* Fix bot permission checks in revokeSession, revokeAllSessionsForUser, and updatePassword
MM-68701: Align permission checks with the bot-aware pattern used by
updateUser, patchUser, deleteUser, and (via MM-68686) updateUserActive.
Three handlers were missing the IsBot branch:
- revokeSession / revokeAllSessionsForUser: both gated access through
SessionHasPermissionToUser, which only requires EditOtherUsers (an
ancillary permission granted to User Managers). Switching to
SessionHasPermissionToUserOrBot routes bot targets through
SessionHasPermissionToManageBot first and falls back to the user
path only when the target is not a bot.
- updatePassword: the permission flag canUpdatePassword was set by
checking PermissionSysconsoleWriteUserManagementUsers (or
PermissionManageSystem for system admins) with no IsBot branch.
Adding an else-if user.IsBot guard routes bot targets through
SessionHasPermissionToManageBot, consistent with every other
handler in the file that touches bot accounts.
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
* Improve TestRevokeSessionBotPermissions: revoke a real bot session
Seed a session directly via th.App.CreateSession instead of passing a
fake ID and expecting a 400. The test now validates the full happy path:
the session row is created, the privileged user revokes it, and the
call returns 200 OK.
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
* Strengthen forbidden sub-test: revoke a real bot session with no perms
Seed a real session for the bot before the unprivileged revoke call.
The test now proves the permission gate blocks access even when the
target session ID genuinely exists in the database.
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
* Address review feedback: add post-conditions to bot session revoke tests
- TestRevokeSessionBotPermissions: after RevokeSession succeeds, assert
GetSessionById returns an error to confirm the row is gone.
- TestRevokeAllSessionsForUserBotPermissions: seed a real session before
RevokeAllSessions so the call is not a no-op, then assert GetSessions
returns an empty list afterwards.
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-68149: upgrade to Go 1.26.2
Update go directive in go.mod and .go-version.
* MM-68149: replace pointer helpers with Go 1.26 new()
Go 1.26 extends the built-in new() to accept an initial value expression,
making typed-pointer helpers like model.NewPointer(x), bToP(x), and boolPtr(x)
redundant. Replace every call site with new(x) and remove the now-unused
helper functions and their //go:fix inline directives.
* MM-68149: apply go fix for reflect API and format-string changes
- reflect.Ptr → reflect.Pointer (renamed in Go 1.18, deprecated alias removed in 1.26)
- reflect range-over-struct: for i := 0; i < t.NumField(); i++ → for field := range t.Fields()
and the equivalent for Methods() and interface types
- Fix format-string concatenation and variadic-arg mismatches flagged by go vet
* MM-68149: update JPEG fixtures and test infrastructure for Go 1.26 encoder
Go 1.26 ships a new image/jpeg encoder that produces slightly different output.
Regenerate all JPEG fixture files and switch the comparison helpers from
byte-equality to pixel-level comparison with a small per-channel tolerance,
so minor encoder drift across patch versions is handled automatically.
Add -update-fixtures flag to make it easy to regenerate fixtures after future
major Go upgrades. Document the update procedure in tests/README.md.
* MM-68149: CI check that go fix ./... produces no changes
* Fix real bugs flagged by CodeRabbit review
- group.go: set newGroup.MemberCount not group.MemberCount (member count
was populated on the wrong variable and lost before publish/return)
- file_test.go: guard compareImage(GetFilePreview) on the preview slice
length, not the thumbnail slice length (copy-paste error)
- config_test.go: remove duplicate MinimumLength assignment
* fixup! Fix real bugs flagged by CodeRabbit review
* api4: block user managers from toggling bot active status without bot permissions
The PUT /api/v4/users/{id}/active endpoint only checked for
PermissionSysconsoleWriteUserManagementUsers and a special-case for system
admins, but had no equivalent guard for bot accounts.
This meant a User Manager with edit access to users but no access to
Integrations could deactivate (or reactivate) bot accounts — causing the
bot's sessions to be revoked and its tokens invalidated — even though every
dedicated bot endpoint (/api/v4/bots/{id}/disable, /enable, PATCH, etc.)
requires the caller to pass SessionHasPermissionToManageBot.
