fix(apps-engine): use typeof check for undefined in areRequiredSettingsSet by smirk-dev · Pull Request #39334 · RocketChat/Rocket.Chat

smirk-dev · 2026-03-04T16:43:39Z

Changes

Fix a logic bug in AppManager.areRequiredSettingsSet() where required app settings were never properly validated.

Root Cause

In packages/apps-engine/src/server/AppManager.ts (line 1121), the comparison checks against the string literal "undefined" instead of checking for the actual undefined JavaScript primitive.

When sett.value is undefined (the JS primitive), the expression evaluates incorrectly, causing the code to skip the setting — treating it as "already configured" when it is not.

This means required app settings are never enforced, allowing apps to be enabled with missing required configuration.

Fix

Changed from direct string comparison to typeof check, which correctly detects when values are actually unset.

Testing

The fix is a straightforward type-check correction
No existing tests cover this function
The fix ensures apps with missing required settings are properly blocked from enabling

Summary by CodeRabbit

Bug Fixes
- Corrected required app settings validation so undefined, null, and empty values are treated as unset, preventing apps with missing required settings from being enabled.
Tests
- Added unit tests covering various required-setting scenarios (present, missing, null, empty, package-provided).
Documentation
- Added a changelog entry describing the fix.

…gsSet The validation for required app settings was comparing against the string literal 'undefined' instead of checking for the actual undefined type. This meant that when sett.value was the JS primitive undefined, the comparison (undefined !== 'undefined') evaluated to true, causing the code to incorrectly treat unset required settings as already configured. Changed from: sett.value !== 'undefined' To: typeof sett.value !== 'undefined' This ensures apps cannot be enabled when required settings are missing.

dionisio-bot · 2026-03-04T16:43:44Z

Looks like this PR is not ready to merge, because of the following issues:

This PR is missing the 'stat: QA assured' label
This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

changeset-bot · 2026-03-04T16:43:46Z

🦋 Changeset detected

Latest commit: 9406775

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 42 packages

Name	Type
@rocket.chat/apps-engine	Patch
@rocket.chat/meteor	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/api-client	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/abac	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch
@rocket.chat/server-fetch	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

coderabbitai · 2026-03-04T16:44:19Z

Walkthrough

Fixed required-settings validation in AppManager: replaced a string-literal comparison against "undefined" with a robust isValueSet check that treats undefined, null, and "" as unset; added unit tests and a changelog entry.

Changes

Cohort / File(s)	Summary
AppManager logic `packages/apps-engine/src/server/AppManager.ts`	Introduced `isValueSet` helper and replaced prior `"undefined"` string comparison with robust checks that treat `undefined`, `null`, and empty string as unset when evaluating required settings.
Tests `packages/apps-engine/tests/server/AppManager.spec.ts`	Added multiple unit tests covering scenarios for required settings (missing values, package values, null, empty string, combinations) exercising `areRequiredSettingsSet`.
Changelog `.changeset/fix-apps-engine-required-settings-check.md`	Added changelog entry describing the bug fix to required-settings validation and the change in behavior for null/empty values.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main fix: replacing a flawed string comparison check with a proper typeof check for undefined in areRequiredSettingsSet.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

cubic-dev-ai

No issues found across 2 files

…SettingsSet The previous fix (typeof check) correctly caught the string-literal 'undefined' comparison bug, but areRequiredSettingsSet still had two remaining bypasses: 1. null — typeof null === 'object', not 'undefined', so a packageValue of null passed the check and the setting was incorrectly treated as configured. 2. "" (empty string) — typeof '' === 'string', not 'undefined', so an empty string value also passed, again treating an unset setting as configured. The docstring explicitly states "not empty" is required for a value to count as set, but the implementation did not enforce this. Introduces a strict isValueSet guard (v !== undefined && v !== null && v !== '') and updates the test suite with 7 new cases covering the undefined, null, empty string, real value, and packageValue combinations.

coderabbitai

🧹 Nitpick comments (1)

packages/apps-engine/tests/server/AppManager.spec.ts (1)

299-388: Consider adding explicit tests for valid falsy values (false and 0).

Right now, the suite verifies unset values well, but it doesn’t lock in that false/0 are still considered “set” (which the current guard intends).

