Skip to content

regression: reject past expiresAt dates when setting a status#41048

Merged
dionisio-bot[bot] merged 2 commits into
release-8.6.0from
fix/setstatus-expiresat-validation
Jun 23, 2026
Merged

regression: reject past expiresAt dates when setting a status#41048
dionisio-bot[bot] merged 2 commits into
release-8.6.0from
fix/setstatus-expiresat-validation

Conversation

@ricardogarim

@ricardogarim ricardogarim commented Jun 23, 2026

Copy link
Copy Markdown
Member

Proposed changes (including videos or screenshots)

users.setStatus accepted any valid expiresAt, including past dates — a status that's already expired the moment it's applied and never reschedules correctly.

This rejects past (and invalid) expirations at two layers:

  • API (users.setStatus): rejects expiresAt <= now with error-invalid-date ("expiresAt must be a future date"). NaN is already caught by the existing invalid-date-string check.
  • Service (Presence.setActiveState): throws on a NaN or past statusExpiresAt before dispatching, covering callers that bypass the REST endpoint.

Also removes a dead validStatus array check that duplicated schema-level validation, and tightens the body type to Exclude<UserStatus, UserStatus.DISABLED>.

Issue(s)

Steps to test or reproduce

  1. POST /api/v1/users.setStatus with { "status": "busy", "expiresAt": "2020-01-01T00:00:00.000Z" }.
  2. Expect 400, errorType: "error-invalid-date", error expiresAt must be a future date [error-invalid-date].
  3. A future expiresAt still succeeds and returns statusExpiresAt.

Covered by tests in apps/meteor/tests/end-to-end/api/users.ts and ee/packages/presence/src/Presence.spec.ts.

Review in cubic

Summary by CodeRabbit

  • Bug Fixes

    • Added validation to prevent setting status expiration dates to the past; expiration dates must be in the future.
    • Removed support for DISABLED status value in status update requests.
  • Tests

    • Added test coverage for status expiration date validation.

@ricardogarim ricardogarim added this to the 8.6.0 milestone Jun 23, 2026
@dionisio-bot

dionisio-bot Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

@changeset-bot

changeset-bot Bot commented Jun 23, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 5183a16

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai

coderabbitai Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b1ab3fb0-fa4b-4539-9130-34f7f42af355

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • ✅ Review completed - (🔄 Check again to review again)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jun 23, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 0% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.10%. Comparing base (87cd0e2) to head (5183a16).
⚠️ Report is 1 commits behind head on release-8.6.0.

Additional details and impacted files

Impacted file tree graph

@@                Coverage Diff                @@
##           release-8.6.0   #41048      +/-   ##
=================================================
- Coverage          70.10%   70.10%   -0.01%     
=================================================
  Files               3360     3360              
  Lines             129668   129672       +4     
  Branches           22470    22493      +23     
=================================================
+ Hits               90905    90907       +2     
+ Misses             35457    35455       -2     
- Partials            3306     3310       +4     
Flag Coverage Δ
unit 70.02% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ricardogarim ricardogarim marked this pull request as ready for review June 23, 2026 00:50
@ricardogarim ricardogarim requested a review from a team as a code owner June 23, 2026 00:50

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 4 files

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment thread ee/packages/presence/src/Presence.ts
@ricardogarim ricardogarim added the stat: QA assured Means it has been tested and approved by a company insider label Jun 23, 2026
@dionisio-bot dionisio-bot Bot added the stat: ready to merge PR tested and approved waiting for merge label Jun 23, 2026
@dionisio-bot dionisio-bot Bot merged commit e983823 into release-8.6.0 Jun 23, 2026
115 of 122 checks passed
@dionisio-bot dionisio-bot Bot deleted the fix/setstatus-expiresat-validation branch June 23, 2026 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

stat: QA assured Means it has been tested and approved by a company insider stat: ready to merge PR tested and approved waiting for merge type: bug

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants