1695 commits

Author	SHA1	Message	Date
Carlos Garcia	2be57a7ec0	adds team member data sanitizing (#35562) ... * adds team member data sanitizing * assert using require * adds data sanitizing to team members for user endpoint * team admin data visibility now tests with different user	2026-04-09 16:12:15 +02:00
Pavel Zeman	d1ca297721	Revert "Strip remote_id field from user patch API requests (#35910)" (#35996) ... This reverts commit fc9d3be368 which introduced a CI regression.	2026-04-09 05:06:42 -04:00
JG Heithcock	fc9d3be368	Strip remote_id field from user patch API requests (#35910) ... * Strip remote_id from user patch API requests * Ignore remote_id in user update API endpoints Add SetUserRemoteID test helper in testlib to set remote_id via direct SQL, bypassing the now-protected store Update method. Update existing tests in app and api4 packages to use the new helper. --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-08 21:47:57 -07:00
Pavel Zeman	6fdef8c9cc	ci: enable fullyparallel mode for server tests (#35816) ... * ci: enable fullyparallel mode for server tests Replace os.Setenv, os.Chdir, and global state mutations with parallel-safe alternatives (t.Setenv, t.Chdir, test hooks) across 37 files. Refactor GetLogRootPath and MM_INSTALL_TYPE to use package-level test hooks instead of environment variables. This enables gotestsum --fullparallel, allowing all test packages to run with maximum parallelism within each shard. Co-authored-by: Claude <claude@anthropic.com> * ci: split fullyparallel from continue-on-error in workflow template - Add new boolean input 'allow-failure' separate from 'fullyparallel' - Change continue-on-error to use allow-failure instead of fullyparallel - Update server-ci.yml to pass allow-failure: true for test coverage job - Allows independent control of parallel execution and failure tolerance Co-authored-by: Claude <claude@anthropic.com> * fix: protect TestOverrideLogRootPath with sync.Mutex for parallel tests - Replace global var TestOverrideLogRootPath with mutex-protected functions - Add SetTestOverrideLogRootPath() and getTestOverrideLogRootPath() functions - Update GetLogRootPath() to use thread-safe getter - Update all test files to use SetTestOverrideLogRootPath() with t.Cleanup() - Fixes race condition when running tests with t.Parallel() Co-authored-by: Claude <claude@anthropic.com> * fix: configure audit settings before server setup in tests - Move ExperimentalAuditSettings from UpdateConfig() to config defaults - Pass audit config via app.Config() option in SetupWithServerOptions() - Fixes audit test setup ordering to configure BEFORE server initialization - Resolves CodeRabbit's audit config timing issue in api4 tests Co-authored-by: Claude <claude@anthropic.com> * fix: implement SetTestOverrideLogRootPath mutex in logger.go The previous commit updated test callers to use SetTestOverrideLogRootPath() but didn't actually create the function in config/logger.go, causing build failures across all CI shards. This commit: - Replaces the exported var TestOverrideLogRootPath with mutex-protected unexported state (testOverrideLogRootPath + testOverrideLogRootMu) - Adds exported SetTestOverrideLogRootPath() setter - Adds unexported getTestOverrideLogRootPath() getter - Updates GetLogRootPath() to use the thread-safe getter - Fixes log_test.go callers that were missed in the previous commit Co-authored-by: Claude <claude@anthropic.com> * fix(test): use SetupConfig for access_control feature flag registration InitAccessControlPolicy() checks FeatureFlags.AttributeBasedAccessControl at route registration time during server startup. Setting the flag via UpdateConfig after Setup() is too late — routes are never registered and API calls return 404. Use SetupConfig() to pass the feature flag in the initial config before server startup, ensuring routes are properly registered. Co-authored-by: Claude <claude@anthropic.com> * fix(test): restore BurnOnRead flag state in TestRevealPost subtest The 'feature not enabled' subtest disables BurnOnRead without restoring it via t.Cleanup. Subsequent subtests inherit the disabled state, which can cause 501 errors when they expect the feature to be available. Add t.Cleanup to restore FeatureFlags.BurnOnRead = true after the subtest completes. Co-authored-by: Claude <claude@anthropic.com> * fix(test): restore EnableSharedChannelsMemberSync flag via t.Cleanup The test disables EnableSharedChannelsMemberSync without restoring it. If the subtest exits early (e.g., require failure), later sibling subtests inherit a disabled flag and become flaky. Add t.Cleanup to restore the flag after the subtest completes. Co-authored-by: Claude <claude@anthropic.com> * Fix test parallelism: use instance-scoped overrides and init-time audit config Replace package-level test globals (TestOverrideInstallType, SetTestOverrideLogRootPath) with fields on PlatformService so each test gets its own instance without process-wide mutation. Fix three audit tests (TestUserLoginAudit, TestLogoutAuditAuthStatus, TestUpdatePasswordAudit) that configured the audit logger after server init — the audit logger only reads config at startup, so pass audit settings via app.Config() at init time instead. Also revert the Go 1.24.13 downgrade and bump mattermost-govet to v2.0.2 for Go 1.25.8 compatibility. * Fix audit unit tests * Fix MMCLOUDURL unit tests * Fixed unit tests using MM_NOTIFY_ADMIN_COOL_OFF_DAYS * Make app migrations idempotent for parallel test safety Change System().Save() to System().SaveOrUpdate() in all migration completion markers. When two parallel tests share a database pool entry, both may race through the check-then-insert migration pattern. Save() causes a duplicate key fatal crash; SaveOrUpdate() makes the second write a harmless no-op. * test: address review feedback on fullyparallel PR - Use SetLogRootPathOverride() setter instead of direct field access in platform/support_packet_test.go and platform/log_test.go (pvev) - Restore TestGetLogRootPath in config/logger_test.go to keep MM_LOG_PATH env var coverage; test uses t.Setenv so it runs serially which is fine (pvev) - Fix misleading comment in config_test.go: code uses t.Setenv, not os.Setenv (jgheithcock) Co-authored-by: Claude <claude@anthropic.com> * fix: add missing os import in post_test.go The os import was dropped during a merge conflict resolution while burn-on-read shared channel tests from master still use os.Setenv. Co-authored-by: Claude <claude@anthropic.com> --------- Co-authored-by: Claude <claude@anthropic.com> Co-authored-by: wiggin77 <wiggin77@warpmail.net> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-08 20:48:36 -04:00
