[Bug] Admin UI web page crashed when deactivating user who is owner of at least one private group

[ankar84]

Description:

Admin UI web page crashed when deactivating user who is owner of at least one chat.
If you deactivations user that not an owner of any chat - it's OK.

Steps to reproduce:

1. Create a new user, called UserA for example
2. Login as UserA and create private group chat
3. Login as Administrator in Admin UI - Users try to Deactivate UserA
4. App crashes

Expected behavior:

Admin UI not crashed on deactivating any users

Actual behavior:

Server Setup Information:

• Version of Rocket.Chat Server: 4.6.1
• Operating System: Centos7
• Deployment Method: docker
• Number of Running Instances: 12
• DB Replicaset Oplog: Enabled
• NodeJS Version: v14.18.3
• MongoDB Version: 4.4.8

Client Setup Information

• Desktop App or Browser Version: Chrome 100
• Operating System: Windows 10

Additional context

If you deactivations user that not an owner of any chat - it's OK.
So the problem is in changing owner in chat to another user

Relevant logs:

POST https://rc.company.com/api/v1/users.setActiveStatus 400
send @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1053
ajax @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1053
d @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1493
_jqueryCall @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1493
a._jqueryCall @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1495
await in a._jqueryCall (async)
post @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1493
post @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1493
callEndpoint @ /client/providers/ServerProvider.tsx:1
(anonymous) @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1495
eval @ /client/views/admin/users/UserInfoActions.js:1
eval @ /client/views/admin/users/UserInfoActions.js:1
oc @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:5
(anonymous) @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:5
onMouseDown @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:5
Ke @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
tr @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
nr @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Zn @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Xn @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
(anonymous) @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
He @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
We @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
co @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
pt @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
dt @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
t.unstable_runWithPriority @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1122
_c @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Le @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
lt @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104 TypeError: Cannot read properties of undefined (reading 'length')
    at r (/client/components/ConfirmOwnerChangeWarningModal.tsx:1:415)
    at Ma (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:59696)
    at Rs (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:111726)
    at nf (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:98840)
    at rf (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:98768)
    at ef (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:98631)
    at Gs (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:95485)
    at 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:45604
    at t.unstable_runWithPriority (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1122:3778)
    at _c (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:45381)
Fi @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Ni.t.callback @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Lc @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
$i @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
af @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
t.unstable_runWithPriority @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1122
_c @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
cf @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Gs @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
(anonymous) @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
t.unstable_runWithPriority @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1122
_c @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
vc @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Ac @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Ls @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
ti @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
eval @ /client/views/admin/users/UserInfoActions.js:1
await in eval (async)
oc @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:5
(anonymous) @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:5
onMouseDown @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:5
Ke @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
tr @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
nr @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Zn @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Xn @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
(anonymous) @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
He @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
We @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
co @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
pt @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
dt @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
t.unstable_runWithPriority @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1122
_c @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
Le @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
lt @ 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104
/client/components/ConfirmOwnerChangeWarningModal.tsx:1 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'length')
    at r (/client/components/ConfirmOwnerChangeWarningModal.tsx:1:415)
    at Ma (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:59696)
    at Rs (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:111726)
    at nf (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:98840)
    at rf (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:98768)
    at ef (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:98631)
    at Gs (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:95485)
    at 1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:45604
    at t.unstable_runWithPriority (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1122:3778)
    at _c (1cd5dca1e2c9f2d70e8c63a6b36daf8ea031d466.js?meteor_js_resource=true:1104:45381)

[ankar84]

@debdutdeb @dudanogueira hey, guys!
That issue not critical for every single user, but it's really critical for every single Rocket.Chat Administrator.
I think it should be fixed ASAP.
There is a security risk not to deactivate user that must be deactivated.

[debdutdeb]

Is the api working? Have you checked that?

[debdutdeb]

Can't reproduce on the latest develop :/

[debdutdeb]

(self-assignment was a mistake)

[ankar84]

Is the api working? Have you checked that?

Strange I get this when try to use API on FQDN:

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

And when I try curl to instance directly I get this error:
curl: (56) Recv failure: Connection reset by peer

[debdutdeb]

Ok - can reproduce - the group needs to be private it seems.

[ankar84]

Ok - can reproduce - the group needs to be private it seems.

Updated in reproduce steps.

[ankar84]

I'm still on 4.3.3 and when I deactivate similar user I see modal about that private group and that user is owner of that group. And there is a red button - Yes, deactivate user

[debdutdeb]

@ankar84 - it is true for all groups, not just private. Sorry about that, in the first case I didn't set it as a owner but leader 🙈

[debdutdeb]

Another thing, just to make sure everyone following/coming to this thread knows, you can still deactivate a user using the API. Just the client is broken.