* ci: enable fullyparallel mode for server tests
Replace os.Setenv, os.Chdir, and global state mutations with
parallel-safe alternatives (t.Setenv, t.Chdir, test hooks) across
37 files. Refactor GetLogRootPath and MM_INSTALL_TYPE to use
package-level test hooks instead of environment variables.
This enables gotestsum --fullparallel, allowing all test packages
to run with maximum parallelism within each shard.
Co-authored-by: Claude <claude@anthropic.com>
* ci: split fullyparallel from continue-on-error in workflow template
- Add new boolean input 'allow-failure' separate from 'fullyparallel'
- Change continue-on-error to use allow-failure instead of fullyparallel
- Update server-ci.yml to pass allow-failure: true for test coverage job
- Allows independent control of parallel execution and failure tolerance
Co-authored-by: Claude <claude@anthropic.com>
* fix: protect TestOverrideLogRootPath with sync.Mutex for parallel tests
- Replace global var TestOverrideLogRootPath with mutex-protected functions
- Add SetTestOverrideLogRootPath() and getTestOverrideLogRootPath() functions
- Update GetLogRootPath() to use thread-safe getter
- Update all test files to use SetTestOverrideLogRootPath() with t.Cleanup()
- Fixes race condition when running tests with t.Parallel()
Co-authored-by: Claude <claude@anthropic.com>
* fix: configure audit settings before server setup in tests
- Move ExperimentalAuditSettings from UpdateConfig() to config defaults
- Pass audit config via app.Config() option in SetupWithServerOptions()
- Fixes audit test setup ordering to configure BEFORE server initialization
- Resolves CodeRabbit's audit config timing issue in api4 tests
Co-authored-by: Claude <claude@anthropic.com>
* fix: implement SetTestOverrideLogRootPath mutex in logger.go
The previous commit updated test callers to use SetTestOverrideLogRootPath()
but didn't actually create the function in config/logger.go, causing build
failures across all CI shards. This commit:
- Replaces the exported var TestOverrideLogRootPath with mutex-protected
unexported state (testOverrideLogRootPath + testOverrideLogRootMu)
- Adds exported SetTestOverrideLogRootPath() setter
- Adds unexported getTestOverrideLogRootPath() getter
- Updates GetLogRootPath() to use the thread-safe getter
- Fixes log_test.go callers that were missed in the previous commit
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): use SetupConfig for access_control feature flag registration
InitAccessControlPolicy() checks FeatureFlags.AttributeBasedAccessControl
at route registration time during server startup. Setting the flag via
UpdateConfig after Setup() is too late — routes are never registered
and API calls return 404.
Use SetupConfig() to pass the feature flag in the initial config before
server startup, ensuring routes are properly registered.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore BurnOnRead flag state in TestRevealPost subtest
The 'feature not enabled' subtest disables BurnOnRead without restoring
it via t.Cleanup. Subsequent subtests inherit the disabled state, which
can cause 501 errors when they expect the feature to be available.
Add t.Cleanup to restore FeatureFlags.BurnOnRead = true after the
subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore EnableSharedChannelsMemberSync flag via t.Cleanup
The test disables EnableSharedChannelsMemberSync without restoring it.
If the subtest exits early (e.g., require failure), later sibling
subtests inherit a disabled flag and become flaky.
Add t.Cleanup to restore the flag after the subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* Fix test parallelism: use instance-scoped overrides and init-time audit config
Replace package-level test globals (TestOverrideInstallType,
SetTestOverrideLogRootPath) with fields on PlatformService so each test
gets its own instance without process-wide mutation. Fix three audit
tests (TestUserLoginAudit, TestLogoutAuditAuthStatus,
TestUpdatePasswordAudit) that configured the audit logger after server
init — the audit logger only reads config at startup, so pass audit
settings via app.Config() at init time instead.
Also revert the Go 1.24.13 downgrade and bump mattermost-govet to
v2.0.2 for Go 1.25.8 compatibility.
* Fix audit unit tests
* Fix MMCLOUDURL unit tests
* Fixed unit tests using MM_NOTIFY_ADMIN_COOL_OFF_DAYS
* Make app migrations idempotent for parallel test safety
Change System().Save() to System().SaveOrUpdate() in all migration
completion markers. When two parallel tests share a database pool entry,
both may race through the check-then-insert migration pattern. Save()
causes a duplicate key fatal crash; SaveOrUpdate() makes the second
write a harmless no-op.
* test: address review feedback on fullyparallel PR
- Use SetLogRootPathOverride() setter instead of direct field access
in platform/support_packet_test.go and platform/log_test.go (pvev)
- Restore TestGetLogRootPath in config/logger_test.go to keep
MM_LOG_PATH env var coverage; test uses t.Setenv so it runs
serially which is fine (pvev)
- Fix misleading comment in config_test.go: code uses t.Setenv,
not os.Setenv (jgheithcock)
Co-authored-by: Claude <claude@anthropic.com>
* fix: add missing os import in post_test.go
The os import was dropped during a merge conflict resolution while
burn-on-read shared channel tests from master still use os.Setenv.
