* Move password hashers from server/v8 to server/public to fix layering violation
* Revert "Move password hashers from server/v8 to server/public to fix layering violation"
This reverts commit 8cad5b8dc9.
* invert dependency between hashers and model
* make modules-tidy
---------
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add EasyLogin configuration (#34217)
* add easy login config
* add easy login to the invite modal
* add to the query parameters
* Add an API to get login method for the login id (#34223)
* add an api to get login method for the login id
* do not return errors if user is not found
* Add support for Easy Login invitation link sending (#34224)
This generates Easy Login token types when requested. The server
doesn't do anything with these tokens, yet - that will come in a
future change.
* Add support for logging in with easy login (#34236)
* Fix E2E tests (#34240)
* Prevent easy login accounts to reset their password (#34262)
* Add easy login support to login api and limit token to 5 min (#34259)
* webapp easy login ui mods (#34237)
* webapp easy login ui mods
* easy login i18n
* lint issues
* getUserLoginType
* using the real API
* easylogin proper redirect
* remove unneeded functions and files
* duplicated localization
* remove easylogin
* using EnableEasyLogin setting
* localization fix
* fix lint issue
* remove excessive setIsWaiting
* changed logic to make it more readable
* renaming component to make easier editable
* password will disappear when username change
* login test
* text for easy login password
* Add app links to emails
* Update templates and always land in the landing screen
* Update svg image, improve checks on server, fix linking page and show deactivated on login type
* Update naming
* Fix mocks and imports
* Remove all sessions on disable and forbid user promotion
* Fix layer and tests
* Address feedback
* Fix tests
* Fix missing string
* Fix texts
* Fix tests
* Fix constant name
* Fix tests
* Fix test
* Address feedback
* Fix lint
* Fix test
* Address feedback
* Fix test
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: David Krauser <david@krauser.org>
Co-authored-by: Daniel Espino <larkox@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add parser and hasher packages
The new `password` module includes two packages:
- `hashers` provides a structure allowing for seamless migrations
between password hashing methods. It also implements two password
hashers: bcrypt, which was the current hashing method, and PBKDF2, which
is the one we are migrating to.
- `parser` provides types and primitives to parse PHC[0] strings,
serving as the foundation of the `PasswordHasher` interface and
implementations, which are all PHC-based.
[0] https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md
* Use latest hasher to hash new passwords
The previous commit added a LatestHasher variable, that contains the
`PasswordHasher` currently in use. Here, we make sure we use it for
hashing new passwords, instead of the currently hardcoded bcrypt.
* Use errors from hashers' package
Some chore work to unify errors defined in `hashers`, not from external
packages like `bcrypt`.
* Implement password migration logic
This commit implements the actual logic to migrate passwords, which
can be summarized as:
0. When the user enters their password (either for login in
`App.CheckPasswordAndAllCriteria` or for double-checking the password
when the app needs additional confirmation for anything in
`App.DoubleCheckPassword`), this process is started.
1. The new `App.checkUserPassword` is called. In
`users.CheckUserPassword`, we parse the stored hashed password with the
new PHC parser and identify whether it was generated with the current
hashing method (PBKDF2). If it is, just verify the password as usual and
continue normally.
2. If not, start the migration calling `App.migratePassword`:
a. First, we call `Users.MigratePassword`, which validates that the
stored hash and the provided password match, using the hasher that
generated the old hash.
b. If the user-provided password matches the old hash, then we simply
re-hash that password with our current hasher, the one in
`hashers.LatestHasher`. If not, we fail.
c. Back in `App.migratePassword`, if the migration was successful,
then we update the user in the database with the newly generated hash.
* make i18n-extract
* Rename getDefaultHasher to getOriginalHasher
* Refactor App checkUserPsasword and migratePassword
Simplify the flow in these two methods, removing the similarly named
users.CheckUserPassword and users.MigratePassword, inlining the logic
needed in the App layer and at the same time removing the need to parse
the stored hash twice.
This implements a package-level function, CompareHashAndPassword: the
first step to unexport LatestHasher.
* Add a package level Hash method
This completely removes the need to expose LatestHasher, and lets us
also remove model.HashPassword, in favour of the new hashers.Hash
* Unexport LatestHasher
* Remove tests for removed functions
* Make the linter happy
* Remove error no longer used
* Allow for parameter migrations on the same hasher
Before this, we were only checking that the function ID of the stored
hash was the ID of the latest hashing method. Here, we no longer ignore
the parameters, so that if in the future we need to migrate to the same
hashing method with a different parameter (let's say PBKDF2 with work
factor 120,000 instead of work factor 60,000), we can do it by updating
the latestHasher variable. IsPHCValid will detect this change and force
a migration if needed.
