fix: prioritizes federation not allowed error message over user not f…

[dhulke]

https://rocketchat.atlassian.net/browse/FDR-257

Proposed changes (including videos or screenshots)

When inviting unknown federated users to non-federated rooms we are returning "user not found" errors instead of the expected "federated user in non-federated room" error. These changes prioritize the latter for both modal invites and slash command invites.

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Bug Fixes

  • Prevents federated users from being added to non-federated rooms; such attempts now return a clear error and halt.
  • Usernames are sanitized earlier to reduce invalid add-user attempts.

• New Features

  • Invite command now performs federation-aware checks: federated users are validated or excluded before invitations proceed.
  • Added a public helper to validate federated usernames.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: c49c3ee

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Adds runtime validation and input sanitization to prevent federated users from being added or invited to non‑federated rooms, integrates federation checks into the invite slash command, and re-exports a federated-username validator from the federation package.

Changes

Cohort / File(s)	Summary
Create/add user guards apps/meteor/app/lib/server/functions/createRoom.ts, apps/meteor/app/lib/server/methods/addUsersToRoom.ts	Introduces pre-flight checks that reject federated usernames when the target room is not federated; consolidates validation with validateFederatedUsername and uses sanitized usernames.
Invite command — federation wiring apps/meteor/app/slashcommands-invite/server/server.ts	Makes invite flow federation-aware: validates room, sanitizes and filters usernames, ensures federated users exist locally via FederationMatrix when allowed, or emits/removes federated names and aborts if none remain before continuing invites.
Federation exports ee/packages/federation-matrix/src/index.ts	Re-exports validateFederatedUsername from FederationMatrix, expanding the package's public API.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant InviteCmd as Invite Slash Command
    participant FM as FederationMatrix
    participant AddUsers as addUsersToRoom
    participant RoomSvc as Room Service

    User->>InviteCmd: /invite <usernames>
    InviteCmd->>InviteCmd: sanitize & split usernames
    InviteCmd->>InviteCmd: identify federated usernames
    alt federated usernames present
        alt room allows federation
            InviteCmd->>FM: ensure federated users exist locally
            FM-->>InviteCmd: confirmed/created locally
        else federation not allowed
            InviteCmd-->>User: emit ephemeral error(s) for federated users
            InviteCmd->>InviteCmd: remove federated usernames
            InviteCmd-->>User: abort if no usernames remain
        end
    end
    InviteCmd->>AddUsers: call addUsersToRoom with remaining usernames
    AddUsers->>AddUsers: sanitize & validate each username (validateFederatedUsername)
    alt federated username in non-federated room
        AddUsers-->>User: throw error (error-federated-users-in-non-federated-rooms)
    else
        AddUsers->>RoomSvc: add users to room
        RoomSvc-->>User: additions complete
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~40 minutes

• Check async/error handling and promises when calling FederationMatrix in slashcommands-invite/server/server.ts.
• Verify sanitizedUsername usage and user lookup changes in addUsersToRoom.ts.
• Confirm the guard in createRoom.ts doesn't conflict with other room-creation paths or auto-federation logic.

Possibly related PRs

• fix: missing external users validation on members tab #37071 — Implements similar server-side validation preventing federated users in non-federated rooms; overlaps on the same guard behavior.
• fix(federation): add missing federation fields #37015 — Modifies createRoom federation handling (auto-marking rooms as federated) which directly interacts with the new guard.
• refactor(federation): improve runWithBackoff function #37116 — Touches addUsersToRoom.ts and changes federated-user handling/control flow; closely related.

Suggested reviewers

• rodrigok
• sampaiodiego

Poem

🐇 A hop, a check, a tidy sniff,
Names are cleaned and rules are swift,
Federated friends kept in their lane,
Guards in place to keep things plain,
This rabbit nods — the code's neat and swift.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: prioritizes federation not allowed error message over user not f…' is directly related to the main change: reordering error validation to prioritize federation constraints over user-existence checks across multiple flows.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 74b7b27 and c49c3ee.

📒 Files selected for processing (1)

• apps/meteor/app/lib/server/functions/createRoom.ts (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9a18288 and 37ade6c.

