272 commits

Author	SHA1	Message	Date
Jesse Hallam	d4fc0ecb1c	MM-68150: Upgrade golangci-lint to v2.12.2 (#36554) ... * Simplify invite_people email parsing Replace backwards in-place mutation loop with a straightforward forward filter into a new slice. Extract into parseEmailList so the logic can be unit tested directly. * MM-68150: Upgrade golangci-lint to v2.12.2 Remove //go:fix inline from NewPointer, which is a generic function not yet supported by the inline analyzer, and fix 11 slicesbackward modernize issues flagged by the new version. * MM-68150: Enable all linters by default; disable those with >20 existing issues Switch from opt-in (default: none) to opt-out (default: all) so new linters added to golangci-lint are evaluated automatically. Explicitly disable every linter that has more than 20 pre-existing violations, deferring those for later cleanup. Also disable a handful of linters whose violations are intentional patterns in this codebase (nilerr, dogsled, sqlclosecheck, iotamixing, predeclared, containedctx, iface, gocheckcompilerdirectives, promlinter, goprintffuncname, gomoddirectives). * MM-68150: Fix mirror linter issues Replace Write([]byte(s)) with WriteString(s), and FindIndex([]byte(s)) with FindStringIndex(s), to avoid unnecessary allocations. * MM-68150: Fix nosprintfhostport linter issue Use net.JoinHostPort to construct host:port strings instead of fmt.Sprintf with a manually formatted pattern. * MM-68150: Fix rowserrcheck and sqlclosecheck linter issues Check rows.Err() after iteration loops in schema_dump.go. In the sqlx_wrapper test, defer rows.Close() rather than closing inline. * MM-68150: Fix nilnesserr linter issues — wrong variable in error handlers In 11 places, a stale variable (often the outer err from a prior assignment) was used instead of the freshly-checked error variable (appErr, rowErr, jsonErr, writeErr, esErr). Each produces a typed-nil wrapped in a non-nil interface, silently discarding the real error. * MM-68150: Add i18n string for app.compile_csv_chunks.write_error --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-14 17:29:37 -04:00
Alejandro García Montoro	f604ec7a5c	MM-68662: Add Azure Blob Storage filestore backend (#36498) ... * Generalize file backend error types Replace S3FileBackendAuthError and S3FileBackendNoBucketError with backend-agnostic FileBackendAuthError and FileBackendNoBucketError so non-S3 drivers can return them and the admin "Test Connection" flow keeps surfacing useful messages. The old S3-prefixed names are kept as type aliases of the generic types so external code (plugins, historical consumers) continues to compile, and so existing S3 construction sites stay untouched. The type switch in connectionTestErrorToAppError now matches the generic types, with new i18n keys (test_connection_auth.app_error and test_connection_no_bucket.app_error) whose wording does not name S3. The old S3-specific i18n keys are dropped via `make i18n-extract` since they are no longer referenced from code; the api4 test that asserted on those keys is updated, and the Cypress `MM-T996 Amazon S3 connection error messaging` spec that asserted on the old user-facing string is updated to the new wording. ------ AI assisted commit * Pull in Azure SDK and uuid dependencies Bring in github.com/Azure/azure-sdk-for-go/sdk/azcore and .../sdk/storage/azblob (with .../sdk/internal as their indirect dependency). The two are needed by the upcoming Azure Blob Storage filestore backend and its lazy-Range-backed reader. The bump of golang.org/x/{crypto,net,sys,term,text} comes transitively from azblob's minimum versions. Also promotes github.com/google/uuid from indirect to direct, since the Azure backend uses it to generate block IDs that share the same wire format the SDK itself produces in UploadStream. ------ AI assisted commit * Add azureRangeReader, a seekable Range-backed blob reader A small standalone type that satisfies the FileBackend interface's ReadCloseSeeker + the broader io.ReaderAt contract on top of Azure Blob Storage HTTP Range requests. Lands as its own commit because the upcoming Azure FileBackend driver builds on it, and the reader itself is independently useful — and independently testable against a fake downloader without standing up an Azure client. Design notes: * Read opens an HTTP Range stream lazily at the current offset and reuses it for sequential reads. Seek to a