* MM-67279: Fix private channel enumeration via /mute slash command
Return the same error message when a user tries to mute a channel
they are not a member of as when the channel doesn't exist. This
prevents authenticated users from discovering private channels
by observing different error responses.
* update i18n
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Include last root, and most recent 10 posts in a thread with the rewrite system prompt
* Include user's names in the thread context for better reference
* Revert package-lock to master
* Fix tests
When the Type column was added to the Drafts table, it did not add a
DEFAULT value, so we need to handle the NULL values for the pre-existing
rows.
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66789] Fix arbitrary file read vulnerability in advanced logging
Add path validation to prevent reading files outside the logging root
directory via GetAdvancedLogs (used in support packet generation).
Security controls:
- Validate file paths are within logging root before reading
- Support MM_LOG_PATH environment variable to allow system admins
to configure a custom logging root directory
- Resolve symlinks to prevent bypass attacks
- Detect and block path traversal attempts
Also adds:
- Audit logging for support packet generation
- Config-time validation that logs errors for paths outside logging
root (will become blocking in future version)
- Comprehensive test coverage for path validation
* Update server/channels/app/platform/log_test.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix linter errors
* Update server/channels/api4/system.go
Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>
* Simplify unit tests for platform/log_test.go by moving some test logic to config/logger_test.go
* Fix unit tests requiring logging root to be set
* enforce LogSettings.FileLocation path validation; simplify path checking
* fix linter errors
* use dir in logging root for all unit test logging
* MM_LOG_PATH is set once, centrally, for all tests
* fix flaky test
* fix flaky test
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>
* MM-67274: Fix panic in getBrowserVersion with empty User-Agent version
Refactor getBrowserVersion to use a table-driven approach that
centralizes bounds checking, preventing panic when User-Agent strings
contain identifiers like "Mattermost Mobile/" with no version token.
* Refactor user agent tests to use structured test cases
Move expected values into the testUserAgent struct for clarity,
making it easier to see what each test case expects at a glance.
* Add Client4 route building functions
* Make DoAPIRequestWithHeaders add the API URL
This makes it consistent with the other DoAPIXYZ functions, which all
prepend the provided URL with the client's API URL.
* Use the new route building logic in Client4
* Address review comments
- clean renamed to cleanSegment
- JoinRoutes and JoinSegments joined in Join
- newClientRoute uses Join
* Fix new routes from merge
* Remove unused import
* Simplify error handling around clientRoute (#34870)
---------
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Canonicalize IPv4-mapped IPv6 addresses (e.g., ::ffff:127.0.0.1) to
their native IPv4 form in IsReservedIP before checking against reserved
IP ranges. This prevents attackers from bypassing SSRF protections by
using IPv4-mapped IPv6 literals to access internal services.
* Add tooltip support and error handling for action buttons
- Add tooltip field to PostAction type definition
- Display tooltips on hover for action buttons
- Add comprehensive error handling for button actions
- Show error messages when actions fail
- Clear previous errors on subsequent actions
- Add tests for error handling functionality
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add E2E tests for action button error handling and tooltips
- Test error message display when action buttons fail
- Test error clearing when successful actions are performed
- Test tooltip display on action button hover
- Use scoped selectors to avoid test interference
- Cover complete error lifecycle and tooltip functionality
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Use WithTooltip component for action button tooltips
Replace native HTML title attribute with WithTooltip component to provide
consistent tooltip styling and behavior across the application.
Changes:
- Import and wrap ActionBtn with WithTooltip component
- Remove title attribute from ActionBtn
- Update E2E test to check for .tooltipContainer instead of title attribute
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix TypeScript errors and test patterns in message attachment tests
- Fix TypeScript type errors in mock event objects by using arrow functions instead of jest.fn()
- Update async test pattern to use process.nextTick() with done callback instead of await
- Update test snapshots to reflect error handling wrapper div
- Fix whitespace formatting in E2E test file
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* updated actionError to accept react node, replace hardcoded error with FormattedMessage components
* Fix test to handle FormattedMessage in actionError state
Update test expectation to check for FormattedMessage React element
instead of plain string when no error message is provided. This aligns
with the recent change to support internationalization in error messages.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Disable tooltip interactions when no tooltip text is present
Adds disabled prop to WithTooltip component when action.tooltip is empty or undefined, preventing unnecessary tooltip event handlers from being attached to action buttons that don't have tooltips.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Add tests for action button tooltip behavior
Adds three test cases to verify tooltip functionality:
- Tooltip is disabled when action.tooltip is undefined
- Tooltip is disabled when action.tooltip is empty string
- Tooltip is enabled and displays correctly when action.tooltip has a value
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* fix e2e test
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add TS definitions for every WebSocket event
* Remove unused WebSocket events
* Add a few extra fields to POSTED events
* Stop reusing WS event types as Redux actions
* Remove now-unused WS event types from mattermost-redux
* Rename some types to be clearer
* Use new WebSocketEvents and WebSocketMessage type everywhere
* Reorganize and export named types for WS messages
* Use new types in websocket_actions.jsx the best we can
* Rename websocket_actions.jsx to websocket_actions.tsx
* Migrate websocket_actions.tsx to TypeScript
* Break up websocket_messages.ts and group together WebSocketMessages types
* Rename websocket_actions.tsx to websocket_actions.ts
* remove newsletter signup and replace with terms/privacy agreement
* removed subscribeToSecurityNewsletter, made checkbox required
* update signup test to remove newsletter and ensure the terms checkbox is required
* update unit test and e2e test to reflect changes
* fix e2e test
* Removed susbcribe-newsletter endpoint in server
* Update signup.test.tsx
* remove unused css
* remove unused css
* fixed broken tests
* fixed linter issues
* Remove redundant IntlProvider and comments
* Remove usage of test IDs from Signup tests
* Remove usage of fireEvent
* Remove usage of mountWithIntl from Signup tests
* update e2e tests
* fix playwright test
* Fix Lint in signup.ts
---------
Co-authored-by: maria.nunez <maria.nunez@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: yasserfaraazkhan <attitude3cena.yf@gmail.com>
* Remove legacy quoteColumnName() utility
Since Mattermost only supports PostgreSQL, the quoteColumnName() helper
that was designed to handle database-specific column quoting is no longer
needed. The function was a no-op that simply returned the column name
unchanged.
Remove the function from utils.go and update status_store.go to use
the "Manual" column name directly.
* Remove legacy driver checks from store.go
Since Mattermost only supports PostgreSQL, remove conditional checks
for different database drivers:
- Simplify specialSearchChars() to always return PostgreSQL-compatible chars
- Remove driver check from computeBinaryParam()
- Remove driver check from computeDefaultTextSearchConfig()
- Simplify GetDbVersion() to use PostgreSQL syntax directly
- Remove switch statement from ensureMinimumDBVersion()
- Remove unused driver parameter from versionString()
* Remove MySQL alternatives for batch delete operations
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
DELETE...LIMIT syntax and keep only the PostgreSQL array-based approach:
- reaction_store.go: Use PostgreSQL array syntax for PermanentDeleteBatch
- file_info_store.go: Use PostgreSQL array syntax for PermanentDeleteBatch
- preference_store.go: Use PostgreSQL tuple IN subquery for DeleteInvalidVisibleDmsGms
* Remove MySQL alternatives for UPDATE...FROM syntax
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
UPDATE syntax that joins tables differently:
- thread_store.go: Use PostgreSQL UPDATE...FROM syntax in
MarkAllAsReadByChannels and MarkAllAsReadByTeam
- post_store.go: Use PostgreSQL UPDATE...FROM syntax in deleteThreadFiles
* Remove MySQL alternatives for JSON and subquery operations
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
JSON and subquery syntax:
- thread_store.go: Use PostgreSQL JSONB operators for updating participants
- access_control_policy_store.go: Use PostgreSQL JSONB @> operator for
querying JSON imports
- session_store.go: Use PostgreSQL subquery syntax for Cleanup
- job_store.go: Use PostgreSQL subquery syntax for Cleanup
* Remove MySQL alternatives for CTE queries
Since Mattermost only supports PostgreSQL, simplify code that
uses CTEs (Common Table Expressions):
- channel_store.go: Remove MySQL CASE-based fallback in
UpdateLastViewedAt and use PostgreSQL CTE exclusively
- draft_store.go: Remove driver checks in DeleteEmptyDraftsByCreateAtAndUserId,
DeleteOrphanDraftsByCreateAtAndUserId, and determineMaxDraftSize
* Remove driver checks in migrate.go and schema_dump.go
Simplify migration code to use PostgreSQL driver directly since
PostgreSQL is the only supported database.
* Remove driver checks in sqlx_wrapper.go
Always apply lowercase named parameter transformation since PostgreSQL
is the only supported database.
* Remove driver checks in user_store.go
Simplify user store functions to use PostgreSQL-only code paths:
- Remove isPostgreSQL parameter from helper functions
- Use LEFT JOIN pattern instead of subqueries for bot filtering
- Always use case-insensitive LIKE with lower() for search
- Remove MySQL-specific role filtering alternatives
* Remove driver checks in post_store.go
Simplify post_store.go to use PostgreSQL-only code paths:
- Inline getParentsPostsPostgreSQL into getParentsPosts
- Use PostgreSQL TO_CHAR/TO_TIMESTAMP for date formatting in analytics
- Use PostgreSQL array syntax for batch deletes
- Simplify determineMaxPostSize to always use information_schema
- Use PostgreSQL jsonb subtraction for thread participants
- Always execute RefreshPostStats (PostgreSQL materialized views)
- Use materialized views for AnalyticsPostCountsByDay
- Simplify AnalyticsPostCountByTeam to always use countByTeam
* Remove driver checks in channel_store.go
Simplify channel_store.go to use PostgreSQL-only code paths:
- Always use sq.Dollar.ReplacePlaceholders for UNION queries
- Use PostgreSQL LEFT JOIN for retention policy exclusion
- Use PostgreSQL jsonb @> operator for access control policy imports
- Simplify buildLIKEClause to always use LOWER() for case-insensitive search
- Simplify buildFulltextClauseX to always use PostgreSQL to_tsvector/to_tsquery
- Simplify searchGroupChannelsQuery to use ARRAY_TO_STRING/ARRAY_AGG
* Remove driver checks in file_info_store.go
Simplify file_info_store.go to use PostgreSQL-only code paths:
- Always use PostgreSQL to_tsvector/to_tsquery for file search
- Use file_stats materialized view for CountAll()
- Use file_stats materialized view for GetStorageUsage() when not including deleted
- Always execute RefreshFileStats() for materialized view refresh
* Remove driver checks in attributes_store.go
Simplify attributes_store.go to use PostgreSQL-only code paths:
- Always execute RefreshAttributes() for materialized view refresh
- Remove isPostgreSQL parameter from generateSearchQueryForExpression
- Always use PostgreSQL LOWER() LIKE LOWER() syntax for case-insensitive search
* Remove driver checks in retention_policy_store.go
Simplify retention_policy_store.go to use PostgreSQL-only code paths:
- Remove isPostgres parameter from scanRetentionIdsForDeletion
- Always use pq.Array for scanning retention IDs
- Always use pq.Array for inserting retention IDs
- Remove unused json import
* Remove driver checks in property stores
Simplify property_field_store.go and property_value_store.go to use
PostgreSQL-only code paths:
- Always use PostgreSQL type casts (::text, ::jsonb, ::bigint, etc.)