Co-authored-by: Claude <claude@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: wiggin77 <wiggin77@warpmail.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add shared AI bridge seam
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Add AI bridge test helper API
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Add AI bridge seam test coverage
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Add Playwright AI bridge recap helpers
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Fix recap channel persistence test
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Restore bridge client compatibility shim
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Expand recap card in Playwright spec
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Recaps e2e test coverage (#35543)
* Add Recaps Playwright page object
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Expand AI recap Playwright coverage
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Format recap Playwright coverage
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Fix recap regeneration test flows
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Fix AI bridge lint and OpenAPI docs
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Fix recap lint shadowing
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Stabilize failed recap regeneration spec
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Fill AI bridge i18n strings
Co-authored-by: Nick Misasi <nick13misasi@gmail.com>
* Fix i18n
* Add service completion bridge path and operation tracking fields
Extend AgentsBridge with CompleteService for service-based completions,
add ClientOperation/OperationSubType tracking to BridgeCompletionRequest,
and propagate operation metadata through to the bridge client.
Made-with: Cursor
* Fill empty i18n translation strings for enterprise keys
The previous "Fix i18n" commit added 145 i18n entries with empty
translation strings, causing the i18n check to fail in CI. Fill in
all translations based on the corresponding error messages in the
enterprise and server source code.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix i18n
* Fix i18n again
* Rename Complete/CompleteService to AgentCompletion/ServiceCompletion
Align the AgentsBridge interface method names with the underlying
bridge client methods they delegate to (AgentCompletion, ServiceCompletion).
Made-with: Cursor
* Refactor
* Add e2eAgentsBridge implementation
The new file was missed from the prior refactor commit.
Made-with: Cursor
* Address CodeRabbit review feedback
- Add 400 BadRequest response to AI bridge PUT endpoint OpenAPI spec
- Add missing client_operation, operation_sub_type, service_id fields to
AIBridgeTestHelperRecordedRequest schema
- Deep-clone nested JSON schema values in cloneJSONOutputFormat
- Populate ChannelID on recap summary bridge requests
- Fix msg_count assertion to mention_count for mark-as-read verification
- Make AgentCompletion/ServiceCompletion mutex usage atomic
Made-with: Cursor
* fix(playwright): align recaps page object with placeholder and channel menu
Made-with: Cursor
* fix(playwright): update recaps expectEmptyState to match RecapsList empty state
After the master merge, the recaps page now renders RecapsList's
"You're all caught up" empty state instead of the old placeholder.
Made-with: Cursor
* chore(playwright): update package-lock.json after npm install
Made-with: Cursor
* Revert "chore(playwright): update package-lock.json after npm install"
This reverts commit 95c670863a.
* style(playwright): fix prettier formatting in recaps page object
Made-with: Cursor
* fix(playwright): handle both recaps empty states correctly
The recaps page has two distinct empty states:
- Setup placeholder ("Set up your recap") when allRecaps is empty
- RecapsList caught-up state ("You're all caught up") when the
filtered tab list is empty
Split expectEmptyState into expectSetupPlaceholder and
expectCaughtUpEmptyState, used by the delete and bridge-unavailable
tests respectively.
Made-with: Cursor
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Refactor property system with app layer routing and access control separation
Establish the app layer as the primary entry point for property operations
with intelligent routing based on group type. This architecture separates
access-controlled operations (CPA groups) from standard operations,
improving performance and code clarity.
Architecture Changes:
- App layer now routes operations based on group type:
- CPA groups -> PropertyAccessService (enforces access control)
- Non-CPA groups -> PropertyService (direct, no access control)
- PropertyAccessService simplified to handle only CPA operations
- Eliminated redundant group type checks throughout the codebase
* Move access control routing into PropertyService
This change makes the PropertyService the main entrypoint for property
related operations, and adds a routing mechanism to decide if extra
behaviors or checks should run for each operation, in this case, the
property access service logic.
To add specific payloads that pluggable checks and operations may
need, we use the request context. When the request comes from the API,
the endpoints are in charge of adding the caller ID to the payload,
and in the case of the plugin API, on receiving a request, the server
automatically tags the context with the plugin ID so the property
service can react accordingly.
Finally, the new design enforces all these checks migrating the actual
property logic to internal, non-exposed methods, so any caller from
the App layer needs to go through the service checks that decide if
pluggable logic is needed, avoiding any possibility of a bypass.
