fix: ddp streamer not waiting some requests completion

[pierre-lehnen-rc]

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Bug Fixes
  • Fixed an issue where DDP streamer requests were returning prematurely before completing their processing operations
  • Improved password validation in login functionality to ensure asynchronous validation operations complete before proceeding

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: e728998

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@rocket.chat/account-service	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

This pull request introduces release metadata for a patch version of the account service and fixes password validation in the login flow by adding an await keyword to ensure asynchronous validation completes before proceeding with authentication logic.

Changes

Cohort / File(s)	Summary
Release Metadata .changeset/stale-shoes-serve.md	New changeset entry documenting patch-level fix for DDP streamer requests
Authentication Logic ee/apps/account-service/src/lib/loginViaUsername.ts	Added await to validatePassword() call to ensure async validation result is properly handled before continuing with password verification logic

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A promise awaits, at last we do see,
No rushing through checks, just async decree,
The password now rests, validation supreme,
Before login proceeds with its secure dream! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main fix in the changeset: ensuring DDP streamer requests wait for async validation to complete before proceeding.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/ddp-streamer-promise

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 2 files

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.changeset/stale-shoes-serve.md (1)

1-5: Consider a more specific changeset description.

The changeset describes "DDP streamer requests were returning before processing was completed," but the actual fix addresses a critical authentication bug where password validation wasn't being awaited in the login flow. While the generic description may be intentional for security reasons, a more accurate description would help with changelog clarity.

📝 Suggested alternative description

 ---
 '@rocket.chat/account-service': patch
 ---
 
-Fixes an issue where some DDP streamer requests were returning before processing was completed
+Fixes authentication flow to properly await password validation before proceeding with login

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1f5a00c and e728998.

📒 Files selected for processing (2)

• .changeset/stale-shoes-serve.md
• ee/apps/account-service/src/lib/loginViaUsername.ts

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• ee/apps/account-service/src/lib/loginViaUsername.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (1)

ee/apps/account-service/src/lib/loginViaUsername.ts (1)

18-18: Critical security fix: Authentication now properly awaits password validation.

Without await, the valid variable would be assigned a Promise object (truthy) instead of the actual validation result, causing authentication to always succeed whenever the bcrypt hash exists, regardless of the password provided. This fix ensures password validation completes before proceeding.

Verification confirms validatePassword returns Promise<boolean> via bcrypt.compare, and no other calls to this function in the codebase are missing the await pattern.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.67%. Comparing base (1f5a00c) to head (e728998).
⚠️ Report is 1 commits behind head on release-8.0.0.

Additional details and impacted files

@@                Coverage Diff                @@
##           release-8.0.0   #38118      +/-   ##
=================================================
+ Coverage          70.65%   70.67%   +0.02%     
=================================================
  Files               3145     3145              
  Lines             108708   108708              
  Branches           19549    19497      -52     
=================================================
+ Hits               76806    76828      +22     
+ Misses             29897    29886      -11     
+ Partials            2005     1994      -11     

Flag	Coverage Δ
e2e	60.17% <ø> (-0.01%)	⬇️
e2e-api	47.43% <ø> (+0.02%)	⬆️
unit	71.82% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.1GiB	0B	+1.1GiB
rocketchat	355MiB	0B	+355MiB
omnichannel-transcript-service	132MiB	0B	+132MiB
queue-worker-service	132MiB	0B	+132MiB
ddp-streamer-service	126MiB	0B	+126MiB
account-service	113MiB	0B	+113MiB
authorization-service	111MiB	0B	+111MiB
presence-service	111MiB	0B	+111MiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 23:26", "12/11 21:56", "12/12 22:45", "12/13 01:34", "12/15 22:31", "12/16 22:18", "12/17 21:04", "12/18 23:12", "12/19 23:27", "12/20 21:03", "12/22 18:54", "12/23 16:16", "12/24 19:38", "12/25 17:51", "12/26 13:18", "12/29 19:01", "12/30 20:52", "01/09 19:54 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]

Loading

Statistics (last 30 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.4GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.1GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-38118
• Baseline: develop
• Timestamp: 2026-01-09 19:54:14 UTC
• Historical data points: 30

---

Updated: Fri, 09 Jan 2026 19:54:15 GMT

[julio-rocketchat]

/patch

[dionisio-bot]

Pull request #38120 added to Project: "Patch 7.13.3"

[julio-rocketchat]

/backport 7.12.4

[julio-rocketchat]

/backport 7.11.4

[dionisio-bot]

Pull request #38121 added to Project: "Patch 7.12.4"

[dionisio-bot]

Pull request #38122 added to Project: "Patch 7.11.4"

[julio-rocketchat]

/backport 7.10.7

[julio-rocketchat]

/backport 7.9.8

[dionisio-bot]

Pull request #38123 added to Project: "Patch 7.10.7"

[julio-rocketchat]

/backport 7.8.6

[dionisio-bot]

Pull request #38124 added to Project: "Patch 7.9.8"

[dionisio-bot]

Pull request #38125 added to Project: "Patch 7.8.6"