- Remove isPostgres variable and conditionals
* Remove driver checks in channel_member_history_store.go
Simplify PermanentDeleteBatch to use PostgreSQL-only code path:
- Always use ctid-based subquery for DELETE with LIMIT
* Remove remaining driver checks in user_store.go
Simplify user_store.go to use PostgreSQL-only code paths:
- Use LEFT JOIN for bot exclusion in AnalyticsActiveCountForPeriod
- Use LEFT JOIN for bot exclusion in IsEmpty
* Simplify fulltext search by consolidating buildFulltextClause functions
Remove convertMySQLFullTextColumnsToPostgres and consolidate
buildFulltextClause and buildFulltextClauseX into a single function
that takes variadic column arguments and returns sq.Sqlizer.
* Simplify SQL stores leveraging PostgreSQL-only support
- Simplify UpdateMembersRole in channel_store.go and team_store.go
to use UPDATE...RETURNING instead of SELECT + UPDATE
- Simplify GetPostReminders in post_store.go to use DELETE...RETURNING
- Simplify DeleteOrphanedRows queries by removing MySQL workarounds
for subquery locking issues
- Simplify UpdateUserLastSyncAt to use UPDATE...FROM...RETURNING
instead of fetching user first then updating
- Remove MySQL index hint workarounds in ORDER BY clauses
- Update outdated comments referencing MySQL
- Consolidate buildFulltextClause and remove convertMySQLFullTextColumnsToPostgres
* Remove MySQL-specific test artifacts
- Delete unused MySQLStopWords variable and stop_word.go file
- Remove redundant testSearchEmailAddressesWithQuotes test
(already covered by testSearchEmailAddresses)
- Update comment that referenced MySQL query planning
* Remove MySQL references from server code outside sqlstore
- Update config example and DSN parsing docs to reflect PostgreSQL-only support
- Remove mysql:// scheme check from IsDatabaseDSN
- Simplify SanitizeDataSource to only handle PostgreSQL
- Remove outdated MySQL comments from model and plugin code
* Remove MySQL references from test files
- Update test DSNs to use PostgreSQL format
- Remove dead mysql-replica flag and replicaFlag variable
- Simplify tests that had MySQL/PostgreSQL branches
* Update docs and test config to use PostgreSQL
- Update mmctl config set example to use postgres driver
- Update test-config.json to use PostgreSQL DSN format
* Remove MySQL migration scripts, test data, and docker image
Delete MySQL-related files that are no longer needed:
- ESR upgrade scripts (esr.*.mysql.*.sql)
- MySQL schema dumps (mattermost-mysql-*.sql)
- MySQL replication test scripts (replica-*.sh, mysql-migration-test.sh)
- MySQL test warmup data (mysql_migration_warmup.sql)
- MySQL docker image reference from mirror-docker-images.json
* Remove MySQL references from webapp
- Simplify minimumHashtagLength description to remove MySQL-specific configuration note
- Remove unused HIDE_MYSQL_STATS_NOTIFICATION preference constant
- Update en.json i18n source file
* clean up e2e-tests
* rm server/tests/template.load
* Use teamMemberSliceColumns() in UpdateMembersRole RETURNING clause
Refactor to use the existing helper function instead of hardcoding
the column names, ensuring consistency if the columns are updated.
* u.id -> u.Id
* address code review feedback
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Remove unused Channel.Etag
Computing the etag for a channel is complex due to user-specific data,
so we remove the unused Etag function to avoid confusion until a
performance need for it arises.
* Remove etag from Client4.GetChannel and tests
* make mocks
* Fix missing GetChannel calls
* Add support for autocomplete of plugin-created bots
* stashing
* Add support for including agents in the autocomplete list for @ mentions
* Change server response to be users rather than interface
* fix
* Add audit logging for recap API endpoints
- Add audit event constants for all recap operations
- Implement Auditable interface for Recap model
- Add comprehensive audit logging to all 6 recap endpoints
- Log channel_ids to track implicit channel content access
- Use LevelContent for content-related operations, LevelAPI for listing
* Address PR feedback: standardize audit method order and extract helper function
- Standardized order of audit record method calls across all handlers:
set object type first, then prior state (if applicable), then result state
- Extracted duplicated channel ID extraction logic into addRecapChannelIDsToAuditRec helper function
* MM-66092 - enhance permissions validations
* Remove unnecessary empty role updates from tests
* Strengthen scheme role validation in member role updates including imports
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66561 Add distinct archive icon for private channels
Archived private channels now display an archive-lock icon instead of the standard archive icon to better indicate their original privacy level. Implemented utility functions to centralize icon selection logic across all channel list views, sidebars, headers, and suggestion providers.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* MM-66561 Fix linting and TypeScript errors
Fix ESLint and TypeScript issues introduced in the archive icon implementation:
- Remove extra blank lines to comply with no-multiple-empty-lines rule
- Remove unused container variables in test files
- Fix import order to comply with import/order rule
- Remove unused React import
- Fix TypeScript type errors by using General.OPEN_CHANNEL/PRIVATE_CHANNEL from mattermost-redux/constants which preserves literal types
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* MM-66561 Fix test failures for archive icon changes
Update test snapshots and fix test data issues related to the new distinct archive icons for public and private channels.
- Update snapshots for channel list components to include new channelType prop and data-testid attributes
- Fix channel_mention_provider test by preserving actual module exports in mock
- Add missing purpose field to searchable_channel_list test data
- Fix async state handling in new_channel_modal test using waitFor instead of act
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* MM-66561 Fix remaining Cypress E2E test failures for archive icons
Fix three failing Cypress tests related to archive icon changes:
1. join_archived_channel_spec.ts (MM-T1682, MM-T1683)
- Add data-testid to archive icon in channel header
- Update test to use findByTestId instead of CSS class selector
- Compass icon components render as SVG, not <i> with classes
2. archived_channels_spec.js (system console tests)
- Add "000-" prefix to private channel name/display name
- Ensures proper alphabetical sorting on first page of results
3. long_draft_spec.js (MM-T211)
- Fix Cypress alias timing issues in nested then() callbacks
- Use local variable to track height changes during iteration
- Replace cy.get('@alias').should() with direct expect() assertions
All tests now pass with the distinct archive icons for private channels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* fix lint issue
* MM-66561 Refine archive icon styling and search results display
- Restore CSS classes on channel header icon for proper color and size
- Fix icon alignment by removing top offset in channel header context
- Replace "Archived" text with icon-only tooltip in search results
- Add context-specific styling to prevent conflicts between header and search
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* tweaks to css and move withtooltip to wrap the span
* lint fix
* lint fix
* Fix archived channel icons visual test API usage
Update test to use correct Playwright API patterns:
- Use adminClient.createChannel with pw.random.channel for channel creation
- Use adminClient.deleteChannel instead of pw.apiClient.deleteChannel
- Use pw.testBrowser.login(adminUser) instead of loginAsAdmin
- Remove channelsPage.toBeVisible check for archived channels since they lack post-create element
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Apply prettier formatting to archived channel icons test
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Fix timing issue in MM-T633 Elasticsearch webhook attachment search test
The test was intermittently failing because it searched immediately after posting the webhook, before Elasticsearch had time to index the new post. Added explicit wait for post to appear and increased indexing wait time to 3 seconds to ensure the attachment text is indexed before performing the search.
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Add documentation for plugin RPC architecture
Document the bidirectional RPC communication between Mattermost server
and plugin processes. Added an architectural overview with ASCII diagram
and godoc comments for hooksRPCClient, hooksRPCServer, apiRPCClient,
and apiRPCServer explaining their roles in the plugin system.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* update
---------
Co-authored-by: Claude <noreply@anthropic.com>
* do not return channels from teams a user is not a member of
* add explicit tests (clearer than adding it above)
* linting
* explicitly test incudeDeleted true and false--it was implicit before
* initial commit for POC of Plugin Bridge
* Updates
* POC for plugin bridge
* Updates from collaboration
* Fixes
* Refactor Plugin Bridge to use HTTP/REST instead of RPC
- Remove ExecuteBridgeCall hook and Context.SourcePluginId
- Implement HTTP-based bridge using existing PluginHTTP infrastructure
- Add CallPlugin API method with endpoint parameter instead of method name
- Update CallPluginBridge to construct HTTP POST requests
- Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID
- Use 'com.mattermost.server' as plugin ID for core server calls
- Update ai.go to use REST endpoint /inter-plugin/v1/completion
- Add comprehensive spec documentation in server/spec.md
- Add MIGRATION_GUIDE.md for plugin developers
- Fix 401/404 issues by setting correct headers and URL paths
* Improve Plugin Bridge security and architecture
- Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin)
- Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest
- Improve separation of concerns: business logic vs HTTP transport
- Add security documentation explaining header protection
Security Improvements:
- ServeInternalPluginRequest is NOT exposed as HTTP route (internal only)
- Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code
- External requests cannot spoof these headers (stripped by servePluginRequest)
- Core calls use 'com.mattermost.server' as plugin ID for authorization
- Plugin-to-plugin calls use real plugin ID (enforced by server)
Backward Compatibility:
- Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated)
- All tests pass
Docs:
- Update spec.md with security model explanation
- Update MIGRATION_GUIDE.md with correct header usage examples
* Space
* cursor please stop creating markdown files
* Fix style
* Fix i18n, linter
* REMOVE MARKDOWN
* Remove CallPlugin method from plugin API interface
Per review feedback, this method is no longer needed.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Remove CallPlugin method implementation from PluginAPI
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fixes
* Add AI OpenAPI spec
* fix openapi spec
* Use agents client (#34225)
* Use agents client
* Remove default agent
* Fixes
* fix: modify system prompts to ensure JSON is being returned
* Base implementation for recaps working
* small fixes
* Adjustments
* remove webapp changes
* Add feature flags for rewrites and ai bridge, clean up
* Remove comments that aren't helpful
* Fix i18n
* Remove rewrites
* Fix tests
* Fix i18n
* adjust i18n again
* Add back translations
* Remove leftover mock code
* remove model file
* Changes from PR review
* Make the real substitutions
* Include a basic invokation of the client with noop to ensure build works
* more fix
* Remove unneeded change
* Updates from review
* Fixes
* Remove some logic from rewrites to clean up branch
* Use v1.5.0 of agents plugin
* A bunch more additions for general UX flow
* Add missing files
* Add mocks
* Fixes for vet-api, i18n, build, types, etc
* One more linter fix
* Fix i18n and some tests
* Refactors and cleanup in backend code
* remove rogue markdown file
* fixes after refactors from backend
* Add back renamed files, and add tests
* More self code review
* More fixes
* More refactors
* Fix call stack exceeded bug
* Include read messages if there are no unreads
* Fix test failure: use correct error message key for recap permission denied
The getRecapAndCheckOwnership function was using strings.ToLower(callerName)
to generate error keys, which caused 'GetRecap' to become 'getrecap' instead
of the expected 'get'. Changed to use the correct static key that matches
the en.json localization file.