different offset closes the open stream; the next Read re-opens it. * Seek to the same offset is a no-op and does not close the open stream, so callers like zip.NewReader that probe with redundant seeks don't kick off a fresh download. * ReadAt issues a dedicated ranged DownloadStream per call and does not touch the streaming cursor — matches the io.ReaderAt contract the bulk-import worker's zip.NewReader path relies on. * Close cancels the context (which any in-flight Azure call will observe and abort), stops the deadline timer, and closes the current body if any. It is safe to call when no body was ever opened. * CancelTimeout lets long-running consumers like the import worker opt out of the per-operation deadline that would otherwise kill multi-minute downloads partway through. The implementation talks to a small blobDownloader interface rather than *blob.Client directly so the unit tests can substitute a fake downloader that records every requested Range and tracks Close calls on the bodies it hands out. ------ AI assisted commit * Add Azure Blob Storage filestore driver Implements the FileBackend interface against Azure Blob Storage in a new azurestore.go (~520 LOC). The driver is not yet selectable via NewFileBackend's switch — that wiring lands in the next commit together with the admin config surface — but the driver itself is complete and self-contained behind the FileBackendSettings struct. Filesstore.go grows three pieces of supporting infrastructure that the driver consumes: * a `driverAzure = "azureblob"` constant alongside the existing driverS3 and driverLocal, * an Azure-specific block on FileBackendSettings (storage account, access key, container, path prefix, endpoint, SSL flag, request timeout), * a CheckMandatoryAzureFields validator that mirrors CheckMandatoryS3Fields. Behavioural notes that warrant calling out: * Reader returns the previously-added azureRangeReader, so reads stream lazily over HTTP Range and ReadAt is available for the bulk-import worker's zip.NewReader path. The deadline timer is armed before the initial GetProperties call so the HEAD itself is bounded. * WriteFile and AppendFile both go through StageBlock + CommitBlockList via a shared stageBlocks helper, never the SDK's UploadStream. UploadStream's small-payload fast path falls back to single-shot PutBlob, which leaves the resulting blob with no committed block list; a subsequent AppendFile that calls CommitBlockList on that blob would then clobber its content. Routing every write through the block-list mechanism keeps AppendFile correct regardless of payload size. * AppendFile stages the new chunk as one or more blocks and commits the existing committed block list plus the newly staged IDs. The new bytes go up exactly once — no re-download, no re-concatenate, no re-upload of the prior contents. * WriteFileContext does not wrap the caller-supplied context with its own timeout — that timeout is applied in WriteFile only, matching the S3 driver, so long-running TryWriteFileContext callers (like message-export bulk writes) opt out of the per-operation timeout the way the abstraction documents. Authentication is shared-key only for this drop; Microsoft Entra ID / managed identity is deferred to a follow-up. The endpoint is configurable so the same code targets the production Azure host (vhost style — {account}.blob.core.windows.net) or Azurite / Azure Government / sovereign clouds (path style — host[:port]/{account}). ------ AI assisted commit * Wire Azure backend into config, validation, and driver selection This commit registers the previously-added AzureFileBackend driver with the rest of the system. Until now the driver was usable only via direct construction; after this commit, `DriverName: "azureblob"` in config.json is a fully-supported deployment configuration. Five integration sites are touched: * `newFileBackend` in filesstore.go now dispatches `driverAzure` to NewAzureFileBackend, alongside the existing s3 and local cases. NewFileBackendSettingsFromConfig (and its export counterpart) gain an Azure branch that maps the model.FileSettings fields onto the Azure-specific FileBackendSettings fields. * `model.FileSettings` grows the user-facing Azure config schema: storage account, access key, container, path prefix, endpoint, SSL flag, request timeout, plus matching Export* fields for the dedicated export store. SetDefaults populates them