Fix: after fetching the target user and running the system-admin guard, add
an equivalent check for IsBot that delegates to the same
SessionHasPermissionToManageBot helper used by all other bot endpoints.
Fixes MM-68686
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
* api4: assert bot is inactive after deactivation in test
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
* api4: pin bot-deactivation test assertion to 404 and clarify comment
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
* api4: use require.Zero for DeleteAt assertion in bot test
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
* api4: fix err shadow in updateUserActive bot permission check
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Miguel de la Cruz <mgdelacroix@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Reapply "Strip remote_id field from user patch API requests (#35910)" (#35996)
This reverts commit d1ca297721.
* Fix SetUserRemoteID to use test's own database in parallel mode
Replace testlib.SetUserRemoteID (which used mainHelper's shared
database) with a squirrel query against GetInternalMasterDB(), which
resolves to the correct per-test pooled database under parallel
execution.
* Strip remote_id from user patch API requests
* Ignore remote_id in user update API endpoints
Add SetUserRemoteID test helper in testlib to set remote_id via direct SQL,
bypassing the now-protected store Update method. Update existing tests in
app and api4 packages to use the new helper.
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Log only a 5-character prefix of the password reset token in audit
entries instead of the full 64-character bearer credential (CWE-532).
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Change the /api/v4/users/{user_id}/auth endpoint to use
APISessionRequired instead of APISessionRequiredTrustRequester.
This endpoint is a JSON API called via XHR and does not need
the TrustRequester flag which is intended for directly-requested
resources like images and file downloads.
Made-with: Cursor
* MM-66813 - Add server origin verification to mobile SSO callbacks
* Enhance mobile SSO security and deprecate code-exchange
* Update code-exchange deprecation to follow MM standards
* Use config SiteURL for srv param, fix flow terminology
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* add authentication status to audit log for logouts
* improve audit log testing for other tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add support for autocomplete of plugin-created bots
* stashing
* Add support for including agents in the autocomplete list for @ mentions
* Change server response to be users rather than interface
* fix
* [MM-66708] Disallow interacting with password and login method for magic link accounts
* Fix test and update getLoginType response
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add EasyLogin configuration (#34217)
* add easy login config
* add easy login to the invite modal
* add to the query parameters
* Add an API to get login method for the login id (#34223)
* add an api to get login method for the login id
* do not return errors if user is not found
* Add support for Easy Login invitation link sending (#34224)
This generates Easy Login token types when requested. The server
doesn't do anything with these tokens, yet - that will come in a
future change.
* Add support for logging in with easy login (#34236)
* Fix E2E tests (#34240)
* Prevent easy login accounts to reset their password (#34262)
* Add easy login support to login api and limit token to 5 min (#34259)
* webapp easy login ui mods (#34237)
* webapp easy login ui mods
* easy login i18n
* lint issues
* getUserLoginType
* using the real API
* easylogin proper redirect
* remove unneeded functions and files
* duplicated localization
* remove easylogin
* using EnableEasyLogin setting
* localization fix
* fix lint issue
* remove excessive setIsWaiting
* changed logic to make it more readable
* renaming component to make easier editable
* password will disappear when username change
* login test
* text for easy login password
* Add app links to emails
* Update templates and always land in the landing screen
* Update svg image, improve checks on server, fix linking page and show deactivated on login type
* Update naming
* Fix mocks and imports
* Remove all sessions on disable and forbid user promotion
* Fix layer and tests
* Address feedback
* Fix tests
* Fix missing string
* Fix texts
* Fix tests
* Fix constant name
* Fix tests
* Fix test
* Address feedback
* Fix lint
* Fix test
* Address feedback
* Fix test
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: David Krauser <david@krauser.org>
Co-authored-by: Daniel Espino <larkox@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-65084: (server-side) PKCE code-exchange for SSO
Server side changes needed for MM-65084. Guarded by MobileSSOCodeExchange feature flag.