Fixes TestGetRecap/get_recap_by_non-owner test failure.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Consolidate permission errors down to a single string
* Fixes for i18n, worktrees making this difficult
* Fix i18n
* Fix i18n once and for all (for real) (final)
* Fix duplicate getAgents method in client4.ts
* Remove duplicate ai state from initial_state.ts
* Fix types
* Fix tests
* Fix return type of GetAgents and GetServices
* Add tests for recaps components
* Fix types
* Update i18n
* Fixes
* Fixes
* More cleanup
* Revert random file
* Use undefined
* fix linter
* Address feedback
* Missed a git add
* Fixes
* Fix i18n
* Remove fallback
* Fixes for PR
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Felipe Martin <me@fmartingr.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Simplifies test code by using ElementsMatch which handles order-independent
slice comparison. Removes custom sort implementations and manual sorting
that was only needed for equality checks.
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66840] Add CPU cores and total memory to support packet
Add system resource information to support packet diagnostics to help
with troubleshooting and capacity analysis.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Clarify that memory is in MB
* Add comment clarifying CPU/memory are host values
Clarifies that the CPU cores and total memory values in the support
packet represent the host machine's resources, not any container limits
that may be configured in Docker or Kubernetes environments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* fix SELECT * in user_store.go
* MM-62151: Avoid SELECT * in post store SQL queries
Replace all SELECT * patterns in post_store.go with explicit column
specifications using postSliceColumns() and postSliceColumnsWithName()
helper functions. This prevents unnecessary data transfer and protects
against schema changes.
Changes:
- Use Squirrel's .Column() method for cleaner query building
- Remove unqueryvet linter exception for post_store.go
- Fix 11 SELECT * occurrences in various query methods
* leverage postsQuery where we can
* more builder simplifications
* add noSelectStar to linter
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Guest cannot add file to post without upload_file permission
* Move checks to api layer, addd checks in update patch post scheduled post
* Minor
* Linter fixes
* i18n translations
* removed the duplicated check from scheduled_post app layer
* Move scheduled post permission test from app layer to API layer
The permission check for updating scheduled posts belonging to other
users was moved from the app layer to the API layer in the PR. This
commit moves the corresponding test to the API layer to match.
* Move scheduled post delete permission check to API layer
Move the permission check for deleting scheduled posts from the app
layer to the API layer, consistent with update permission check.
Also enhance API tests to verify posts aren't modified after forbidden
operations.
* Fix inconsistent status code for non-existent scheduled post
Return StatusNotFound instead of StatusInternalServerError when a
scheduled post doesn't exist in UpdateScheduledPost, matching the
API layer behavior.
* Fix flaky TestAddUserToChannelCreatesChannelMemberHistoryRecord test
Use ElementsMatch instead of Equal to compare user ID slices since the
order returned from GetUsersInChannelDuring is not guaranteed.
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
* Fliter post in search api with no read content channel permission
* Added test
* Review comments
* reverted the unnecessary code
* linter fixes
* Fix filter functions to handle non-existent channels gracefully
When filtering posts/files by channel permissions, GetChannels() returns
a 404 error if all requested channels don't exist. This caused the
entire filter operation to fail. Now we ignore 404 errors and continue
processing, allowing non-existent channels to be filtered out as expected.
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
This change enhances security by preventing ImportSettings.Directory from being modified through the API and adds validation to prevent directory conflicts.
Changes:
- Restricted ImportSettings.Directory from being changed via API
- Added validation to prevent directory conflicts with plugin directory
- Added error message translation
- Updated and added comprehensive tests
Co-authored-by: Mattermost Build <build@mattermost.com>
* Disabled flagging BoR post
* Added post type checks in flagPost() API
* i18n fixes
* fixes
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66890 - Set default for BurnOnRead feature flag to true
* enable the feature by default
* fix unit tests
* fix e2e tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Added debug log to indicate the job is not running as the node is not cluster node
* Setting log level to info for debugging test server issue
* testing
* Removed debugging code
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* add Client4.GetDirectOrGroupMessageMembersCommonTeams
* Improve team filtering in common teams API
Filter the common teams to only include teams the requesting user is a
member of, ensuring proper access control.
* simplify GetDirectOrGroupMessageMembersCommonTeamsAsUser
* Disabled user ID auth if email and username login are disabled
* Added tests
* lint fix
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* avoid replica race lag when remembering ServerID
In an HA environment, with a master and read replica, querying the server id from the store runs the risk of returning a value saved to master but not yet replicated. Avoid this by using the telemetry service value directly when available.
Fixes: MM-65960
* Add Get(ByName)WithContext
* explicitly use master for ServerId
* mock GetByNameWithContext
* more mocking
* more mocks
* [MM-66875] Implement RHS popout component
* [MM-66876] Add RHS plugin popouts
* Give plugins a way to check when popouts are opened
* Fix test
* Fix border radius
* Fix lint
* Update title to just show plugin name
* Add server name to plugin popout for Desktop App
* Fix test
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66708] Disallow interacting with password and login method for magic link accounts
* Fix test and update getLoginType response
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
The production password hasher uses PBKDF2 with 600,000 iterations,
which is slow especially when combined with race detection. This
adds a fast test hasher (work factor 1) that can be used during tests
to speed up user creation.
The fast hasher is only available in non-production builds via build
tags, ensuring it cannot be used in production.
* Add read receipt store for burn on read message types
* update mocks
* fix invalidation target
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* add translations
* Added logic to associate files of BoR post with the post
* Added test
* fixes
* disable pinning posts and review comments
* MM-66594 - Burn on read UI integration (#34647)
* MM-66244 - add BoR visual components to message editor
* MM-66246 - BoR visual indicator for sender and receiver
* MM-66607 - bor - add timer countdown and autodeletion
* add the system console max time to live config
* use the max expire at and create global scheduler to register bor messages
* use seconds for BoR config values in BE
* implement the read by text shown in the tooltip logic
* unestack the posts from same receiver and BoR and fix styling
* avoid opening reply RHS
* remove unused dispatchers
* persis the BoR label in the drafts
* move expiration value to metadata
* adjust unit tests to metadata insted of props
* code clean up and some performance improvements; add period grace for deletion too
* adjust migration serie number
* hide bor messages when config is off
* performance improvements on post component and code clean up
* keep bor existing post functionality if config is disabled
* Add read receipt store for burn on read message types
* Add temporary posts table
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* avoid reacting to unrevealed bor messages
* adjust migration number
* Add read receipt store for burn on read message types
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* adjust post reveal and type with backend changes
* use real config values, adjust icon usage and style
* adjust the delete from from sender and receiver
* improve self deleting logic by placing in badge, use burn endpoint
* adjust websocket events handling for the read by sender label information
* adjust styling for concealed and error state
* update burn-on-read post event handling for improved recipient tracking and multi-device sync
* replace burn_on_read with type in database migrations and model
* remove burn_on_read metadata from PostMetadata and related structures
* Added logic to associate files of BoR post with the post
* Added test
* adjust migration name and fix linter
* Add read receipt store for burn on read message types
* update mocks
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* Added logic to associate files of BoR post with the post
* Added test
* disable pinning posts and review comments
* show attachment on bor reveal
* remove unused translation
* Enhance burn-on-read post handling and refine previous post ID retrieval logic
* adjust the returning chunk to work with bor messages
* read temp post from master db
* read from master
* show the copy link button to the sender
* revert unnecessary check
* restore correct json tag
* remove unused error handling and clarify burn-on-read comment
* improve type safety and use proper selectors
* eliminate code duplication in deletion handler
* optimize performance and add documentation
* delete bor message for sender once all receivers reveal it
* add burn on read to scheduled posts
* add feature enable check
* use master to avoid all read recipients race condition
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
* squash migrations into single file
* add configuration for the scheduler
* don't run messagehasbeenposted hook
* remove parallel tests on burn on read
* add clean up for closing opened modals from previous tests
* simplify delete menu item rendering
* add cleanup step to close open modals after each test to prevent pollution
* streamline delete button visibility logic for Burn on Read posts
* improve reliability of closing post menu and modals by using body ESC key
---------
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
Co-authored-by: Pablo Vélez <pablovv2012@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* improve TestUserUpdateEvents
* improve CheckUserSanitization
* check user sanitization in TestUserUpdateEvents
* minimally sanitize user sent to event creator
* Add Entra ID token authentication and Intune MAM config exposure
* Add Intune MAM toggle to Mobile Security admin console
* Add IntuneSettings with the AuthService to use and its own TenantID andClientID for the Entra App registration
Include Admin console changes
switch from /oauth/entra to /oauth/intune endpoint
* openAPI documentation
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: yasser khan <attitude3cena.yf@gmail.com>
* reproduce panic with test
* allow bots in the profile map
* explicitly prevent sending notifications to bots
* persistent notifications: handle senders not in the channel
* removes direct jaytaylor/html2text dependency
there is still some indirect dependency on the library preventing
to use latest tablewriter with a PR made to the outdated library
that should be monitored as stated in go.mod comments.
