* ci: enable fullyparallel mode for server tests
Replace os.Setenv, os.Chdir, and global state mutations with
parallel-safe alternatives (t.Setenv, t.Chdir, test hooks) across
37 files. Refactor GetLogRootPath and MM_INSTALL_TYPE to use
package-level test hooks instead of environment variables.
This enables gotestsum --fullparallel, allowing all test packages
to run with maximum parallelism within each shard.
Co-authored-by: Claude <claude@anthropic.com>
* ci: split fullyparallel from continue-on-error in workflow template
- Add new boolean input 'allow-failure' separate from 'fullyparallel'
- Change continue-on-error to use allow-failure instead of fullyparallel
- Update server-ci.yml to pass allow-failure: true for test coverage job
- Allows independent control of parallel execution and failure tolerance
Co-authored-by: Claude <claude@anthropic.com>
* fix: protect TestOverrideLogRootPath with sync.Mutex for parallel tests
- Replace global var TestOverrideLogRootPath with mutex-protected functions
- Add SetTestOverrideLogRootPath() and getTestOverrideLogRootPath() functions
- Update GetLogRootPath() to use thread-safe getter
- Update all test files to use SetTestOverrideLogRootPath() with t.Cleanup()
- Fixes race condition when running tests with t.Parallel()
Co-authored-by: Claude <claude@anthropic.com>
* fix: configure audit settings before server setup in tests
- Move ExperimentalAuditSettings from UpdateConfig() to config defaults
- Pass audit config via app.Config() option in SetupWithServerOptions()
- Fixes audit test setup ordering to configure BEFORE server initialization
- Resolves CodeRabbit's audit config timing issue in api4 tests
Co-authored-by: Claude <claude@anthropic.com>
* fix: implement SetTestOverrideLogRootPath mutex in logger.go
The previous commit updated test callers to use SetTestOverrideLogRootPath()
but didn't actually create the function in config/logger.go, causing build
failures across all CI shards. This commit:
- Replaces the exported var TestOverrideLogRootPath with mutex-protected
unexported state (testOverrideLogRootPath + testOverrideLogRootMu)
- Adds exported SetTestOverrideLogRootPath() setter
- Adds unexported getTestOverrideLogRootPath() getter
- Updates GetLogRootPath() to use the thread-safe getter
- Fixes log_test.go callers that were missed in the previous commit
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): use SetupConfig for access_control feature flag registration
InitAccessControlPolicy() checks FeatureFlags.AttributeBasedAccessControl
at route registration time during server startup. Setting the flag via
UpdateConfig after Setup() is too late — routes are never registered
and API calls return 404.
Use SetupConfig() to pass the feature flag in the initial config before
server startup, ensuring routes are properly registered.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore BurnOnRead flag state in TestRevealPost subtest
The 'feature not enabled' subtest disables BurnOnRead without restoring
it via t.Cleanup. Subsequent subtests inherit the disabled state, which
can cause 501 errors when they expect the feature to be available.
Add t.Cleanup to restore FeatureFlags.BurnOnRead = true after the
subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore EnableSharedChannelsMemberSync flag via t.Cleanup
The test disables EnableSharedChannelsMemberSync without restoring it.
If the subtest exits early (e.g., require failure), later sibling
subtests inherit a disabled flag and become flaky.
Add t.Cleanup to restore the flag after the subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* Fix test parallelism: use instance-scoped overrides and init-time audit config
Replace package-level test globals (TestOverrideInstallType,
SetTestOverrideLogRootPath) with fields on PlatformService so each test
gets its own instance without process-wide mutation. Fix three audit
tests (TestUserLoginAudit, TestLogoutAuditAuthStatus,
TestUpdatePasswordAudit) that configured the audit logger after server
init — the audit logger only reads config at startup, so pass audit
settings via app.Config() at init time instead.
Also revert the Go 1.24.13 downgrade and bump mattermost-govet to
v2.0.2 for Go 1.25.8 compatibility.