* Fix i18n
* Fix bad error string
* Added nil guards to property methods
* Add check for multiple group IDs on value operations
* Add nil guard to the plugin checker
* Fix build error
* Update value tests
* Fix linter
* Adds early return when content flaggin a thread with no replies
* Fix mocks
* Clean the state of plugin property tests before each run
* Do not wrap appErr on API response and fix i18n
* Fix create property field test
* Remove the need to cache cpaGroupID as part of the property service
* Split the property.go file into multiple
* Not found group doesn't bypass access control check
* Unexport SetPluginCheckerForTests
* Rename plugin context getter to be more PSA specific
---------
Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Improves the Property System Architecture groups
The group creation for builtin property groups is moved from behaving
like a singleton in the app layer (first call creates the group) to
register groups and making sure they're present at server startup
time.
At the same time, it adds a groups cache as a sync map in the property
service, to avoid having individual caches per feature as package
variables, making the group caching part of the system.
* Fix i18n
* Fix test and calls after updating the branch
* Avoid panics by controlling the errors
* Adjust translations after merge
---------
Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>
Co-authored-by: Mattermost Build <build@mattermost.com>
Updates all Custom Profile Attribute endpoints and app layer methods to pass caller user IDs through to the PropertyAccessService. This connects the access control service introduced in #34812 to the REST API, Plugin API, and internal app operations.
Also updates the OpenAPI spec to document the new field attributes (protected, source_plugin_id, access_mode) and adds notes about protected field restrictions.
Custom profile attributes (properties) in Mattermost need to support security-critical use cases like Attribute-Based Access Control (ABAC), external identity system synchronization, and privacy-preserving collaboration. Without access controls on these properties, any user or component could modify property fields and values, making them unsuitable for security decisions. Additionally, different properties require different visibility patterns - some need to be publicly readable, some should only be visible to their managing system, and some require privacy-preserving visibility where users can only see shared values.
This change introduces the PropertyAccessService, a wrapper around PropertyService that enforces access control for all property operations. This service is introduced in isolation and is not yet hooked up to the Plugin API, REST API, or app layer. It provides the foundation for a single enforcement point that will apply access restrictions consistently across all code paths once integrated.
* initial commit for POC of Plugin Bridge
* Updates
* POC for plugin bridge
* Updates from collaboration
* Fixes
* Refactor Plugin Bridge to use HTTP/REST instead of RPC
- Remove ExecuteBridgeCall hook and Context.SourcePluginId
- Implement HTTP-based bridge using existing PluginHTTP infrastructure
- Add CallPlugin API method with endpoint parameter instead of method name
- Update CallPluginBridge to construct HTTP POST requests
- Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID
- Use 'com.mattermost.server' as plugin ID for core server calls
- Update ai.go to use REST endpoint /inter-plugin/v1/completion
- Add comprehensive spec documentation in server/spec.md
- Add MIGRATION_GUIDE.md for plugin developers
- Fix 401/404 issues by setting correct headers and URL paths
* Improve Plugin Bridge security and architecture
- Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin)
- Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest
- Improve separation of concerns: business logic vs HTTP transport
- Add security documentation explaining header protection
Security Improvements:
- ServeInternalPluginRequest is NOT exposed as HTTP route (internal only)
- Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code
- External requests cannot spoof these headers (stripped by servePluginRequest)
- Core calls use 'com.mattermost.server' as plugin ID for authorization
- Plugin-to-plugin calls use real plugin ID (enforced by server)
Backward Compatibility:
- Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated)
- All tests pass
Docs:
- Update spec.md with security model explanation
- Update MIGRATION_GUIDE.md with correct header usage examples
* Space
* cursor please stop creating markdown files
* Fix style
* Fix i18n, linter
* REMOVE MARKDOWN
* Remove CallPlugin method from plugin API interface
Per review feedback, this method is no longer needed.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Remove CallPlugin method implementation from PluginAPI
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fixes
* Add AI OpenAPI spec
* fix openapi spec
* Use agents client (#34225)
* Use agents client
* Remove default agent
* Fixes
* fix: modify system prompts to ensure JSON is being returned
* Base implementation for recaps working
* small fixes
* Adjustments
* remove webapp changes
* Add feature flags for rewrites and ai bridge, clean up
* Remove comments that aren't helpful
* Fix i18n
* Remove rewrites
* Fix tests
* Fix i18n
* adjust i18n again
* Add back translations
* Remove leftover mock code
* remove model file
* Changes from PR review
* Make the real substitutions
* Include a basic invokation of the client with noop to ensure build works
* more fix
* Remove unneeded change
* Updates from review
* Fixes
* Remove some logic from rewrites to clean up branch
* Use v1.5.0 of agents plugin
* A bunch more additions for general UX flow
* Add missing files
* Add mocks
* Fixes for vet-api, i18n, build, types, etc
* One more linter fix
* Fix i18n and some tests
* Refactors and cleanup in backend code
* remove rogue markdown file
* fixes after refactors from backend
* Add back renamed files, and add tests
* More self code review
* More fixes
* More refactors
* Fix call stack exceeded bug
* Include read messages if there are no unreads
* Fix test failure: use correct error message key for recap permission denied
The getRecapAndCheckOwnership function was using strings.ToLower(callerName)
to generate error keys, which caused 'GetRecap' to become 'getrecap' instead
of the expected 'get'. Changed to use the correct static key that matches
the en.json localization file.