* makes variable not shadow outer one
* fixes typo and makes test fail on error
* uses current docconv dependency to generate plain text email content
* Fix regression in PluginHTTPStream where request body closed prematurely
When WriteHeader was called before reading the request body in inter-plugin
communication, the body would be closed prematurely due to defer r.Body.Close()
executing when the function returned (after starting the response goroutine).
This fix moves defer r.Body.Close() into the goroutine to ensure the request
body remains available until after the response is fully processed.
Added test case TestInterpluginPluginHTTPWithBodyAfterWriteHeader to verify
the fix and prevent future regressions.
* Fix resource leak by closing request body in all PluginHTTPStream error paths
---------
Co-authored-by: Christopher Speller <crspeller@gmail.com>
* [MM-66718] Remove unneeded HTML templates watcher
The templates package currently supports filesystem watching to
automatically reload templates when files change. This feature is
unnecessary in production and adds complexity.
Changes:
- Removed NewWithWatcher() function from templates package
- Removed Close() method from Container
- Removed watch-related fields (watch, stop, stopped) from Container
- Removed fsnotify dependency usage
- Updated server.go to use New() instead of NewWithWatcher()
- Updated email/helper_test.go to use New()
- Removed watcher-related tests from templates_test.go
Template updates now require a server restart, which provides clearer
behavior and reduces code complexity.
* Remove unused fsnotify dependency
* Add EasyLogin configuration (#34217)
* add easy login config
* add easy login to the invite modal
* add to the query parameters
* Add an API to get login method for the login id (#34223)
* add an api to get login method for the login id
* do not return errors if user is not found
* Add support for Easy Login invitation link sending (#34224)
This generates Easy Login token types when requested. The server
doesn't do anything with these tokens, yet - that will come in a
future change.
* Add support for logging in with easy login (#34236)
* Fix E2E tests (#34240)
* Prevent easy login accounts to reset their password (#34262)
* Add easy login support to login api and limit token to 5 min (#34259)
* webapp easy login ui mods (#34237)
* webapp easy login ui mods
* easy login i18n
* lint issues
* getUserLoginType
* using the real API
* easylogin proper redirect
* remove unneeded functions and files
* duplicated localization
* remove easylogin
* using EnableEasyLogin setting
* localization fix
* fix lint issue
* remove excessive setIsWaiting
* changed logic to make it more readable
* renaming component to make easier editable
* password will disappear when username change
* login test
* text for easy login password
* Add app links to emails
* Update templates and always land in the landing screen
* Update svg image, improve checks on server, fix linking page and show deactivated on login type
* Update naming
* Fix mocks and imports
* Remove all sessions on disable and forbid user promotion
* Fix layer and tests
* Address feedback
* Fix tests
* Fix missing string
* Fix texts
* Fix tests
* Fix constant name
* Fix tests
* Fix test
* Address feedback
* Fix lint
* Fix test
* Address feedback
* Fix test
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: David Krauser <david@krauser.org>
Co-authored-by: Daniel Espino <larkox@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* updated aws-sdk dependency to aws-sdk-go-v2
* simplify error handling in case of timeout errors
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Updates the prepackaged Playbooks plugin from v2.5.1 to v2.6.0 to include the latest features and bug fixes.
Jira: https://mattermost.atlassian.net/browse/MM-66677🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add cursor-based Posts Reporting API for compliance and auditing
Implements a new admin-only endpoint for retrieving posts with efficient
cursor-based pagination, designed for compliance, auditing, and archival
workflows.
Key Features:
- Cursor-based pagination using composite (time, ID) keys for consistent
performance regardless of dataset size (~10ms per page at any depth)
- Flexible time range queries with optional upper/lower bounds
- Support for both create_at and update_at time fields
- Ascending or descending sort order
- Optional metadata enrichment (files, reactions, acknowledgements)
- System admin only access (requires manage_system permission)
- License enforcement for compliance features
API Endpoint:
POST /api/v4/reports/posts
- Request: JSON body with channel_id, cursor_time, cursor_id, and options
- Response: Posts map + next_cursor object (null when pagination complete)
- Max page size: 1000 posts per request (MaxReportingPerPage constant)
Implementation:
- Store Layer: Direct SQL queries with composite index on (ChannelId, CreateAt, Id)
- App Layer: Permission checks, optional metadata enrichment, post hooks
- API Layer: Parameter validation, system admin enforcement, license checks
- Data Model: ReportPostOptions, ReportPostOptionsCursor, ReportPostListResponse
Code Quality Improvements:
- Added MaxReportingPerPage constant (1000) to eliminate magic numbers
- Removed unused StartTime field from ReportPostOptions
- Added fmt import for dynamic error messages
Testing:
- 14 comprehensive store layer unit tests
- 12 API layer integration tests covering permissions, pagination, filters
- All tests passing
Documentation:
- POSTS_REPORTING.md: Developer reference with Go structs and usage examples
- POSTS_REPORTING_API_SPEC.md: Complete technical specification
- GET_POSTS_API_IMPROVEMENTS.md: Implementation analysis and design rationale
- POSTS_TIME_RANGE_FEATURE.md: Archived time range feature for future use
Performance:
Cursor-based pagination maintains consistent ~10ms query time at any dataset
depth, compared to offset-based pagination which degrades significantly
(Page 1 = 10ms, Page 1000 = 10 seconds).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* lint fixes
* lint fixes
* gofmt
* i18n-extract
* Add Enterprise license requirement to posts reporting API
Enforce Enterprise license (tier 20+) for the new posts reporting endpoint
to align with compliance feature licensing. Professional tier is insufficient.
Changes:
- Add MinimumEnterpriseLicense check in GetPostsForReporting app layer
- Add test coverage for license validation (no license and Professional tier)
All existing tests pass with new license enforcement.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* i18n-extract
* add licensing to api documentation
* Test SSH signing
* Add mmctl command for posts reporting API
Adds mmctl report posts command to retrieve posts from a channel for
administrative reporting purposes. Supports cursor-based pagination with
configurable sorting, filtering, and time range options.
Includes database migration for updateat+id index to support efficient
cursor-based queries when sorting by update_at.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Refactor posts reporting API cursor to opaque token and improve layer separation
This addresses code review feedback by transforming the cursor from exposed fields
to an opaque token and improving architectural layer separation.
**Key Changes:**
1. **Opaque Cursor Implementation**
- Transform cursor from split fields (cursor_time, cursor_id) to single opaque base64-encoded string
- Cursor now self-contained with all query parameters embedded
- When cursor provided, embedded parameters take precedence over request body
- Clients treat cursor as opaque token and pass unchanged
2. **Field Naming**
- Rename ExcludeChannelMetadataSystemPosts → ExcludeSystemPosts
- Now excludes ALL system posts (any type starting with "system_")
- Clearer and more consistent naming
3. **Layer Separation**
- Move cursor decoding from store layer to model layer
- Create ReportPostQueryParams struct for resolved parameters
- Store layer receives pre-resolved parameters (no business logic)
- Add ResolveReportPostQueryParams() function in model layer
4. **Code Quality**
- Add type-safe constants (ReportingTimeFieldCreateAt, ReportingSortDirectionAsc, etc.)
- Replace magic number 9223372036854775807 with math.MaxInt64
- Remove debug SQL logging (info disclosure risk)
- Update mmctl to use constants and fix NextCursor pointer access
5. **Tests**
- Update all 17 store test calls to use new resolution pattern
- Add comprehensive test for DESC + end_time boundary behavior
6. **API Documentation**
- Update OpenAPI spec to reflect opaque cursor format
- Update all request/response examples
- Clarify end_time behavior with sort directions
**Files Changed:**
- Model layer: public/model/post.go
- App layer: channels/app/report.go
- Store layer: channels/store/store.go, channels/store/sqlstore/post_store.go
- Tests: channels/store/storetest/post_store.go
- Mocks: channels/store/storetest/mocks/PostStore.go
- API: channels/api4/report.go, channels/api4/report_test.go
- mmctl: cmd/mmctl/commands/report.go
- Docs: api/v4/source/reports.yaml
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix unhandled parse errors in cursor decoding
Address security finding: cursor decoding was silently ignoring parse errors
from strconv functions, which could lead to unexpected behavior when malformed
cursors are provided.
Changes:
- Add explicit error handling for strconv.Atoi (version parsing)
- Add explicit error handling for strconv.ParseBool (includeDeleted, excludeSystemPosts)
- Add explicit error handling for strconv.ParseInt (timestamp parsing)
- Return clear error messages indicating which field failed to parse
This prevents silent failures where malformed values would default to zero-values
(0, false) and potentially alter query behavior without warning.
Addresses DryRun Security finding: "Unhandled Errors in Cursor Parsing"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix linting issues
- Remove unused reportPostCursorV1 struct (unused)
- Remove obsolete +build comment (buildtag)
- Use maps.Copy instead of manual loop (mapsloop)
- Modernize for loop with range over int (rangeint)
- Apply gofmt formatting
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix gofmt formatting issues
Fix alignment in struct literals and constant declarations:
- Align map keys in report_test.go request bodies
- Align struct fields in ReportPostOptions initialization
- Align reporting constant declarations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update mmctl tests for opaque cursor and add i18n translations
Update report_test.go to align with the refactored Posts Reporting API:
- Replace split cursor flags (cursor-time, cursor-id) with single opaque cursor flag
- Update field name: ExcludeChannelMetadataSystemPosts → ExcludeSystemPosts
- Update all mock expectations to use new ReportPostOptionsCursor structure
- Replace test cursor values with base64-encoded opaque cursor strings
Add English translations for cursor decoding error messages in i18n/en.json.
Minor API documentation fix in reports.yaml (remove "all" from description).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update mmctl tests for opaque cursor and add i18n translations
Update report_test.go to align with the refactored Posts Reporting API:
- Replace split cursor flags (cursor-time, cursor-id) with single opaque cursor flag
- Update field name: ExcludeChannelMetadataSystemPosts → ExcludeSystemPosts
- Update all mock expectations to use new ReportPostOptionsCursor structure
- Replace test cursor values with base64-encoded opaque cursor strings
Add English translations for cursor decoding error messages in i18n/en.json.