* Fix audit unit tests
* Fix MMCLOUDURL unit tests
* Fixed unit tests using MM_NOTIFY_ADMIN_COOL_OFF_DAYS
* Make app migrations idempotent for parallel test safety
Change System().Save() to System().SaveOrUpdate() in all migration
completion markers. When two parallel tests share a database pool entry,
both may race through the check-then-insert migration pattern. Save()
causes a duplicate key fatal crash; SaveOrUpdate() makes the second
write a harmless no-op.
* test: address review feedback on fullyparallel PR
- Use SetLogRootPathOverride() setter instead of direct field access
in platform/support_packet_test.go and platform/log_test.go (pvev)
- Restore TestGetLogRootPath in config/logger_test.go to keep
MM_LOG_PATH env var coverage; test uses t.Setenv so it runs
serially which is fine (pvev)
- Fix misleading comment in config_test.go: code uses t.Setenv,
not os.Setenv (jgheithcock)
Co-authored-by: Claude <claude@anthropic.com>
* fix: add missing os import in post_test.go
The os import was dropped during a merge conflict resolution while
burn-on-read shared channel tests from master still use os.Setenv.
Co-authored-by: Claude <claude@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: wiggin77 <wiggin77@warpmail.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
* 🐛 fix: normalize Unicode filenames in import attachment lookup
Fix import failures for files with Japanese dakuten/handakuten characters
(e.g., ガ, パ, べ) on macOS.
macOS stores filenames in NFD (decomposed) form while Linux/Windows use
NFC (composed) form. This mismatch caused attachment lookup failures
when zip filenames and JSONL paths used different normalization forms.
Changes:
- Add NormalizeFilename utility function using golang.org/x/text/unicode/norm
- Normalize filenames when building attachment maps from zip files
- Normalize paths when looking up attachments in maps
- Apply fixes to both server (import.go) and mmctl (validate.go)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* avoid duplicating normalizeFilename
* add coverage for Korean filenames
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66789] Add directory conflict checks for plugin and import uploads
Prevent security issues where plugin uploads could write into the import
directory (or subdirectories) and vice versa by adding validation checks
at the REST API level when uploading plugins or creating import uploads.
* improved handling of root directories
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* fix: ensuring that webapp and mobile notifications decode special characters
* fix: linter error
* Replacing anonymous function with existing utility to escape regex
* Added missing characters to webapp handling, excluded markdown renderer from being affected
- Added tests that explicitly check for script injection
* Support for permissions allowing end users to create and manage their own integrations if sysadmin deems necessary
* Adjustments based on new understanding
* remove extra functions now that we've consolidated
* Fix webapp i18n
* Update snapshots
* Fix test
* Fix some tests, refactor some more, and add a few extra
* fix linter
* Update snapshots
* Fix test
* Missed some cleanup
* Fix e2e
* Fi
* Fix
* Fixes from PR feedback
* Update snapshots
* Fix tests
* Fix slash command list endpoint per PR feedback. Remove changes around OAuth Apps
* Further reversions of oauth stuff
* Update tests
* Small changes to fix when customOnly=false
* Remove extra perm from cypress
* Fixes from Eva's feedback
* Fix i18n
* More fixing
* More fixing
Add nil check after pem.Decode() to prevent crash when public key
PEM data is corrupted or invalid. This fixes a panic at license.go:86
that occurred when block was nil.
Also add test case to verify the fix handles corrupted public keys
gracefully without panicking.
* MM-64486: Remove telemetry
Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information.
* recover mock for SystemStore.Get
* Fix TestClearPushNotificationSync by adding missing SystemStore mock
The test was failing because the SystemStore mock was missing the Get()
method that's required by the ServerId() function. Added the missing mock
to return a StringMap with SystemServerId.
* fix mocking issue
* Remove now-unused telemetry and constants
* Remove "Disable telemetry events" debug setting
* Remove empty functions
* Remove most "Telemetry tracking removed" comments
* Remove remains of DataPrefetch telemetry
* Remove now-unused prop from InviteMembersButton
* Remove trackDotMenuEvent
* Remove some more leftover comments
* Remove lingering logic related to trackingLocation
* Remove now-unused argument from useCopyText
* Remove lingering telemetry references from PreparingWorkspace
* fixup Remove trackDotMenuEvent
* Remove lingering telemetry references from signup page and password check
* Update snapshots and fix test broken by my changes
* Fix unintended behavior change in thread list filtering
Remove handleSetFilter wrapper that was accidentally modified during
telemetry removal. The function was calling clear() when switching to
unread filter, which was not the original behavior. Use setFilter
directly instead, restoring the original functionality.
