Closed grahamsmith closed 4 years ago
This issue was closed because it does not use any of our issue templates. Please make sure to use one of the suggested templates.
some bug in template identification?
This issue was closed because it does not use any of our issue templates. Please make sure to use one of the suggested templates.
Attempt #2.
This issue was closed because it does not use any of our issue templates. Please make sure to use one of the suggested templates.
Description:
When a user logs out of Rocket Chat, a message is sent upstream via the web socket that includes the entire User object payload. After investigation, all current listeners do not take the user object and ignore it.
For security based installations of Rocket Chat the amount of data is hard to inspect and validate.
Steps to reproduce:
Expected behaviour:
The user object is not required in this call.
Actual behavior:
https://github.com/RocketChat/Rocket.Chat/blob/d53e264b83ccc971236123853e4b68c9eb6beeb4/server/methods/logoutCleanUp.js
app/ui-utils/client/lib/RoomManager.js
callbacks.add('afterLogoutCleanUp', () => RoomManager.closeAllRooms()
app/ui-master/client/main.js
callbacks.add('afterLogoutCleanUp', () => customScriptsOnLogout()
app/ui-utils/client/lib/popout.js
callbacks.add('afterLogoutCleanUp', () => popout.close(), callbacks.priority.MEDIUM, 'popout-close-after-logout-cleanup');
app/ui/client/lib/iframeCommands.js
Notice here how
callbacks.run('afterLogoutCleanUp', user);
is called butMeteor.call('logoutCleanUp', user);
calls the same function internally too.Server Setup Information:
Client Setup Information
Additional context
N/A
Relevant logs:
N/A