Fixes TestGetRecap/get_recap_by_non-owner test failure.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Consolidate permission errors down to a single string
* Fixes for i18n, worktrees making this difficult
* Fix i18n
* Fix i18n once and for all (for real) (final)
* Fix duplicate getAgents method in client4.ts
* Remove duplicate ai state from initial_state.ts
* Fix types
* Fix tests
* Fix return type of GetAgents and GetServices
* Add tests for recaps components
* Fix types
* Update i18n
* Fixes
* Fixes
* More cleanup
* Revert random file
* Use undefined
* fix linter
* Address feedback
* Missed a git add
* Fixes
* Fix i18n
* Remove fallback
* Fixes for PR
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Felipe Martin <me@fmartingr.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Added debug log to indicate the job is not running as the node is not cluster node
* Setting log level to info for debugging test server issue
* testing
* Removed debugging code
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* avoid replica race lag when remembering ServerID
In an HA environment, with a master and read replica, querying the server id from the store runs the risk of returning a value saved to master but not yet replicated. Avoid this by using the telemetry service value directly when available.
Fixes: MM-65960
* Add Get(ByName)WithContext
* explicitly use master for ServerId
* mock GetByNameWithContext
* more mocking
* more mocks
* Add read receipt store for burn on read message types
* update mocks
* fix invalidation target
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* add translations
* Added logic to associate files of BoR post with the post
* Added test
* fixes
* disable pinning posts and review comments
* MM-66594 - Burn on read UI integration (#34647)
* MM-66244 - add BoR visual components to message editor
* MM-66246 - BoR visual indicator for sender and receiver
* MM-66607 - bor - add timer countdown and autodeletion
* add the system console max time to live config
* use the max expire at and create global scheduler to register bor messages
* use seconds for BoR config values in BE
* implement the read by text shown in the tooltip logic
* unestack the posts from same receiver and BoR and fix styling
* avoid opening reply RHS
* remove unused dispatchers
* persis the BoR label in the drafts
* move expiration value to metadata
* adjust unit tests to metadata insted of props
* code clean up and some performance improvements; add period grace for deletion too
* adjust migration serie number
* hide bor messages when config is off
* performance improvements on post component and code clean up
* keep bor existing post functionality if config is disabled
* Add read receipt store for burn on read message types
* Add temporary posts table
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* avoid reacting to unrevealed bor messages
* adjust migration number
* Add read receipt store for burn on read message types
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* adjust post reveal and type with backend changes
* use real config values, adjust icon usage and style
* adjust the delete from from sender and receiver
* improve self deleting logic by placing in badge, use burn endpoint
* adjust websocket events handling for the read by sender label information
* adjust styling for concealed and error state
* update burn-on-read post event handling for improved recipient tracking and multi-device sync
* replace burn_on_read with type in database migrations and model
* remove burn_on_read metadata from PostMetadata and related structures
* Added logic to associate files of BoR post with the post
* Added test
* adjust migration name and fix linter
* Add read receipt store for burn on read message types
* update mocks
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* Added logic to associate files of BoR post with the post
* Added test
* disable pinning posts and review comments
* show attachment on bor reveal
* remove unused translation
* Enhance burn-on-read post handling and refine previous post ID retrieval logic
* adjust the returning chunk to work with bor messages
* read temp post from master db
* read from master
* show the copy link button to the sender
* revert unnecessary check
* restore correct json tag
* remove unused error handling and clarify burn-on-read comment
* improve type safety and use proper selectors
* eliminate code duplication in deletion handler
* optimize performance and add documentation
* delete bor message for sender once all receivers reveal it
* add burn on read to scheduled posts
* add feature enable check
* use master to avoid all read recipients race condition
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
* squash migrations into single file
* add configuration for the scheduler
* don't run messagehasbeenposted hook
* remove parallel tests on burn on read
* add clean up for closing opened modals from previous tests
* simplify delete menu item rendering
* add cleanup step to close open modals after each test to prevent pollution
* streamline delete button visibility logic for Burn on Read posts
* improve reliability of closing post menu and modals by using body ESC key
---------
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
Co-authored-by: Pablo Vélez <pablovv2012@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66718] Remove unneeded HTML templates watcher
The templates package currently supports filesystem watching to
automatically reload templates when files change. This feature is
unnecessary in production and adds complexity.
Changes:
- Removed NewWithWatcher() function from templates package
- Removed Close() method from Container
- Removed watch-related fields (watch, stop, stopped) from Container
- Removed fsnotify dependency usage
- Updated server.go to use New() instead of NewWithWatcher()
- Updated email/helper_test.go to use New()
- Removed watcher-related tests from templates_test.go
Template updates now require a server restart, which provides clearer
behavior and reduces code complexity.
