* Replace hardcoded test passwords with model.NewTestPassword()
Add model.NewTestPassword() utility that generates 14+ character
passwords meeting complexity requirements for FIPS compliance. Replace
all short hardcoded test passwords across the test suite with calls to
this function.
* Enforce FIPS compliance for passwords and HMAC keys
FIPS OpenSSL requires HMAC keys to be at least 14 bytes. PBKDF2 uses
the password as the HMAC key internally, so short passwords cause
PKCS5_PBKDF2_HMAC to fail.
- Add FIPSEnabled and PasswordFIPSMinimumLength build-tag constants
- Raise the password minimum length floor to 14 when compiled with
requirefips, applied in SetDefaults only when unset and validated
independently in IsValid
- Return ErrMismatchedHashAndPassword for too-short passwords in
PBKDF2 CompareHashAndPassword rather than a cryptic OpenSSL error
- Validate atmos/camo HMAC key length under FIPS and lengthen test
keys accordingly
- Adjust password validation tests to use PasswordFIPSMinimumLength
so they work under both FIPS and non-FIPS builds
* CI: shard FIPS test suite and extract merge template
Run FIPS tests on PRs that touch go.mod or have 'fips' in the branch
name. Shard FIPS tests across 4 runners matching the normal Postgres
suite. Extract the test result merge logic into a reusable workflow
template to deduplicate the normal and FIPS merge jobs.
* more
* Fix email test helper to respect FIPS minimum password length
* Fix test helpers to respect FIPS minimum password length
* Remove unnecessary "disable strict password requirements" blocks from test helpers
* Fix CodeRabbit review comments on PR #35905
- Add server-test-merge-template.yml to server-ci.yml pull_request.paths
so changes to the reusable merge workflow trigger Server CI validation
- Skip merge-postgres-fips-test-results job when test-postgres-normal-fips
was skipped, preventing failures due to missing artifacts
- Set guest.Password on returned guest in CreateGuestAndClient helper
to keep contract consistent with CreateUserWithClient
- Use shared LowercaseLetters/UppercaseLetters/NUMBERS/PasswordFIPSMinimumLength
constants in NewTestPassword() to avoid drift if FIPS floor changes
https://claude.ai/code/session_01HmE9QkZM3cAoXn2J7XrK2f
* Rename FIPS test artifact to match server-ci-report pattern
The server-ci-report job searches for artifacts matching "*-test-logs",
so rename from postgres-server-test-logs-fips to
postgres-server-fips-test-logs to be included in the report.
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Add --workers flag to mmctl import process to control concurrency
The bulk import worker count was hardcoded to runtime.NumCPU(), causing
high database load on the master during imports on live systems. This is
particularly impactful for incremental Slack imports where all users are
re-imported each time, generating 8-15 DB operations per user against
the master (due to LockToMaster).
The new --workers flag allows administrators to reduce concurrency
(e.g., --workers 1) to minimize impact on live users at the cost of
longer import duration. Defaults to 0 which preserves the existing
runtime.NumCPU() behavior.
* Add max workers limit, capped at CPU Count * 4
* Add single-channel guests filter and channel count column to System Console Users
- Add guest_filter query parameter to Reports API with store-level
filtering by guest channel membership count (all, single_channel,
multi_channel)
- Add channel_count field to user report responses and CSV exports
- Add grouped guest role filter options in the filter popover
- Add toggleable Channel count column to the users table
- Add GuestFilter and SearchTerm to Go client GetUsersForReporting
- Add tests: API parsing, API integration, app job dedup, webapp utils,
E2E column data rendering
Made-with: Cursor
* Fix gofmt alignment and isolate guest store tests
- Align GuestFilter constants to satisfy gofmt
- Move guest user/channel setup into a nested sub-test to avoid
breaking existing ordering and role filter assertions
Made-with: Cursor
* Exclude archived channels from guest filter queries and ChannelCount
The ChannelMembers subqueries for guest_filter (single/multi channel)
and the ChannelCount column did not join with Channels to check
DeleteAt = 0. Since channel archival soft-deletes (sets DeleteAt) but
leaves ChannelMembers rows intact, archived channel memberships were
incorrectly counted, potentially misclassifying guests between
single-channel and multi-channel filters and inflating ChannelCount.
