RocketChat · abhinavkrin · Oct 5, 2024
diff --git a/.changeset/fair-bees-wash.md b/.changeset/fair-bees-wash.md
@@ -0,0 +1,6 @@
+---
+'@rocket.chat/rest-typings': major
+'@rocket.chat/meteor': major
+---
+
+Removed deprecated endpoint `pw.getPolicyReset`. Moving forward, use the `pw.getPolicy` endpoint.
diff --git a/apps/meteor/app/api/server/v1/misc.ts b/apps/meteor/app/api/server/v1/misc.ts
@@ -10,7 +10,6 @@ import {
 	isMethodCallAnonProps,
 	isFingerprintProps,
 	isMeteorCall,
-	validateParamsPwGetPolicyRest,
 } from '@rocket.chat/rest-typings';
 import { escapeHTML } from '@rocket.chat/string-helpers';
 import EJSON from 'ejson';
@@ -408,36 +407,6 @@ API.v1.addRoute(
 	},
 );
 
-API.v1.addRoute(
-	'pw.getPolicyReset',
-	{
-		authRequired: false,
-		validateParams: validateParamsPwGetPolicyRest,
-		deprecation: {
-			version: '7.0.0',
-			alternatives: ['pw.getPolicy'],
-		},
-	},
-	{
-		async get() {
-			check(
-				this.queryParams,
-				Match.ObjectIncluding({
-					token: String,
-				}),
-			);
-			const { token } = this.queryParams;
-
-			const user = await Users.findOneByResetToken(token, { projection: { _id: 1 } });
-			if (!user) {
-				return API.v1.unauthorized();
-			}
-
-			return API.v1.success(passwordPolicy.getPasswordPolicy());
-		},
-	},
-);
-
 /**
  * @openapi
  *  /api/v1/stdout.queue:

@@ -662,49 +662,6 @@ describe('miscellaneous', () => {
 		});
 	});
 
-	describe('/pw.getPolicyReset', () => {
-		it('should fail if no token provided', (done) => {
-			void request
-				.get(api('pw.getPolicyReset'))
-				.expect('Content-Type', 'application/json')
-				.expect(400)
-				.expect((res) => {
-					expect(res.body).to.have.property('success', false);
-					expect(res.body).to.have.property('errorType', 'invalid-params');
-				})
-				.end(done);
-		});
-
-		it('should fail if no token is invalid format', (done) => {
-			void request
-				.get(api('pw.getPolicyReset'))
-				.query({ token: '123' })
-				.expect('Content-Type', 'application/json')
-				.expect(403)
-				.expect((res) => {
-					expect(res.body).to.have.property('success', false);
-					expect(res.body).to.have.property('error', 'unauthorized');
-				})
-				.end(done);
-		});
-
-		// not sure we have a way to get the reset token, looks like it is only sent via email by Meteor
-		it.skip('should return policies if correct token is provided', (done) => {
-			void request
-				.get(api('pw.getPolicyReset'))
-				.query({ token: '' })
-				.set(credentials)
-				.expect('Content-Type', 'application/json')
-				.expect(403)
-				.expect((res) => {
-					expect(res.body).to.have.property('success', true);
-					expect(res.body).to.have.property('enabled');
-					expect(res.body).to.have.property('policy').and.to.be.an('array');
-				})
-				.end(done);
-		});
-	});
-
 	describe('[/stdout.queue]', () => {
 		let testUser: TestUser<IUser>;
 		let testUsername: string;

@@ -180,21 +180,6 @@ const FingerprintSchema = {
 
 export const isFingerprintProps = ajv.compile<Fingerprint>(FingerprintSchema);
 
-type PwGetPolicyReset = { token: string };
-
-const PwGetPolicyResetSchema = {
-	type: 'object',
-	properties: {
-		token: {
-			type: 'string',
-		},
-	},
-	required: ['token'],
-	additionalProperties: false,
-};
-
-export const validateParamsPwGetPolicyRest = ajv.compile<PwGetPolicyReset>(PwGetPolicyResetSchema);
-
 export type MiscEndpoints = {
 	'/v1/stdout.queue': {
 		GET: () => {
@@ -226,13 +211,6 @@ export type MiscEndpoints = {
 		};
 	};
 
-	'/v1/pw.getPolicyReset': {
-		GET: (params: PwGetPolicyReset) => {
-			enabled: boolean;
-			policy: [name: string, options?: Record<string, unknown>][];
-		};
-	};
-
 	'/v1/method.call/:method': {
 		POST: (params: { message: string }) => {
 			message: string;