* feat(webapp): added keyboard shortcut for Mark All As Read (MM-2541)
- Added shortcut (within sidebar) for Shift+ESC to mark _all_ messages, teams as read
- Desktop only
- Added feature toasts for new features and localStorage support
- Added feature toast for mark-all-as-read feature
- Should decide when/how people want this shown, I just followed designs
- Will only show if the user has not clicked 'Got it' before, and is not on mobile
- Added confirmation modal for mark all as read shortcut
- Contains option to not show again, saved in localStorage
- Added English translations for read shortcut
- Will need i18n aid on other languages
This is a draft version of this feature update that still needs testing and i18n support, along with a11y validation.
* feat(webapp): feature flags and fixes for mark all as read shortcut
- Added feature flags surrounding rollout of mark-all-as-read shortcut
- Added shortcut to list of shortcuts in help section
- Extended tests for new components
- Updated snapshot for sidebar_list, keyboard_shortcuts_modal
- Fixed styling and CSS issues
Still in draft, needs documentation and e2e support.
* fix(webapp): fixed some issues with new mark-all-read feature
- Scoped persistent storage to current user ID
so that subsequent new logins also get the notification
- Replaced LocalStorage calls with useGlobalState calls, sad
that I missed that this updated call was being used.
- Fixed an issue that would have caused the new shortcut to
show up in the Help menu's shortcuts without being enabled.
* Fixed a snapshot test and a missing i18n member
* Replaced useGlobalState with backend-ready usePreference. Previous version was just a mistake as we didnt know about the supported API
* fix(server): fix lint issue with gofmt
* feat(server,webapp): added cleaner and more effective method with which to mark-all-read
- Added 2 new routes to the API (need to find docs to update those):
- `PUT /api/v4/channels/members/<userId>/direct/read` will mark a user's non-team DMs and GMs as read
- `PUT /api/v4/users/<userId>/teams/<teamId>/read` will do a similar action as the multi-channel mark_read action, but with a teamId signifier. Because this is using a teamId, it will _not_ handle DMs or GMs.
- Updated sidebar_list.tsx to use these new routes for the new shortcut
- Added extensive testing, including feature flag assurance.
* fix from upstream changes
* fix: eslint errors in teams actions
* document new API endpoints
* fix i18n
* fix err id
* remove unused localhost methods
* use ShortcutKey and ShortcutSequence
* feature_enhancements, mark as read toast enchancements
* read all modal mount point, use openModal
* use handler
* fix style
* fix: fix refactoring typo
* Merge fix: realign branch with upstream changes
Upstream MM-67319/MM-67320 (#36037) moved ShortcutKey and
WithTooltip into the shared package and rewrote the keyboard
shortcuts test to snapshot real DOM instead of a
react-test-renderer tree. The merge resolution missed several
follow-on consequences; clean them up so the branch builds, type
checks, lints, passes i18n-extract-check and runs without
throwing at mount.
- Port the inline-content variant from the deleted channels-side
shortcut_key.scss to the new shared shortcut_key.css.
- Refresh the keyboard_shortcuts_sequence snapshot so it matches
Testing Library's container output (DOM only, no component
nodes, class= not className=).
- Repoint mark_all_as_read_modal and mark_all_as_read_toast at
components/shortcut_key for ShortcutKeys and use
ShortcutKeys.escape; the channels-side with_tooltip is now a
thin re-export and the field was renamed in the shared keys
map. Without this both consumers threw "Cannot read properties
of undefined" at mount.
- Switch mark_all_as_read_toast's UserAgent import to
@mattermost/shared/utils/user_agent; the channels-local
utils/user_agent path no longer resolves.
- Drop the orphan mark_all_threads_as_read_modal.cancel string
from en.json so formatjs extraction is in sync.
* Clean up TestReadAllInTeam
Drop four lines left from debugging and replace them with a real
assertion: LastViewedAtTimes must contain the test channel with a
value at or after the most recent post.
Update three client.GetChannel calls to the (ctx, id) signature;
the prior etag argument no longer compiles after upstream removed
it.
* Use SelectBuilder for team channels query
GetTeamChannelsWithUnreadAndMentions built a squirrel query and
then manually called ToSql before handing the string+args to
GetReplica().Select. SelectBuilder accepts the builder directly
and removes the intermediate dance, matching the pattern used
elsewhere in this store.
* Mark all team-channel threads on team read
MarkTeamChannelsAndThreadsViewed used Thread().MarkAllAsReadByTeam
unconditionally, writing every thread membership in the team for
the user even when nothing was stale. Scoping the call to
channelsToView (channels with unread channel-level messages) would
have closed the perf concern but introduced a regression: in CRT
mode a thread reply does not bump the channel's TotalMsgCount, so
a channel can be read at the channel level while still having
unread thread replies, and those would have been silently skipped.
Build the channel-id list from the keys of the times map instead.