Proposed test additions

+	`@Test`('areRequiredSettingsSet - returns true when required setting value is false')
+	public areRequiredSettingsSetBooleanFalseValue() {
+		const manager = new AppManager({
+			metadataStorage: this.testingInfastructure.getAppStorage(),
+			logStorage: this.testingInfastructure.getLogStorage(),
+			bridges: this.testingInfastructure.getAppBridges(),
+			sourceStorage: this.testingInfastructure.getSourceStorage(),
+		});
+
+		const storageItem = TestData.getAppStorageItem({
+			settings: {
+				requiredSetting: { id: 'requiredSetting', type: 0, required: true, packageValue: undefined, value: false } as any,
+			},
+		});
+
+		Expect((manager as any).areRequiredSettingsSet(storageItem)).toBe(true);
+	}
+
+	`@Test`('areRequiredSettingsSet - returns true when required setting value is 0')
+	public areRequiredSettingsSetZeroValue() {
+		const manager = new AppManager({
+			metadataStorage: this.testingInfastructure.getAppStorage(),
+			logStorage: this.testingInfastructure.getLogStorage(),
+			bridges: this.testingInfastructure.getAppBridges(),
+			sourceStorage: this.testingInfastructure.getSourceStorage(),
+		});
+
+		const storageItem = TestData.getAppStorageItem({
+			settings: {
+				requiredSetting: { id: 'requiredSetting', type: 0, required: true, packageValue: undefined, value: 0 } as any,
+			},
+		});
+
+		Expect((manager as any).areRequiredSettingsSet(storageItem)).toBe(true);
+	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/apps-engine/tests/server/AppManager.spec.ts` around lines 299 - 388,
Add explicit tests asserting that falsy-but-valid values are treated as "set" by
areRequiredSettingsSet: create two new tests in AppManager.spec.ts that
instantiate AppManager and build storageItem via TestData.getAppStorageItem with
a requiredSetting (id 'requiredSetting') whose value is false (and another with
value 0), and also variants where packageValue is false/0 and value is
undefined/null; then Expect((manager as
any).areRequiredSettingsSet(storageItem)).toBe(true) for each case to ensure
false and 0 are considered valid set values.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/apps-engine/tests/server/AppManager.spec.ts`:
- Around line 299-388: Add explicit tests asserting that falsy-but-valid values
are treated as "set" by areRequiredSettingsSet: create two new tests in
AppManager.spec.ts that instantiate AppManager and build storageItem via
TestData.getAppStorageItem with a requiredSetting (id 'requiredSetting') whose
value is false (and another with value 0), and also variants where packageValue
is false/0 and value is undefined/null; then Expect((manager as
any).areRequiredSettingsSet(storageItem)).toBe(true) for each case to ensure
false and 0 are considered valid set values.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e9d08082-9a27-4028-b7c8-a4ad20d86004

📥 Commits

Reviewing files that changed from the base of the PR and between 1c6b4dd and 9406775.

📒 Files selected for processing (3)

.changeset/fix-apps-engine-required-settings-check.md
packages/apps-engine/src/server/AppManager.ts
packages/apps-engine/tests/server/AppManager.spec.ts

🚧 Files skipped from review as they are similar to previous changes (1)

packages/apps-engine/src/server/AppManager.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

GitHub Check: cubic · AI code reviewer

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

packages/apps-engine/tests/server/AppManager.spec.ts

**/*.spec.ts

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.spec.ts: Use descriptive test names that clearly communicate expected behavior in Playwright tests
Use .spec.ts extension for test files (e.g., login.spec.ts)

Files:

packages/apps-engine/tests/server/AppManager.spec.ts

🧠 Learnings (11)

📚 Learning: 2025-10-06T20:30:45.540Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37152
File: packages/apps-engine/tests/test-data/storage/storage.ts:101-122
Timestamp: 2025-10-06T20:30:45.540Z
Learning: In `packages/apps-engine/tests/test-data/storage/storage.ts`, the stub methods (updatePartialAndReturnDocument, updateStatus, updateSetting, updateAppInfo, updateMarketplaceInfo) intentionally throw "Method not implemented." Tests using these methods must stub them using `SpyOn` from the test library rather than relying on actual implementations.

Applied to files:

packages/apps-engine/tests/server/AppManager.spec.ts