* Remove unused fsnotify dependency
* Add EasyLogin configuration (#34217)
* add easy login config
* add easy login to the invite modal
* add to the query parameters
* Add an API to get login method for the login id (#34223)
* add an api to get login method for the login id
* do not return errors if user is not found
* Add support for Easy Login invitation link sending (#34224)
This generates Easy Login token types when requested. The server
doesn't do anything with these tokens, yet - that will come in a
future change.
* Add support for logging in with easy login (#34236)
* Fix E2E tests (#34240)
* Prevent easy login accounts to reset their password (#34262)
* Add easy login support to login api and limit token to 5 min (#34259)
* webapp easy login ui mods (#34237)
* webapp easy login ui mods
* easy login i18n
* lint issues
* getUserLoginType
* using the real API
* easylogin proper redirect
* remove unneeded functions and files
* duplicated localization
* remove easylogin
* using EnableEasyLogin setting
* localization fix
* fix lint issue
* remove excessive setIsWaiting
* changed logic to make it more readable
* renaming component to make easier editable
* password will disappear when username change
* login test
* text for easy login password
* Add app links to emails
* Update templates and always land in the landing screen
* Update svg image, improve checks on server, fix linking page and show deactivated on login type
* Update naming
* Fix mocks and imports
* Remove all sessions on disable and forbid user promotion
* Fix layer and tests
* Address feedback
* Fix tests
* Fix missing string
* Fix texts
* Fix tests
* Fix constant name
* Fix tests
* Fix test
* Address feedback
* Fix lint
* Fix test
* Address feedback
* Fix test
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: David Krauser <david@krauser.org>
Co-authored-by: Daniel Espino <larkox@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* updated aws-sdk dependency to aws-sdk-go-v2
* simplify error handling in case of timeout errors
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Initial Implementation of Push Proxy Authentication
* Include Config Listener for Leader plus delete startup function as job scheduler runs on initialization
* Remove push proxy auth from local imports
* Add push proxy auth to external imports
* Add push proxy auth error messages
* Update error codes
* Fix enterprise dep definition
* make i18n-extract
* Mock System store Get
* m
* m
* m
* m
* Update serverID header
* Add install type env var to docker
* Update Push Proxy config with new options
Global, US, Germany and Japan. Previous configurations will keep working
* use model.SafeDereference
* Delete token when new push proxy URL is empty
* ServerID header only if auth token is available
---------
Co-authored-by: Daniel Schalla <daniel@mattermost.com>
Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-64486: Remove telemetry
Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information.
* recover mock for SystemStore.Get
* Fix TestClearPushNotificationSync by adding missing SystemStore mock
The test was failing because the SystemStore mock was missing the Get()
method that's required by the ServerId() function. Added the missing mock
to return a StringMap with SystemServerId.
* fix mocking issue
* Remove now-unused telemetry and constants
* Remove "Disable telemetry events" debug setting
* Remove empty functions
* Remove most "Telemetry tracking removed" comments
* Remove remains of DataPrefetch telemetry
* Remove now-unused prop from InviteMembersButton
* Remove trackDotMenuEvent
* Remove some more leftover comments
* Remove lingering logic related to trackingLocation
* Remove now-unused argument from useCopyText
* Remove lingering telemetry references from PreparingWorkspace
* fixup Remove trackDotMenuEvent
* Remove lingering telemetry references from signup page and password check
* Update snapshots and fix test broken by my changes
* Fix unintended behavior change in thread list filtering
Remove handleSetFilter wrapper that was accidentally modified during
telemetry removal. The function was calling clear() when switching to
unread filter, which was not the original behavior. Use setFilter
directly instead, restoring the original functionality.
* Remove unused useOpenDowngradeModal hook
The useOpenDowngradeModal hook was not being used anywhere in the codebase.
* Remove unused expandableLink from useExpandOverageUsersCheck
The expandableLink return value was not being used by any components.
* Re-add missing TeamLinkClicked performance telemetry
The mark(Mark.TeamLinkClicked) call was accidentally removed from the
handleSwitch function. This telemetry is needed for Looker-based
performance tracking.
* drop LogSettings.VerboseDiagnostics
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
- Remove NotificationLogSettings configuration entirely
- Add new notification-specific log levels (NotificationError, NotificationWarn, NotificationInfo, NotificationDebug, NotificationTrace)
- Consolidate all notification logs into standard mattermost.log file
- Update all notification logging code to use new multi-level logging (MlvlNotification*)
- Remove notification logger infrastructure and support packet integration
- Update test configurations and remove deprecated functionality tests
- Add comprehensive tests for new notification log levels
This change simplifies log analysis by unifying all application logging while maintaining flexibility through Advanced Logging configuration for administrators who need separate notification logs.