📒 Files selected for processing (3)

• apps/meteor/app/lib/server/functions/createRoom.ts (2 hunks)
• apps/meteor/app/lib/server/methods/addUsersToRoom.ts (2 hunks)
• apps/meteor/app/slashcommands-invite/server/server.ts (2 hunks)

🧰 Additional context used

🧠 Learnings (6)

📓 Common learnings

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts
• apps/meteor/app/lib/server/functions/createRoom.ts
• apps/meteor/app/lib/server/methods/addUsersToRoom.ts

📚 Learning: 2025-09-19T15:15:04.642Z

Learnt from: rodrigok
Repo: RocketChat/Rocket.Chat PR: 36991
File: apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts:219-221
Timestamp: 2025-09-19T15:15:04.642Z
Learning: The Federation_Matrix_homeserver_domain setting in apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts is part of the old federation system and is being deprecated/removed, so configuration issues with this setting should not be flagged for improvement.

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts
• apps/meteor/app/lib/server/functions/createRoom.ts
• apps/meteor/app/lib/server/methods/addUsersToRoom.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings by mapping subscription documents to room IDs, never undefined, even when user has no room subscriptions.

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts
• apps/meteor/app/lib/server/functions/createRoom.ts
• apps/meteor/app/lib/server/methods/addUsersToRoom.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings (mapping subscription documents to room IDs), never undefined, even when user has no room subscriptions.

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts
• apps/meteor/app/lib/server/functions/createRoom.ts
• apps/meteor/app/lib/server/methods/addUsersToRoom.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: UserBridge.doGetUserRoomIds in packages/apps-engine/src/server/bridges/UserBridge.ts has a bug where it implicitly returns undefined when the app lacks read permission (missing return statement in the else case of the permission check).

Applied to files:

• apps/meteor/app/lib/server/functions/createRoom.ts

🧬 Code graph analysis (2)

apps/meteor/app/slashcommands-invite/server/server.ts (2)

apps/meteor/app/lib/server/methods/addUsersToRoom.ts (1)

• sanitizeUsername (22-29)

ee/packages/federation-matrix/src/FederationMatrix.ts (1)

• validateFederatedUsername (29-59)

apps/meteor/app/lib/server/methods/addUsersToRoom.ts (2)

ee/packages/federation-matrix/src/FederationMatrix.ts (1)

• validateFederatedUsername (29-59)

packages/core-typings/src/IRoom.ts (1)

• isRoomNativeFederated (124-125)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.06%. Comparing base (7b176ff) to head (c49c3ee).
⚠️ Report is 2 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #37364      +/-   ##
===========================================
- Coverage    68.13%   67.06%   -1.07%     
===========================================
  Files         3364     3418      +54     
  Lines       115753   117874    +2121     
  Branches     20914    21535     +621     
===========================================
+ Hits         78866    79056     +190     
- Misses       34192    36121    +1929     
- Partials      2695     2697       +2     

Flag	Coverage Δ
unit	72.15% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

apps/meteor/app/slashcommands-invite/server/server.ts (1)

54-56: Early return properly prevents spurious error message.

This addresses the concern from the previous review about avoiding a misleading "User doesn't exist" error when all usernames are filtered out.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f37e1ce and db0a515.

📒 Files selected for processing (1)

• apps/meteor/app/slashcommands-invite/server/server.ts (2 hunks)

🧰 Additional context used

🧠 Learnings (6)

📓 Common learnings

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts

📚 Learning: 2025-09-19T15:15:04.642Z

Learnt from: rodrigok
Repo: RocketChat/Rocket.Chat PR: 36991
File: apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts:219-221
Timestamp: 2025-09-19T15:15:04.642Z
Learning: The Federation_Matrix_homeserver_domain setting in apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts is part of the old federation system and is being deprecated/removed, so configuration issues with this setting should not be flagged for improvement.

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: UserBridge.doGetUserRoomIds in packages/apps-engine/src/server/bridges/UserBridge.ts has a bug where it implicitly returns undefined when the app lacks read permission (missing return statement in the else case of the permission check).

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings (mapping subscription documents to room IDs), never undefined, even when user has no room subscriptions.

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings by mapping subscription documents to room IDs, never undefined, even when user has no room subscriptions.

Applied to files:

• apps/meteor/app/slashcommands-invite/server/server.ts

🧬 Code graph analysis (1)

apps/meteor/app/slashcommands-invite/server/server.ts (1)

apps/meteor/app/lib/server/methods/addUsersToRoom.ts (1)

• sanitizeUsername (22-29)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (3)

apps/meteor/app/slashcommands-invite/server/server.ts (3)

1-8: LGTM: Imports support the new federation checks.

The new imports are necessary for the federation validation logic and are correctly placed.

---

20-26: LGTM: Username parsing adjusted for reassignment.

Changing usernames from const to let is necessary to support filtering out federated usernames later (line 51).

---

28-35: LGTM: Room validation prevents downstream errors.

The early validation ensures the room exists before attempting federation checks and user invitations, providing clear feedback to users.