* Document new functions
* make i18n-extract
* Fix typo in comment
Co-authored-by: Ben Cooke <benkcooke@gmail.com>
* Rename parser package to phcparser
* Simplify phcparser.New documentation
* Rename scanSymbol to scanSeparator
Redefine the list of separator tokens, including EOF as one.
* Document undocumented functions that are unexported
* Reorder error block in checkUserPassword
* Add unit tests for IsLatestHasher
* Reorder code in parser.go
* Enforce SHA256 as internal function for PBKDF2
* Fix typo in comment
Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>
---------
Co-authored-by: Ben Cooke <benkcooke@gmail.com>
Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-64330 - filter abac users in channel invite
* implement cursor functionality for abac user filtering
* remove unnecessary comments
* refactor the backend implementation simplifying the functions
* refactor api to use opts as parameters, rename function
* add missing translation
* remove unnecesary test code
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Update Go version to v1.23.7
* Bump golangci-lint to a version supporting Go 1.23
* Fix golangci-lint warnings
Several rules from gosimple, revive and staticcheck linters were
failing:
- Redefinition of built-in identifiers (max, min, new, recover...)
- Use of printf-like functions with simple strings
- Check for nil slices, when len already takes it into account
* Trigger Build
* Trigger Build
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Bump Go version to 1.23.6
* Update CodeQL Github action as well
* Use server's Go version for CodeQL action
Co-authored-by: Antonis Stamatiou <stamatiou.antonis@gmail.com>
* Empty commit to trigger CI
* Bump golangci-lint to a version supporting Go 1.23
* Fix golangci-lint warnings
Several rules from gosimple, revive and staticcheck linters were
failing:
- Redefinition of built-in identifiers (max, min, new, recover...)
- Use of printf-like functions with simple strings
- Check for nil slices, when len already takes it into account
---------
Co-authored-by: Antonis Stamatiou <stamatiou.antonis@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Revert "MM-54502 - Update regex to force first character to be alpha (#24675)"
This reverts commit 08ed72f060.
* update tests for reverted PR
* Revert "update tests for reverted PR"
This reverts commit c1cf5495fa.
* Revert "Revert "MM-54502 - Update regex to force first character to be alpha (#24675)""
This reverts commit 6920b979c8.
* only revert important parts, not tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* add more fields to sanitizeInput on User
* add test for user sanoitizeInput
* add more fields
* remove line, lint fix
* additional fields and sanitize update
* Update user_test.go
* remove fields that are unnecessary to check
* add check to test
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Opened modal from system console
* WIP
* WIP
* WIP
* Handled saving user
* Successfully updated user based settings
* WIP
* WIP
* All settings are updating well
* Fixed modal style
* Added admin mode indicators in modal
* Added confirmation dialog
* Lint fixes
* Added license check
* Added permission check
* Fixed i18n file order
* type fix
* Updated snapshots
* Handled performance debugging setting
* Some styling tweaks
* Fixed text alighnment
* Updated license required from professional to enterprise
* Handled long user names
* review fixes
* Added manage setting option in user list page context menu
* Added loader
* Minor reordering
* Removed confirm modal
* Updated snapshots for removed modal
* Added some tests
* Lint fix
* Used new selector in user detail page
* Used new selector in user list page
* Updated tests
* Fixed an incorrect default test
* Sanitize RemoteEmail user prop
If the server is configured to hide user emails, the "RemoteEmail"
user property will be sanitized as well, effectively hiding the real
email of remote users.
