test: add API coverage for users.register settings flows

[jessicaschelly]

Proposed changes (including videos or screenshots)

Adds API integration test coverage for POST /api/v1/users.register settings-driven registration flows in apps/meteor/tests/end-to-end/api/users.ts.

Setting	Coverage
Accounts_RegistrationForm	Rejects registration when set to Disabled
Accounts_RegistrationForm + Accounts_RegistrationForm_SecretURL	Rejects missing/invalid secret; allows registration with valid secret
Accounts_ManuallyApproveNewUsers	Creates inactive user and persists reason
Accounts_AllowedDomainsList	Rejects disallowed domain; allows whitelisted domain
Accounts_CustomFields	Rejects empty required field; saves valid custom field values

Other changes:

• Refactors cleanup from a single user to a users[] array so all successfully registered test users are deleted in after
• Saves and restores settings in beforeEach/afterEach to avoid polluting other tests

Issue(s)

QA-116

Steps to test or reproduce

Further comments

Known limitation — custom field rejection error format: The empty required custom field test currently asserts error-invalid-body (with the underlying error-user-registration-custom-field nested in body.error). This is because users.register passes the raw Meteor.Error to API.v1.failure(e), producing a response that fails schema validation in test mode. A TODO is left to assert error-user-registration-custom-field directly once the endpoint formats the error consistently with users.create.

Summary by CodeRabbit

• Tests
  • Expanded end-to-end coverage for user registration: disabled signups, secret-URL restricted flows, manual approval (including stored reason), allowed-email-domain enforcement, and custom field validation/persistence.
  • Improved test cleanup to remove all created users after the suite and standardized password usage across registration tests.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: e297a18

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This PR expands e2e tests for /users.register, refactors suite cleanup to track and bulk-delete all created users, standardizes the shared password variable across tests, and adds nested test groups covering registration settings (disabled, secret-URL, manual approval, allowed domains, custom fields).

Changes

Users registration e2e tests

Layer / File(s)	Summary
Cleanup refactor and existing test updates apps/meteor/tests/end-to-end/api/users.ts	Introduce a shared users array for created registrations, update the successful registration test to push created users, and standardize the password variable across existing tests for consistency.
New registration scenario tests apps/meteor/tests/end-to-end/api/users.ts	Add nested tests validating registration under varied settings: Accounts_RegistrationForm disabled, secret-URL-restricted registration (missing/invalid/valid secret), Accounts_ManuallyApproveNewUsers (inactive user and persisted reason), Accounts_AllowedDomainsList enforcement, and Accounts_CustomFields validation and persistence.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

type: chore

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'test: add API coverage for users.register settings flows' accurately describes the main change—adding comprehensive end-to-end API tests for the /users.register endpoint across various account registration settings configurations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.74%. Comparing base (0ef1002) to head (e297a18).

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #40754      +/-   ##
===========================================
- Coverage    69.76%   69.74%   -0.03%     
===========================================
  Files         3327     3327              
  Lines       123134   123134              
  Branches     21987    21964      -23     
===========================================
- Hits         85904    85875      -29     
- Misses       33869    33907      +38     
+ Partials      3361     3352       -9     

Flag	Coverage Δ
e2e	59.37% <ø> (+0.05%)	⬆️
e2e-api	46.17% <ø> (-0.82%)	⬇️
unit	70.43% <ø> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cubic-dev-ai]

No issues found across 1 file

_{Re-trigger cubic}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/meteor/tests/end-to-end/api/users.ts (1)

1197-1199: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Known limitation: endpoint error formatting inconsistency.

The TODO comment and workaround assertion indicate that the endpoint currently wraps the custom field validation error inside an error-invalid-body response instead of returning it directly. While this is documented in the PR objectives as a known limitation, this test pattern has a maintenance concern: when the endpoint is fixed to return error-user-registration-custom-field directly, this test will continue passing with the old assertion and won't catch the improvement.

Consider opening a follow-up issue to track the endpoint error formatting fix, and update this test assertion once that's resolved.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/meteor/tests/end-to-end/api/users.ts` around lines 1197 - 1199, Create a
follow-up issue to track fixing the endpoint error formatting and then update
the test where the TODO and workaround exist: remove the TODO and the current
nested assertion that checks for errorType 'error-invalid-body' and the nested
'body.error' value, and replace it with a direct assertion that
res.body.errorType (or res.body.error) equals
'error-user-registration-custom-field' so the test will fail once the endpoint
returns the correct error shape; reference the existing expect lines in this
test to locate and change the assertions.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@apps/meteor/tests/end-to-end/api/users.ts`:
- Around line 1197-1199: Create a follow-up issue to track fixing the endpoint
error formatting and then update the test where the TODO and workaround exist:
remove the TODO and the current nested assertion that checks for errorType
'error-invalid-body' and the nested 'body.error' value, and replace it with a
direct assertion that res.body.errorType (or res.body.error) equals
'error-user-registration-custom-field' so the test will fail once the endpoint
returns the correct error shape; reference the existing expect lines in this
test to locate and change the assertions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3eab151a-07f3-4dcf-8fe2-7fa5aeb81ce5

📥 Commits

Reviewing files that changed from the base of the PR and between e64d98c and e297a18.

📒 Files selected for processing (1)

• apps/meteor/tests/end-to-end/api/users.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: 📦 Build Packages
• GitHub Check: cubic · AI code reviewer
• GitHub Check: CodeQL-Build
• GitHub Check: Hacktron Security Check
• GitHub Check: CodeQL-Build

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/tests/end-to-end/api/users.ts

🧠 Learnings (3)

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In the Rocket.Chat repository, do not reference Biome lint rules in code review feedback. Biome is not used even if biome.json exists; only reference Biome rules if there is explicit, project-wide usage documented. For TypeScript files, review lint implications without Biome guidance unless the project enables Biome rules.

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In this repository (RocketChat/Rocket.Chat), Biome lint rules are not used even if a biome.json exists. When reviewing TypeScript files (e.g., packages/ui-voip/src/providers/useMediaSession.ts), ensure lint suggestions do not reference Biome-specific rules. Rely on general ESLint/TypeScript lint rules and project conventions instead.

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2026-05-06T12:21:44.083Z

Learnt from: juliajforesti
Repo: RocketChat/Rocket.Chat PR: 40256
File: apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx:121-149
Timestamp: 2026-05-06T12:21:44.083Z
Learning: Field wrappers in rocket.chat/fuselage-forms (Field, FieldLabel, FieldRow, FieldError, FieldHint) auto-create htmlFor/id associations, aria-describedby, and role="alert" for errors. Do not manually set htmlFor, id, aria-describedby, or role attributes when using these wrappers. This automatic wiring does not apply to plain rocket.chat/fuselage components, which require explicit ID wiring per the accessibility docs. In code reviews, prefer using fuselage-forms wrappers for form fields and verify there is no unnecessary manual ID/aria wiring in files that use these wrappers. If a component uses plain fuselage components, ensure proper id wiring as per docs.

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

🔇 Additional comments (6)

apps/meteor/tests/end-to-end/api/users.ts (6)

836-840: LGTM!

---

849-849: LGTM!

Also applies to: 870-870, 888-888, 905-905, 924-924

---

935-970: LGTM!

---

972-1063: LGTM!

---

1065-1104: LGTM!

---

1106-1164: LGTM!