🤖 Generated with [Claude Code](https://claude.ai/code)
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Update Go version to v1.23.7
* Bump golangci-lint to a version supporting Go 1.23
* Fix golangci-lint warnings
Several rules from gosimple, revive and staticcheck linters were
failing:
- Redefinition of built-in identifiers (max, min, new, recover...)
- Use of printf-like functions with simple strings
- Check for nil slices, when len already takes it into account
* Trigger Build
* Trigger Build
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Bump Go version to 1.23.6
* Update CodeQL Github action as well
* Use server's Go version for CodeQL action
Co-authored-by: Antonis Stamatiou <stamatiou.antonis@gmail.com>
* Empty commit to trigger CI
* Bump golangci-lint to a version supporting Go 1.23
* Fix golangci-lint warnings
Several rules from gosimple, revive and staticcheck linters were
failing:
- Redefinition of built-in identifiers (max, min, new, recover...)
- Use of printf-like functions with simple strings
- Check for nil slices, when len already takes it into account
---------
Co-authored-by: Antonis Stamatiou <stamatiou.antonis@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-61947 Run DND expiry job more often and round expiry time to match interval
* Move comment to make it godoc-compatible
* Change truncateDNDEndTime to work with seconds
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Adds the main Property System Architecture components
This change adds the necessary migrations for the Property Groups,
Fields and Values tables to be created, the store layer and a Property
Service that can be used from the app layer.
* Update property field type to use user instead of person
* Update PropertyFields to allow for unique nondeleted fields and remove redundant indexes
* Update PropertyValues to allow for unique nondeleted fields and remove redundant indexes
* Use StringMap instead of the map[string]any on property fields
* Add i18n strings
* Revert "Use StringMap instead of the map[string]any on property fields"
This reverts commit e2735ab0f8.
* Cast JSON binary data to string and add todo note for StringMap use
* Add mocks to the retrylayer tests
* Cast JSON binary data to string in property value store
* Check for binary parameter instead of casting to string for JSON data
* Check property field type is one of the allowed ones
* Avoid reusing err variable to be explicit about the returned value
* Merge Property System Migrations into one file
* Adds NOT NULL to timestamps at the DB level
* Update stores to use tableSelectQuery instead of a slice var
* Update PropertyField model translations to be more explicit and avoid repetition
* Update PropertyValue model translations to be more explicit and avoid repetition
* Use ExecBuilder instead of ToSql&Exec
* Update property field errors to add context
* Ensure PerPage is greater than zero
* Update store errors to give more context
* Use ExecBuilder in the property stores where possible
* Add an on conflict suffix to the group register to avoid race conditions
* Remove badly used translation string
* Remove unused get in register group method
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Create scheduled post api (#27920)
* Added migration files for Postgres
* Added migrations for MySQL
* Added store method
* Added API and store tests
* Renamed migration after syncing with master
* Added app layer tests
* API is ready
* API is ready
* API is ready
* Renamed migration after syncing with master
* Updated migration list
* Fixed retry layer tests
* Allowed posts with empty messages
* Review fixes
* Reverted an incorrect change
* Renamed migration and fixed ID assignment
* CI
* Send post button changes (#28019)
* added Split button
* WIP
* Added core menu options
* WIP
* WIP
* WIP
* Handled displaying error in creating scheduled post
* lint fixes
* webapp i18n fix
* Review fixes
* Fixed a webapp test
* A few more fixes
* Removed a duplicate comment
* Scheduled post job (#28088)
* Added the job function
* Added query for fetching scheduled posts for pricessing
* WIP
* WIP
* WIP
* WIP
* WIP
* WIP
* Reafactoring of scheduled post job
* Lint fixes
* Updated i18n files
* FInishing touches
* Added tests for GetScheduledPosts
* Added tests for PermanentlyDeleteScheduledPosts
* Updated all layer
* Some changes as discussed with team
* Added tests for UpdatedScheduledPost
* Code review refactoring
* Added job test
* MM-60120 - Custom time selection (#28120)
* Added a common date time picker modal and used it for post reminder
* Added a common date time picker modal and used it for post reminderggp
* Added modal for custom schedule time and fixed TZ issue
* WIP
* Removed event from useSubmit hook
* Removed event from useSubmit hook
* Added timezone handling
* fixed type error
* Updated i18n strings
* Minor cleanup
* updated snapshots
* review fixes
* Handled event
* Supported for having a DM thread open in RHS while in a regular channel
* Review fixes
* MM-60136 - Scheduled messages tab (#28133)
* WIP
* WIP
* Created Tabs and Tab wrapper with added styling