GetTeamChannelsWithUnreadAndMentions already populates that map
for every team channel the user belongs to, so no extra query is
needed. MarkAllAsReadByChannels then filters the actual UPDATE
through its LastReplyAt > LastViewed clause, keeping writes
bounded to genuinely stale rows.
Gate the channel-level work (UpdateLastViewedAt, push clearing,
the MultipleChannelsViewed event) on channelsToView being
non-empty, but always run the thread mark and broadcast
ThreadReadChanged for every team channel so CRT clients refresh
thread state in channels that had no channel-level change.
* Mark mark-read audit records as success
The handlers for mark all DM/GM and mark team read created an
audit record with status Fail and never updated it on success,
so successful calls were always logged as failures.
* Mark all DM/GM threads on full read
MarkAllDirectAndGroupMessagesViewed early-returned when no
channel had unreads, so followed threads in DMs/GMs whose
channel-level counters were already current stayed unread under
CRT. Mirror MarkTeamChannelsAndThreadsViewed and call
MarkAllAsReadByChannels for every DM/GM in times.
* Polish DM/GM channels-with-unreads query
Use model.ChannelTypeDirect/Group constants instead of bare
"D"/"G" literals, and update the error wrap to mention DM/GM
channels (it was copied from the team variant).
* Fix stale ReadAllMessages godoc
* Type last_viewed_at_times as int64 map in OpenAPI
The response field was declared as a generic object. Add
additionalProperties so generated clients see it as a
channelId -> int64 timestamp map.
* Gate MarkAllAsReadToast mount on feature flag
The toast was mounted unconditionally, so its async chunk loaded
even when EnableShiftEscapeToMarkAllRead was off. Gate the mount
with the flag so the chunk only loads when the feature is on.
* Return data from markAllInTeamAsRead thunk
Match the {data: response} shape used by adjacent thunks instead
of returning {}, so callers can read the API payload.
* Coerce undefined suffix in createStoredKey
createStoredKey('foo') returned 'fooundefined' when the suffix
arg was omitted. Coerce a missing suffix to ''.
* Refactor mark-read websocket events
* Polish DM/GM channels-with-unreads query
* Fix import order in shortcut_key consumers
* Fix CI
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Caleb Roseland <caleb@calebroseland.com>
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
* MM-66813 - Add server origin verification to mobile SSO callbacks
* Enhance mobile SSO security and deprecate code-exchange
* Update code-exchange deprecation to follow MM standards
* Use config SiteURL for srv param, fix flow terminology
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add Entra ID token authentication and Intune MAM config exposure
* Add Intune MAM toggle to Mobile Security admin console
* Add IntuneSettings with the AuthService to use and its own TenantID andClientID for the Entra App registration
Include Admin console changes
switch from /oauth/entra to /oauth/intune endpoint
* openAPI documentation
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: yasser khan <attitude3cena.yf@gmail.com>
* Add EasyLogin configuration (#34217)
* add easy login config
* add easy login to the invite modal
* add to the query parameters
* Add an API to get login method for the login id (#34223)
* add an api to get login method for the login id
* do not return errors if user is not found
* Add support for Easy Login invitation link sending (#34224)
This generates Easy Login token types when requested. The server
doesn't do anything with these tokens, yet - that will come in a
future change.
* Add support for logging in with easy login (#34236)
* Fix E2E tests (#34240)
* Prevent easy login accounts to reset their password (#34262)
* Add easy login support to login api and limit token to 5 min (#34259)
* webapp easy login ui mods (#34237)
* webapp easy login ui mods
* easy login i18n
* lint issues
* getUserLoginType
* using the real API
* easylogin proper redirect
* remove unneeded functions and files
* duplicated localization
* remove easylogin
* using EnableEasyLogin setting
* localization fix
* fix lint issue
* remove excessive setIsWaiting
* changed logic to make it more readable
* renaming component to make easier editable
* password will disappear when username change
* login test
* text for easy login password
* Add app links to emails
* Update templates and always land in the landing screen
* Update svg image, improve checks on server, fix linking page and show deactivated on login type
* Update naming
* Fix mocks and imports
* Remove all sessions on disable and forbid user promotion
* Fix layer and tests
* Address feedback
* Fix tests
* Fix missing string
* Fix texts
* Fix tests
* Fix constant name
* Fix tests
* Fix test
* Address feedback
* Fix lint
* Fix test
* Address feedback
* Fix test
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: David Krauser <david@krauser.org>
Co-authored-by: Daniel Espino <larkox@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-65084: (server-side) PKCE code-exchange for SSO
Server side changes needed for MM-65084. Guarded by MobileSSOCodeExchange feature flag.
* Update users.yaml for vet-api testing
* Change error for not saving SAML token to existing generic 'can't save token' message
* Restricting to sha256 only PKCEs
* Change out PKCE terminology to SAML
This came out as Claude used "PKCE" as a shorthand for the style and I did not know better. SAML is the correct term here.