* Remove unused useOpenDowngradeModal hook
The useOpenDowngradeModal hook was not being used anywhere in the codebase.
* Remove unused expandableLink from useExpandOverageUsersCheck
The expandableLink return value was not being used by any components.
* Re-add missing TeamLinkClicked performance telemetry
The mark(Mark.TeamLinkClicked) call was accidentally removed from the
handleSwitch function. This telemetry is needed for Looker-based
performance tracking.
* drop LogSettings.VerboseDiagnostics
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Upgrade Go to 1.24.3
Updates the following files:
- server/.go-version: 1.23.9 → 1.24.3
- server/build/Dockerfile.buildenv: golang:1.23.9-bullseye → golang:1.24.3-bullseye
- server/go.mod: go 1.23.0 → go 1.24.3, toolchain go1.23.9 → go1.24.3
- server/public/go.mod: go 1.23.0 → go 1.24.3, toolchain go1.23.9 → go1.24.3
Also fixes non-constant format string errors introduced by Go 1.24.3's stricter format string checking:
- Added response() helper function in slashcommands/util.go for simple string responses
- Removed unused responsef() function from slashcommands/util.go
- Replaced responsef() with response() for translated strings that don't need formatting
- Fixed fmt.Errorf and fmt.Fprintf calls to use proper format verbs instead of string concatenation
- Updated marketplace buildURL to handle format strings conditionally
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update generated mocks for Go 1.24.3
Regenerated mocks using mockery v2.53.4 to ensure compatibility with Go 1.24.3.
This addresses mock generation failures that occurred with the Go upgrade.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update to bookworm and fix non-existent sha
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
* fix non-constant format string
---------
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Stavros Foteinopoulos <stafot@gmail.com>
* [MM-28754] Fix errcheck issues in license_test.go
- Properly handle error returned from os.WriteFile
- Remove license_test.go from errcheck exceptions list in .golangci.yml
Fixes https://github.com/mattermost/mattermost/issues/28754🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove empty line
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Allows creating new remote clusters without providing a password
If the endpoint receives a request with no password, it will generate
one internally and return it in the response, so the frotend can show
it to the user.
* Use a random string instead of a UUID for the generated password
* Update function name to avoid CString reference and adds assertion
* Update server/channels/utils/textgeneration.go
Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>
* Extends the charset
---------
Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>
* on login add UserId and SessionId to audit's Actor field to match logout
* lint
* simplify to add only userId and sessionId
* AddToEventActor -> AddUser/SessionToEventActor
* fill in missing session data when logging the audit record
* why did it bump that? reverting.
* make modules-tidy
* trigger build
* add more context to the comment
* Rewrite static assets only if needed
Refactor UpdateAssetsSubpathInDir so that the actual rewriting of files
happen in two different functions: one for root.html, another for
manifest.json and *.css files.
I would have wanted to simply do a
if pathToReplace == newPath { return nil }
when those two variables are defined, but the logic for root.html is not
that simple, and that may miss some edge cases, so I opted out for
simply moving the actual rewriting to individual functions, which check
for their corresponding conditions to perform the update:
1. for root.html, check that the edited file is indeed different than
the original one
2. for manifest.json and *.css files, rewrite them only if
pathToReplace != newPath, which in this case is clear that that's the
only modification we do
* Fix expected error msg in test
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Deprecate Self Serve: First Pass
* Fix ci
* Fix more ci
* Remmove outdated server tests
* Fix a missed spot opening purchase modal in Self Hosted
* Fix i18n
* Clean up some more server code, fix webapp test
* Fix alignment of button
* Fix linter
* Fix i18n server side
* Deprecate in product true up
* Add back translation
* Remove client functions
* Put back client functions
* webapp deprecation
* Deprecate Self Serve: Second Pass
* Fix various pipeline issues
* Fix linter
* Fix pipelines
* Fix handlers_test.go
* Fix console.error around hostedCustomer in reducer
* PICKY LINTER PLEASE
* Fix webapp tests, various other fixes for the CI pipelines
* Fix i18n
* Updates to accomadate enterprise code removal
* Fix mocks
* More removal
* Fix
* Adjustments from PR
* Fixes for QA Feedback
* Update
* Add migrations to remove true up review history
* Fix migrations check
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: maria.nunez <maria.nunez@mattermost.com>
* Revert "Revert "MM-57759: Bump mockery to version 2.42.2 to support go 1.22^" (#26772)"
This reverts commit cd3b5b46e1.