* Update users.yaml for vet-api testing
* Change error for not saving SAML token to existing generic 'can't save token' message
* Restricting to sha256 only PKCEs
* Change out PKCE terminology to SAML
This came out as Claude used "PKCE" as a shorthand for the style and I did not know better. SAML is the correct term here.
This also fixes a linter issue where we were assigning `codeVerifier` to `computed` but then overwriting it in all cases (so that was misleading and unecessary)
* Adding ConsumeTokenOnce and IsExpired as suggested by security review
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-64486: Remove telemetry
Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information.
* recover mock for SystemStore.Get
* Fix TestClearPushNotificationSync by adding missing SystemStore mock
The test was failing because the SystemStore mock was missing the Get()
method that's required by the ServerId() function. Added the missing mock
to return a StringMap with SystemServerId.
* fix mocking issue
* Remove now-unused telemetry and constants
* Remove "Disable telemetry events" debug setting
* Remove empty functions
* Remove most "Telemetry tracking removed" comments
* Remove remains of DataPrefetch telemetry
* Remove now-unused prop from InviteMembersButton
* Remove trackDotMenuEvent
* Remove some more leftover comments
* Remove lingering logic related to trackingLocation
* Remove now-unused argument from useCopyText
* Remove lingering telemetry references from PreparingWorkspace
* fixup Remove trackDotMenuEvent
* Remove lingering telemetry references from signup page and password check
* Update snapshots and fix test broken by my changes
* Fix unintended behavior change in thread list filtering
Remove handleSetFilter wrapper that was accidentally modified during
telemetry removal. The function was calling clear() when switching to
unread filter, which was not the original behavior. Use setFilter
directly instead, restoring the original functionality.
* Remove unused useOpenDowngradeModal hook
The useOpenDowngradeModal hook was not being used anywhere in the codebase.
* Remove unused expandableLink from useExpandOverageUsersCheck
The expandableLink return value was not being used by any components.
* Re-add missing TeamLinkClicked performance telemetry
The mark(Mark.TeamLinkClicked) call was accidentally removed from the
handleSwitch function. This telemetry is needed for Looker-based
performance tracking.
* drop LogSettings.VerboseDiagnostics
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
This feature has never worked as advertised. Let's deprecate it,
retaining the config field so we can fail server startup to ensure it's
not being used at all.
* server: allow access to channel bookmarks in an archived channel
* server: allow access to posts in archived channels
* server: allow accessing channel members for archived channels
* server: allow autocompleting/searching archived channels
* server: allow access to files from archived channels
* server: fix access issue on database error
* server: allow access to archived channels
* server: remove TeamSettings.ExperimentalViewArchivedChannels from telemetry
* server: remove ExperimentalViewArchivedChannels from client config
* webapp: simplify delete channel
* webapp: simplify channel settings modal
* webapp: do not redirect away from archived channel
* webapp: rhs, always search posts from archived channels
* webapp: switch channels, always support archived channels
* webapp: search channel provider, always support archived channels
* webapp: browse channels, always support archived channels
* webapp, search results? fixup?
* webapp, confusing type issue
* webapp: unarchive, no need to report view archived
* webapp: command test, no need for ExperimentalViewArchivedChannels in config
* webapp: remove ExperimentalViewArchivedChannels from system console
* webapp: redux, do not delete posts, also fix LEAVE_CHANNEL
* update e2e tests
* server: fail startup if ExperimentalViewArchivedChannels is not enabled
* extract i18n
* updated snapshots
* update tests
* simplify posts reducer
* updated tests
* additional e2e tests
* Fix locale consistency in Jest tests
Added consistent locale environment variables (LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8)
to all Jest test scripts to prevent locale-dependent date formatting differences
across development environments.
This resolves snapshot test failures where DateTime.toLocaleString() would produce
different date formats on different systems (e.g., "6/8/2025" vs "08/06/2025" vs "2025-06-08").
Updated test scripts:
- test, test:watch, test:updatesnapshot, test:debug, test-ci
Updated snapshot to consistent en_US format.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove includeArchivedChannels parameter from GetMemberForPost
* Remove unnecessary includeDeleted variable assignments
* Deprecate ExperimentalViewArchivedChannels config field
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Remove pricing modal. Adjust everywhere to instead open mattermost.com/pricing. When air gapped, don't show buttons to view plans.