This also fixes a linter issue where we were assigning `codeVerifier` to `computed` but then overwriting it in all cases (so that was misleading and unecessary)
* Adding ConsumeTokenOnce and IsExpired as suggested by security review
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Adds the main Property System Architecture components
This change adds the necessary migrations for the Property Groups,
Fields and Values tables to be created, the store layer and a Property
Service that can be used from the app layer.
* Adds Custom Profile Attributes endpoints and app layer
* implement get and patch cpa values
* run i18n-extract
* Update property field type to use user instead of person
* Update PropertyFields to allow for unique nondeleted fields and remove redundant indexes
* Update PropertyValues to allow for unique nondeleted fields and remove redundant indexes
* Use StringMap instead of the map[string]any on property fields
* Add i18n strings
* Revert "Use StringMap instead of the map[string]any on property fields"
This reverts commit e2735ab0f8.
* Cast JSON binary data to string and add todo note for StringMap use
* Add mocks to the retrylayer tests
* Cast JSON binary data to string in property value store
* Check for binary parameter instead of casting to string for JSON data
* Fix bad merge
* Check property field type is one of the allowed ones
* Avoid reusing err variable to be explicit about the returned value
* Merge Property System Migrations into one file
* Adds NOT NULL to timestamps at the DB level
* Update stores to use tableSelectQuery instead of a slice var
* Update PropertyField model translations to be more explicit and avoid repetition
* Update PropertyValue model translations to be more explicit and avoid repetition
* Use ExecBuilder instead of ToSql&Exec
* Update property field errors to add context
* Ensure PerPage is greater than zero
* Update store errors to give more context
* Use ExecBuilder in the property stores where possible
* Add an on conflict suffix to the group register to avoid race conditions
* Remove user profile API documentation changes
* Update patchCPAValues endpoint and docs to return the updated information
* Merge two similar error conditions
* Use a route function for ListCPAValues
* Remove badly used translation string
* Remove unused get in register group method
* Adds input sanitization and validation to the CPA API endpoints
* Takes login outside of one test case to make it clear it affects multiple t.Runs
* Fix wrap error and return code when property field has been deleted
* Fix receiver name
* Adds comment to move the CPA group ID to the db cache
* Set the PerPage of CPA fields to the fields limit
* Update server/channels/app/custom_profile_attributes_test.go
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
* Standardize group ID access
* Avoid polluting the state between tests
* Use specific errors for the retrieval of CPA group
---------
Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
* Ignore performance counts if notifications are blocked by the device
* Change the endpoint to allow more information
* Add tests and API description
* Remove wrong test
* Address feedback
* Only update the cache when there is no error
* Follow same casing as other props
* use one single endpoint
* Fix tests
* Fix i18n
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* add more fields to sanitizeInput on User
* add test for user sanoitizeInput
* add more fields
* remove line, lint fix
* additional fields and sanitize update
* Update user_test.go
* remove fields that are unnecessary to check
* add check to test
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Added materialized view migration
* Renamed mat view
* Added channel membership mat view and indexes
* Added channel membership mat view and indexes
* Added new index
* WIP
* Simplifying user reporting code
* Created app and API layer for cahnnel reporting, reporting refactoring in general
* New router
* Remobved channel reporting meanwhile
* Upodated autogenerated stuff
* Lint fix
* Fixed typo
* api vet
* i18n fix
* Fixed API vetting and removed channel reporting constants
* yaml
* removed app pagination tests
* Add store method to get reporting data
* Some store changes
* Added app layer
* Added API call, some miscellaneous fixes
* Fix lint
* Fix serialized check
* Add API docs
* Fix user store tests leaking users
* Fix test
* PR feedback
* Add filtering for role/team/activated user, filter out bot users
* Fix mock
* Fix test
* Oops
* Switch to using struct filter
* More PR feedback
* Fix gen
* Fix test
* Fix API docs
* Fix test
* Fix possible SQL injection, some query optimization
* Fix migrations
* Oops
* Add role to API
* Fix check
* Add Client4 API call for load testing
* Fix test
* Update server/channels/store/storetest/user_store.go
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
* PR feedback
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
* fix openApi vetting
The underlying mattermost-govet tool effectively hasn't been called for some time, as we weren't checking out and building the spec files to pass. Now that hte API is in the monorepo, build it locally and check against it.
Unfortunately, our API documentation isn't up-to-date, and this PR isn't fixing that. For now, add a discrete `make vet-api` and workflow that won't block the build until the API documentation is back in sync and can be merged into the existing `make vet` directive.
* mattermost-govet: use upstream@new
* fix missing /api/v4 prefix for commands autocomplete suggestion
* document /api/v4/ldap/users/{user_id}/group_sync_memberships
* document /api/v4/groups/{group_id}/restore
* fix /files/{file_id}/public actually at root
* document /api/v4/users/invalid_emails
* fix SetThreadUnreadByPostId
* Revert "fix SetThreadUnreadByPostId"
This reverts commit b16bcc8044.
* Revert "Revert "fix SetThreadUnreadByPostId""
This reverts commit 8bda05dc8a.
* workaround undocumented API endpoints
* remove unnecessary whiteline
* ignore go tool output
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