Minor API documentation fix in reports.yaml (remove "all" from description).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* more lint fixes
* remove index update files
* Remove end_time parameter from Posts Reporting API
Align with other cursor-based APIs in the codebase by removing the end_time
parameter. The caller now controls when to stop pagination by simply not
making another request, which is the same pattern used by GetPostsSinceForSync,
MessageExport, and GetPostsBatchForIndexing.
Changes:
- Remove EndTime field from ReportPostOptions and ReportPostQueryParams
- Remove EndTime filtering logic from store layer
- Remove tests that used end_time parameter
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Refactor posts reporting API for security and validation
Address security review feedback by consolidating parameter resolution
and validation in the API layer, with comprehensive validation of all
cursor fields to prevent SQL injection and invalid queries.
Changes:
- Move parameter resolution from model to API layer for clearer separation
- Add ReportPostQueryParams.Validate() with inline validation for all fields
- Validate ChannelId, TimeField, SortDirection, and CursorId format
- Add start_time parameter for time-bounded queries
- Cap per_page at 100-1000 instead of rejecting invalid values
- Export DecodeReportPostCursorV1() for API layer use
- Simplify app layer to receive pre-validated parameters
- Check channel existence when results are empty (better error messages)
Testing:
- Add 10 model tests for validation and malformed cursor scenarios
- Add 4 API tests for cursors with invalid field values
- Refactor 13 store tests to use buildReportPostQueryParams() helper
- All 31 tests pass
Documentation:
- Update OpenAPI spec with start_time, remove unused end_time
- Update markdown docs with start_time examples
Security improvements:
- Whitelist validation prevents SQL injection in TimeField/SortDirection
- Format validation ensures ChannelId and CursorId are valid IDs
- Single validation point for both cursor and options paths
- Defense in depth: validation + parameterized queries + store layer whitelist
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Improve posts reporting query efficiency and safety
Replace SELECT * and nested OR/AND conditions with explicit column
selection and PostgreSQL row value comparison for better performance
and maintainability.
Changes:
- Use postSliceColumns() instead of SELECT * for explicit column selection
- Replace Squirrel OR/AND with row value comparison: (timeField, Id) > (?, ?)
- Use fmt.Sprintf for safer string formatting in WHERE clause
Query improvements:
Before: WHERE (CreateAt > ?) OR (CreateAt = ? AND Id > ?)
After: WHERE (CreateAt, Id) > (?, ?)
Benefits:
- Explicit column selection prevents issues if table schema changes
- Row value comparison is more concise and better optimized by PostgreSQL
- Follows existing patterns in post_store.go (postSliceColumns)
- Standard SQL:2003 syntax
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Change posts reporting response from map to ordered array
Replace the Posts map with an ordered array to preserve query sort order
and provide a more natural API response for sequential processing.
Changes:
- ReportPostListResponse.Posts: map[string]*Post → []*Post
- Store layer returns posts array directly (already sorted by query)
- App layer iterates by index for metadata enrichment
- Remove applyPostsWillBeConsumedHook call (not applicable to reporting)
- Update API tests to iterate arrays instead of map lookups
- Update store tests to convert array to map for deduplication checks
- Remove unused "maps" import
Benefits:
- Preserves query sort order (ASC/DESC, create_at/update_at)
- More natural for sequential processing/export workflows
- Simpler response structure for reporting/compliance use cases
- Aligns with message export/compliance patterns (no plugin hooks)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix linting issues in posts reporting tests
Replace inefficient loops with append(...) for better performance.
Changes:
- Use append(postSlice, result.Posts...) instead of loop
- Simplifies code and follows staticcheck recommendations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix store test AppError nil checking
Use require.Nil instead of require.NoError for *AppError returns
to avoid Go interface nil pointer issues.
When DecodeReportPostCursorV1 returns nil *AppError and it's assigned
to error interface, the interface becomes non-nil even though the
pointer is nil. This causes require.NoError to fail incorrectly.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Support for permissions allowing end users to create and manage their own integrations if sysadmin deems necessary
* Adjustments based on new understanding
* remove extra functions now that we've consolidated
* Fix webapp i18n
* Update snapshots
* Fix test
* Fix some tests, refactor some more, and add a few extra
* fix linter
* Update snapshots
* Fix test
* Missed some cleanup
* Fix e2e
* Fi
* Fix
* Fixes from PR feedback
* Update snapshots
* Fix tests
* Fix slash command list endpoint per PR feedback. Remove changes around OAuth Apps
* Further reversions of oauth stuff
* Update tests
* Small changes to fix when customOnly=false
* Remove extra perm from cypress
* Fixes from Eva's feedback
* Fix i18n
* More fixing
* More fixing
* Adds default values to the attrs of CPA fields and refactors the app layer
* Fix mmctl tests
* Fix types and linter
* Fix model test
---------
Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Initial Implementation of Push Proxy Authentication
* Include Config Listener for Leader plus delete startup function as job scheduler runs on initialization
* Remove push proxy auth from local imports
* Add push proxy auth to external imports
* Add push proxy auth error messages
* Update error codes
* Fix enterprise dep definition
* make i18n-extract
* Mock System store Get
* m
* m
* m
* m
* Update serverID header
* Add install type env var to docker
* Update Push Proxy config with new options
Global, US, Germany and Japan. Previous configurations will keep working
* use model.SafeDereference
* Delete token when new push proxy URL is empty
* ServerID header only if auth token is available
---------
Co-authored-by: Daniel Schalla <daniel@mattermost.com>
Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66177 - add BoR items to system console post page + BoR FF
* simplify selectors and promises
* Mm 66181 bor feature discovery page (#34210)
* MM-66181 - bor feature discovery page
* MM-66181 - bor feature discovery page; sysconsole > post section revamp
* adjust scss files bem syntax
* adjust margins and support for team fetching
* implement final visual feedback to multiselector
* fix unit tests
* fix snapshots
* revert unwanted snapshot update
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Added logic to delete flagged post even when iut was not hidden
* Delete post only if it isn't already soft-deleted
* test: add comprehensive tests for PermanentDeleteFlaggedPost function
* Added tests
* lint fix
* review fixes
* chore(server): bump prepackaged playbooks to v2.5.1
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore(server): bump FIPS playbooks to v2.5.1
Updated FIPS version from v2.5.0+c140653 to v2.5.1+fe08fbc
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Add common /ai endpoints for agents and services and common component for agent selection
* Fix vet api
* Add a bunch of redux stuff
* Fixes
* Missed an add
* fix types
* Add a hook to determine if bridge is enabled
* Add debounce to hook to prevent double fetches from PLUGIN_* and CONFIG_CHANGED event both firing when a plugin state is changed
* Fix i18n
* Rename to remove 'AI' (#34393)
---------
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* created new API to fetch flagged posts
* lint fix
* Added new client methods
* test: add comprehensive tests for content flagging APIs
* Added new API tests
* fixed openapi spec
* Fixed DataSpillageReport tests
* Fixed PostMarkdown test
* Fixed PostPreviewPropertyRenderer test
* Added metadata to card renderer
* test fixes
* Added no comment placeholder
* Added view detail button
* Created RemoveFlaggedMessageConfirmationModal modal
* Added key and remove flag request modal
* IMplemented delete flagged post
* Handled edge cases of deleting flagged post
* keep message
* UI integration
* Added WS event for post report update and handled deleted files of flagged post
* Added error handling in keep/remove forms
* i18n fixes
* Fixed test
* Updated OpenAPI specs
* fixed types
* fixed types
* refactoring
* refactor: improve test mocking for data spillage report component
* test mock updates
* Fixed tests
* Updated reducer
* not resetting mocks
* Added migrations for content flagging tables
* Created new structure
* review fixes
* Used correct ot name
* WIP
* review fixes
* review fixes
* Added new property translations
* CI
* CI
* CI
* Improved test
* fixed test
* CI
* New UI component
* WIP
* Updated settings APIs
* cached DB data
* used cached reviewer data
* Updated tests
* Lint fixes
* test: add tests for saveContentFlaggingSettings and getContentFlaggingSettings APIs
* test fix
* test: add tests for SaveContentFlaggingConfig and GetContentFlaggingConfigReviewerIDs
* Updated tests
* test: add content flagging test for local cache layer
* test: add comprehensive tests for content flagging store cache
* Updated tests
* lint fix
* Updated mobile text
* Added content flagging SQL store mocks
* Added API specs for new APIs
* fixed tests
* feat: add TestContentFlaggingStore function for content flagging store testing
* feat: add comprehensive tests for content flagging store
* Added SQL store tests
* test: add content flagging test for local cache layer
* test: add tests for content flagging store caching
* Added cache layer tests
* Updated tests
* Fixed
* Handled JSON error
* fixes
* fixes
* Fixed retry layer test
* fixerdf i18n
* Fixed test
* CI
* building index concurrently
* CI
* fixed a test
* CI
* cleanup
* Implemented reviewer search API
* feat: add tests for SearchCommonContentFlaggingReviewers and SearchTeamContentFlaggingReviewers
* Added store tests
* test: add comprehensive tests for SearchReviewers function
* feat: add comprehensive tests for searchReviewers endpoint
* API tests
* Integrate flag post api (#33798)
* WIP
* WIP
* Added API call
* test: add test for Client4.flagPost API call in FlagPostModal
* fix: remove userEvent.setup() from flag post modal test
* test: wrap submit button click in act for proper state updates
* Updated tests
* lint fix
* CI
* Updated to allow special characters in comments
* Handled empty comment
* Used finally
* CI
* Fixed test
* Spillage card integration (#33832)
* Created getContentFlaggingFields API
* created getPostPropertyValues API
* WIP
* Created useContentFlaggingFields hook
* WIP
* WIP
* Added option to retain data for reviewers
* Displayed deleted post's preview
* DIsplayed all properties
* Adding field name i18n
