fix: License validations for federated rooms

[aleksandernsilva]

Proposed changes (including videos or screenshots)

This PR updates the federation composer license add-on validation to rely solely on the license module, instead of checking both the license and the subscription. Previously, users with a subscription but without the license module were still able to send messages in federated rooms. With this change, only the presence of the license module grants access.

Issue(s)

FB-28
FB-54

Steps to test or reproduce

• Create a federated room
• Invalidate license or remove federation module
• Composer should be disabled and displaying callout premium only

Further comments

Summary by CodeRabbit

• Bug Fixes
  • Fixed license add-on validations for federated rooms.
• User Experience
  • Composer now consistently shows federation status: blocked/invalid-version messaging, disabled composer when federation is off, and clear premium/add-on prompt when federation license is missing.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is targeting the wrong base branch. It should target 7.14.0, but it targets 7.13.0

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 8218c9f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 41 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Consolidates federation rendering in the message composer: ComposerFederation now accepts a blocked prop and renders an invalid-version view when blocked. Adds a changeset declaring a patch release addressing license add-on validations for federated rooms and introduces unit tests covering federation/licensing scenarios.

Changes

Cohort / File(s)	Summary
Changeset Declaration .changeset/lemon-garlics-check.md	Adds a patch changeset for @rocket.chat/meteor stating: "Fixes license add-on validations for federated rooms".
Composer container and API surface apps/meteor/client/views/room/composer/ComposerContainer.tsx	Always renders ComposerFederation and passes new blocked={isFederationBlocked} prop; removes conditional branch and removed import of ComposerFederationInvalidVersion.
ComposerFederation implementation apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx	Component signature changed to accept blocked?: boolean; renders ComposerFederationInvalidVersion immediately when blocked is true; simplifies gating logic for federation-enabled state.
Unit tests apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.spec.tsx	New test suite covering blocked rendering, disabled federation, missing license add-on, and normal rendering; uses mocked components and test app context with license endpoint stub.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Pay attention to:
  • Prop threading: confirm blocked is passed correctly from container to ComposerFederation and used consistently.
  • Removed/renamed entities: ensure no other modules import the removed ComposerFederationInvalidVersion.
  • Test validity: verify mocks and license endpoint stub accurately reflect runtime behavior.
  • UI gating logic: validate the simplified federation-enabled checks match intended policy/requirements.

Suggested reviewers

• ggazzo
• sampaiodiego
• ricardogarim

Poem

🐰 I hopped through code, with whiskers bright,
Merged branches into one clear light.
A blocked flag now guides the way,
Tests keep mischief at bay.
Hop — the composer’s snug and right. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title clearly and concisely summarizes the main change: fixing license validations for federated rooms, which directly aligns with the primary objective of the PR.
Linked Issues check	✅ Passed	Changes implement license validation requirements from FB-54 (disable federation composer without license addon) and partially address FB-28 (license/federation-disabled states). ComposerFederation now accepts a blocked prop to handle these scenarios.
Out of Scope Changes check	✅ Passed	All changes are tightly scoped to federation composer license validation: restructured component props, replaced conditional rendering with a blocked prop, consolidated ComposerFederationInvalidVersion logic, and added corresponding tests.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/fed-room-license-check

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e7eaf46 and b123eee.

📒 Files selected for processing (1)

• apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx

🧠 Learnings (2)

📓 Common learnings

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37377
File: apps/meteor/ee/server/hooks/federation/index.ts:86-88
Timestamp: 2025-11-04T16:49:19.107Z
Learning: In Rocket.Chat's federation system (apps/meteor/ee/server/hooks/federation/), permission checks follow two distinct patterns: (1) User-initiated federation actions (creating rooms, adding users to federated rooms, joining from invites) should throw MeteorError to inform users they lack 'access-federation' permission. (2) Remote server-initiated federation events should silently skip/ignore when users lack permission. The beforeAddUserToRoom hook only executes for local user-initiated actions, so throwing an error there is correct. Remote federation events are handled separately by the federation Matrix package with silent skipping logic.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx

🧬 Code graph analysis (1)

apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx (2)

apps/meteor/client/hooks/useIsFederationEnabled.ts (1)

• useIsFederationEnabled (3-8)

apps/meteor/client/hooks/useHasLicenseModule.ts (1)

• useHasLicenseModule (5-8)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (3)

apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx (3)

11-13: LGTM! Clean type definition.