- Join ChannelMembers with Channels (DeleteAt = 0) in all three
subqueries in applyUserReportFilter and GetUserReport
- Add store test covering archived channel exclusion
- Tighten existing guest filter test assertions with found-flags
and exact count checks
Made-with: Cursor
* Exclude DM/GM from guest channel counts, validate GuestFilter, fix dropdown divider
- Scope ChannelCount and guest filter subqueries to Open/Private channel
types only (exclude DM and GM), so a guest with one team channel plus
a DM is correctly classified as single-channel
- Add GuestFilter validation in UserReportOptions.IsValid with
AllowedGuestFilters whitelist
- Add API test for invalid guest_filter rejection (400)
- Add store regression test for DM/GM exclusion
- Fix role filter dropdown: hide the divider above the first group
heading via CSS rule on DropDown__group:first-child
- Update E2E test label to match "Guests in a single channel" wording
Made-with: Cursor
* Add store test coverage for private and GM channel types
Private channels (type P) should be counted in ChannelCount and guest
filters, while GM channels (type G) should not. Add a test that creates
a guest with memberships in an open channel, a private channel, and a
GM, then asserts ChannelCount = 2, multi-channel filter includes the
guest, and single-channel filter excludes them.
Made-with: Cursor
* Add server i18n translation for invalid_guest_filter error
The new error ID model.user_report_options.is_valid.invalid_guest_filter
was missing from server/i18n/en.json, causing CI to fail.
Made-with: Cursor
* Make filter dropdown dividers full width
Remove the horizontal inset from grouped dropdown separators so the
system user role filter dividers span edge to edge across the menu.
Leave the unrelated webapp/package-lock.json change uncommitted.
Made-with: Cursor
* Optimize guest channel report filters.
Use per-user channel count subqueries for the single- and multi-channel guest filters so the report avoids aggregating all channel memberships before filtering guests.
* Add structured outputs, response sanitization, and session context for recaps
- Wrap BridgeClient to strip markdown code fencing from LLM JSON responses,
using explicit delegation to prevent unsanitized methods from leaking
- Add JSONOutputFormat schema to SummarizePosts for structured LLM output
- Pass user session in recap worker context for session-dependent code paths
- Pre-parse min plugin version semver at package level to avoid repeated parsing
- Hoist static JSON schema to package-level var to avoid per-call allocation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix stripMarkdownCodeFencing to handle single-line fenced payloads
Address CodeRabbit feedback: the function previously returned the original
string when fenced JSON had no newline (e.g. ```json {"a":1}```), which
would break downstream JSON parsing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Handle case/spacing variants for single-line fenced language tags
Address CodeRabbit feedback: use case-insensitive comparison for the
"json" language tag and check for whitespace separator, so inputs like
```JSON {"a":1}``` are handled correctly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Revert BridgeClient wrapper and keep only structured output changes
Remove the BridgeClient wrapper, stripMarkdownCodeFencing, and semver
pre-parse from agents.go. The scope of this PR is limited to adding
JSONOutputFormat structured outputs for recaps and the worker session
context fix.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix lint: use any instead of interface{} and fix gofmt formatting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: only match root-level JSONL files when importing a zip
When importing a Mattermost export zip, the code iterated over all files
to find the first .jsonl by extension. Exported attachments under data/
could themselves be .jsonl files, causing the import to pick an
attachment as the manifest instead of the actual root-level JSONL file.
Extract an IsRootJsonlFile helper in the imports package and use it in
the import process worker, mmctl validator, and bulk import test to
restrict the search to files with no directory component.
* test: add integration test for import with nested JSONL decoy file
Verify that BulkImportWithPath correctly picks the root-level JSONL
manifest and ignores a decoy .jsonl inside a subdirectory, covering
the fix from ad7f230f06.