* fix merge conflict
---------
Co-authored-by: Doug Lauder <wiggin77@warpmail.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Cleans the RemoteId when creating a user through the API
* Replace bad usage of the API with an App call in tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Added materialized view migration
* Renamed mat view
* Added channel membership mat view and indexes
* Added channel membership mat view and indexes
* Added new index
* WIP
* Simplifying user reporting code
* Created app and API layer for cahnnel reporting, reporting refactoring in general
* New router
* Remobved channel reporting meanwhile
* Upodated autogenerated stuff
* Lint fix
* Fixed typo
* api vet
* i18n fix
* Fixed API vetting and removed channel reporting constants
* yaml
* removed app pagination tests
* Migrate feature/wrangler to mono-repo
* Add wrangler files
* Fix linters, types, etc
* Fix snapshots
* Fix playwright
* Fix pipelines
* Fix more pipeline
* Fixes for pipelines
* More changes for pipeline
* Fix types
* Add support for a feature flag, but leave it defaulted on for spinwick usage for now
* Update snapshot
* fix js error when removing last value of multiselect, support CSV marshaling to string array for textsetting
* Fix linter
* Remove TODO
* Remove another TODO
* fix tests
* Fix i18n
* Add server tests
* Fix linter
* Fix linter
* Use proper icon for dot menu
* Update snapshot
* Add Cypress UI tests for various entrypoints to move thread modal, split SCSS out from forward post into its own thing
* clean up
* fix linter
* More cleanup
* Revert files to master
* Fix linter for e2e tests
* Make ForwardPostChannelSelect channel types configurable with a prop
* Add missing return
* Fixes from PR feedback
* First batch of PR Feedback
* Another batch of PR changes
* Fix linter
* Update snapshots
* Wrangler system messages are translated to each user's locale
* Initially translate Wrangler into system locale rather than initiating user
* More fixes for PR Feedback
* Fix some server tests
* More updates with master. Fixes around pipelines. Enforce Enterprise license on front/back end
* Add tests for dot_menu
* More pipeline fixes
* Fix e2etests prettier
* Update cypress tests, change occurrences of 'Wrangler' with 'Move Thread'
* Fix linter
* Remove enterprise lock
* A couple more occurrences of wrangler strings, and one more enterprise lock
* Fix server tests
* Fix i18n
* Fix e2e linter
* Feature flag shouldn't be on by default
* Enable move threads feature in smoke tests (#25657)
* enable move threads feature
* add @prod tag
* Fix move_thread_from_public_channel e2e test
* Fix e2e style
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: yasserfaraazkhan <attitude3cena.yf@gmail.com>
* Add store method to get reporting data
* Some store changes
* Added app layer
* Added API call, some miscellaneous fixes
* Fix lint
* Fix serialized check
* Add API docs
* Fix user store tests leaking users
* Fix test
* PR feedback
* Add filtering for role/team/activated user, filter out bot users
* Fix mock
* Fix test
* Oops
* Switch to using struct filter
* More PR feedback
* Fix gen
* Fix test
* Fix API docs
* Fix test
* Fix possible SQL injection, some query optimization
* Fix migrations
* Oops
* Add role to API
* Fix check
* Add Client4 API call for load testing
* Fix test
* Update server/channels/store/storetest/user_store.go
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
* PR feedback
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
- Adds a new section under settings/notifications for adding custom multi-word keywords that get highlighted without notification
- Adds a new classname for highlighting words although the styling is the same as mentions highlights
- Added a few components to the ReduxFromProps pattern
- Adds supported type for the hook of PluginComponent type
- Add upsell for highlight without notification
- Moved 'setting_item.tsx' to the components folder
- Improved prop names and function structure for setting_item, setting_item_max and setting_item_min
- Moved 'toggle_modal_button.tsx' to the components folder
- Removed t and utility messages from a few components
- Fixed bug where the tooltip was not getting rendered on restrictedButtons
- Improved the mobile view of the settings modal
- Adds E2E for the feature
* [MM-37984] Allow Desktop App to authenticate via external providers outside of the app on supported servers
* PR feedback
* Add support for mattermost-dev protocol for development use
* Update server/channels/db/migrations/postgres/000110_create_desktop_tokens.up.sql
* Fix silly typo
* Update server/channels/db/migrations/postgres/000110_create_desktop_tokens.up.sql
* Remove storage of client token, only validate it on the client
* Update migrations
* Add concurrently create index
* Remove CONCURRENTLY for now
* Fix issue with changing history
* Remove old migration
* Use idempotent statement to drop old index
* Remove reference to old table
* WIP
* Add rate limiting for desktop token API
* Missing mocks
* Style fixes
* Update snapshots
* Maybe use an actual redirect link :P
* Refactoring for tests
* Add tests for server
* Fix lint issue
* Fix tests
* Fix lint
* Add front-end screen component
* Component logic
* Style changes
* Quick style fix
* Lint fixes
* Initial PR feedback
* Enable logging into the browser as well when completing the login process
* Refactor to push more logic to the other component
* Remove unnecessary helper code
* Fix i18n
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
It was a good decision in hindsight to keep the public module as 0.x
because this would have been a breaking change again.
https://mattermost.atlassian.net/browse/MM-53032
```release-note
Changed the Go module path from github.com/mattermost/mattermost-server/server/v8 to github.com/mattermost/mattermost/server/v8.
For the public facing module, it's path is also changed from github.com/mattermost/mattermost-server/server/public to github.com/mattermost/mattermost/server/public
```