* WIP - managing i18n able texts
* Finished displaying all fields
* Manual cleanup
* lint fixes
* team role filter logic fix
* Fixed tests
* created new API to fetch flagged posts
* lint fix
* Added new client methods
* test: add comprehensive tests for content flagging APIs
* Added new API tests
* fixed openapi spec
* Fixed DataSpillageReport tests
* Fixed PostMarkdown test
* Fixed PostPreviewPropertyRenderer test
* Added metadata to card renderer
* test fixes
* Added no comment placeholder
* Fixed test
* refactor: improve test mocking for data spillage report component
* test mock updates
* Updated reducer
* not resetting mocks
* WIP
* review fixes
* CI
* Fixed
* fixes
* Content flagging actions implementation (#33852)
* Added view detail button
* Created RemoveFlaggedMessageConfirmationModal modal
* Added key and remove flag request modal
* IMplemented delete flagged post
* Handled edge cases of deleting flagged post
* keep message
* UI integration
* Added WS event for post report update and handled deleted files of flagged post
* Added error handling in keep/remove forms
* i18n fixes
* Updated OpenAPI specs
* fixed types
* fixed types
* refactoring
* Fixed tests
* review fixes
* Added new property translations
* Improved test
* fixed test
* CI
* fixes
* CI
* fixed a test
* fixed abad commit
* CI
* WIP
* IMplemented assign reviewer API
* Display reviewers
* Review fixes
* UI integration
* lint fix
* Added API docs
* test: add comprehensive tests for assignFlaggedPostReviewer function
* test: add comprehensive tests for AssignFlaggedPostReviewer
* Added tests
* Fixed test
* Sequential tests
* minor improvemenmts
* WIP
* Added keep/delete message notifications
* refactor: update AssignFlaggedPostReviewer method signature to include context
* test: add tests for getReviewerPostsForFlaggedPost and postReviewerMessage
* lint fixes
* handled reviewer updates
* Handled preference
* Implemented notifications
* test: add comprehensive tests for content flagging notification functions
* refactor: Replace th.UpdateConfig with SaveContentFlaggingConfig in tests
* test: add test case for content flagging with string comparison
* refactor: simplify content flagging test config setup
* refactor: Update content flagging notification settings types in test cases
* refactor: Update content flagging tests to use exact message matching
* Added tests
* lint fixes
* Added new hooks
* lint fixes
* feat: add API specs for getPostChannel and getPostTeam endpoints
* lint fixes
* test: add tests for getPostChannel and getPostTeam APIs
* Added API tests
* test: add empty test files for property card view loaders
* test: add comprehensive tests for property card view hooks
* refactor: replace waitForNextUpdate with waitFor in test files
* Added hook tests
* fixed test
* review fixes
* Fixed a test
* Fixed a test
* Fixed for default state
* lint fixes
* migration update
* review fixes
* Reduced code duplication
* Refactored tests to reduce duplication
* review fixes
* lint fix
* WIP
* Updated existing APIs instead of creating new API
* Lint fix
* Added new tests
* Fixed a test
* Review fixes
* WIP
* test: add comprehensive tests for sendFlaggedPostRemovalNotification and sendKeepFlaggedPostNotification
* Updated tests
* review fixes
* review fixes
* test update
* fixed a test
* Updated logs
* i18n fixes
* Restore replies when restoring root post
* Finalized the function
* Fixed threads issue
* Removed unused functions
* fixed a test
* Refactored to use properties for replies
* Updated test
* lint fix
* Test fix
* reverted unintentional refactoring
* removed a query change that is no longer used
* MM-65787 - notify admin of risk when modifying rules
* apply feedback from ux; adjust modal style and block ack btn by default
* remove unnecessary savePreferences logic and fix linters
* remove api and handle in client side due to logic simplification
* remove unused import and console.error from generic modal
* show the activity warning when auto-add is disabled and rules are removed
* clean up leftover activity api usage
* adjust styling for the activity warning modal checkbox
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Prevented double notification for reviewer who is also an assignee
* Added basic doc
* CI
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* initial commit for POC of Plugin Bridge
* Updates
* POC for plugin bridge
* Updates from collaboration
* Fixes
* Refactor Plugin Bridge to use HTTP/REST instead of RPC
- Remove ExecuteBridgeCall hook and Context.SourcePluginId
- Implement HTTP-based bridge using existing PluginHTTP infrastructure
- Add CallPlugin API method with endpoint parameter instead of method name
- Update CallPluginBridge to construct HTTP POST requests
- Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID
- Use 'com.mattermost.server' as plugin ID for core server calls
- Update ai.go to use REST endpoint /inter-plugin/v1/completion
- Add comprehensive spec documentation in server/spec.md
- Add MIGRATION_GUIDE.md for plugin developers
- Fix 401/404 issues by setting correct headers and URL paths
* Improve Plugin Bridge security and architecture
- Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin)
- Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest
- Improve separation of concerns: business logic vs HTTP transport
- Add security documentation explaining header protection
Security Improvements:
- ServeInternalPluginRequest is NOT exposed as HTTP route (internal only)
- Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code
- External requests cannot spoof these headers (stripped by servePluginRequest)
- Core calls use 'com.mattermost.server' as plugin ID for authorization
- Plugin-to-plugin calls use real plugin ID (enforced by server)
Backward Compatibility:
- Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated)
- All tests pass
Docs:
- Update spec.md with security model explanation
- Update MIGRATION_GUIDE.md with correct header usage examples
* Space
* cursor please stop creating markdown files
* Fix style
* Fix i18n, linter
* REMOVE MARKDOWN
* Remove CallPlugin method from plugin API interface
Per review feedback, this method is no longer needed.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Remove CallPlugin method implementation from PluginAPI
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fixes
* Add AI OpenAPI spec
* fix openapi spec
* Use agents client (#34225)
* Use agents client
* Remove default agent
* Fixes
* fix: modify system prompts to ensure JSON is being returned
* remove webapp changes
* Add feature flags for rewrites and ai bridge, clean up
* Remove comments that aren't helpful
* Fix i18n
* Remove rewrites
* Fix tests
* Fix i18n
* adjust i18n again
* Add back translations
* Remove leftover mock code
* remove model file
* Make the real substitutions
* Include a basic invokation of the client with noop to ensure build works
* Remove unneeded change
* Updates from review
* Fixes
* Use v1.5.0 of agents plugin
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Felipe Martin <me@fmartingr.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* refactor: use builder AdminRoleGroupsForSyncableMember
replace plain text query with query builder on function
AdminRoleGroupsForSyncableMember
* refactor AdminRoleGroupsForSyncableMember query
improve query readability
When we last bumped dependencies in https://github.com/mattermost/mattermost/pull/30005, `assert.NotSame` for maps started failing because of the change in https://github.com/stretchr/testify/issues/1661. The reality was that the previous assertion was silently skipped, and just now reporting as much.
Here's an illustrative example:
```go
package main
import (
"maps"
"testing"
"github.com/stretchr/testify/assert"
)
func TestClonedMapsAreNotSame(t *testing.T) {
original := map[string]int{
"a": 1,
"b": 2,
"c": 3,
}
cloned := maps.Clone(original)
assert.NotSame(t, original, cloned)
}
func TestSameMaps(t *testing.T) {
original := map[string]int{
"a": 1,
"b": 2,
"c": 3,
}
cloned := original
assert.Same(t, original, cloned)
cloned["d"] = 4
assert.Same(t, original, cloned)
}
```
which fails with the following after the original dependency update:
```
--- FAIL: TestClonedMapsAreNotSame (0.00s)
main_test.go:19:
Error Trace: /Users/jesse/tmp/testify/main_test.go:19
Error: Both arguments must be pointers
Test: TestClonedMapsAreNotSame
--- FAIL: TestSameMaps (0.00s)
main_test.go:30:
Error Trace: /Users/jesse/tmp/testify/main_test.go:30
Error: Both arguments must be pointers
Test: TestSameMaps
main_test.go:33:
Error Trace: /Users/jesse/tmp/testify/main_test.go:33
Error: Both arguments must be pointers
Test: TestSameMaps
FAIL
FAIL testassertequal 0.149s
FAIL
```
However, instead of fixing the underlying issue, we took the address of those variables and kept using `assert.Same`. This isn't meaningful, since it doesn't directly compare the underlying pointers of the map objects in question, just the address of the pointers to those maps. Here's the output after taking the address (e.g. `&original` and `&cloned`):
```
--- FAIL: TestSameMaps (0.00s)
main_test.go:30:
Error Trace: /Users/jesse/tmp/testify/main_test.go:30
Error: Not same:
expected: 0x14000070170 &map[string]int{"a":1, "b":2, "c":3}
actual : 0x14000070178 &map[string]int{"a":1, "b":2, "c":3}
Test: TestSameMaps
main_test.go:33:
Error Trace: /Users/jesse/tmp/testify/main_test.go:33
Error: Not same:
expected: 0x14000070170 &map[string]int{"a":1, "b":2, "c":3, "d":4}
actual : 0x14000070178 &map[string]int{"a":1, "b":2, "c":3, "d":4}
Test: TestSameMaps
FAIL
FAIL testassertequal 0.157s
FAIL
```
They are obviously the same map, since modifying `cloned` modified the
original, yet `assert.Same` thinks they are different (because the
pointe values are indeed different). (`assert.NotSame` "passes", but for
the wrong reasons.)
To fix this, introduce `model.AssertNotSameMap` to check this correctly.
* Enabling Prometheus, Grafana, Loki and Promtail running as containers by default in local dev environments
* Updating the Grafana dashboards available in the local dev environment
* Revert "Enabling Prometheus, Grafana, Loki and Promtail running as containers by default in local dev environments"
This reverts commit 3a252a8383.
* this config change is not needed anymore
In the event template creation fails for opensearch, allow the search
engine to still startup normally, accepting a potentially degraded
search state as a consequence.
Relates-to: https://mattermost.atlassian.net/browse/MM-65177
Fixed PatchChannelModerationsForChannel where AppError instances were created
without setting StatusCode, causing zero-value StatusCode in error handling.
Also added defensive hardening to handleContextError to detect and correct any
future occurrences by logging diagnostic information and defaulting to 500.
Add nil check after pem.Decode() to prevent crash when public key
PEM data is corrupted or invalid. This fixes a panic at license.go:86
that occurred when block was nil.
Also add test case to verify the fix handles corrupted public keys
gracefully without panicking.