* Draft changes for BoR post soft-deletion
* Handled the case for author's BoR post read receipt
* lint fix
* Updated text
* Updated tests
* review fixes
* review fixes
* Paginated and batched temperory post deletion
* Updated test
* unmocked store
* logged instead of erroring out
* i18n fix
* review fixes
* initial commit for POC of Plugin Bridge
* Updates
* POC for plugin bridge
* Updates from collaboration
* Fixes
* Refactor Plugin Bridge to use HTTP/REST instead of RPC
- Remove ExecuteBridgeCall hook and Context.SourcePluginId
- Implement HTTP-based bridge using existing PluginHTTP infrastructure
- Add CallPlugin API method with endpoint parameter instead of method name
- Update CallPluginBridge to construct HTTP POST requests
- Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID
- Use 'com.mattermost.server' as plugin ID for core server calls
- Update ai.go to use REST endpoint /inter-plugin/v1/completion
- Add comprehensive spec documentation in server/spec.md
- Add MIGRATION_GUIDE.md for plugin developers
- Fix 401/404 issues by setting correct headers and URL paths
* Improve Plugin Bridge security and architecture
- Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin)
- Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest
- Improve separation of concerns: business logic vs HTTP transport
- Add security documentation explaining header protection
Security Improvements:
- ServeInternalPluginRequest is NOT exposed as HTTP route (internal only)
- Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code
- External requests cannot spoof these headers (stripped by servePluginRequest)
- Core calls use 'com.mattermost.server' as plugin ID for authorization
- Plugin-to-plugin calls use real plugin ID (enforced by server)
Backward Compatibility:
- Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated)
- All tests pass
Docs:
- Update spec.md with security model explanation
- Update MIGRATION_GUIDE.md with correct header usage examples
* Space
* cursor please stop creating markdown files
* Fix style
* Fix i18n, linter
* REMOVE MARKDOWN
* Remove CallPlugin method from plugin API interface
Per review feedback, this method is no longer needed.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Remove CallPlugin method implementation from PluginAPI
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fixes
* Add AI OpenAPI spec
* fix openapi spec
* Use agents client (#34225)
* Use agents client
* Remove default agent
* Fixes
* fix: modify system prompts to ensure JSON is being returned
* Base implementation for recaps working
* small fixes
* Adjustments
* remove webapp changes
* Add feature flags for rewrites and ai bridge, clean up
* Remove comments that aren't helpful
* Fix i18n
* Remove rewrites
* Fix tests
* Fix i18n
* adjust i18n again
* Add back translations
* Remove leftover mock code
* remove model file
* Changes from PR review
* Make the real substitutions
* Include a basic invokation of the client with noop to ensure build works
* more fix
* Remove unneeded change
* Updates from review
* Fixes
* Remove some logic from rewrites to clean up branch
* Use v1.5.0 of agents plugin
* A bunch more additions for general UX flow
* Add missing files
* Add mocks
* Fixes for vet-api, i18n, build, types, etc
* One more linter fix
* Fix i18n and some tests
* Refactors and cleanup in backend code
* remove rogue markdown file
* fixes after refactors from backend
* Add back renamed files, and add tests
* More self code review
* More fixes
* More refactors
* Fix call stack exceeded bug
* Include read messages if there are no unreads
* Fix test failure: use correct error message key for recap permission denied
The getRecapAndCheckOwnership function was using strings.ToLower(callerName)
to generate error keys, which caused 'GetRecap' to become 'getrecap' instead
of the expected 'get'. Changed to use the correct static key that matches
the en.json localization file.