Jesse Hallam	71ca373de7	Generate instead of hard-coding test passwords, enforce new minimum for FIPS, shard CI, fix FIPS builds (#35905) ... * Replace hardcoded test passwords with model.NewTestPassword() Add model.NewTestPassword() utility that generates 14+ character passwords meeting complexity requirements for FIPS compliance. Replace all short hardcoded test passwords across the test suite with calls to this function. * Enforce FIPS compliance for passwords and HMAC keys FIPS OpenSSL requires HMAC keys to be at least 14 bytes. PBKDF2 uses the password as the HMAC key internally, so short passwords cause PKCS5_PBKDF2_HMAC to fail. - Add FIPSEnabled and PasswordFIPSMinimumLength build-tag constants - Raise the password minimum length floor to 14 when compiled with requirefips, applied in SetDefaults only when unset and validated independently in IsValid - Return ErrMismatchedHashAndPassword for too-short passwords in PBKDF2 CompareHashAndPassword rather than a cryptic OpenSSL error - Validate atmos/camo HMAC key length under FIPS and lengthen test keys accordingly - Adjust password validation tests to use PasswordFIPSMinimumLength so they work under both FIPS and non-FIPS builds * CI: shard FIPS test suite and extract merge template Run FIPS tests on PRs that touch go.mod or have 'fips' in the branch name. Shard FIPS tests across 4 runners matching the normal Postgres suite. Extract the test result merge logic into a reusable workflow template to deduplicate the normal and FIPS merge jobs. * more * Fix email test helper to respect FIPS minimum password length * Fix test helpers to respect FIPS minimum password length * Remove unnecessary "disable strict password requirements" blocks from test helpers * Fix CodeRabbit review comments on PR #35905 - Add server-test-merge-template.yml to server-ci.yml pull_request.paths so changes to the reusable merge workflow trigger Server CI validation - Skip merge-postgres-fips-test-results job when test-postgres-normal-fips was skipped, preventing failures due to missing artifacts - Set guest.Password on returned guest in CreateGuestAndClient helper to keep contract consistent with CreateUserWithClient - Use shared LowercaseLetters/UppercaseLetters/NUMBERS/PasswordFIPSMinimumLength constants in NewTestPassword() to avoid drift if FIPS floor changes https://claude.ai/code/session_01HmE9QkZM3cAoXn2J7XrK2f * Rename FIPS test artifact to match server-ci-report pattern The server-ci-report job searches for artifacts matching "*-test-logs", so rename from postgres-server-test-logs-fips to postgres-server-fips-test-logs to be included in the report. --------- Co-authored-by: Claude <noreply@anthropic.com>	2026-04-08 16:49:43 -03:00
Doug Lauder	5b76fb11a5	MM-67647: Rename shared_channel_manager roles to follow system_ prefix convention (#35944) ... * Rename shared_channel_manager and secure_connection_manager roles to use system_ prefix The new roles added in PR #35354 broke the naming convention that all system-level roles stored in Users.Roles are prefixed with "system_". Client-side code (role.includes('system')) and server-side code (explicit switch cases in applyMultiRoleFilters) relied on this convention, causing users assigned to these roles to not appear in the System Console. Also adds both roles to the applyMultiRoleFilters switch statement in user_store.go, which was missing them entirely.	2026-04-08 08:01:33 -04:00
JG Heithcock	8eb9863215	Redact password reset token from audit log (#35911) ... Log only a 5-character prefix of the password reset token in audit entries instead of the full 64-character bearer credential (CWE-532). Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-07 10:55:16 -07:00
Doug Lauder	540ccc599b	MM-68179: Run sendLoop workers on all HA nodes (#35909) ... * MM-68179: Run sendLoop workers on all HA nodes In HA clusters, sendLoop worker goroutines only ran on the leader node. When an API request to send a channel invite landed on a non-leader node, SendMsg enqueued the task to a local in-memory channel but no goroutine consumed it, silently losing the message. Fix by starting sendLoop workers in Start() on all nodes, independent of the leader-only ping lifecycle. - Separate sendLoop lifecycle (Start/Shutdown) from ping lifecycle (pingStart/pingStop on leader change) - Rename resume/pause to pingStart/pingStop for clarity - Change Active() to mean "service started" via atomic.Bool - Remove SetActive (no longer needed; tests use Start()) * address review comment * Added idempotency guard to Start() * Start() and Shutdown(): CompareAndSwap instead of Load/Store — eliminates races where concurrent calls could both proceed. Only the winner of the CAS executes; the loser returns nil immediately. Ping test: replaced time.Sleep with assert.Never/assert.Eventually — no more brittle fixed sleeps. Uses assert.Never to verify no pings fire on non-leader, and assert.Eventually to verify pings stop after losing leadership (snapshot-then-compare pattern). * make unit tests parallel capable --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-07 18:49:54 +02:00
Andre Vasconcelos	faa7d75b4e	Improved processing of attachments (#35854)	2026-04-07 13:25:38 +03:00
Harshil Sharma	ad35eba60b	Added nil checks (#35755) ... * Added nil checks * Added test for DM and GM * Updated operation order	2026-04-06 08:47:24 +05:30
Jesse Hallam	f6d5d9e1bc	[MM-67859] Update license renewal and expiry email branding (#35701)	2026-04-04 20:30:36 -03:00
yy	38e26fbd2d	chore: fix typos in comments (#34960) ... Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-03 13:43:25 +00:00
Doug Lauder	3888a69479	MM-68158: Fix shared channel remote display and notify UI on invite completion (#35908) ... * MM-68158: Fix shared channel remote display and add WebSocket notification Fix getSharedChannelRemotes API handler passing ChannelId instead of RemoteId to GetRemoteCluster, which always failed the lookup. Add RemoteId to SharedChannelRemoteStatus model and store query. Add shared_channel_remote_updated WebSocket event published from the onInvite callback so the UI refreshes its cached remote names when the async invite completes, instead of showing the generic "Shared with trusted organizations" fallback. * Improved unit tests per review comments	2026-04-03 02:06:01 -04:00
Christopher Speller	9b01e406f4	Move password hashers from server/v8 to server/public to fix module layering violation (#35805)a ... * Move password hashers from server/v8 to server/public to fix layering violation * Revert "Move password hashers from server/v8 to server/public to fix layering violation" This reverts commit 8cad5b8dc9. * invert dependency between hashers and model * make modules-tidy --------- Co-authored-by: Jesse Hallam <jesse@mattermost.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-01 15:20:12 +00:00
Jesse Hallam	eb8310a30c	simplify CODEOWNERS (#35770) ... * simplify CODEOWNERS * dont .gitignore AGENTS.md * AGENTS.md to document previous CODEOWNERS responsibilities * update from https://developers.mattermost.com/contribute/more-info/server/schema-migration-guide/ * CREATE INDEX CONCURRENTLY now vetted * rewrite and move to README.md * dont limit to 80 chars * rewrite webapp AGENTS.md and add to README.md --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-01 13:03:36 +00:00
Ibrahim Serdar Acikgoz	d00125121e	disable burn on read posts on shared channels (#35460)	2026-04-01 11:30:35 +02:00
Nick Misasi	f4d1abe7e8	MM-68140: Validate post read access before rewrite thread context (#35864) ... Ensure thread context for message rewrite is only built when the session may read the anchor post, and surface context build failures to the client. Made-with: Cursor	2026-04-01 02:07:45 -07:00
