Skip to content

fix: enforce slot interval during booking creation#29683

Open
Shreyas2004wagh wants to merge 2 commits into
calcom:mainfrom
Shreyas2004wagh:fix/14640-enforce-slot-interval-booking
Open

fix: enforce slot interval during booking creation#29683
Shreyas2004wagh wants to merge 2 commits into
calcom:mainfrom
Shreyas2004wagh:fix/14640-enforce-slot-interval-booking

Conversation

@Shreyas2004wagh

Copy link
Copy Markdown

What changed

  • Added server-side validation that checks the requested booking start time against the slots generated for the event type.
  • Selected slotInterval, offsetStart, and showOptimizedSlots when loading the event type for booking creation.
  • Added a regression test for manipulated slot params where a non-hourly start time was accepted despite a 60-minute slot interval.

Why

The booking UI respects the configured slot interval, but the booking creation path allowed users to modify the slot/start time in the request and book times that were inside availability but not part of the configured slot grid.

Fixes #14640

Proof

I reproduced the issue with a regression test before applying the fix.

Scenario:

  • Event type has slotInterval: 60
  • Availability/date override allows 10:00-12:00
  • Booking request is manually sent for 10:30-11:00

Before this change, the booking was accepted because 10:30 was inside availability even though it was not a valid generated slot.

After this change, the same request is rejected with NoAvailableUsersFound.

Regression test added:
packages/features/bookings/lib/handleNewBooking/test/date-overrides.test.ts

Testing

  • node .yarn/releases/yarn-4.12.0.cjs vitest run packages/features/bookings/lib/handleNewBooking/test/date-overrides.test.ts --reporter=verbose
  • node .yarn/releases/yarn-4.12.0.cjs type-check:ci --force --filter=@calcom/features
  • node .yarn/releases/yarn-4.12.0.cjs biome check --write packages/features/bookings/lib/handleNewBooking/ensureAvailableUsers.ts packages/features/bookings/lib/handleNewBooking/getEventTypesFromDB.ts packages/features/bookings/lib/handleNewBooking/test/date-overrides.test.ts
@github-actions github-actions Bot added booking-page area: booking page, public booking page, booker bookings area: bookings, availability, timezones, double booking Low priority Created by Linear-GitHub Sync 🐛 bug Something isn't working labels Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Welcome to Cal.diy, @Shreyas2004wagh! Thanks for opening this pull request.

A few things to keep in mind:

  • This is Cal.diy, not Cal.com. Cal.diy is a community-driven, fully open-source fork of Cal.com licensed under MIT. Your changes here will be part of Cal.diy — they will not be deployed to the Cal.com production app.
  • Please review our Contributing Guidelines if you haven't already.
  • Make sure your PR title follows the Conventional Commits format.

A maintainer will review your PR soon. Thanks for contributing!

@Shreyas2004wagh Shreyas2004wagh marked this pull request as ready for review July 1, 2026 16:13
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5598f579-d847-4bb6-a349-97971c92d279

📥 Commits

Reviewing files that changed from the base of the PR and between 1dcb7ff and ce1cd2d.

📒 Files selected for processing (2)
  • packages/features/bookings/lib/handleNewBooking/ensureAvailableUsers.ts
  • packages/features/bookings/lib/handleNewBooking/test/date-overrides.test.ts
🚧 Files skipped from review as they are similar to previous changes (2)
  • packages/features/bookings/lib/handleNewBooking/test/date-overrides.test.ts
  • packages/features/bookings/lib/handleNewBooking/ensureAvailableUsers.ts

📝 Walkthrough

Walkthrough

This change adds slot-start validation when checking user availability for new bookings. ensureAvailableUsers now generates candidate slots with getSlots and skips a user when the requested UTC start time does not match any generated slot. getEventTypesFromDB now fetches offsetStart, slotInterval, and showOptimizedSlots. A test was added for a booking that falls within date-override availability but is rejected because it does not align with the configured slot interval.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: enforcing slot intervals during booking creation.
Description check ✅ Passed The description matches the changeset and explains the slot-interval validation fix and regression test.
Linked Issues check ✅ Passed The PR implements #14640 by rejecting bookings whose requested start time is not on the generated slot grid.
Out of Scope Changes check ✅ Passed The file changes and test additions are all directly related to slot-interval enforcement.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/features/bookings/lib/handleNewBooking/ensureAvailableUsers.ts`:
- Around line 69-79: The slot-grid validation in ensureAvailableUsers currently
falls back to the submitted duration when computing frequency for getSlots,
which can let a tampered booking time use a different cadence than the event
type. Update the frequency source in ensureAvailableUsers to use only the
server-owned event-type cadence, referencing eventType.slotInterval and
eventType.length (or the approved server-side duration source), and keep
getSlots aligned with that configured grid instead of the request-derived
duration.

In `@packages/features/bookings/lib/handleNewBooking/test/date-overrides.test.ts`:
- Around line 58-64: The timestamp construction in the date override test is
still anchored to the runner’s local timezone before converting to New York,
which can shift the date on some machines. Update the setup around
startDateTimeOrganizerTz to parse plus1DateString directly in newYorkTimeZone
using dayjs.tz(...) instead of chaining from dayjs(...).endOf("day").tz(...), so
the test always builds the timestamp in New York time.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 166f7080-4c34-4045-b5ec-702132e852cb

📥 Commits

Reviewing files that changed from the base of the PR and between 53e32a5 and 1dcb7ff.

📒 Files selected for processing (3)
  • packages/features/bookings/lib/handleNewBooking/ensureAvailableUsers.ts
  • packages/features/bookings/lib/handleNewBooking/getEventTypesFromDB.ts
  • packages/features/bookings/lib/handleNewBooking/test/date-overrides.test.ts
Comment thread packages/features/bookings/lib/handleNewBooking/ensureAvailableUsers.ts Outdated
Comment thread packages/features/bookings/lib/handleNewBooking/test/date-overrides.test.ts Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

booking-page area: booking page, public booking page, booker bookings area: bookings, availability, timezones, double booking 🐛 bug Something isn't working Low priority Created by Linear-GitHub Sync size/L

1 participant