The optional blocked prop extends ComposerMessageProps appropriately and integrates well with the component's conditional rendering logic.

---

27-29: LGTM! Correctly simplifies license validation.

This change aligns perfectly with the PR objective to rely solely on the license module check instead of combining subscription and module checks. The simplified condition correctly blocks the composer when the federation license module is not present.

---

15-21: Code logic is correct; no changes needed.

The blocked prop computation in ComposerContainer.tsx (line 47: isFederationBlocked = !isRoomNativeFederated(room)) correctly determines when a federated room has a version/compatibility issue. The three disabled states in ComposerFederation are properly distinct:

• blocked=true → federated but non-native federation (version mismatch)
• !federationEnabled → federation feature globally disabled
• !federationModuleEnabled → federation license not available

The precedence order and early return pattern are appropriate for these scenarios.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 20.00000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.80%. Comparing base (cbc0953) to head (8218c9f).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #37523      +/-   ##
===========================================
- Coverage    68.81%   68.80%   -0.01%     
===========================================
  Files         3361     3361              
  Lines       114260   114260              
  Branches     20619    20619              
===========================================
- Hits         78623    78616       -7     
- Misses       33541    33549       +8     
+ Partials      2096     2095       -1     

Flag	Coverage Δ
e2e	57.27% <20.00%> (-0.05%)	⬇️
e2e-api	42.25% <ø> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7d90c9d and e7eaf46.

📒 Files selected for processing (4)

• .changeset/lemon-garlics-check.md (1 hunks)
• apps/meteor/client/views/room/composer/ComposerContainer.tsx (1 hunks)
• apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.spec.tsx (1 hunks)
• apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx (1 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37377
File: apps/meteor/ee/server/hooks/federation/index.ts:86-88
Timestamp: 2025-11-04T16:49:19.107Z
Learning: In Rocket.Chat's federation system (apps/meteor/ee/server/hooks/federation/), permission checks follow two distinct patterns: (1) User-initiated federation actions (creating rooms, adding users to federated rooms, joining from invites) should throw MeteorError to inform users they lack 'access-federation' permission. (2) Remote server-initiated federation events should silently skip/ignore when users lack permission. The beforeAddUserToRoom hook only executes for local user-initiated actions, so throwing an error there is correct. Remote federation events are handled separately by the federation Matrix package with silent skipping logic.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

📚 Learning: 2025-11-04T16:49:19.107Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37377
File: apps/meteor/ee/server/hooks/federation/index.ts:86-88
Timestamp: 2025-11-04T16:49:19.107Z
Learning: In Rocket.Chat's federation system (apps/meteor/ee/server/hooks/federation/), permission checks follow two distinct patterns: (1) User-initiated federation actions (creating rooms, adding users to federated rooms, joining from invites) should throw MeteorError to inform users they lack 'access-federation' permission. (2) Remote server-initiated federation events should silently skip/ignore when users lack permission. The beforeAddUserToRoom hook only executes for local user-initiated actions, so throwing an error there is correct. Remote federation events are handled separately by the federation Matrix package with silent skipping logic.

Applied to files:

• .changeset/lemon-garlics-check.md
• apps/meteor/client/views/room/composer/ComposerContainer.tsx

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• .changeset/lemon-garlics-check.md
• apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx
• apps/meteor/client/views/room/composer/ComposerContainer.tsx

📚 Learning: 2025-09-19T15:15:04.642Z

Learnt from: rodrigok
Repo: RocketChat/Rocket.Chat PR: 36991
File: apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts:219-221
Timestamp: 2025-09-19T15:15:04.642Z
Learning: The Federation_Matrix_homeserver_domain setting in apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts is part of the old federation system and is being deprecated/removed, so configuration issues with this setting should not be flagged for improvement.