* Fix lint
* Further clean up of unused code. Fixes for linter
* Remove onboarding tasklist for previews, add Cloud previer banner
* Fixes for linter, i18n
* Revert dev lines
* Fix lint
* When below one minute, switch to seconds
* fix linter
* Add scaffolding for new Cloud Preview Modal
* Style updates
* Fix tests
* fixes for PR feedback
* useExternalLink for opening pricing modal with enriched params
* Fix i17n
* fix style
* Fix style, tests
* Fix linter, types
* Add file
* Make types even more fixed
* fix: correct test case for SKU label not provided scenario
The test "should not render SKU label when not provided" was incorrectly using baseContent which includes a SKU label. Fixed by creating contentWithoutSku that explicitly sets skuLabel to undefined to properly test the scenario where no SKU label is provided.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Fine I'll do it myself
* fix linter
* Refactors
* Adjustments from PR review. Adjustments to video experience (poster/play button) and starting to translate
* Fix i18n
* Accept use case in CWS login, redirect to proper team, with filtered content in preview modal
* Wrap translation strings with defineMessage for i18n extraction
- Add import for defineMessage and MessageDescriptor from react-intl
- Update type definition to use MessageDescriptor for better type safety
- Wrap all skuLabel, title, and subtitle objects with defineMessage() calls
- This ensures the i18n-extract tool can properly detect translation strings
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Fix i18n
* Hiding modal will presist through refreshes
* Fix linter
* Add exception to notification permission bar for cloud previews
* Use regular modal close button
* Fix pipelines
* Fix i18n
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Remove unnecessary CSS properties from preview modal content
Remove display: flex, height: 100%, and flex-direction: column from .preview-modal-content selector as they have no effect per code review feedback.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* feat: use getBool selector instead of get for boolean preference check
- Replace getPreference with getBool to avoid explicit === 'true' comparison
- Follows Harrison's review suggestion for cleaner boolean handling
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fix linter
* Fixes for PR review
* Fix linter
* Fix i18n
* fix linter
* Changes to address Harrison's feedback
* Change file name, remove index.tsx
* change file name, remove index.tsx
* Add the new files
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
This commit exposes audit logging functionality to plugins via the plugin API, allowing plugins to create and log audit records. Additionally, it addresses a gob encoding issue that could cause plugin crashes when audit data contains nil pointers or unregistered types.
* MM-64330 - filter abac users in channel invite
* implement cursor functionality for abac user filtering
* remove unnecessary comments
* refactor the backend implementation simplifying the functions
* refactor api to use opts as parameters, rename function
* add missing translation
* remove unnecesary test code
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
On page load, we load ALL channels and channel members from all teams.
But then, on team_switch, we would again load channels and channel
members from that team. This was redundant and mainly kept
because previously the websocket events were considered unreliable.
Now with reliable websockets, and client-side pings, we can detect
broken connections faster and recover without loss.
Additionally, the getAllChannelMembers call would page through
all responses on the client side. This was inefficient and incur
extra latency. To optimize for this, we introduce server-side
streaming of the full response if page is set to -1.
This optimizes the intial response as well.
https://mattermost.atlassian.net/browse/MM-56906
```release-note
Optimize team switch operation by removing calls to get channels
and channel members.
```
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-57516 - restrict activation/deactivation over ldap users
* Add unit tests
* refactor test to unify repeated actions
* add disable actions in user details too
* migrate test to use react-testing-library
* add new ldap user test and fix other existing tests
* restrict ldap users status management via api
* use correct server status and update tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Ignore performance counts if notifications are blocked by the device
* Change the endpoint to allow more information
* Add tests and API description
* Remove wrong test
* Address feedback
* Only update the cache when there is no error
* Follow same casing as other props
* use one single endpoint
* Fix tests
* Fix i18n
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Allow end users to fetch the group members list of groups which allow @-mentions
* Update server/channels/api4/group_test.go
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
* Fix test name
* Move into subtest
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