* Added the hooks.go file changes as well
```release-note
NONE
```
* WIP
* Added rebuild channels index functionality
* Added rough logic to send message to all sysadmins
* WIP
* WIP
* WIP
* Cleanup
* i18n fix
* reading through all pages of system admins
* Fixed webapp style
* i18n fix
* Added help text
* i18n fix
* i18n update
* Updated system console button action
* Updated snapshots
* some cleanup
* Updated snapshot
* Update server/channels/app/server.go
Co-authored-by: Daniel Espino García <larkox@gmail.com>
* fixed typo
* Refactoring to improve readibility
* moved index check to API later during config update
* Added some docs
* Updated get system bot
---------
Co-authored-by: Daniel Espino García <larkox@gmail.com>
* create ChannelBookmarks table
* ChannelBookmark model
* channel bookamrks Store layer
* add GetBookmarksForAllChannelByIdSince
* add channel bookmarks to test store
* Add channel bookmarks to app layer
* remove index for createAt in channel bookmarks migrations
* remove createAt from select channel bookmark query and enable store delete bookmark test
* update reponse of UpdateBookmark
* rename db migration files
* channel bookmarks store update sort order
* channel bookmarks app layer update sort order
* fix lint & tests
* Fix lint and introduce util functions to insert / remove from slice
* remove model etag
* i18n
* defer remove file info after test run
* Fix tests passing the request context
* fix migrations
* fix TestRetry
* Add bookmark permissions (#25560)
* Adds channel bookmarks permissions
* Fix linter
* Remove unnecessary empty lines
* Remove scss change as it's not necessary anymore
* Fix mock store
* Fix mock store and add role entry
* Fix test
* Adds cypress test and update permissions migration to update admin roles
* Adds channel bookmarks roles to default admin roles
* Adds bookmark permissions to default role permissions constant in webapp
* Update mmctl test
* Update permission test after normalising the roles
* fix store tests
* fix app layer tests
* Add new bookmark endpoint (#25624)
* Adds channel bookmarks api scaffold and create endpoint
* Applies review comments to the API docs
* Adds websocket test to create channel bookmark
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-54426 exclude Channel Bookmarks files from data retention (#25656)
* Augment channel APIs to include bookmarks (#25567)
* update files docs for server 9.4
* Adds update channel bookmark endpoint (#25653)
* Adds update channel bookmark sort order endpoint (#25686)
* Adds update channel bookmark endpoint
* Updates edit app method to return the right deleted bookmark and adds tests
* Adds the update channel bookmark sort order endpoint
* Fix repeated test after merge
* Assign right permissions to each test
* Update store and app layer to return specific errors and add tests
* Adds delete channel bookmark endpoint (#25693)
* Updates edit app method to return the right deleted bookmark and adds tests
* Fix repeated test after merge
* Updates edit app method to return the right deleted bookmark and adds tests
* Adds delete channel bookmark endpoint
* Adds list channel bookmarks endpoint (#25700)
* Add channel moderation to bookmarks (#25716)
* fix migrations index
* fix getChannelsForTeamForUser
* fix getChannelsForTeamForUser
* fix bad merge client4
* fix file api with bookmark permission
* add ChannelBookmarks feature flag
* add missing translations
* Set DB column for type as enum
* use custom type for bookmark query using sqlx
* use transaction when saving bookmark
* return NewErrNotFound instead of Sql.ErrNoRows
* use squirrel for IN query
* add a limit of 1K for records in GetBookmarksForAllChannelByIdSince
* UpdateSortOrder with one single query instead of multiple updates
* fix shadow declaration
* fix channel bookmarks permission string definition in admin console
* fix another shadow declaration
* Fix model conversion
* add SplitSliceInChunks
* remove include bookmarks in channels api
* Cap amount of bookmarks per channel
* add etag back to get channels
* feedback review
* update file info when replacing a bookmark file
* return 501 not implemented when the license is not available
* add detail message when getting channel member on bookmark api
