fix: login device email undefined values

[MartinSchoeler]

Proposed changes (including videos or screenshots)

Fixes the issue of undefined values in the login detections emails

Before:

After:

Issue(s)

CORE-1188

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Bug Fixes

  • Login Detection emails now reliably include device/browser information, preventing “undefined” user agent values and improving accuracy across environments.

• Chores

  • Added a changeset entry to publish a patch release for this fix.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: ead7012

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 39 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/license	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.59%. Comparing base (0786c86) to head (ead7012).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #36880      +/-   ##
===========================================
+ Coverage    66.57%   66.59%   +0.01%     
===========================================
  Files         3346     3348       +2     
  Lines       114645   114626      -19     
  Branches     21085    21307     +222     
===========================================
+ Hits         76329    76333       +4     
+ Misses       35625    35608      -17     
+ Partials      2691     2685       -6     

Flag	Coverage Δ
e2e	57.78% <ø> (-0.01%)	⬇️
unit	71.24% <ø> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Not sure about it, checking with Martin

[coderabbitai]

Walkthrough

Updates session handling to read the User-Agent via a Headers interface and always pass a string to the UA parser. Adds a changeset entry for a patch release documenting a fix for Login Detection emails where User-Agent had been undefined.

Changes

Cohort / File(s)	Summary
Changeset metadata \.changeset/thin-parents-beam.md	Adds patch release note for @rocket.chat/meteor: fixes Login Detection emails where user-agent was undefined. No API changes.
Session UA parsing adjustment apps/meteor/ee/server/lib/deviceManagement/session.ts	Import Headers from node-fetch; extract user-agent via (connection.httpHeaders as unknown as Headers).get('user-agent'); pass safe string to uaParser. Logic for subsequent email sending unchanged.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Client
  participant DDP as DDP Connection
  participant Session as Session Handler
  participant H as Headers
  participant UA as UA Parser
  participant Mail as Email Service

  User->>Client: Login
  Client->>DDP: Establish connection (HTTP headers)
  DDP->>Session: onLoginDetected(connection)
  Session->>H: Get "user-agent"
  H-->>Session: userAgentString | empty string
  Session->>UA: parse(userAgentString)
  UA-->>Session: device/browser info
  Session->>Mail: Compose & send Login Detection email
  Mail-->>User: Email delivered
  note over Session,UA: Changed: guarded header access and guaranteed string to parser

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A whisk of whiskers, hop and peek,
We parsed the headers, neat and sleek.
No more “undefined” at night—
The login notes now read just right.
Thump-thump! I sign this patch with glee,
A bunny’s fix for UA spree. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "fix: login device email undefined values" directly describes the primary change in the PR—removing or preventing "undefined" values in login detection/device emails—so it is concise, relevant, and easily understood by reviewers scanning history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/detection-email

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.changeset/thin-parents-beam.md (1)

5-5: Polish the release note for clarity and searchability.

Consider explicitly naming the HTTP header and removing ambiguity: e.g., ‘Fix login detection emails showing "undefined" when the User-Agent header is missing or unparsable (CORE-1188).’

apps/meteor/ee/server/lib/deviceManagement/session.ts (2)

106-107: Reuse the normalized UA string to populate mailData.userAgent.

For consistency and to avoid case/key-path drift, set mailData.userAgent = userAgentString; here instead of re-reading headers.

Replace:

• mailData.userAgent = connection.httpHeaders['user-agent'] || '';

With:

• mailData.userAgent = userAgentString;

---

75-85: Optional: prevent "undefined" text in email fields.

Interpolations like ${browser.name} ${browser.version} and ${os.name} can yield "undefined" strings. Consider safe joins and fallbacks (e.g., t('Unknown')) to guarantee clean output.

Example:

const joinDefined = (...parts: Array<string | undefined>): string => parts.filter(Boolean).join(' ').trim();

const mailData = {
  // ...
  browserInfo: joinDefined(browser.name, browser.version) || t('Unknown'),
  osInfo: os.name || t('Unknown'),
  deviceInfo: joinDefined(device.type || t('Device_Management_Device_Unknown'), device.vendor, device.model, cpu.architecture),
  // ...
};

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 84df8b6 and a7a7a28.

📒 Files selected for processing (2)

• .changeset/thin-parents-beam.md (1 hunks)
• apps/meteor/ee/server/lib/deviceManagement/session.ts (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: 🔨 Test Unit / Unit Tests
• GitHub Check: 🔎 Code Check / Code Lint
• GitHub Check: 🔎 Code Check / TypeScript
• GitHub Check: 🔨 Test Storybook / Test Storybook
• GitHub Check: 📦 Meteor Build - coverage
• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (1)

apps/meteor/ee/server/lib/deviceManagement/session.ts (1)

6-6: Remove the type-only import of Headers from node-fetch.

tsconfig (apps/meteor/tsconfig.json) already includes the DOM lib, so the global Headers type is available — importing from node-fetch is unnecessary and couples this file to node-fetch typings. Remove the import.

Apply this diff:

-import type { Headers } from 'node-fetch';