Pavel Zeman	3e2c3f70c2	fix: prevent sql.DB connectionCleaner race and harden flaky tests (#35891) ... * fix: prevent sql.DB connectionCleaner race with testify mock diffing The previous fix (#35881) moved store.Close()/th.Shutdown() before AssertExpectations, but the race actually occurs earlier — during mock.Called() when RegisterDBCollector fires inside initConnection. Root cause: testify's Arguments.Diff() unconditionally calls fmt.Sprintf("%v", *sql.DB) on every recorded argument (mock.go:976), which uses reflect to read sql.DB internal fields. The connectionCleaner goroutine concurrently writes to those same fields, triggering a DATA RACE under Go 1.25's stricter race detector. Fix: Set ConnMaxLifetimeMilliseconds=0 and ConnMaxIdleTimeMilliseconds=0 in test SqlSettings before initConnection. This prevents the connectionCleaner goroutine from starting at all — no concurrent writer means no race. Connection pool cleanup serves no purpose in tests. For store_test.go: settings are set directly before SqlStore creation. For platform tests: settings are set in setupTestHelper's config before sqlstore.New() is called via platform.New(). Co-authored-by: Claude <claude@anthropic.com> * fix: harden flaky TestScheduleOnceSequential and TestGroupStore tests TestScheduleOnceSequential: Replace fixed 300ms sleep with require.Eventually polling (5s timeout, 50ms interval). Under the race detector, execution is significantly slower and 25+ scheduled jobs may not complete within a fixed 300ms window. TestGroupStore/GetGroups: Use unique uid-prefixed display names for test groups to avoid collisions with groups created by other parallel subtests sharing the same database. Search queries and result checks updated to use the uid prefix. Co-authored-by: Claude <claude@anthropic.com> * fix: address CodeRabbit review feedback - Restore mixed-case search coverage in TestGroupStore by using mixed-case query strings (uid + "-GrOuP-3") to verify case-insensitive matching behavior. - Strengthen exactly-once validation in TestScheduleOnceSequential by checking callback count == 1 instead of > 0, ensuring duplicate executions are caught. Co-authored-by: Claude <claude@anthropic.com> --------- Co-authored-by: Claude <claude@anthropic.com>	2026-03-31 16:58:09 -04:00
Pavel Zeman	4b8a4ae2b3	fix: resolve DATA RACE in TestReplicaLagQuery, TestInvalidReplicaLagDataSource, and TestMetrics (#35881) ... These three tests have been failing deterministically on every master build since Go 1.25.8 was merged (PR #35817, March 27). The failures only manifest on master because PR CI does not run with the -race flag. ## Root Cause The race is between Go's database/sql connection pool and testify's mock assertion logic: 1. When a *sql.DB connection pool is opened, Go spawns a background connectionCleaner goroutine that periodically runs connectionCleanerRunLocked(), which acquires the DB's internal mutex via atomic.CompareAndSwapInt32. 2. The tests pass a *sql.DB argument to mock expectations via RegisterDBCollector(). When testify's AssertExpectations() runs, it uses reflect to diff the recorded call arguments, which reads the internal fields of the *sql.DB struct (including the mutex state and connection pool fields) via reflect.Value.Int() and reflect.typedmemmove(). 3. Go 1.25 ships a stricter race detector that catches this concurrent read (reflect in the test goroutine) vs write (atomic CAS in the connectionCleaner goroutine) on the same memory. Go 1.24's race detector did not flag this pattern. The race existed latently in the code for a long time. Go 1.25 simply made it detectable. ## Fix Close/shut down the store (and all its background goroutines, including the sql.DB connection cleaner) BEFORE calling AssertExpectations. This ensures there is no concurrent writer when testify uses reflect to inspect the *sql.DB arguments. - TestReplicaLagQuery: move store.Close() before AssertExpectations (was previously deferred, running after AssertExpectations) - TestInvalidReplicaLagDataSource: replace defer store.Close() with explicit store.Close() at end of test - TestMetrics/ensure_advanced_metrics_have_database_metrics: call th.Shutdown(t) before AssertExpectations (Shutdown was previously registered via t.Cleanup, running after the test function returns) Co-authored-by: Claude <claude@anthropic.com>	2026-03-31 11:32:37 -04:00
Doug Lauder	96e4d7a769	MM-68076 Chunk bulk INSERTs to respect PostgreSQL parameter limit (#35767) ... * MM-68076 Chunk bulk INSERTs to respect PostgreSQL 65,535 parameter limit (#35761) PostgreSQL's wire protocol uses a 16-bit integer for parameter count, causing bulk imports to fail when multi-row INSERTs exceed 65,535 parameters. Add a generic chunkSlice helper that splits rows into sub-batches capped at 50,000 parameters, and apply it to saveMultipleMembers (channel), SaveMultipleMembers (team), and SaveMultipleMemberships (thread). Normal operations (< 3,333 rows) remain a single INSERT with negligible overhead. Wrap all chunked INSERT loops in transactions so multi-chunk batches are atomic — previously channel and team member inserts could leave partial data if a later chunk failed. Add threadMembershipSliceColumns helper so thread membership chunk size is derived dynamically. Includes integration tests for multi-chunk insertion and rollback verification for channel members, team members, posts, and groups.	2026-03-30 22:40:40 -04:00
Jesse Hallam	f7f2d944e8	upgrade golangci-lint (#35845)	2026-03-30 13:41:32 -03:00
Nick Misasi	c81d0ddd73	Ability to E2E AI Bridge features + Initial Recaps E2E (#35541) ... * Add shared AI bridge seam Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Add AI bridge test helper API Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Add AI bridge seam test coverage Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Add Playwright AI bridge recap helpers Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Fix recap channel persistence test Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Restore bridge client compatibility shim Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Expand recap card in Playwright spec Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Recaps e2e test coverage (#35543) * Add Recaps Playwright page object Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Expand AI recap Playwright coverage Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Format recap Playwright coverage Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Fix recap regeneration test flows Co-authored-by: Nick Misasi <nick13misasi@gmail.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> * Fix AI bridge lint and OpenAPI docs Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Fix recap lint shadowing Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Stabilize failed recap regeneration spec Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Fill AI bridge i18n strings Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Fix i18n * Add service completion bridge path and operation tracking fields Extend AgentsBridge with CompleteService for service-based completions, add ClientOperation/OperationSubType tracking to BridgeCompletionRequest, and propagate operation metadata through to the bridge client. Made-with: Cursor * Fill empty i18n translation strings for enterprise keys The previous "Fix i18n" commit added 145 i18n entries with empty translation strings, causing the i18n check to fail in CI. Fill in all translations based on the corresponding error messages in the enterprise and server source code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix i18n * Fix i18n again * Rename Complete/CompleteService to AgentCompletion/ServiceCompletion Align the AgentsBridge interface method names with the underlying bridge client methods they delegate to (AgentCompletion, ServiceCompletion). Made-with: Cursor * Refactor * Add e2eAgentsBridge implementation The new file was missed from the prior refactor commit. Made-with: Cursor * Address CodeRabbit review feedback - Add 400 BadRequest response to AI bridge PUT endpoint OpenAPI spec - Add missing client_operation, operation_sub_type, service_id fields to AIBridgeTestHelperRecordedRequest schema - Deep-clone nested JSON schema values in cloneJSONOutputFormat - Populate ChannelID on recap summary bridge requests - Fix msg_count assertion to mention_count for mark-as-read verification - Make AgentCompletion/ServiceCompletion mutex usage atomic Made-with: Cursor * fix(playwright): align recaps page object with placeholder and channel menu Made-with: Cursor * fix(playwright): update recaps expectEmptyState to match RecapsList empty state After the master merge, the recaps page now renders RecapsList's "You're all caught up" empty state instead of the old placeholder. Made-with: Cursor * chore(playwright): update package-lock.json after npm install Made-with: Cursor * Revert "chore(playwright): update package-lock.json after npm install" This reverts commit 95c670863a. * style(playwright): fix prettier formatting in recaps page object Made-with: Cursor * fix(playwright): handle both recaps empty states correctly The recaps page has two distinct empty states: - Setup placeholder ("Set up your recap") when allRecaps is empty - RecapsList caught-up state ("You're all caught up") when the filtered tab list is empty Split expectEmptyState into expectSetupPlaceholder and expectCaughtUpEmptyState, used by the delete and bridge-unavailable tests respectively. Made-with: Cursor --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 16:20:47 +00:00