* Added API to get scheduled posts
* WIP
* Displated scheduled post count
* i18n fix
* Added tests
* Handled asetting active tab absed on URL:
* Reverted unintended change
* Added API to client ad OpenAPI specs
* Renamed file
* Adding fileinfo to schedule posts
* Partial review fixes
* Made get scheduled post API return posts by teamID
* review fixes
* Moved scheduled post redux code to MM-redux package
* Usedd selector factory
* WIP:
* WIP:
* Lint fix
* Fixed an incorrect openapi spec file
* Removed redundent permission check
* Clreaed scheduled post data on logout
* Removed unused i18n string:
* lint fix
* Render scheduled posts (#28208)
* WIP
* WIP
* Created Tabs and Tab wrapper with added styling
* Added API to get scheduled posts
* WIP
* Displated scheduled post count
* i18n fix
* Added tests
* Handled asetting active tab absed on URL:
* Reverted unintended change
* Added API to client ad OpenAPI specs
* Renamed file
* Created common component for draft list item
* WIP
* WIP
* Adding fileinfo to schedule posts
* Basic rendering
* Added count badge to tabs
* WIP
* Made the Drafts LHS iteam appear if no drafts exist but scheduled posts do
* Fixed icon size
* Partial review fixes
* Made get scheduled post API return posts by teamID
* Handled initial vs team switch load
* Displayed scheduled date in panel header
* Added error message and error indiocator
* WIP
* review fixes
* WIP Adding error reason tag
* Added error codes
* Moved scheduled post redux code to MM-redux package
* Usedd selector factory
* WIP:
* WIP:
* Lint fix
* Fixed an incorrect openapi spec file
* Removed redundent permission check
* Clreaed scheduled post data on logout
* Removed unused i18n string:
* lint fix
* Opened rescheduling modal
* Updated graphic for empty state of schduled post list
* Added delete scheduled post option and modal
* Badge and timezone fix
* WIP:
* Added send now confirmation modal
* lint
* Webapp i18n fix
* Fixed webapp test
* Fixed a bug where DM/GM scheduled posts weren't immideatly showing up in UI
* Minor fixes
* WIP
* Review fixes
* Review fixes
* Optimisations
* Fixed reducer name
* Moment optimizatin
* Updated route check
* MM-60144 - added API to update a scheduled post (#28248)
* WIP
* Added api and ap layer for update scheduled post ̛̦̄
* Added API to OpenAI specs, Go client and TS client
* removed permissio check
* Added tests
* Fixed tests
* Added PreUpdate method on scheduled post model
* MM-60131 - Reschedule post integration (#28281)
* Handled rescheduling post in webapp
* Added error handling
* MM-60146 - Delete scheduled post api (#28265)
* WIP
* Added api and ap layer for update scheduled post ̛̦̄
* Added API to OpenAI specs, Go client and TS client
* removed permissio check
* Added tests
* Fixed tests
* Added PreUpdate method on scheduled post model
* Added delete scheduled post API
* Added API to Go client and OpenAPI specs
* Added API to TS client
* Added tests
* CI
* Rmeoved two incorrect code comments
* MM-60653 - Integrated delete scheduled post API (#28296)
* Integrated delete scheduled apost API
* Lint fix
* Review fixes
* Excluded draft checks from scheduled posts (#28370)
* Excluded draft checks from scheduled posts
* Added a removed todo
* MM-60125 - Scheduled post channel indicator (#28320)
* Integrated delete scheduled apost API
* Lint fix
* Added state for storing scheduled posts by channel ID
* Refactored redux store to store scheudled posts by ID, thens tore IDs everywhere
* Refactored redux store to store scheudled posts by ID, thens tore IDs everywhere
* WIP
* Added scheduled post indiocator
* Handled single and multiple scheudled posts
* Review fixes
* Fixed styling and handled center channel, RHS and threads view
* Lint fix
* i18n fix
* Fixed a cycling dependency
* Lint fix
* Added some more comments
* Updated styling
* Review fixes
* Added common component for remote user time and scheduled post indicator
* Updated scheduled post count
* Minor change
* Moved CSS code around
* Fixed a bug where files in scheduled post didn't show up until refresh (#28359)
---------
Co-authored-by: Daniel Espino García <larkox@gmail.com>
* Scheduled post config (#28485)
* Added config
* Added config on server and webapp side
* Added config check in server and webapp
* Added license check
* Added license check
* Added placeholder help text
* Added license check to job
* Fixed job test
* Review fixes
* Updated English text
* Review fixes
* MM-60118 - Added index on ScheduledPosts table (#28579)
* Added index
* Updated indexes
* Scheduled posts misc fixes (#28625)
* Added detailed logging for scheduled post job
* Limited scheduled posts processing to 24 hours
* Marked old scheduled posts as unable to send
* Added t5ests
* converted some logs to trace level
* Fixed a bug causing error message to show up on deleting a scheduled post in a deleted thread (#28630)
* Fixed scheduled posts link in RHS (#28659)
* Fixed scheduled posts link in RHS
* Review fixes
* Fix permission name in scheduled posts by team (#28580)
* Fix permission name
* fix wording
