fix: add rowGap to FilterByText to fix spacing on mobile view

[adwait50]

Description

When the screen shrinks to mobile/tablet view, the filter dropdowns
in the Marketplace page wrap onto new lines but had no vertical
spacing between rows, making filters and search bar look congested.

Root Cause

FilterByText.tsx uses flexWrap='wrap' on the wrapper Box but
had no rowGap set, so wrapped rows had zero vertical spacing.

Fix

Added rowGap={4} to the wrapper Box in FilterByText.tsx.

Fixes #38613

Summary by CodeRabbit

• Bug Fixes

  • Fixed custom OAuth account creation so newly created OAuth users correctly follow the manual-approval setting.

• Style

  • Improved vertical spacing in filter inputs to enhance layout consistency.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: e524055

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cubic-dev-ai]

No issues found across 2 files

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1e9d16e2-6613-4203-a297-6d8405da5bec

📥 Commits

Reviewing files that changed from the base of the PR and between c707772 and e524055.

📒 Files selected for processing (1)

• apps/meteor/client/components/FilterByText.tsx

✅ Files skipped from review due to trivial changes (1)

• apps/meteor/client/components/FilterByText.tsx

---

Walkthrough

Added an Accounts.validateNewUser guard to set user.active when undefined using the inverse of settings.get('Accounts_ManuallyApproveNewUsers'), and adjusted FilterByText to add inline style={{ rowGap: '4px' }} to the root Box for vertical spacing.

Changes

Cohort / File(s)	Summary
OAuth user activation apps/meteor/app/custom-oauth/server/custom_oauth_server.js	Added an Accounts.validateNewUser hook that sets user.active when it is undefined, using the inverse of Accounts_ManuallyApproveNewUsers, ensuring OAuth-created users inherit the manual-approval setting.
Marketplace filter spacing apps/meteor/client/components/FilterByText.tsx	Adjusted root Box to include style={{ rowGap: '4px' }} while preserving existing flex layout and handlers to add vertical spacing between wrapped rows on narrow screens.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

type: bug

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The PR contains an additional change to custom_oauth_server.js for user account activation logic, which is unrelated to the spacing fix described in the PR objectives and linked issue #38613.	Remove the custom_oauth_server.js changes or move them to a separate PR focused on account activation logic, as they fall outside the scope of fixing Marketplace filter spacing.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the primary change: adding rowGap to FilterByText component to fix mobile view spacing.
Linked Issues check	✅ Passed	The PR addresses the main objective from issue #38613 by adding rowGap styling to FilterByText to fix vertical spacing on mobile views when filters wrap.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

apps/meteor/app/custom-oauth/server/custom_oauth_server.js (1)

474-477: Remove inline implementation comments from this block.

These comments should live in the PR description/commit message instead of implementation code.

Proposed cleanup

-			// Ensure OAuth users respect the ManuallyApproveNewUsers setting.
-			// Without this, new OAuth users are created with active: false (pending)
-			// because onCreateUserAsync only sets active if user.active is undefined,
-			// and the custom OAuth path never sets it explicitly (unlike SAML).
 			if (user.active === undefined) {
 				user.active = !settings.get('Accounts_ManuallyApproveNewUsers');
 			}

As per coding guidelines, "Avoid code comments in the implementation".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/app/custom-oauth/server/custom_oauth_server.js` around lines 474
- 477, Remove the inline implementation comments in the oauth-manual-approval
block in custom_oauth_server.js: delete the three-line explanatory comment that
mentions ManuallyApproveNewUsers, onCreateUserAsync, and SAML so implementation
code contains no developer-facing rationale; move this explanation to the PR
description/commit message instead and leave only necessary code or a minimal
one-line comment if absolutely required by style rules.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/meteor/client/components/FilterByText.tsx`:
- Line 26: The Box in the FilterByText component uses an unsupported direct prop
rowGap; update the Box JSX (the element rendering the form in FilterByText.tsx)
to remove the rowGap prop and pass it inside the style prop instead (e.g.,
style={{ rowGap: '4px' }}) while keeping mb, mi, is='form',
onSubmit={handleFormSubmit}, display, flexWrap and alignItems unchanged so the
layout behavior is preserved.

---

Nitpick comments:
In `@apps/meteor/app/custom-oauth/server/custom_oauth_server.js`:
- Around line 474-477: Remove the inline implementation comments in the
oauth-manual-approval block in custom_oauth_server.js: delete the three-line
explanatory comment that mentions ManuallyApproveNewUsers, onCreateUserAsync,
and SAML so implementation code contains no developer-facing rationale; move
this explanation to the PR description/commit message instead and leave only
necessary code or a minimal one-line comment if absolutely required by style
rules.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8b41c8ea-0890-4318-bf6c-52a3085539c6

📥 Commits

Reviewing files that changed from the base of the PR and between 4235cd9 and c707772.

📒 Files selected for processing (2)

• apps/meteor/app/custom-oauth/server/custom_oauth_server.js
• apps/meteor/client/components/FilterByText.tsx

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/components/FilterByText.tsx
• apps/meteor/app/custom-oauth/server/custom_oauth_server.js

🧠 Learnings (6)

📓 Common learnings

Learnt from: juliajforesti
Repo: RocketChat/Rocket.Chat PR: 39590
File: apps/meteor/client/views/omnichannel/contactInfo/EditContactInfo.tsx:97-99
Timestamp: 2026-03-18T16:08:17.800Z
Learning: In `apps/meteor/client/views/omnichannel/contactInfo/EditContactInfo.tsx`, `reValidateMode: 'onBlur'` is intentionally used (not 'onChange') because the `validateEmailFormat` and `validatePhone` functions are async and call the `checkExistenceEndpoint` API to check for duplicates. Using 'onChange' would trigger excessive network requests on every keystroke. The combination of `mode: 'onSubmit'` with `reValidateMode: 'onBlur'` is a deliberate design decision to minimize API calls while still providing revalidation feedback.