Maria A Nunez	ece6b956fa	Add single-channel guest count to support packet stats (#35846) ... Single-channel guests are excluded from billable seat counts for licensing. Include this metric in the support packet so support engineers can understand seat calculation discrepancies. Made-with: Cursor Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-30 11:13:09 -04:00
Carlos Garcia	fd2dd1c618	updated go to version 1.25.8 (#35817) ... * updated go to version 1.25.8 * updated gotestsum version to work with go 1.25.8 go 1.25 does not work with indirect tools 0.11 dependency pulled by gotestsum. * Use sync.WaitGroup.Go to simplify goroutine creation Replace the wg.Add(1) + go func() { defer wg.Done() }() pattern with wg.Go(), which was introduced in Go 1.25. * pushes fips image on workflow dispatch to allow fips test to run on go version update * fix new requirements for FIPS compliance imposed on updating to go 1.25.8 * updates openssl symbol check for library shipped with FIPS new versions go-openssl v2 shipped with FIPS versions starting from 1.25 uses mkcgo to generate bindings causing symbol names to be different. * removes temp workflow-dispatch condition * keep versions out of agents md file	2026-03-27 21:11:52 +01:00
Jesse Hallam	71fe83aea2	Add concurrentIndex vet rule and fix migrations (#35809) ... * dont panic in CleanupSqlSettings so we can surface migration failures * update mattermost-govet * nolint existing missing CONCURRENT * Revert "nolint existing missing CONCURRENT" This reverts commit 45b3110bf0. * simplify * approve up to 166	2026-03-27 16:34:17 -03:00
Scott Bishel	30837f7c4e	move error back to logging warning...as caused breaking change (#35841) ... * move error back to logging warning...as caused breaking change * remove unnecessary translation * update test expectations * revert test changes	2026-03-27 11:29:56 -06:00
Miguel de la Cruz	dad9cab483	Add guards to avoid cards being created when the integrated boards feature flag is disabled (#35836)	2026-03-27 08:51:29 -07:00
Carlos Garcia	a19cc4b909	improves time limit checks (#35638) ... * improves time limit checks * consistently check for presence of patch fields * fix variable shadowing in test * allow idempotent pinning operations with time limit expired * new utility function for post limit time check * fix style issue	2026-03-27 16:29:06 +01:00
Miguel de la Cruz	006f102768	Adds COALESCE guard for property fields before PSAv2 migrations (#35830) ... Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>	2026-03-27 12:05:15 +01:00
Miguel de la Cruz	48f2fd0873	Merge the Integrated Boards MVP feature branch (#35796) ... * Add CreatedBy and UpdatedBy to the properties fields and values (#34485) * Add CreatedBy and UpdatedBy to the properties fields and values * Fix types --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds ObjectType to the property fields table (#34908) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Update ObjectType migration setting an empty value and marking the column as not null (#34915) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds uniqueness mechanisms to the property fields (#35058) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Fixing retrylayer mocks * Remove retrylayer duplication * Address review comments * Fix comment to avoid linter issues * Address PR comments * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.down.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.up.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.up.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update field validation to check only for valid target types * Update migrations to avoid concurrent index creation within a transaction * Update migrations to make all index ops concurrent * Update tests to use valid PSAv2 property fields * Adds a helper for valid PSAv2 TargetTypes --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Fix property tests (#35388) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds Integrated Boards feature flag (#35378) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds Integrated Boards MVP API changes (#34822) This PR includes the necessary changes for channels and posts endpoints and adds a set of generic endpoints to retrieve and manage property fields and values following the new Property System approach. Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Mattermost Build <build@mattermost.com> * Property System Architecture permissions for v2 (#35113) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Fix i18n sorting --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Add Views store and app layer (#35361) * Add Views store and app layer for Integrated Boards Implements the View entity (model, SQL store, service, app) as described in the Integrated Boards tech spec. Views are channel-scoped board configurations with typed props (board, kanban subviews) and soft-delete. - public/model: View, ViewBoardProps, Subview, ViewPatch types with PreSave/PreUpdate/IsValid/Patch/Clone/Auditable - Migration 158: Views table with jsonb Props column and indexes - SqlViewStore: CRUD with nil-safe Props marshaling (AppendBinaryFlag) - ViewService: CreateView seeds default kanban subview and links the boards property field; caches boardPropertyFieldID at startup - App layer: CreateView/GetView/GetViewsForChannel/UpdateView/DeleteView with channel-membership permission checks and WebSocket events (view_created, view_updated, view_deleted) - doSetupBoardsPropertyField: registers the Boards property group and board field in NewServer() before ViewService construction - GetFieldByName now returns store.ErrNotFound instead of raw sql.ErrNoRows * Move permission checks out of App layer for views - Remove HasPermissionToChannel calls from all App view methods - Drop userID params from GetView, GetViewsForChannel, UpdateView, DeleteView - Fix doSetupBoardsPropertyField to include required TargetType for PSAv2 field * Make View service generic and enforce board validation in model - Remove board-specific auto-setup from service and server startup - Enforce that board views require Props, at least one subview, and at least one linked property in IsValid() - Move default subview seeding out of app layer; callers must provide valid props - Call PreSave on subviews during PreUpdate to assign IDs to new subviews - Update all tests to reflect the new validation requirements * Restore migrations files to match base branch * Distinguish ErrNotFound from other errors in view store Get * Use CONCURRENTLY and nontransactional for index operations in views migration * Split views index creation into separate nontransactional migrations * Update migrations.list * Update i18n translations for views * Fix makeView helper to include required Props for board view validation * Rename ctx parameter from c to rctx in OAuthProvider mock * Remove views service layer, call store directly from app * Return 500 for unexpected DB errors in GetView, 404 only for not-found * Harden View model: deep-copy Props, validate linked property IDs - Add ViewBoardProps.Clone() to deep-copy LinkedProperties and Subviews - Use it in View.Clone() and View.Patch() to prevent shared-slice aliasing - Iterate over LinkedProperties in View.IsValid() and reject invalid IDs with a dedicated i18n key - Register ViewStore in storetest AssertExpectations so mock expectations are enforced - Add tests covering all new behaviours * Restore autotranslation worker_stopped i18n translation * Fix view store test IDs and improve error handling in app layer - Use model.NewId() for linked property IDs in testUpdateView to fix validation failure (IsValid rejects non-UUID strings) - Fix import grouping in app/view.go (stdlib imports in one block) - Return 404 instead of 500 when Update/Delete store calls return ErrNotFound (e.g. concurrent deletion TOCTOU race) * Add View store mock to retrylayer test genStore helper The View store was added to the store interface but the genStore() helper in retrylayer_test.go was not updated, causing TestRetry to panic. Also removes the duplicate Recap mock registration. * Refactor view deletion and websocket event handling; update SQL store methods to use query builder * revert property field store * Remove useless migrations * Add cursor-based pagination to View store GetForChannel - Add ViewQueryCursor and ViewQueryOpts types with validation - Return (views, cursor, error) for caller-driven pagination - PerPage clamping: <=0 defaults to 20, >200 clamps to 200 - Support IncludeDeleted filter - Add comprehensive store tests for pagination, cursor edge cases, PerPage clamping, and invalid input rejection - Add app layer test for empty channelID → 400 - Update interface, retrylayer, timerlayer, and mock signatures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Refactor test loops in ViewStore tests for improved readability * change pagination to limit/offset * Add upper-bound limits on View Subviews and LinkedProperties Defense-in-depth validation: cap Subviews at 50 and LinkedProperties at 500 to prevent abuse below the 300KB payload limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * MM-67388, MM-66528, MM-67750: Add View REST API endpoints, websocket events, and sort order (#35442) * Add Views store and app layer for Integrated Boards Implements the View entity (model, SQL store, service, app) as described in the Integrated Boards tech spec. Views are channel-scoped board configurations with typed props (board, kanban subviews) and soft-delete. - public/model: View, ViewBoardProps, Subview, ViewPatch types with PreSave/PreUpdate/IsValid/Patch/Clone/Auditable - Migration 158: Views table with jsonb Props column and indexes - SqlViewStore: CRUD with nil-safe Props marshaling (AppendBinaryFlag) - ViewService: CreateView seeds default kanban subview and links the boards property field; caches boardPropertyFieldID at startup - App layer: CreateView/GetView/GetViewsForChannel/UpdateView/DeleteView with channel-membership permission checks and WebSocket events (view_created, view_updated, view_deleted) - doSetupBoardsPropertyField: registers the Boards property group and board field in NewServer() before ViewService construction - GetFieldByName now returns store.ErrNotFound instead of raw sql.ErrNoRows * Move permission checks out of App layer for views - Remove HasPermissionToChannel calls from all App view methods - Drop userID params from GetView, GetViewsForChannel, UpdateView, DeleteView - Fix doSetupBoardsPropertyField to include required TargetType for PSAv2 field * Make View service generic and enforce board validation in model - Remove board-specific auto-setup from service and server startup - Enforce that board views require Props, at least one subview, and at least one linked property in IsValid() - Move default subview seeding out of app layer; callers must provide valid props - Call PreSave on subviews during PreUpdate to assign IDs to new subviews - Update all tests to reflect the new validation requirements * Restore migrations files to match base branch * Distinguish ErrNotFound from other errors in view store Get * Use CONCURRENTLY and nontransactional for index operations in views migration * Split views index creation into separate nontransactional migrations * Update migrations.list * Update i18n translations for views * Fix makeView helper to include required Props for board view validation * Rename ctx parameter from c to rctx in OAuthProvider mock * Remove views service layer, call store directly from app * Return 500 for unexpected DB errors in GetView, 404 only for not-found * Harden View model: deep-copy Props, validate linked property IDs - Add ViewBoardProps.Clone() to deep-copy LinkedProperties and Subviews - Use it in View.Clone() and View.Patch() to prevent shared-slice aliasing - Iterate over LinkedProperties in View.IsValid() and reject invalid IDs with a dedicated i18n key - Register ViewStore in storetest AssertExpectations so mock expectations are enforced - Add tests covering all new behaviours * Restore autotranslation worker_stopped i18n translation * Fix view store test IDs and improve error handling in app layer - Use model.NewId() for linked property IDs in testUpdateView to fix validation failure (IsValid rejects non-UUID strings) - Fix import grouping in app/view.go (stdlib imports in one block) - Return 404 instead of 500 when Update/Delete store calls return ErrNotFound (e.g. concurrent deletion TOCTOU race) * Add View store mock to retrylayer test genStore helper The View store was added to the store interface but the genStore() helper in retrylayer_test.go was not updated, causing TestRetry to panic. Also removes the duplicate Recap mock registration. * Refactor view deletion and websocket event handling; update SQL store methods to use query builder * revert property field store * Add View API endpoints with OpenAPI spec, client methods, and i18n Implement REST API for channel views (board-type) behind the IntegratedBoards feature flag. Adds CRUD endpoints under /api/v4/channels/{channel_id}/views with permission checks matching the channel bookmark pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove useless migrations * Add cursor-based pagination to View store GetForChannel - Add ViewQueryCursor and ViewQueryOpts types with validation - Return (views, cursor, error) for caller-driven pagination - PerPage clamping: <=0 defaults to 20, >200 clamps to 200 - Support IncludeDeleted filter - Add comprehensive store tests for pagination, cursor edge cases, PerPage clamping, and invalid input rejection - Add app layer test for empty channelID → 400 - Update interface, retrylayer, timerlayer, and mock signatures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add cursor-based pagination to View API for channel views * Enhance cursor handling in getViewsForChannel and update tests for pagination * Refactor test loops in ViewStore tests for improved readability * Refactor loop in TestGetViewsForChannel for improved readability * change pagination to limit/offset * switch to limit/offset pagination * Add upper-bound limits on View Subviews and LinkedProperties Defense-in-depth validation: cap Subviews at 50 and LinkedProperties at 500 to prevent abuse below the 300KB payload limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add view sort order API endpoint Add POST /api/v4/channels/{channel_id}/views/{view_id}/sort_order endpoint following the channel bookmarks reorder pattern. Includes store, app, and API layers with full test coverage at each layer. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add connectionId to view WebSocket events and sort_order API spec Thread connectionId from request header through all view handlers (create, update, delete, sort_order) to WebSocket events, matching the channel bookmarks pattern. Add sort_order endpoint to OpenAPI spec. Update minimum server version to 11.6. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove duplicate View/ViewPatch definitions from definitions.yaml The merge from integrated-boards-mvp introduced duplicate View and ViewPatch schema definitions that were already defined earlier in the file with more detail (including ViewBoardProps ref and enums). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update minimum server version to 11.6 in views API spec Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add missing translations for view sort order error messages Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Merge integrated-boards-mvp into ibmvp_api-views; remove spec files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix flaky TestViewStore timestamp test on CI Add sleep before UpdateSortOrder to ensure timestamps differ, preventing same-millisecond comparisons on fast CI machines. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * remove duplicate views.yaml imclude * Use c.boolString() for include_deleted query param in GetViewsForChannel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix views.yaml sort order schema: use integer type and require body Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Refactor view sort order tests to use named IDs instead of array indices Extract idA/idB/idC from views slice and add BEFORE/AFTER comments to make stateful subtest ordering easier to follow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Return 404 instead of 403 for view operations on deleted channels Deleted channels should appear non-existent to callers rather than revealing their existence via a 403. Detailed error text explains the context for debugging. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * add missing channel deleteat checks * Use c.Params.Page instead of manual page query param parsing in getViewsForChannel c.Params already validates and defaults page/per_page, so the manual parsing was redundant. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add support for total count in views retrieval * Add tests for handling deleted views in GetViewsForChannel and GetView * Short-circuit negative newIndex in UpdateSortOrder before opening transaction Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add per-channel limit on views to bound UpdateSortOrder cost Without a cap, unbounded view creation makes sort-order updates increasingly expensive (CASE WHEN per view, row locks). Adds MaxViewsPerChannel=50 constant and enforces it in the app layer before saving. Includes API and app layer tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove include_deleted support from views API Soft-deleted views are structural metadata with low risk, but no other similar endpoint (e.g. channel bookmarks) exposes deleted records without an admin gate. Rather than adding an admin-only permission check for consistency, remove the feature entirely since there is no current use case. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update view permissions to require `create_post` instead of channel management permissions * Remove obsolete view management error messages for direct and group messages --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat(migrations): add user tracking and object type to property fields - Introduced user tracking columns (CreatedBy, UpdatedBy) to PropertyFields and PropertyValues. - Added ObjectType column to PropertyFields with associated unique indexes for legacy and typed properties. - Created new migration scripts for adding and dropping these features, including necessary indexes for data integrity. - Established views for managing property fields with new attributes. This update enhances the schema to support better tracking and categorization of property fields. * Add Property System Architecture v2 API endpoints (#35583) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Adds the Property System Architecture v2 API endpoints * Adds permission checks to the create field endpoint * Add target access checks to value endpoints * Add default branches for object_type and target_type and extra guards for cursor client4 methods * Fix vet API mismatch * Fix error checks * Fix linter * Add merge semantics for property patch logic and API endpoint * Fix i18n * Fix duplicated patch elements and early return on bad cursor * Update docs to use enums * Fix i18n sorting * Update app layer to return model.AppError * Adds a limit to the number of property values that can be patched in the same request * Require target_type filter when searching property fields * Add objectType validation as part of field.IsValid() * Fix linter * Fix test with bad objecttpye * Fix test grouping --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * MM-67968: Flatten view model — remove icon, subviews, typed board props (#35726) * feat(views): flatten view model by removing icon, subview, and board props Simplifies the View data model as part of MM-67968: removes Icon, Subview, and ViewBoardProps types; renames ViewTypeBoard to ViewTypeKanban; replaces typed Props with StringInterface (map[string]any); adds migration 000167 to drop the Icon column from the Views table. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * feat(api): update views OpenAPI spec to reflect flattened model Removes ViewBoardProps, Subview, and icon from the View and ViewPatch schemas. Changes type enum from board to kanban. Replaces typed props with a free-form StringInterface object. Aligns with MM-67968. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * refactor(views): simplify store by dropping dbView and marshalViewProps StringInterface already implements driver.Valuer and sql.Scanner, so the manual JSON marshal/unmarshal and the dbView intermediate struct were redundant. model.View now scans directly from the database. Also removes the dead ViewMaxLinkedProperties constant and wraps the Commit() error in UpdateSortOrder. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * fix(api): allow arbitrary JSON in view props OpenAPI schema The props field was restricted to string values via additionalProperties: { type: string }, conflicting with the Go model's StringInterface (map[string]any). Changed to additionalProperties: true in View, ViewPatch, and inline POST schemas. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Adds basic implementation of the generic redux store for PSAv2 (#35512) * Adds basic implementation of the generic redux store for PSAv2 * Add created_by and updated_by to the test fixtures * Make target_id, target_type and object_type mandatory * Wrap getPropertyFieldsByIds and getPropertyValuesForTargetByFieldIds with createSelector * Address PR comments --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds websocket messages for the PSAv2 API events (#35696) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Adds the Property System Architecture v2 API endpoints * Adds permission checks to the create field endpoint * Add target access checks to value endpoints * Add default branches for object_type and target_type and extra guards for cursor client4 methods * Fix vet API mismatch * Fix error checks * Fix linter * Add merge semantics for property patch logic and API endpoint * Fix i18n * Fix duplicated patch elements and early return on bad cursor * Update docs to use enums * Fix i18n sorting * Update app layer to return model.AppError * Adds a limit to the number of property values that can be patched in the same request * Adds websocket messages for the PSAv2 API events * Add IsPSAv2 helper to the property field for clarity * Add guard against nil returns on field deletion * Add docs to the websocket endpoints --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * migrations: consolidate views migrations and reorder after master - Merged 000165 (create Views) with 000167 (drop Icon) since Icon was never needed - Renumbered branch migrations 159-166 → 160-167 so master's 000159 (deduplicate_policy_names) runs first - Regenerated migrations.list Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add API endpoint to retrieve posts for a specific view (#35604) Automatic Merge * Apply fixes after merge * Return a more specific error from getting multiple fields * Prevent getting broadcast params on field deletion if not needed * Remove duplicated migration code * Update property conflict code to always use master * Adds nil guard when iterating on property fields * Check that permission level is valid before getting rejected by the database * Validate correctness on TargetID for PSAv2 fields * Avoid PSAv1 using permissions or protected * Fix test data after validation change * Fix flaky search test * Adds more posts for filter use cases to properly test exclusions --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: Julien Tant <julien@craftyx.fr> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Julien Tant <785518+JulienTant@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-27 10:36:35 +01:00
Pablo Vélez	7a339a6438	MM-68001 - enforce X-Requested-With header validation on BoR reveal endpoint (#35793) ... * MM-68001 - enforce X-Requested-With header validation on BoR reveal endpoint * adjust message --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-26 19:17:45 -05:00
Adam Schildkraut	656a0248eb	Fix datetime MinDate/MaxDate validation and add sub-day relative patterns (#35327) ... * Add H/M/S sub-day units to validateRelativePattern * Fix datetime MinDate/MaxDate to use validateDateTimeFormat * Add H/M/S sub-day resolution to resolveRelativeDateToMoment * Add minDateTime/maxDateTime props to DateTimeInput * Wire min_date/max_date resolution in AppsFormDateTimeField * Align client relative pattern bounds with server validation * Fix allowPastDates when minDateTime is in the past	2026-03-26 17:19:15 -06:00
Miguel de la Cruz	58dd9e1bb4	Add property system app layer architecture (#35157) ... * Refactor property system with app layer routing and access control separation Establish the app layer as the primary entry point for property operations with intelligent routing based on group type. This architecture separates access-controlled operations (CPA groups) from standard operations, improving performance and code clarity. Architecture Changes: - App layer now routes operations based on group type: - CPA groups -> PropertyAccessService (enforces access control) - Non-CPA groups -> PropertyService (direct, no access control) - PropertyAccessService simplified to handle only CPA operations - Eliminated redundant group type checks throughout the codebase * Move access control routing into PropertyService This change makes the PropertyService the main entrypoint for property related operations, and adds a routing mechanism to decide if extra behaviors or checks should run for each operation, in this case, the property access service logic. To add specific payloads that pluggable checks and operations may need, we use the request context. When the request comes from the API, the endpoints are in charge of adding the caller ID to the payload, and in the case of the plugin API, on receiving a request, the server automatically tags the context with the plugin ID so the property service can react accordingly. Finally, the new design enforces all these checks migrating the actual property logic to internal, non-exposed methods, so any caller from the App layer needs to go through the service checks that decide if pluggable logic is needed, avoiding any possibility of a bypass. * Fix i18n * Fix bad error string * Added nil guards to property methods * Add check for multiple group IDs on value operations * Add nil guard to the plugin checker * Fix build error * Update value tests * Fix linter * Adds early return when content flaggin a thread with no replies * Fix mocks * Clean the state of plugin property tests before each run * Do not wrap appErr on API response and fix i18n * Fix create property field test * Remove the need to cache cpaGroupID as part of the property service * Split the property.go file into multiple * Not found group doesn't bypass access control check * Unexport SetPluginCheckerForTests * Rename plugin context getter to be more PSA specific --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>	2026-03-26 07:54:50 +00:00
Christopher Poile	e738016c59	[MM-67143] Fix for custom slash command response URL (#34922) ... * require siteURL for external-facing slash cmds, use that as host * warn when rewriting the SiteURL of a custom slash command; test	2026-03-25 12:06:34 -04:00
Doug Lauder	b0c38bac0b	Fix channel not found after creation on deployments with read replicas (#35728) ... * Fix plugin API CreateChannel read-after-write failure with read replicas LocalCacheChannelStore did not override Save, so newly created channels were never added to channelByIdCache. When a plugin called CreateChannel followed immediately by AddChannelMember, the GetChannel lookup missed the cache and fell through to GetReplica(), which on deployments with DataSourceReplicas could read from a replica that hadn't replicated the channel yet, returning "channel not found". Add a Save override to LocalCacheChannelStore that populates channelByIdCache after a successful save, following the same pattern used by LocalCacheTermsOfServiceStore.Save.	2026-03-25 11:49:36 -04:00
Alejandro García Montoro	4f16a29cb5	MM-67793: Remove dependency on blang/semver/v4 (#35742) ... * Remove dependency on blang/semver/v4 Instead, consolidate on the usage of Masterminds/semver/v3 * Remove empty line * make modules-tidy	2026-03-25 13:41:33 +00:00
Doug Lauder	7d6d834f1f	MM-68016, MM-68017, MM-68018 Add plugin pre-hooks for membership and channel archive (#35731) ... * MM-68016, MM-68017, MM-68018 Add plugin pre-hooks for channel member add, team member add, and channel archive Enable plugins to intercept and reject (or modify) three operations before they are persisted: adding a channel member, adding a team member, and archiving a channel. These are the three high-priority hooks from epic MM-68003.	2026-03-25 08:45:17 -04:00
Pablo Vélez	95e33dbc72	MM-63848: Enforce unique names for parent access control policies (#35676) ... * MM-63848: Enforce unique names for parent access control policies * Revert accidental package-lock.json change Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix translation file * Fix lint shadows, migration overflow, and unique constraint fallback * Remove pre-check, combine migrations, fix overflow * Combine migrations using regular CREATE INDEX * add missing translation * kip revision bump on policy name-only changes and add test to cover this scenario * MM-63848: Fix tx commit on name-only update, unique test names Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-25 05:12:13 -05:00