Applied to files:

• apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx
• apps/meteor/client/views/room/composer/ComposerContainer.tsx

🧬 Code graph analysis (2)

apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.spec.tsx (3)

packages/core-typings/src/license/LicenseModule.ts (1)

• LicenseModule (30-30)

packages/mock-providers/src/index.ts (1)

• mockAppRoot (3-3)

apps/meteor/tests/mocks/data.ts (1)

• createFakeLicenseInfo (213-260)

apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx (2)

apps/meteor/client/views/room/composer/ComposerMessage.tsx (1)

• ComposerMessageProps (12-25)

apps/meteor/client/hooks/useIsFederationEnabled.ts (1)

• useIsFederationEnabled (3-8)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (5/5)

🔇 Additional comments (8)

.changeset/lemon-garlics-check.md (1)

1-5: LGTM! Changeset follows standard format.

The changeset correctly declares a patch release for the meteor package with an appropriate description.

apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.spec.tsx (2)

1-13: LGTM! Mock setup is appropriate.

The mock for ComposerMessage is correctly structured, and the imports align with the component dependencies.

---

31-62: Excellent test coverage!

The test suite comprehensively validates all rendering branches:

• Blocked state for old federation rooms
• Federation globally disabled
• Missing license module (premium feature)
• Normal operation with valid license

Each test appropriately configures the mock environment and verifies the expected UI state.

apps/meteor/client/views/room/composer/ComposerContainer.tsx (2)

41-41: LGTM! Blocked state calculation is clear.

The isFederationBlocked variable correctly identifies non-native federated rooms (old federation system rooms) that should be blocked.

---

58-60: Good refactor: Simplified container logic.

Moving the blocked state handling into ComposerFederation as a prop reduces conditional complexity in the container. The component now has a single, unified rendering path for federation with explicit state passing.

apps/meteor/client/views/room/composer/ComposerFederation/ComposerFederation.tsx (3)

11-13: LGTM! Type definition properly extends base props.

The ComposerFederationProps type correctly extends ComposerMessageProps and adds the optional blocked prop for controlling invalid version state.

---

19-21: LGTM! Blocked state handling is clear.

The early return for blocked rooms correctly renders the invalid version component for old (non-Matrix) federated rooms.

---

27-29: Loading state returns 'loading' string, not undefined.

The useHasLicenseModule hook at apps/meteor/client/hooks/useHasLicenseModule.ts returns 'loading' | boolean, specifically the string 'loading' when license data is not yet available (via .data ?? 'loading'). The strict equality check === true at line 17 correctly makes federationModuleEnabled false during this loading phase, causing the disabled message to display. This is safe behavior—users already with the federation license will briefly see the disabled state until the license data loads. If improved UX during this fetch is desired, a loading skeleton could replace the disabled message.

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.2GiB	1.2GiB	+12MiB
rocketchat	359MiB	347MiB	+12MiB
omnichannel-transcript-service	132MiB	132MiB	-2.0KiB
queue-worker-service	132MiB	132MiB	-861B
ddp-streamer-service	127MiB	127MiB	-1.9KiB
account-service	114MiB	114MiB	-3.3KiB
stream-hub-service	111MiB	111MiB	+223B
authorization-service	111MiB	111MiB	-1.3KiB
presence-service	111MiB	111MiB	-63B

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/15 22:28", "11/16 01:28", "11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 20:42", "12/01 20:54 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.36, 0.36, 0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]
  line "stream-hub-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]

Loading

Statistics (last 10 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.2GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.2GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-37523
• Baseline: develop
• Timestamp: 2025-12-01 20:54:41 UTC
• Historical data points: 10

---

Updated: Mon, 01 Dec 2025 20:54:42 GMT