The integration failed to send a message to "#channel" because user "rocket.cat" doesn't have permission or is not a member of the channel

[florian-bellencontre]

Description:

Last night I updated my server to the latest version (3.4.2) and I now have a message in my logs telling me that the user "rocket.cat" (bot) can't send messages sometimes.

Steps to reproduce:

I can't reproduce the problem when I do a curl on the API manually I don't get an error message that appears.

Expected behavior:

Do not have WARNING in the logs.

Actual behavior:

Command sent by my monitoring system to RocketChat:

curl -X POST --data-urlencode "payload={\"username\":\"Zabbix\",\"text\":\":x: *More than 99% used on dataset test/torture on srv-63*\"}" https://chat.cosium.com/hooks/XXXXXXXXXXX

Log of my monitoring system telling me that it sent this message:

2020-07-22 14:52:08 | XXXXXXXXXXX | :x: *More than 99% used on zpool test on srv-63*

Error from the RocketChat server telling me that it can't send the message because it doesn't have the rights:

Jul 22 14:52:08 rocketchat rocketchat[3662]: Warning: The integration "sysnet-test" failed to send a message to "#sysnet-test" because user "rocket.cat" doesn't have permission or is not a member of the channel.

The alert is sent in the channel on RocketChat:

Zabbix @rocket.cat Bot 2:52 PM
❌ More than 99% used on dataset test/torture on srv-63

I don't understand why he's telling me he can't send it if he's sending it anyway. As I said before, it is impossible to reproduce the problem manually and it happens randomly on some messages.

Server Setup Information:

• Version of Rocket.Chat Server: 3.4.2
• Operating System:
• Deployment Method: manual
• Number of Running Instances: 1
• DB Replicaset Oplog: Enabled
• NodeJS Version: 12.18.2
• MongoDB Version: 3.6.16

Relevant logs:

Jul 22 14:52:08 rocketchat rocketchat[3662]: Warning: The integration "sysnet-test" failed to send a message to "#sysnet-test" because user "rocket.cat" doesn't have permission or is not a member of the channel.
Jul 22 14:52:08 rocketchat rocketchat[3662]: This behavior is deprecated and starting from version v4.0.0 the following error will be thrown and the message will not be sent.
Jul 22 14:52:08 rocketchat rocketchat[3662]: Error: error-not-allowed
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at app/authorization/server/functions/canSendMessage.js:19:9
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at /home/rocket/3.4.2/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40
Jul 22 14:52:08 rocketchat rocketchat[3662]:  => awaited here:
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at Function.Promise.await (/home/rocket/3.4.2/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:56:12)
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at validateRoomMessagePermissions (app/authorization/server/functions/canSendMessage.js:48:101)
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at processWebhookMessage (app/lib/server/functions/processWebhookMessage.js:90:4)
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at Object.executeIntegrationRest (app/integrations/server/api/api.js:250:19)
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at app/api/server/api.js:388:82
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at Object._internalRouteActionHandler [as action] (app/api/server/api.js:388:39)
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at packages/nimble_restivus/lib/route.coffee:59:33
Jul 22 14:52:08 rocketchat rocketchat[3662]:     at packages/simple_json-routes.js:98:9

[sampaiodiego]

I see how the message can be confusing.. that was introduced at https://github.com/RocketChat/Rocket.Chat/pull/18024/ and the idea was to keep it working but showing a message saying the integration will fail if a user that is not member of that room in the near future. the warning shows every 1 hour only (that's why you think it shows randomly).

we could change the warning message making it more clear that the message was actually sent (instead of saying it failed to send)

[florian-bellencontre]

Indeed I think that the message is not very clear and that it needs to be changed. Thanks for the information I added the user to the right channels.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[klesher]

Is there a proper permission that we can provide to the rocket.cat user or bot role to allow it to send to all channels?
I'm not seeing anything obvious.

I've added rocket.cat to our critical channels to avoid this, but would rather accomplish this through a permissions change so we don't have to join rocket.cat to any channel we want to send a webhook to.

[fbreckle]

Are there any news on this?

[dudanogueira]

This is the default/expected behavior on new versions.

A message can only be sent to a channel if the user is on that channel.

[cs35-owncloud]

Hello,

I understand the purpose behind this restriction, but would it be possible to add a new permission autojoin to some specific bot ? This way, integrations with impersonate as Rocket.cat (or whatever the name of the bot) and the aujotoin permission would work ? In direct messages it's impossible to have one single integration with a specific script. Thanks.

[dudanogueira]

That can be evaluated, but it should no longer be considered a bug, rather a Feature Request

Also, I don't understand the part about direct messages, I can set up incoming or outcomming webhooks that work accordingly at direct too.

[cs35-owncloud]

Hello,

thanks for your answer.

Here's my outgoing webhook settings:

I need it to work in any room, channel, direct message as it used to.

If I try to call the webhook in a direct message I get this error message:

{"level":50,"time":"2022-04-28T06:50:09.188Z","pid":8,"hostname":"34b1df99a4a8","name":"Integrations","section":"Outgoing WebHook","err":{"type":"Error","message":"error-not-allowed","stack":"Error: error-not-allowed\n    at app/authorization/server/functions/canSendMessage.js:20:9\n    at /app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40\n => awaited here:\n    at Function.Promise.await (/app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:56:12)\n    at validateRoomMessagePermissions (app/authorization/server/functions/canSendMessage.js:51:10)\n    at processWebhookMessage (app/lib/server/functions/processWebhookMessage.js:103:3)\n    at RocketChatIntegrationHandler.sendMessage (app/integrations/server/lib/triggerHandler.js:228:13)\n    at app/integrations/server/lib/triggerHandler.js:825:34\n    at /app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40"},"msg":"error-not-allowed"}

I tried to disable Impersonate User but I stumbled on the same error.

I can only get it working in channels where the rocket.cat bot is. Obviously it's a hassle to add it on every chan and to explain the users how to do it. Maybe I have to change the settings of the integration, do you know what would be the correct settings ? Thanks.