Fixes TestGetRecap/get_recap_by_non-owner test failure.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Consolidate permission errors down to a single string
* Fixes for i18n, worktrees making this difficult
* Fix i18n
* Fix i18n once and for all (for real) (final)
* Fix duplicate getAgents method in client4.ts
* Remove duplicate ai state from initial_state.ts
* Fix types
* Fix tests
* Fix return type of GetAgents and GetServices
* Add tests for recaps components
* Fix types
* Update i18n
* Fixes
* Fixes
* More cleanup
* Revert random file
* Use undefined
* fix linter
* Address feedback
* Missed a git add
* Fixes
* Fix i18n
* Remove fallback
* Fixes for PR
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Felipe Martin <me@fmartingr.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add read receipt store for burn on read message types
* update mocks
* fix invalidation target
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* add translations
* Added logic to associate files of BoR post with the post
* Added test
* fixes
* disable pinning posts and review comments
* MM-66594 - Burn on read UI integration (#34647)
* MM-66244 - add BoR visual components to message editor
* MM-66246 - BoR visual indicator for sender and receiver
* MM-66607 - bor - add timer countdown and autodeletion
* add the system console max time to live config
* use the max expire at and create global scheduler to register bor messages
* use seconds for BoR config values in BE
* implement the read by text shown in the tooltip logic
* unestack the posts from same receiver and BoR and fix styling
* avoid opening reply RHS
* remove unused dispatchers
* persis the BoR label in the drafts
* move expiration value to metadata
* adjust unit tests to metadata insted of props
* code clean up and some performance improvements; add period grace for deletion too
* adjust migration serie number
* hide bor messages when config is off
* performance improvements on post component and code clean up
* keep bor existing post functionality if config is disabled
* Add read receipt store for burn on read message types
* Add temporary posts table
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* avoid reacting to unrevealed bor messages
* adjust migration number
* Add read receipt store for burn on read message types
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* adjust post reveal and type with backend changes
* use real config values, adjust icon usage and style
* adjust the delete from from sender and receiver
* improve self deleting logic by placing in badge, use burn endpoint
* adjust websocket events handling for the read by sender label information
* adjust styling for concealed and error state
* update burn-on-read post event handling for improved recipient tracking and multi-device sync
* replace burn_on_read with type in database migrations and model
* remove burn_on_read metadata from PostMetadata and related structures
* Added logic to associate files of BoR post with the post
* Added test
* adjust migration name and fix linter
* Add read receipt store for burn on read message types
* update mocks
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* Added logic to associate files of BoR post with the post
* Added test
* disable pinning posts and review comments
* show attachment on bor reveal
* remove unused translation
* Enhance burn-on-read post handling and refine previous post ID retrieval logic
* adjust the returning chunk to work with bor messages
* read temp post from master db
* read from master
* show the copy link button to the sender
* revert unnecessary check
* restore correct json tag
* remove unused error handling and clarify burn-on-read comment
* improve type safety and use proper selectors
* eliminate code duplication in deletion handler
* optimize performance and add documentation
* delete bor message for sender once all receivers reveal it
* add burn on read to scheduled posts
* add feature enable check
* use master to avoid all read recipients race condition
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
* squash migrations into single file
* add configuration for the scheduler
* don't run messagehasbeenposted hook
* remove parallel tests on burn on read
* add clean up for closing opened modals from previous tests
* simplify delete menu item rendering
* add cleanup step to close open modals after each test to prevent pollution
* streamline delete button visibility logic for Burn on Read posts
* improve reliability of closing post menu and modals by using body ESC key
---------
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
Co-authored-by: Pablo Vélez <pablovv2012@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Standardize request.CTX parameter naming to rctx
- Migrate 886 request.CTX parameters across 147 files to use consistent 'rctx' naming
- Updated function signatures from 'c', 'ctx', and 'cancelContext' to 'rctx'
- Updated function bodies to reference the new parameter names
- Preserved underscore parameters unchanged as they are unused
- Fixed method receiver context issue in store.go
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Use request.CTX interface in batch worker
* Manual fixes
* Fix parameter naming
* Add linter check
---------
Co-authored-by: Claude <noreply@anthropic.com>
* MM-64486: Remove telemetry
Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information.
* recover mock for SystemStore.Get
* Fix TestClearPushNotificationSync by adding missing SystemStore mock
The test was failing because the SystemStore mock was missing the Get()
method that's required by the ServerId() function. Added the missing mock
to return a StringMap with SystemServerId.