so deployments that never opted into Azure don't carry nil pointers. `isValid` accepts the new ImageDriverAzure constant. * `Config.Sanitize()` masks AzureAccessKey and ExportAzureAccessKey the same way it masks AmazonS3SecretAccessKey, so the shared key never reaches an API consumer in plain text. * `desanitize()` restores the masked keys on a config write so a PATCH that doesn't touch the key doesn't clobber it with the FakeSetting placeholder. * `configSensitivePaths` covers both Azure key paths so audit diffs don't include them either. * `ConfigToFileBackendSettings` in the `mattermost db` CLI helper gets the Azure branch its production counterpart already has — without it, `mattermost db migrate` / `db downgrade` would fail on Azure-configured deployments with "missing azure storage account setting". Finally, the shared FileBackendTestSuite is now wired against Azurite via TestAzureFileBackendTestSuite, which skips when CI_AZURITE_HOST is unreachable. The test-infra wiring (the docker service, the env vars, the start_dependencies entry) landed in a previous PR; this commit is what makes the suite actually exercise the Azure driver end to end. ------ AI assisted commit * Validate Azure timeout and path prefix in Config.IsValid Parity with the S3-side checks that already cover AmazonS3RequestTimeoutMilliseconds and AmazonS3PathPrefix. Without these, a zero/negative AzureRequestTimeoutMilliseconds passes validation and later creates immediately-expired request contexts, and leading/trailing whitespace in AzurePathPrefix produces blob keys that don't match what the admin configured. Same checks added for the Export* counterparts. The file_driver.app_error translation is updated to mention the new 'azureblob' option alongside 'local' and 'amazons3'. ------ AI assisted commit * Stream zip entries from the Azure backend writeZipEntry was calling ReadFile, which loads the entire blob into memory before writing it to the archive. For large blobs or deep directories this spikes RSS or OOMs the goroutine. Switch to Reader (the streaming azureRangeReader) and io.Copy into the zip entry so memory stays bounded regardless of blob size. ------ AI assisted commit * Use a backend-agnostic fallback for FileBackendNoBucketError The fallback Error() message was "no such bucket", which leaks S3 terminology when an Azure caller returns the type with no wrapped Err. Use "no such bucket or container" so logs and external error handling stay neutral across backends. ------ AI assisted commit * Defend Azure path prefix against directory traversal Reject ".." in AzurePathPrefix and ExportAzurePathPrefix at config validation time, since path.Join collapses traversal segments and a prefix like "../other-tenant" would otherwise escape the configured isolation boundary. Harden the prefix helper as a second line of defense: if the joined path no longer sits inside pathPrefix, fall back to joining the prefix with the base name of the caller-supplied path. That preserves the prefix invariant for plugin and import paths that the upload code does not sanitize uniformly. ------ AI assisted commit * Honor SkipVerify when constructing the Azure client FileBackendSettings.SkipVerify is plumbed through from the System Console the same way it is for S3, so admins toggling the flag for self-signed endpoints (Azurite, sovereign clouds) get the behavior they expect without having to drop SSL entirely and send the shared key in clear text. ------ AI assisted commit * Warn when the Azure request timeout falls back to its default Config.IsValid already rejects non-positive AzureRequestTimeoutMilliseconds for any path that goes through config validation, so this warn only fires for direct callers that bypass validation (tests, helpers). Logging the substitution turns a silent coercion into something an operator can correlate against unexpected request behavior. ------ AI assisted commit * Cap Azure request timeout at 10 minutes Reject AzureRequestTimeoutMilliseconds values above the ceiling so an operator (or someone who has admin access) cannot effectively disable timeouts by setting the value to math.MaxInt64. A hung Azure call then holds a goroutine open until the OS gives up. Applies the same bound to ExportAzureRequestTimeoutMilliseconds. S3 has the same gap; treating it is out of scope here but worth a follow-up. ------ AI assisted commit * Refuse AppendFile on blobs