regression: validate the subscription status on unban (RocketChat#40237)

Author: sampaiodiego

apps/meteor/app/lib/server/functions/executeUnbanUserFromRoom.ts

@@ -1,5 +1,5 @@
 import { Message } from '@rocket.chat/core-services';
-import { isBannedSubscription, type IUser } from '@rocket.chat/core-typings';
+import { isBannedSubscription, isInviteSubscription, type IUser } from '@rocket.chat/core-typings';
 import { Rooms, Subscriptions, Users } from '@rocket.chat/models';
 
 import { afterUnbanFromRoomCallback } from '../../../../server/lib/callbacks/afterUnbanFromRoomCallback';
@@ -20,17 +20,22 @@ export const executeUnbanUserFromRoom = async function (rid: string, user: IUser
 		throw new Error('error-invalid-subscription');
 	}
 
-	// if the subscription is not banned anymore it means we received an invite and then updated the status.
-	// after the invite was accepted we receive a leave event (meaning the user was unbanned), so at this point
-	// we just need send the message to say the user was unbanned.
-	if (!isBannedSubscription(subscription)) {
+	// if the subscription is an invite it means we were unbanned and then invited again, then
+	// the invite was accepted and we receive a leave event (meaning the user was unbanned), so
+	// at this point we just need send the message to say the user was unbanned.
+	if (isInviteSubscription(subscription)) {
 		await Message.saveSystemMessage('user-unbanned', rid, user.username, user, {
 			u: { _id: byUser._id, username: byUser.username },
 		});
 
 		return;
 	}
 
+	// if the subscription exists and is not an invite and not banned
+	if (!isBannedSubscription(subscription)) {
+		throw new Error('error-user-not-banned');
+	}
+
 	// Remove the subscription entirely — the user is no longer banned but also not a member.
 	// Room count and __rooms were already adjusted during ban, so we only delete the document.
 	await Subscriptions.removeById(subscription._id);