* fix mocking issue
* Remove now-unused telemetry and constants
* Remove "Disable telemetry events" debug setting
* Remove empty functions
* Remove most "Telemetry tracking removed" comments
* Remove remains of DataPrefetch telemetry
* Remove now-unused prop from InviteMembersButton
* Remove trackDotMenuEvent
* Remove some more leftover comments
* Remove lingering logic related to trackingLocation
* Remove now-unused argument from useCopyText
* Remove lingering telemetry references from PreparingWorkspace
* fixup Remove trackDotMenuEvent
* Remove lingering telemetry references from signup page and password check
* Update snapshots and fix test broken by my changes
* Fix unintended behavior change in thread list filtering
Remove handleSetFilter wrapper that was accidentally modified during
telemetry removal. The function was calling clear() when switching to
unread filter, which was not the original behavior. Use setFilter
directly instead, restoring the original functionality.
* Remove unused useOpenDowngradeModal hook
The useOpenDowngradeModal hook was not being used anywhere in the codebase.
* Remove unused expandableLink from useExpandOverageUsersCheck
The expandableLink return value was not being used by any components.
* Re-add missing TeamLinkClicked performance telemetry
The mark(Mark.TeamLinkClicked) call was accidentally removed from the
handleSwitch function. This telemetry is needed for Looker-based
performance tracking.
* drop LogSettings.VerboseDiagnostics
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* TestPool
* Store infra
* Store tests updates
* Bump maximum concurrent postgres connections
* More infra
* channels/jobs
* channels/app
* channels/api4
* Protect i18n from concurrent access
* Replace some use of os.Setenv
* Remove debug
* Lint fixes
* Fix more linting
* Fix test
* Remove use of Setenv in drafts tests
* Fix flaky TestWebHubCloseConnOnDBFail
* Fix merge
* [MM-62408] Add CI job to generate test coverage (#30284)
* Add CI job to generate test coverage
* Remove use of Setenv in drafts tests
* Fix flaky TestWebHubCloseConnOnDBFail
* Fix more Setenv usage
* Fix more potential flakyness
* Remove parallelism from flaky test
* Remove conflicting env var
* Fix
* Disable parallelism
* Test atomic covermode
* Disable parallelism
* Enable parallelism
* Add upload coverage step
* Fix codecov.yml
* Add codecov.yml
* Remove redundant workspace field
* Add Parallel() util methods and refactor
* Fix formatting
* More formatting fixes
* Fix reporting
A recent change to the enterprise cluster code introduced a change to the enterprise API interface. GetClusterInfos() can now return an error. This commit introduces code to handle that error.
* ClaimJob now returns newly claimed job
* internal code affected by change
* test changes required
* two branches: for mysql, use transaction; for postgres, use returning
* two branches: for mysql, use transaction; for postgres, use returning
* use same millis value for LastActivityAt and StartAt
* blank commit
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* fix for deleting non-bulk export files and directories
* add job worker setup and running to helper_test.go
* add infrastructure for e2e testing of workers; test ExportDelete
* linting
* use retention days in test instead of magic number
* MM-60222_apply filter to export csv
* get the report exporting with the filters ready
* add unit tests
* cover one more file with some tests
* style the confirm modal note
* add translations
* remove unnecessary print line
* disable export button if there is no data to export
* fix linter issues
* fix linter errors
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add metrics for mobile versions snapshots
* Add notifications disabled and fix lint
* Address feedback
* Verify all references to JobTypeActiveUsers
* Fix typos
* Improve platform values
* Add test and MySQL support
- Bump timeouts for some cases
- Improve sleep with require/assert.EventuallyT
for better performance and reliability.
https://mattermost.atlassian.net/browse/MM-57532
```release-note
NONE
```
* [MM-56616] Changes for the DM for batch reporting
* Use requesting user's locale
* Fix lint
* Remove unnecessary test
* Move back to file attachment
* Add default API case
* Fix i18n
* Hardcode the CSV string
