fix: improves how code access user-agent in the headers

[lucas-a-pelegrino]

Proposed changes (including videos or screenshots)

This PR aims at fixing an error when trying to extract user-agent from DDP headers.

Issue(s)

SUP-922

Steps to test or reproduce

Further comments

This issue is related to another task; CORE-1497. We will be improving how we handle headers and header props extracted from DDP header object as well as implementing tests to validate these props are properly handled.

Summary by CodeRabbit

• Bug Fixes
  • Improved session management to reliably extract user-agent information from connection headers, ensuring more consistent device identification and session handling.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 37c1297

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 41 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

A patch was released for @rocket.chat/meteor that fixes user-agent extraction from DDP connection headers. The fix replaces a Headers cast with safe optional chaining to properly access the user-agent from the plain object structure used in DDP connections.

Changes

Cohort / File(s)	Summary
Changeset notification .changeset/healthy-rabbits-sip.md	Documents patch bump for @rocket.chat/meteor with fix for user-agent extraction from DDP connection headers.
Device management session fix apps/meteor/ee/server/lib/deviceManagement/session.ts	Replaced retrieval of user-agent from connection headers using Headers cast and .get() method with safe optional chaining (connection?.httpHeaders?.['user-agent'] ?? ''). Updated UA parser invocation to pass the extracted string directly.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Single-file logic change — Straightforward header access pattern replacement with clear intent
• Safe optional chaining — The optional chain (?.) properly guards against undefined intermediate values, a standard defensive practice
• Alignment with issue context — Verify the fix addresses the DDP vs. HTTP header inconsistency mentioned in CORE-1497

Poem

🐰 A hop, a fix, headers now flow clear,
No casting tricks to cause us cheer,
Safe chains protect what once was frail,
User-agents soar—no more they fail! 🚀

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: improving how the code accesses the user-agent from headers by using safer optional chaining instead of a problematic cast/get approach.
Linked Issues check	✅ Passed	The PR addresses the core coding requirement from CORE-1497 by improving user-agent header extraction robustness, and fixes the specific issue SUP-922 by using safer optional chaining to prevent errors when accessing user-agent from DDP headers.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing user-agent extraction from DDP headers in the session management module, aligning with SUP-922 and CORE-1497 objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/SUP-922

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.97%. Comparing base (4432e51) to head (37c1297).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop   #37493   +/-   ##
========================================
  Coverage    68.96%   68.97%           
========================================
  Files         3357     3357           
  Lines       114251   114251           
  Branches     20536    20536           
========================================
+ Hits         78795    78804    +9     
+ Misses       33369    33354   -15     
- Partials      2087     2093    +6     

Flag	Coverage Δ
e2e	57.46% <ø> (+0.02%)	⬆️
e2e-api	42.79% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/meteor/ee/server/lib/deviceManagement/session.ts (1)

105-105: Consider optional chaining for consistency.

While line 70 now uses optional chaining (connection?.httpHeaders?.['user-agent']), this line still accesses the header directly. Although this occurs in a context where the connection should exist, adopting optional chaining here would improve consistency and defensive programming.

Apply this diff for consistency:

-			mailData.userAgent = connection.httpHeaders['user-agent'] || '';
+			mailData.userAgent = connection?.httpHeaders?.['user-agent'] ?? '';

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 60a9587 and 73a0868.

📒 Files selected for processing (2)

• .changeset/healthy-rabbits-sip.md (1 hunks)
• apps/meteor/ee/server/lib/deviceManagement/session.ts (1 hunks)

🔇 Additional comments (3)

.changeset/healthy-rabbits-sip.md (1)

1-5: LGTM! Changeset properly documents the fix.

The changeset correctly documents a patch-level fix for extracting user-agent from DDP connection headers.

apps/meteor/ee/server/lib/deviceManagement/session.ts (2)

70-71: Excellent fix! Correctly addresses the DDP header structure issue.

The change properly handles the fact that DDP connections provide httpHeaders as a plain object rather than a Headers instance. Using optional chaining with a nullish coalescing fallback ensures safe access and provides a valid string to the parser.

---

70-71: I need to perform more targeted searches in the enterprise edition directory to verify test coverage:

Now let me search the codebase directly for test coverage:

Based on the initial script output showing no test files found for device management session, let me complete the verification by searching for test patterns more directly:

Based on the script execution results, I can now provide the verification:

The review comment is accurate and well-founded.

The shell script executed explicitly searched for test files related to device management session functionality using the patterns "deviceManagement.*session" and "listenSessionLogin" and returned zero results. The only matches found were unrelated HTTP request tests in metrics.spec.ts that set user-agent headers, not device management tests.

This confirms that:

• No unit or spec tests exist for apps/meteor/ee/server/lib/deviceManagement/session.ts
• The header extraction fix at lines 70-71 (extracting user-agent from connection?.httpHeaders?.['user-agent']) lacks test coverage
• The PR does not include tests for scenarios like missing user-agent headers or various connection object structures

Test Coverage Status:

• ✗ Tests for correct extraction when user-agent is present: Not included
• ✗ Tests for safe handling when user-agent is missing: Not included
• ✗ Tests for various connection object structures: Not included

---

Verify the fix is covered by tests that validate:

• Correct extraction when user-agent is present
• Safe handling when user-agent is missing
• Behavior with various connection object structures

[KevLehman]

No tests?

[lucas-a-pelegrino]

No tests?

I'll be implementing tests on a follow-up PR, since this is part of a larger improvement. This PR is just so the fix is made available quickly.

[scuciatto]

/patch

[dionisio-bot]

Pull request #37540 added to Project: "Patch 7.12.2"

[scuciatto]

/backport 7.11.2

[dionisio-bot]

Pull request #37541 added to Project: "Patch 7.11.2"