* start audit before permission check on create bookmark api
* use require.Eventuallyf for testing WS events
* remove unnecessary log in app layer
* use require instead of assert to avoid panics
* enforce limit when querying bookmarks since
* prevent to create/update bookmark if file is already attached
* fix lint
* delete file when a bookmark is deleted
* Dot allow to set a fileId and a url at the same time to a bookmark
* fix query to delete a file that belongs to a bookmark
* do not patch the bookmark type
* Server side FeatureFlag check (#26145)
* use ff in server, set ff to false
* turn on FF for unit tests
* defer unset FF for unit tests
* turn ff on for testing
* only allow attaching files that were uploaded for bookmark
* Set feature flag off as default
* fix lint
* update email templates as PR failed
* revert templates
* force the assignment of ID when creating a bookmark
* Fix unit tests
---------
Co-authored-by: Miguel de la Cruz <miguel@mcrx.me>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Caleb Roseland <caleb@calebroseland.com>
Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
* refactor: migrate getFormattedPostTime to utils
Move app.getFormattedPostTime to utils and export along with its struct
* Set batch notification post times to user TZ
* default useMilitaryTime to false in batched email
If there is an error reading the user's preference for useMilitaryTime,
default to false, as that should be the default value if the user never
sets it.
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-54489 restrict mobile oauth/saml redirect to native app schemes
* replace slices package with contains function in utils
* use the existing Contains utility function
* Fix unit tests
* more test cases
* fix cfg.NativeAppSettings.AppCustomURLSchemes assignment
* Append mmauth to cfg.NativeAppSettings.AppCustomURLSchemes in unit test
* Added convert to channel menu item
* WIP
* refactored channel name input field and created conversion modal
* style
* style
* WIP
* wip
* Created API to fetch common teams of GM members
* Added UI for all members deactivated
* Fetched common teams in client
* WIP
* Added a required attribute to DropdownInput component
* Fixed a case with dropdown input required flag
* WIP
* API first draft
* Genetayed layers and mocks
* Fixed create channel bug
* WIP
* Added cache invalidation
* Calling API from client
* Updated API to accept name and display name as well
* WIP
* Moved converted GM to correct category
* Style fixes
* Added logic to move user to new team/channel after GM conversion
* Prevented guest user from performing action
* Added loading indicator
* Added smoother height transistion when loading finishes
* UI imporvements
* WIP
* Formatted GM conversion message on client side
* lint fix
* Moved convert option from sidebar menu to channel header menu
* Some cleanup
* Updated server layers
* Fixed i18n
* Fixed types
* Fix server i18n
* Fixed channel creation bug
* Added store test for GetCommonTeamIDsForMultipleUsers
* Server tests done
* Updated snapshots
* Updated layers
* lint fix
* Update tests
* For CI
* lint
* restored debug code
* Used user ID instead of username in channel conversion post
* WIP
* Review fixes
* LInt fixes
* Test fix
* WIP
* WIP
* WIP
* wip
* Review fixes, lots of them
* Review fix
* Disabled WIP test
* test
* Cleanup
* Test fix
* removed testing line
* Fixed incorrect default message
* Review fixes
* Fixes
* lint and i18n fix
* Setting category on server side
* updated i18n
* Updated tests
* Added tests
* Refs cleanup
* added test
---------
Co-authored-by: Harshil Sharma <harshilsharma@Harshils-MacBook-Pro.local>
* MM-54182 - add correct information to session table from mobile devices
* improve comments around helper function
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Refactor: Use generic to change func StringInSlice to Contains
* Refactor: Use generic to change func stringNotInSlice to Contains
Make utils.go (dir server/public/utils) and func Contains
* Refactor: Move func Contains from channels/utils to public/utils
Move func Contains from channels/utils to public/utils
Fix import declarations line
* Docs: Add a description of the Contains function
* Test: add TestContains
Add a test code for a Contain function
