Unable to deactivate user if they are the last owner of a room [user-last-owner]

[Sierra1011]

Description:

When deactivating a user if they are the last owner in a room, the RC client hangs, forcing a reload of the server/app/webpage, and requires reauthentication.

Steps to reproduce:

1. Take/create a user that solely owns a room.
2. In Administration, deactivate that user.

Expected behavior:

User is deactivated.

Actual behavior:

The app/browser hangs.
The user is not deactivated.

Server Setup Information:

• Version of Rocket.Chat Server: 3.5.1
• Operating System: Official rocketchat/rocket.chat container image
• Deployment Method: Kubernetes deployment
• Number of Running Instances: 1
• DB Replicaset Oplog:
• NodeJS Version:
• MongoDB Version:

Client Setup Information

• Desktop App or Browser Version: Windows client 2.17.11, browser Chrome 84.0.4147.105
• Operating System: Windows 10 / OpenSUSE Leap 15.2

Additional context

I encountered this issue first after upgrading to 3.4.2 by a failing script that made an API call to deactivate the user, but wouldn't because they were the last user in the room. Manually deactivating the user in the Admin panel produced the expected prompt, which after accepting would deactivate the user. Subsequent API calls worked.
Now I can't even do that.

I have an instance still on 3.4.2 that is still functional, and another on 3.5.1 that is not.
I can only see one PR that might be related, and that is 18310, added in 3.5.0.

Relevant logs:

Server

Meteor ➔ method setUserActiveStatus -> userId: Jp9bw8DFX2wLqMwDs, arguments: ["HMu8FL7uMXdWD2C4M",false]
API ➔ debug post users.update threw an error: Error: [user-last-owner]
    at setUserActiveStatus (app/lib/server/functions/setUserActiveStatus.js:28:10)
    at MethodInvocation.setUserActiveStatus (server/methods/setUserActiveStatus.js:24:3)
    at MethodInvocation.methodsMap.<computed> (app/lib/server/lib/debug.js:67:34)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)
    at packages/ddp-server/livedata_server.js:1689:15
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at packages/ddp-server/livedata_server.js:1687:36
    at new Promise (<anonymous>)
    at Server.applyAsync (packages/ddp-server/livedata_server.js:1686:12)
    at Server.apply (packages/ddp-server/livedata_server.js:1625:26)
    at Server.call (packages/ddp-server/livedata_server.js:1607:17)
    at DDPCommon.MethodInvocation.<anonymous> (app/api/server/v1/users.js:460:12)
    at packages/dispatch_run-as-user.js:211:14
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object.Meteor.runAsUser (packages/dispatch_run-as-user.js:210:33)
    at Object.post (app/api/server/v1/users.js:459:11)
    at app/api/server/api.js:388:82
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object._internalRouteActionHandler [as action] (app/api/server/api.js:388:39)
    at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
    at packages/nimble_restivus/lib/route.coffee:59:33
    at packages/simple_json-routes.js:98:9
 => awaited here:
    at Promise.await (/app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
    at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
    at Server.call (packages/ddp-server/livedata_server.js:1607:17)
    at DDPCommon.MethodInvocation.<anonymous> (app/api/server/v1/users.js:460:12)
    at packages/dispatch_run-as-user.js:211:14
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object.Meteor.runAsUser (packages/dispatch_run-as-user.js:210:33)
    at Object.post (app/api/server/v1/users.js:459:11)
    at app/api/server/api.js:388:82
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object._internalRouteActionHandler [as action] (app/api/server/api.js:388:39)
    at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
    at packages/nimble_restivus/lib/route.coffee:59:33
    at packages/simple_json-routes.js:98:9
API ➔ debug Failure {
  statusCode: 400,
  body: {
    success: false,
    error: '[user-last-owner]',
    stack: undefined,
    errorType: 'user-last-owner',
    details: { shouldBeRemoved: [Array], shouldChangeOwner: [Array] }
  }
}

[Sierra1011]

I've actually got an update to this, in that I am able to tab around blindly and activate menus, buttons etc, so it is still possible to deactivate them, but it's a lot more fiddly than it needs to be!

So it looks like there are two issues here, this issue is for the UX part and the inability to click on the button to deactivate the user.