Parameter Checks (#4147)

* add checks in the methods for checking if the data received in the parameters are in their correct type

* Put the checks in the start of the method and fixed some indentation

* no message

* no message

* no message

* no message

* no message

* no message

* no message

packages/rocketchat-lib/server/methods/addOAuthService.coffee

@@ -1,5 +1,8 @@
 Meteor.methods
 	addOAuthService: (name) ->
+
+		check name, String
+
 		if not Meteor.userId()
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'addOAuthService' })
 

packages/rocketchat-lib/server/methods/checkRegistrationSecretURL.coffee

@@ -1,3 +1,6 @@
 Meteor.methods
 	checkRegistrationSecretURL: (hash) ->
+
+		check hash, String
+
 		return hash is RocketChat.settings.get 'Accounts_RegistrationForm_SecretURL'

packages/rocketchat-lib/server/methods/deleteUserOwnAccount.js

@@ -1,5 +1,8 @@
 Meteor.methods({
 	deleteUserOwnAccount: function(password) {
+
+		check(password, String);
+
 		if (!Meteor.userId()) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'deleteUserOwnAccount' });
 		}

packages/rocketchat-lib/server/methods/filterATAllTag.js

@@ -1,5 +1,4 @@
 RocketChat.callbacks.add('beforeSaveMessage', function(message) {
-
 	// Test if the message mentions include @all.
 	if (message.mentions != null &&
 		_.pluck(message.mentions, '_id').some((item) => item === 'all')) {

packages/rocketchat-lib/server/methods/getRoomRoles.js

@@ -1,5 +1,8 @@
 Meteor.methods({
 	getRoomRoles(rid) {
+
+		check(rid, String);
+
 		if (!Meteor.userId()) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'getRoomRoles' });
 		}

packages/rocketchat-lib/server/methods/getUserRoles.js

@@ -1,5 +1,6 @@
 Meteor.methods({
 	getUserRoles() {
+
 		if (!Meteor.userId()) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'getUserRoles' });
 		}

packages/rocketchat-lib/server/methods/insertOrUpdateUser.coffee

@@ -1,5 +1,8 @@
 Meteor.methods
 	insertOrUpdateUser: (userData) ->
+
+		check userData, Object
+
 		if not Meteor.userId()
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'insertOrUpdateUser' })
 

packages/rocketchat-lib/server/methods/joinDefaultChannels.coffee

@@ -1,5 +1,8 @@
 Meteor.methods
 	joinDefaultChannels: (silenced) ->
+
+		check silenced, Match.Optional(Boolean)
+
 		if not Meteor.userId()
 			throw new Meteor.Error('error-invalid-user', "Invalid user", { method: 'joinDefaultChannels' })
 

packages/rocketchat-lib/server/methods/removeOAuthService.coffee

@@ -1,5 +1,8 @@
 Meteor.methods
 	removeOAuthService: (name) ->
+
+		check name, String
+
 		if not Meteor.userId()
 			throw new Meteor.Error('error-invalid-user', "Invalid user", { method: 'removeOAuthService' })
 

packages/rocketchat-lib/server/methods/robotMethods.coffee

@@ -1,5 +1,9 @@
 Meteor.methods
 	'robot.modelCall': (model, method, args) ->
+
+		check model, String
+		check method, String
+
 		unless Meteor.userId()
 			throw new Meteor.Error 'error-invalid-user', 'Invalid user', { method: 'robot.modelCall' }
 

packages/rocketchat-lib/server/methods/saveSetting.coffee

@@ -1,5 +1,9 @@
 Meteor.methods
 	saveSetting: (_id, value) ->
+
+		check _id, String
+		check value, String
+
 		if Meteor.userId()?
 			user = Meteor.users.findOne Meteor.userId()
 

packages/rocketchat-lib/server/methods/sendInvitationEmail.coffee

@@ -1,5 +1,8 @@
 Meteor.methods
 	sendInvitationEmail: (emails) ->
+
+		check emails, [String]
+
 		if not Meteor.userId()
 			throw new Meteor.Error 'error-invalid-user', "Invalid user", { method: 'sendInvitationEmail' }
 

packages/rocketchat-lib/server/methods/sendMessage.coffee

@@ -1,6 +1,8 @@
 Meteor.methods
 	sendMessage: (message) ->
 
+		check message, Object
+
 		if message.ts
 			tsDiff = Math.abs(moment(message.ts).diff())
 			if tsDiff > 60000

packages/rocketchat-lib/server/methods/setAdminStatus.coffee

@@ -1,5 +1,9 @@
 Meteor.methods
 	setAdminStatus: (userId, admin) ->
+
+		check userId, String
+		check admin, Match.Optional(Boolean)
+
 		if not Meteor.userId()
 			throw new Meteor.Error 'error-invalid-user', "Invalid user", { method: 'setAdminStatus' }
 

packages/rocketchat-lib/server/methods/setEmail.js

@@ -1,5 +1,8 @@
 Meteor.methods({
 	setEmail: function(email) {
+
+		check (email, String);
+
 		if (!Meteor.userId()) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'setEmail' });
 		}

packages/rocketchat-lib/server/methods/setRealName.coffee

@@ -1,5 +1,8 @@
 Meteor.methods
 	setRealName: (name) ->
+
+		check name, String
+
 		if not Meteor.userId()
 			throw new Meteor.Error('error-invalid-user', "Invalid user", { method: 'setRealName' })
 

packages/rocketchat-lib/server/methods/setUsername.coffee

@@ -1,5 +1,8 @@
 Meteor.methods
 	setUsername: (username) ->
+
+		check username, String
+
 		if not Meteor.userId()
 			throw new Meteor.Error('error-invalid-user', "Invalid user", { method: 'setUsername' })