Pavel Zeman	f04c3f0071	Fix nil pointer dereference in UpdateUser (MATTERMOST-SERVER-VF) (#35717) ... * Fix nil pointer dereference in UpdateUser after store update Add nil check on userUpdate result from userService.UpdateUser to prevent panic when the store returns nil unexpectedly. This fixes a nil pointer dereference that occurs when accessing userUpdate.New after the store update call. Sentry: MATTERMOST-SERVER-VF (14 events) Co-authored-by: Claude <claude@anthropic.com> * Add unit test for nil userUpdate guard in UpdateUser Test verifies that when the store returns (nil, nil) from Update, the app layer returns an appropriate error instead of panicking with a nil pointer dereference. Co-authored-by: Claude <claude@anthropic.com> * fix: gofmt user_test.go Co-authored-by: Claude <claude@anthropic.com> * fix: split nil checks per review feedback, add parallel test execution Separate userUpdate==nil from userUpdate.New==nil with distinct error detail strings for easier debugging. Add mainHelper.Parallel(t) to test for consistency with other mock-based tests. Addresses review feedback from @JulienTant and @coderabbitai. Co-authored-by: Claude <claude@anthropic.com> --------- Co-authored-by: Claude <claude@anthropic.com>	2026-03-23 16:48:22 -04:00
Doug Lauder	f0b2a36dbc	MM-67616: Refactor shared channel membership sync to use ChannelMemberHistory (#35619) ... * Refactor shared channel membership sync to use ChannelMemberHistory (MM-67616) Replace the trigger-time membership sync mechanism with a cursor-based approach using ChannelMemberHistory, aligning membership sync with the established pattern used by posts and reactions. Previously, membership changes were built into SyncMsg at trigger time and sent via a separate TopicChannelMembership code path. This meant removals were lost if a remote was offline, since ChannelMembers hard-deletes rows. Now, membership changes are fetched from ChannelMemberHistory at sync time using the LastMembersSyncAt cursor, detecting both joins and leaves reliably. The data flows through the normal syncForRemote pipeline alongside posts, reactions, and other sync data. Key changes: - Add GetMembershipChanges store method for ChannelMemberHistory - Add fetchMembershipsForSync and sendMembershipSyncData to sync pipeline - Replace HandleMembershipChange with NotifyMembershipChanged (trigger-only) - Remove conflict detection (idempotent add/remove resolves naturally) - Remove per-user membership tracking (GetUserChanges, UpdateUserLastMembershipSyncAt) - Add MembershipErrors to SyncResponse - Keep TopicChannelMembership receiver for one release cycle (backward compat)	2026-03-23 10:12:17 -04:00
Harrison Healey	5f8c77a3ef	MM-67953 Changed sorting of channels in some places to prioritize display name matches (#35679) ... * MM-67953 Changed Browse Channels modal to prioritize channels with DisplayName matching search query * MM-67953 Changed channel shortlink autocomplete to prioritize non-member channels with DisplayName matching search query * Shared orderByDisplayNameMatch between both methods * Add E2E tests * Update existing E2E test to use new fixture * Run Prettier on E2E tests * And fix linting issue * And fix the fix... * Run server code linter	2026-03-20 17:30:29 -04:00
Harrison Healey	8740152df7	MM-66944 Change PlatformService.IsLeader to always be true when license doesn't support clustering (#35577) ... * MM-66944 Change PlatformService.IsLeader to always be true when license doesn't support clustering * Address feedback * Add thorough null-checking for license	2026-03-20 11:15:16 -04:00
Patel Parthkumar	92533c44c1	Fix EXIF profile picture orientation bug (#34275) (#35594) ... * Fix EXIF profile picture orientation bug (#34275) * Test AdustProfileImage with rotated PNG assets This commit adds two test assets: - quadrants-orientation-1.png - quadrants-orientation-8.png Both represent the exact same image: a 128x128 image with four differently coloured 64x64 quadrants. Clockwise, starting from the top-left: green, white, blue and red [G][W] [R][B] quadrants-orientation-1.png has an EXIF rotation tag of 1, meaning that its data is already correctly rotated. quadrants-orientation-8.png has an EXIF rotation tag of 8, meaning that the data in the file is rotated 90° clockwise, and an inverse rotation needs to be applied to render it correctly. Rendering the raw data would show the following: [R][G] [B][W] That rotation is what we test in the new TestAdjustProfileImage sub-test, which calls AdjustImage in both PNGs and make a byte-to-byte comparison of the result, which is expected to be equal. * Fix imports --------- Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>	2026-03-19 15:46:21 +00:00
Ben Schumacher	76b8e3f5f7	[MM-66838] Update throttled library to v2.15.0 with Go modules support (#34657) ... Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-19 11:36:19 +01:00
Ben Cooke	e9ae890a01	oauth check (#35553)	2026-03-18 13:31:48 -04:00
135yshr	314ed3756a	Fix import failures for Japanese filenames with dakuten on macOS (#35204) ... * 🐛 fix: normalize Unicode filenames in import attachment lookup Fix import failures for files with Japanese dakuten/handakuten characters (e.g., ガ, パ, べ) on macOS. macOS stores filenames in NFD (decomposed) form while Linux/Windows use NFC (composed) form. This mismatch caused attachment lookup failures when zip filenames and JSONL paths used different normalization forms. Changes: - Add NormalizeFilename utility function using golang.org/x/text/unicode/norm - Normalize filenames when building attachment maps from zip files - Normalize paths when looking up attachments in maps - Apply fixes to both server (import.go) and mmctl (validate.go) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * avoid duplicating normalizeFilename * add coverage for Korean filenames --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Jesse Hallam <jesse@mattermost.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-18 12:16:55 +00:00
Miguel de la Cruz	e39be2b7e5	Improves the Property System Architecture groups (#35395) ... * Improves the Property System Architecture groups The group creation for builtin property groups is moved from behaving like a singleton in the app layer (first call creates the group) to register groups and making sure they're present at server startup time. At the same time, it adds a groups cache as a sync map in the property service, to avoid having individual caches per feature as package variables, making the group caching part of the system. * Fix i18n * Fix test and calls after updating the branch * Avoid panics by controlling the errors * Adjust translations after merge --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-16 22:03:43 +01:00
David Krauser	7425c6817b	[MM-67741] Scope role_updated WS events to affected team/channel (#35497) ... With this change, we now scope role_updated websocket events to users that need to receive them. Built-in and unowned role broadcast globally, team-scheme roles emit one event per team using the role, channel-scheme roles emit one event per channel using the role. To efficiently find a role's owning scheme, a schemeid column is added to the roles table. The ID is set when the scheme creates its related roles.	2026-03-16 14:36:55 -04:00
David Krauser	090408f09f	[MM-67809] Check create post permission when editing posts (#35558)	2026-03-16 13:17:43 -04:00
Nick Misasi	0192d529ed	PermissionManageOauth removal impact (#35554) ... * Restore manage oauth permission Co-authored-by: Nick Misasi <nick13misasi@gmail.com> * Fix migration test lint assertion Co-authored-by: Nick Misasi <nick13misasi@gmail.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com>	2026-03-15 12:05:29 -04:00