsFields = (attachmentField: any) => {
}),
);

if (typeof attachmentField.value !== 'undefined') {
attachmentField.value = String(attachmentField.value);
if (!attachmentField.value || !attachmentField.title) {
throw new Error('Invalid attachment field, title and value is required');
}
};

Expand Down
120 changes: 120 additions & 0 deletions apps/meteor/tests/end-to-end/api/chat.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -464,6 +464,126 @@ describe('[Chat]', () => {
.end(done);
});

it('should throw an error when the properties (attachments.fields.title) is missing', (done) => {
void request
.post(api('chat.postMessage'))
.set(credentials)
.send({
channel: testChannel.name,
text: 'Sample message',
emoji: ':smirk:',
alias: 'Gruggy',
avatar: 'http://res.guggy.com/logo_128.png',
attachments: [
{
color: '#ff0000',
text: 'Yay for gruggy!',
ts: '2016-12-09T16:53:06.761Z',
thumb_url: 'http://res.guggy.com/logo_128.png',
message_link: 'https://google.com',
collapsed: false,
author_name: 'Bradley Hilton',
author_link: 'https://rocket.chat/',
author_icon: 'https://avatars.githubusercontent.com/u/850391?v=3',
title: 'Attachment Example',
title_link: 'https://youtube.com',
title_link_download: true,
image_url: 'http://res.guggy.com/logo_128.png',
audio_url: 'http://www.w3schools.com/tags/horse.mp3',
video_url: 'http://www.w3schools.com/tags/movie.mp4',
fields: [
{
short: true,
value: 'This is attachment field value',
},
],
},
],
})
.expect('Content-Type', 'application/json')
.expect(400)
.expect((res) => {
expect(res.body).to.have.property('success', false);
expect(res.body).to.have.property('error');
})
.end(done);
});

it('should throw an error when the properties (attachments.fields.value) is missing', (done) => {
void request
.post(api('chat.postMessage'))
.set(credentials)
.send({
channel: testChannel.name,
text: 'Sample message',
emoji: ':smirk:',
alias: 'Gruggy',
avatar: 'http://res.guggy.com/logo_128.png',
attachments: [
{
color: '#ff0000',
text: 'Yay for gruggy!',
ts: '2016-12-09T16:53:06.761Z',
thumb_url: 'http://res.guggy.com/logo_128.png',
message_link: 'https://google.com',
collapsed: false,
author_name: 'Bradley Hilton',
author_link: 'https://rocket.chat/',
author_icon: 'https://avatars.githubusercontent.com/u/850391?v=3',
title: 'Attachment Example',
title_link: 'https://youtube.com',
title_link_download: true,
image_url: 'http://res.guggy.com/logo_128.png',
audio_url: 'http://www.w3schools.com/tags/horse.mp3',
video_url: 'http://www.w3schools.com/tags/movie.mp4',
fields: [
{
short: true,
title: 'This is attachment field title',
},
],
},
],
})
.expect('Content-Type', 'application/json')
.expect(400)
.expect((res) => {
expect(res.body).to.have.property('success', false);
expect(res.body).to.have.property('error');
})
.end(done);
});

it('attachment.fields should work fine when value and title are provided', (done) => {
void request
.post(api('chat.postMessage'))
.set(credentials)
.send({
channel: testChannel.name,
text: 'Sample message',
attachments: [
{
text: 'This is attachment field',
color: '#764FA5',
fields: [{ short: true, value: 'This is value', title: 'This is title' }],
},
],
})
.expect('Content-Type', 'application/json')
.expect(200)
.expect((res) => {
expect(res.body).to.have.property('success', true);
expect(res.body).to.not.have.property('error');
expect(res.body).to.have.nested.property('message.msg', 'Sample message');
expect(res.body).to.have.nested.property('message.attachments').to.be.an('array');
expect(res.body).to.have.nested.property('message.attachments[0].fields').to.be.an('array');
expect(res.body).to.have.nested.property('message.attachments[0].fields[0].short', true);
expect(res.body).to.have.nested.property('message.attachments[0].fields[0].value', 'This is value');
expect(res.body).to.have.nested.property('message.attachments[0].fields[0].title', 'This is title');
})
.end(done);
});

it('should return statusCode 200 when postMessage successfully', (done) => {
void request
.post(api('chat.postMessage'))
Expand Down
Loading