* WIP
* Created useContentFlaggingFields hook
* WIP
* WIP
* Added option to retain data for reviewers
* Displayed deleted post's preview
* DIsplayed all properties
* Adding field name i18n
* WIP - managing i18n able texts
* Finished displaying all fields
* Manual cleanup
* lint fixes
* team role filter logic fix
* Fixed tests
* created new API to fetch flagged posts
* lint fix
* Added new client methods
* test: add comprehensive tests for content flagging APIs
* Added new API tests
* fixed openapi spec
* Fixed DataSpillageReport tests
* Fixed PostMarkdown test
* Fixed PostPreviewPropertyRenderer test
* Added metadata to card renderer
* test fixes
* Added no comment placeholder
* Added view detail button
* Created RemoveFlaggedMessageConfirmationModal modal
* Added key and remove flag request modal
* IMplemented delete flagged post
* Handled edge cases of deleting flagged post
* keep message
* UI integration
* Added WS event for post report update and handled deleted files of flagged post
* Added error handling in keep/remove forms
* i18n fixes
* Fixed test
* Updated OpenAPI specs
* fixed types
* fixed types
* refactoring
* refactor: improve test mocking for data spillage report component
* test mock updates
* Fixed tests
* Updated reducer
* not resetting mocks
* Added migrations for content flagging tables
* Created new structure
* review fixes
* Used correct ot name
* WIP
* review fixes
* review fixes
* Added new property translations
* CI
* CI
* CI
* Improved test
* fixed test
* CI
* New UI component
* WIP
* Updated settings APIs
* cached DB data
* used cached reviewer data
* Updated tests
* Lint fixes
* test: add tests for saveContentFlaggingSettings and getContentFlaggingSettings APIs
* test fix
* test: add tests for SaveContentFlaggingConfig and GetContentFlaggingConfigReviewerIDs
* Updated tests
* test: add content flagging test for local cache layer
* test: add comprehensive tests for content flagging store cache
* Updated tests
* lint fix
* Updated mobile text
* Added content flagging SQL store mocks
* Added API specs for new APIs
* fixed tests
* feat: add TestContentFlaggingStore function for content flagging store testing
* feat: add comprehensive tests for content flagging store
* Added SQL store tests
* test: add content flagging test for local cache layer
* test: add tests for content flagging store caching
* Added cache layer tests
* Updated tests
* Fixed
* Handled JSON error
* fixes
* fixes
* Fixed retry layer test
* fixerdf i18n
* Fixed test
* CI
* building index concurrently
* CI
* fixed a test
* CI
* cleanup
* Implemented reviewer search API
* feat: add tests for SearchCommonContentFlaggingReviewers and SearchTeamContentFlaggingReviewers
* Added store tests
* test: add comprehensive tests for SearchReviewers function
* feat: add comprehensive tests for searchReviewers endpoint
* API tests
* Integrate flag post api (#33798)
* WIP
* WIP
* Added API call
* test: add test for Client4.flagPost API call in FlagPostModal
* fix: remove userEvent.setup() from flag post modal test
* test: wrap submit button click in act for proper state updates
* Updated tests
* lint fix
* CI
* Updated to allow special characters in comments
* Handled empty comment
* Used finally
* CI
* Fixed test
* Spillage card integration (#33832)
* Created getContentFlaggingFields API
* created getPostPropertyValues API
* WIP
* Created useContentFlaggingFields hook
* WIP
* WIP
* Added option to retain data for reviewers
* Displayed deleted post's preview
* DIsplayed all properties
* Adding field name i18n
* WIP - managing i18n able texts
* Finished displaying all fields
* Manual cleanup
* lint fixes
* team role filter logic fix
* Fixed tests
* created new API to fetch flagged posts
* lint fix
* Added new client methods
* test: add comprehensive tests for content flagging APIs
* Added new API tests
* fixed openapi spec
* Fixed DataSpillageReport tests
* Fixed PostMarkdown test
* Fixed PostPreviewPropertyRenderer test
* Added metadata to card renderer
* test fixes
* Added no comment placeholder
* Fixed test
* refactor: improve test mocking for data spillage report component
* test mock updates
* Updated reducer
* not resetting mocks
* WIP
* review fixes
* CI
* Fixed
* fixes
* Content flagging actions implementation (#33852)
* Added view detail button
* Created RemoveFlaggedMessageConfirmationModal modal
* Added key and remove flag request modal
* IMplemented delete flagged post
* Handled edge cases of deleting flagged post
* keep message
* UI integration
* Added WS event for post report update and handled deleted files of flagged post
* Added error handling in keep/remove forms
* i18n fixes
* Updated OpenAPI specs
* fixed types
* fixed types
* refactoring
* Fixed tests
* review fixes
* Added new property translations
* Improved test
* fixed test
* CI
* fixes
* CI
* fixed a test
* fixed abad commit
* CI
* WIP
* IMplemented assign reviewer API
* Display reviewers
* Review fixes
* UI integration
* lint fix
* Added API docs
* test: add comprehensive tests for assignFlaggedPostReviewer function
* test: add comprehensive tests for AssignFlaggedPostReviewer
* Added tests
* Fixed test
* Sequential tests
* minor improvemenmts
* WIP
* Added keep/delete message notifications
* refactor: update AssignFlaggedPostReviewer method signature to include context
* test: add tests for getReviewerPostsForFlaggedPost and postReviewerMessage
* lint fixes
* handled reviewer updates
* Handled preference
* Implemented notifications
* test: add comprehensive tests for content flagging notification functions
* refactor: Replace th.UpdateConfig with SaveContentFlaggingConfig in tests
* test: add test case for content flagging with string comparison
* refactor: simplify content flagging test config setup
* refactor: Update content flagging notification settings types in test cases
* refactor: Update content flagging tests to use exact message matching
* Added tests
* lint fixes
* Added new hooks
* lint fixes
* feat: add API specs for getPostChannel and getPostTeam endpoints
* lint fixes
* test: add tests for getPostChannel and getPostTeam APIs
* Added API tests
* test: add empty test files for property card view loaders
* test: add comprehensive tests for property card view hooks
* refactor: replace waitForNextUpdate with waitFor in test files
* Added hook tests
* fixed test
* review fixes
* Fixed a test
* Fixed a test
* Fixed for default state
* lint fixes
* migration update
* review fixes
* Reduced code duplication
* Refactored tests to reduce duplication
* review fixes
* lint fix
* WIP
* Updated existing APIs instead of creating new API
* Lint fix
* Added new tests
* Fixed a test
* Review fixes
* WIP
* test: add comprehensive tests for sendFlaggedPostRemovalNotification and sendKeepFlaggedPostNotification
* Updated tests
* review fixes
* review fixes
* test update
* fixed a test
* Updated logs
* i18n fixes
* linter fix
* WIP
* sent post flagging confirmation message
* fixed i18n nissues
* fixed i18n nissues
* CI
* WIP
* WIP
* Added API call
* test: add test for Client4.flagPost API call in FlagPostModal
* fix: remove userEvent.setup() from flag post modal test
* test: wrap submit button click in act for proper state updates
* Updated tests
* lint fix
* Updated test
* fix: reset contentFlaggingGroupId for test isolation in content flagging tests
* removed cached group ID
* removed debug log
* CI
* Updated to allow special characters in comments
* Handled empty comment
* Created getContentFlaggingFields API
* created getPostPropertyValues API
* Used finally
* WIP
* Created useContentFlaggingFields hook
* WIP
* WIP
* Added option to retain data for reviewers
* Displayed deleted post's preview
* DIsplayed all properties
* Adding field name i18n
* WIP - managing i18n able texts
* Finished displaying all fields
* Manual cleanup
* lint fixes
* team role filter logic fix
* Fixed tests
* created new API to fetch flagged posts
* lint fix
* Added new client methods
* test: add comprehensive tests for content flagging APIs
* Added new API tests
* fixed openapi spec
* Fixed DataSpillageReport tests
* Fixed PostMarkdown test
* Fixed PostPreviewPropertyRenderer test
* Added metadata to card renderer
* test fixes
* Added no comment placeholder
* Added view detail button
* Created RemoveFlaggedMessageConfirmationModal modal
* Added key and remove flag request modal
* IMplemented delete flagged post
* Handled edge cases of deleting flagged post
* keep message
* UI integration
* Added WS event for post report update and handled deleted files of flagged post
* Added error handling in keep/remove forms
* i18n fixes
* Fixed test
* Updated OpenAPI specs
* fixed types
* fixed types
* refactoring
* refactor: improve test mocking for data spillage report component
* test mock updates
* Fixed tests
* Updated reducer
* not resetting mocks
* Added migrations for content flagging tables
* Created new structure
* review fixes
* Used correct ot name
* WIP
* review fixes
* review fixes
* Added new property translations
* CI
* CI
* CI
* Improved test
* fixed test
* CI
* New UI component
* WIP
* Updated settings APIs
* cached DB data
* used cached reviewer data
* Updated tests
* Lint fixes
* test: add tests for saveContentFlaggingSettings and getContentFlaggingSettings APIs
* test fix
* test: add tests for SaveContentFlaggingConfig and GetContentFlaggingConfigReviewerIDs
* Updated tests
* test: add content flagging test for local cache layer
* test: add comprehensive tests for content flagging store cache
* Updated tests
* lint fix
* Updated mobile text
* Added content flagging SQL store mocks
* Added API specs for new APIs
* fixed tests
* feat: add TestContentFlaggingStore function for content flagging store testing
* feat: add comprehensive tests for content flagging store
* Added SQL store tests
* test: add content flagging test for local cache layer
* test: add tests for content flagging store caching
* Added cache layer tests
* Updated tests
* Fixed
* Handled JSON error
* fixes
* fixes
* Fixed retry layer test
* fixerdf i18n
* Fixed test
* CI
* building index concurrently
* CI
* fixed a test
* CI
* cleanup
* Implemented reviewer search API
* feat: add tests for SearchCommonContentFlaggingReviewers and SearchTeamContentFlaggingReviewers
* Added store tests
* test: add comprehensive tests for SearchReviewers function
* feat: add comprehensive tests for searchReviewers endpoint
* API tests
* Integrate flag post api (#33798)
* WIP
* WIP
* Added API call
* test: add test for Client4.flagPost API call in FlagPostModal
* fix: remove userEvent.setup() from flag post modal test
* test: wrap submit button click in act for proper state updates
* Updated tests
* lint fix
* CI
* Updated to allow special characters in comments