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* FIxed width of generic modal header to fix browser channel modal (#28639)
* Only consider error-free scheduled posts for indicator in channel and RHS (#28683)
* Show only errro free scheudled posts in post box indicator
* Fixed a bug to handle no scheduled posts
* Fixed draft and scheudled post UI in mobile view (#28680)
* MM-60873 and MM-60872 - Fixed a bug with updating scheduled posts (#28656)
* Fixed a bug with updating scheduled posts
* Better selectors
* MOved shceuled post message length validation to app layer
* MM-60732 - Scheduled posts channel link now takes you to the first scheduled post in channel/thread in list (#28768)
* Ordered scheudle dposts by schgeudled at nad create at
* Ordered in client
* Added scroll to target
* Removed classname prop
* Fixed tests
* Added doc
* Import fix
* MM-60961 - Fixed a bug where API used incoming create at date for scheduled post (#28703)
* Fixed a bug where API used incoming create at date for scheduled post
* Stopped sending created at value for scheduled post
* MM-60785 - Fixed a bug where scheduled posts of channel we are no longer member of didn't show up (#28637)
* Fixed a bug where scheduled posts of channel we are no longer member of didn't show up
* Added a comment
* CI
* Used data loader to optimise laoding missing channels
* Minor refactoring
* MM-60963 - Added common checks for post and scheduled posts (#28713)
* Added commen checks for post and scheuled posts
* Sanitised scheduled posts
* Fixed tests
* Splitted post checks into app and context functions
* Added checks on scheduiled posts job as well:
* i18n fix
* Fixed a test
* Renamed a func
* removed duplicate check
* Scheduled posts UI fixes (#28828)
* Fixed send button and time picker borders
* Fixed center alignment of time picker
* Removed on for today and tomorrow
* Lint fix
* Date time modal hover state fix
* Badge fix
* Fixed a mnerge issue
* Scheduled Post send now and add schedule on draft (#28851)
* Added send now option on scheduled posts
* Minor refactoring
* WIP
* WIP
* WIP
* Lint fix
* i18n fix
* Snapshot update
* Review fixes
* Scheduled post inline editing (#28893)
* Added send now option on scheduled posts
* Minor refactoring
* WIP
* WIP
* WIP
* Lint fix
* i18n fix
* Snapshot update
* Displayed editing component in scheduled post
* Added handling for updating scheduled post
* Handle events
* Fixed escape key issue in scheudled post editing
* Fixes
* Displayed error message for editing error
* Don't show mention warning
* Handled dev mode (#28918)
* MInor fixes
* client fix
* Fixes
* CI
* Removed dev mode behaviour temperorily (#29008)
---------
Co-authored-by: Daniel Espino García <larkox@gmail.com>
Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add metrics for mobile versions snapshots
* Add notifications disabled and fix lint
* Address feedback
* Verify all references to JobTypeActiveUsers
* Fix typos
* Improve platform values
* Add test and MySQL support
* Adds ServerFederationSettings configuration block
The Server Federation related configuration properties were located in
the `ExperimentalSettings` config block. Now that the feature is going
to get out of beta, and foreseeing more configuration properties being
added to it, we're moving them to a block of its own.
If the properties were set in the old location, their values should be
carried over to the new ones. The old properties are left in place and
marked as deprecated not to cause issues with the model.
* Update System Console to include Server Federation section
* Remove system console section
* Move the configuration properties to ConnectedWorkspaces
* Add ConnectedWorkspacesSettings to the telemetry
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Deprecate Self Serve: First Pass
* Fix ci
* Fix more ci
* Remmove outdated server tests
* Fix a missed spot opening purchase modal in Self Hosted
* Fix i18n
* Clean up some more server code, fix webapp test
* Fix alignment of button
* Fix linter
* Fix i18n server side
* Deprecate in product true up
* Add back translation
* Remove client functions
* Put back client functions
* webapp deprecation
* Deprecate Self Serve: Second Pass
* Fix various pipeline issues
* Fix linter
* Fix pipelines
* Fix handlers_test.go
* Fix console.error around hostedCustomer in reducer
* PICKY LINTER PLEASE
* Fix webapp tests, various other fixes for the CI pipelines
* Fix i18n
* Updates to accomadate enterprise code removal
* Fix mocks
* More removal
* Fix
* Adjustments from PR
* Fixes for QA Feedback
* Update
* Add migrations to remove true up review history
* Fix migrations check
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: maria.nunez <maria.nunez@mattermost.com>
* Deprecate Self Serve: First Pass
* Fix ci
* Fix more ci
* Remmove outdated server tests
* Fix a missed spot opening purchase modal in Self Hosted
* Fix i18n
* Clean up some more server code, fix webapp test
* Fix alignment of button
* Fix linter
* Fix i18n server side
* Add back translation
* Remove client functions
* Put back client functions
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