📚 Learning: 2026-03-18T16:08:17.800Z

Learnt from: juliajforesti
Repo: RocketChat/Rocket.Chat PR: 39590
File: apps/meteor/client/views/omnichannel/contactInfo/EditContactInfo.tsx:97-99
Timestamp: 2026-03-18T16:08:17.800Z
Learning: In `apps/meteor/client/views/omnichannel/contactInfo/EditContactInfo.tsx`, `reValidateMode: 'onBlur'` is intentionally used (not 'onChange') because the `validateEmailFormat` and `validatePhone` functions are async and call the `checkExistenceEndpoint` API to check for duplicates. Using 'onChange' would trigger excessive network requests on every keystroke. The combination of `mode: 'onSubmit'` with `reValidateMode: 'onBlur'` is a deliberate design decision to minimize API calls while still providing revalidation feedback.

Applied to files:

• apps/meteor/client/components/FilterByText.tsx

📚 Learning: 2026-03-27T14:52:56.865Z

Learnt from: dougfabris
Repo: RocketChat/Rocket.Chat PR: 39892
File: apps/meteor/client/views/room/contextualBar/Threads/Thread.tsx:150-155
Timestamp: 2026-03-27T14:52:56.865Z
Learning: In Rocket.Chat, there are two different `ModalBackdrop` components with different prop APIs. During review, confirm the import source: (1) `rocket.chat/fuselage` `ModalBackdrop` uses `ModalBackdropProps` based on `BoxProps` (so it supports `onClick` and other Box/DOM props) and does not have an `onDismiss` prop; (2) `rocket.chat/ui-client` `ModalBackdrop` uses a narrower props interface like `{ children?: ReactNode; onDismiss?: () => void }` and handles Escape keypress and outside mouse-up, and it does not forward arbitrary DOM props such as `onClick`. Flag mismatched props (e.g., `onDismiss` passed to the fuselage component or `onClick` passed to the ui-client component) and ensure the usage matches the correct component being imported.

Applied to files:

• apps/meteor/client/components/FilterByText.tsx

📚 Learning: 2026-03-15T14:31:28.969Z

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:710-757
Timestamp: 2026-03-15T14:31:28.969Z
Learning: In RocketChat/Rocket.Chat, the `UserCreateParamsPOST` type in `apps/meteor/app/api/server/v1/users.ts` (migrated from `packages/rest-typings/src/v1/users/UserCreateParamsPOST.ts`) intentionally has `fields: string` (non-optional) and `settings?: IUserSettings` without a corresponding AJV schema entry. This is a pre-existing divergence carried over verbatim from the original rest-typings source (PR `#39647`). Do not flag this type/schema misalignment during the OpenAPI migration review — it is tracked as a separate follow-up fix.

Applied to files:

• apps/meteor/app/custom-oauth/server/custom_oauth_server.js

📚 Learning: 2026-03-15T14:31:23.493Z

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:891-899
Timestamp: 2026-03-15T14:31:23.493Z
Learning: In RocketChat/Rocket.Chat, `IUser.inactiveReason` in `packages/core-typings/src/IUser.ts` is typed as `'deactivated' | 'pending_approval' | 'idle_too_long'` (optional, no `null`), but the database stores `null` for newly created users. The Typia-generated `$ref: '#/components/schemas/IUser'` schema therefore correctly rejects `null` for `inactiveReason`. This causes the test "should create a new user with default roles" to fail when response validation is active (TEST_MODE). The fix is to add `| null` to `inactiveReason` in core-typings and rebuild Typia schemas in a separate PR. Do not flag this test failure as a bug introduced by the users.create OpenAPI migration (PR `#39647`). Do not suggest inlining a custom schema to work around it, as migration rules require using `$ref` when a Typia schema exists.

Applied to files:

• apps/meteor/app/custom-oauth/server/custom_oauth_server.js

📚 Learning: 2026-03-09T23:46:52.173Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 39492
File: apps/meteor/app/oauth2-server-config/server/oauth/oauth2-server.ts:22-24
Timestamp: 2026-03-09T23:46:52.173Z
Learning: In `apps/meteor/app/oauth2-server-config/server/oauth/oauth2-server.ts`, the `oAuth2ServerAuth` function's `authorization` field in `partialRequest` is exclusively expected to carry Bearer tokens. Basic authentication is not supported in this OAuth flow, so there is no need to guard against non-Bearer schemes when extracting the token from the `Authorization` header.

Applied to files:

• apps/meteor/app/custom-oauth/server/custom_oauth_server.js

🔇 Additional comments (2)

apps/meteor/app/custom-oauth/server/custom_oauth_server.js (1)

469-480: Please confirm this auth-path change belongs in this PR.

The stated PR objective is a Marketplace mobile spacing fix, but this block changes OAuth new-user activation behavior. Since this is security-sensitive account-creation logic, it should be explicitly justified here or moved to a dedicated PR for safer review and rollback.

apps/meteor/client/components/FilterByText.tsx (1)

1-1: AI summary describes unrelated changes not present in this file.

The AI-generated summary mentions OAuth user validation changes (Accounts.validateNewUser guard) that are not present in this file. Only the FilterByText layout update with rowGap={4} is visible here.