* Handled empty comment
* Used finally
* CI
* Fixed test
* Spillage card integration (#33832)
* Created getContentFlaggingFields API
* created getPostPropertyValues API
* WIP
* Created useContentFlaggingFields hook
* WIP
* WIP
* Added option to retain data for reviewers
* Displayed deleted post's preview
* DIsplayed all properties
* Adding field name i18n
* WIP - managing i18n able texts
* Finished displaying all fields
* Manual cleanup
* lint fixes
* team role filter logic fix
* Fixed tests
* created new API to fetch flagged posts
* lint fix
* Added new client methods
* test: add comprehensive tests for content flagging APIs
* Added new API tests
* fixed openapi spec
* Fixed DataSpillageReport tests
* Fixed PostMarkdown test
* Fixed PostPreviewPropertyRenderer test
* Added metadata to card renderer
* test fixes
* Added no comment placeholder
* Fixed test
* refactor: improve test mocking for data spillage report component
* test mock updates
* Updated reducer
* not resetting mocks
* WIP
* review fixes
* CI
* Fixed
* fixes
* Content flagging actions implementation (#33852)
* Added view detail button
* Created RemoveFlaggedMessageConfirmationModal modal
* Added key and remove flag request modal
* IMplemented delete flagged post
* Handled edge cases of deleting flagged post
* keep message
* UI integration
* Added WS event for post report update and handled deleted files of flagged post
* Added error handling in keep/remove forms
* i18n fixes
* Updated OpenAPI specs
* fixed types
* fixed types
* refactoring
* Fixed tests
* review fixes
* Added new property translations
* Improved test
* fixed test
* CI
* fixes
* CI
* fixed a test
* fixed abad commit
* CI
* WIP
* IMplemented assign reviewer API
* Display reviewers
* Review fixes
* UI integration
* lint fix
* Added API docs
* test: add comprehensive tests for assignFlaggedPostReviewer function
* test: add comprehensive tests for AssignFlaggedPostReviewer
* Added tests
* Fixed test
* Sequential tests
* minor improvemenmts
* WIP
* Added keep/delete message notifications
* refactor: update AssignFlaggedPostReviewer method signature to include context
* test: add tests for getReviewerPostsForFlaggedPost and postReviewerMessage
* lint fixes
* handled reviewer updates
* Handled preference
* Implemented notifications
* test: add comprehensive tests for content flagging notification functions
* refactor: Replace th.UpdateConfig with SaveContentFlaggingConfig in tests
* test: add test case for content flagging with string comparison
* refactor: simplify content flagging test config setup
* refactor: Update content flagging notification settings types in test cases
* refactor: Update content flagging tests to use exact message matching
* Added tests
* lint fixes
* review fixes
* Fixed a test
* Fixed a test
* review fixes
* Reduced code duplication
* Refactored tests to reduce duplication
* review fixes
* lint fix
* Review fixes
* WIP
* test: add comprehensive tests for sendFlaggedPostRemovalNotification and sendKeepFlaggedPostNotification
* Updated tests
* review fixes
* Updated logs
* i18n fixes
* MM-66123: Upgrade golangci-lint to v2.5.0
- Upgrade golangci-lint from v2.1.6 to v2.5.0 in Makefile
- Fix misspelling found by upgraded linter: "implmented" -> "implemented"
* MM-66123: Enable unqueryvet linter
- Add unqueryvet to enabled linters list
- Configure unqueryvet to check SQL builders
- Add exception for channels/store/sqlstore/post_store.go (11 existing issues to be migrated separately)
* Update dependencies
* Undo hack needed by go-elasticsearch v8.18.0
See https://github.com/mattermost/mattermost/pull/31021 for more
information.
* Another breaking change in a minor version :)
* Remove old exclude rules
* Unify ES/OS tests when getting no documents
* Clarify weird assert on ES/OS common tests
* Bump dependencies now that archives v0.1.5 is out
* Added another property field
* WIP
* WIP
* Added validations
* Added data validations and hidden post if confifgured to
* lint fixes
* Added API spec
* Added some tests
* Added tests for getContentReviewBot
* test: add comprehensive tests for getContentReviewChannels function
* Added more app layer tests
* Added TestCanFlagPost
* test: Add comprehensive tests for FlagPost function
* Added all app layer tests
* Removed a file that was reamoved downstream
* test: add content flagging test file
* test: add comprehensive tests for FlagContentRequest.IsValid method
* Added model tests
* test: add comprehensive tests for SqlPropertyValueStore.CreateMany
* test: add comprehensive tests for flagPost() API function
* Added API tests
* linter fix
* WIP
* sent post flagging confirmation message
* fixed i18n nissues
* fixed i18n nissues
* CI
* WIP
* WIP
* Added API call
* test: add test for Client4.flagPost API call in FlagPostModal
* fix: remove userEvent.setup() from flag post modal test
* test: wrap submit button click in act for proper state updates
* Updated tests
* lint fix
* Updated test
* fix: reset contentFlaggingGroupId for test isolation in content flagging tests
* removed cached group ID
* removed debug log
* CI
* Updated to allow special characters in comments
* Handled empty comment
* Created getContentFlaggingFields API
* created getPostPropertyValues API
* Used finally
* WIP
* Created useContentFlaggingFields hook
* WIP
* WIP
* Added option to retain data for reviewers
* Displayed deleted post's preview
* DIsplayed all properties
* Adding field name i18n
* WIP - managing i18n able texts
* Finished displaying all fields
* Manual cleanup
* lint fixes
* team role filter logic fix
* Fixed tests
* created new API to fetch flagged posts
* lint fix
* Added new client methods
* test: add comprehensive tests for content flagging APIs
* Added new API tests
* fixed openapi spec
* Fixed DataSpillageReport tests
* Fixed PostMarkdown test
* Fixed PostPreviewPropertyRenderer test
* Added metadata to card renderer
* test fixes
* Added no comment placeholder
* Added view detail button
* Created RemoveFlaggedMessageConfirmationModal modal
* Added key and remove flag request modal
* IMplemented delete flagged post
* Handled edge cases of deleting flagged post
* keep message
* UI integration
* Added WS event for post report update and handled deleted files of flagged post
* Added error handling in keep/remove forms
* i18n fixes
* Fixed test
* Updated OpenAPI specs
* fixed types
* fixed types
* refactoring
* refactor: improve test mocking for data spillage report component
* test mock updates
* Fixed tests
* Updated reducer
* not resetting mocks
* Added migrations for content flagging tables
* Created new structure
* review fixes
* Used correct ot name
* WIP
* review fixes
* review fixes
* Added new property translations
* CI
* CI
* CI
* Improved test
* fixed test
* CI
* New UI component
* WIP
* Updated settings APIs
* cached DB data
* used cached reviewer data
* Updated tests
* Lint fixes
* test: add tests for saveContentFlaggingSettings and getContentFlaggingSettings APIs
* test fix
* test: add tests for SaveContentFlaggingConfig and GetContentFlaggingConfigReviewerIDs
* Updated tests
* test: add content flagging test for local cache layer
* test: add comprehensive tests for content flagging store cache
* Updated tests
* lint fix
* Updated mobile text
* Added content flagging SQL store mocks
* Added API specs for new APIs
* fixed tests
* feat: add TestContentFlaggingStore function for content flagging store testing
* feat: add comprehensive tests for content flagging store
* Added SQL store tests
* test: add content flagging test for local cache layer
* test: add tests for content flagging store caching
* Added cache layer tests
* Updated tests
* Fixed
* Handled JSON error
* fixes
* fixes
* Fixed retry layer test
* fixerdf i18n
* Fixed test
* CI
* building index concurrently
* CI
* fixed a test
* CI
* cleanup
* Implemented reviewer search API
* feat: add tests for SearchCommonContentFlaggingReviewers and SearchTeamContentFlaggingReviewers
* Added store tests
* test: add comprehensive tests for SearchReviewers function
* feat: add comprehensive tests for searchReviewers endpoint
* API tests
* Integrate flag post api (#33798)
* WIP
* WIP
* Added API call
* test: add test for Client4.flagPost API call in FlagPostModal
* fix: remove userEvent.setup() from flag post modal test
* test: wrap submit button click in act for proper state updates
* Updated tests
* lint fix
* CI
* Updated to allow special characters in comments
* Handled empty comment
* Used finally
* CI
* Fixed test
* Spillage card integration (#33832)
* Created getContentFlaggingFields API
* created getPostPropertyValues API
* WIP
* Created useContentFlaggingFields hook
* WIP
* WIP
* Added option to retain data for reviewers
* Displayed deleted post's preview
* DIsplayed all properties
* Adding field name i18n
* WIP - managing i18n able texts
* Finished displaying all fields
* Manual cleanup
* lint fixes
* team role filter logic fix
* Fixed tests
* created new API to fetch flagged posts
* lint fix
* Added new client methods
* test: add comprehensive tests for content flagging APIs
* Added new API tests
* fixed openapi spec
* Fixed DataSpillageReport tests
* Fixed PostMarkdown test
* Fixed PostPreviewPropertyRenderer test
* Added metadata to card renderer
* test fixes
* Added no comment placeholder
* Fixed test
* refactor: improve test mocking for data spillage report component
* test mock updates
* Updated reducer
* not resetting mocks
* WIP
* review fixes
* CI
* Fixed
* fixes
* Content flagging actions implementation (#33852)
* Added view detail button
* Created RemoveFlaggedMessageConfirmationModal modal
* Added key and remove flag request modal
* IMplemented delete flagged post
* Handled edge cases of deleting flagged post
* keep message
* UI integration
* Added WS event for post report update and handled deleted files of flagged post
* Added error handling in keep/remove forms
* i18n fixes
* Updated OpenAPI specs
* fixed types
* fixed types
* refactoring
* Fixed tests
* review fixes
* Added new property translations
* Improved test
* fixed test
* CI
* fixes
* CI
* fixed a test
* fixed abad commit
* CI
* WIP
* IMplemented assign reviewer API
* Display reviewers
* Review fixes
* UI integration
* lint fix
* Added API docs
* test: add comprehensive tests for assignFlaggedPostReviewer function
* test: add comprehensive tests for AssignFlaggedPostReviewer
* Added tests
* Fixed test
* Sequential tests
* minor improvemenmts
* WIP
* Added keep/delete message notifications
* refactor: update AssignFlaggedPostReviewer method signature to include context
* test: add tests for getReviewerPostsForFlaggedPost and postReviewerMessage
* lint fixes
* handled reviewer updates
* Handled preference
* review fixes
* Review fixes