without a committed block list A blob written by another tool (Azure portal, azcopy, a migration script, a plugin using Put Blob) has its content in the blob but an empty committed-block list. Committing a new block list against such a blob silently replaces the existing content with only the appended bytes. Check the blob's properties before staging when the committed-block list is empty, and refuse with a clear error if the blob has content. Same hazard for an admin pointing the backend at an existing container with pre-existing files. Adds an integration test against Azurite to lock the behavior in. ------ AI assisted commit * Surface truncated reads from azureRangeReader Read closed the body cleanly and returned io.EOF even when the remote stream terminated before the blob's content length. Callers (and any retry layer above) then accepted a partial blob as complete. ReadAt unconditionally rewrote io.ErrUnexpectedEOF to io.EOF, which made truncated downloads indistinguishable from clean reads. That is exactly what zip.NewReader consumes for archive readers, so the bulk-import worker would silently import partial archives. Read now closes the body, nils it, and returns io.ErrUnexpectedEOF when EOF arrives before offset reaches size. ReadAt only collapses ErrUnexpectedEOF to EOF when the full count was delivered and the stream was consumed to the end of the blob. Otherwise the truncation propagates with context. Both code paths are exercised by new fakeDownloader-backed tests. ------ AI assisted commit * Move container provisioning out of Azure TestConnection Auto-creating the container inside TestConnection meant a typo in the System Console (mattermosst instead of mattermost) silently provisioned an unwanted container in the admin's Azure subscription, with no audit log and no warning. They'd discover it later when uploads landed somewhere unexpected. TestConnection now returns FileBackendNoBucketError when the container is missing, mirroring the S3 contract. A new MakeContainer method mirrors S3FileBackend.MakeBucket, and Server.Start dispatches via two capability interfaces (bucketMaker / containerMaker) instead of a hard S3 type assertion — so the NoBucket error is no longer silently swallowed for backends Server.Start has not been taught about. ------ AI assisted commit * Carry file backend auth detail through to AppError The Test Connection button collapsed every typed backend failure into the same generic i18n message. Operators trying to debug bad credentials or a missing bucket only saw "Unable to authenticate against the file storage backend" with no SDK code to grep for in their logs. Use errors.As so the typed checks survive future wrapping, and pass the underlying error string through the NewAppError details argument. The AppError serializer surfaces that detail to the admin console alongside the translated message, so a bad S3 InvalidAccessKeyId or an Azure AuthenticationFailed shows up in the toast without an i18n schema change. ------ AI assisted commit * Remove non-ascii characters from comments ------ AI assisted commit * Make linter happy ------ AI assisted commit * Harden Azure prefix boundary check strings.HasPrefix on the joined path is a string-level check, not a path-level one, so a configured prefix of "mattermost" accepts a joined result of "mattermost-evil/...". A crafted caller path like "../mattermost-evil/secrets" would collapse via path.Join to that exact sibling and slip through the boundary check, escaping the configured prefix scope. Require the joined path to be the cleaned prefix itself or to start with the prefix followed by a path separator. The fallback path.Join uses the same cleaned prefix for consistency. ------ AI assisted commit * Provision Azurite container in standalone test setup The shared FileBackendTestSuite's SetupTest already handles a missing container by detecting FileBackendNoBucketError from TestConnection and calling MakeContainer, but TestAzureFileBackendAppendRefusesNonBlockBlob bypasses SetupTest and calls TestConnection directly. On a fresh Azurite instance the test would fail before exercising the append-refusal logic. Extract a newAzuriteBackend(t) helper alongside azuriteSettings(t) that builds the backend and ensures the container exists, mirroring the suite's setup. Use errors.As for forward compatibility with future wrapping. ------ AI assisted commit * Fix grammar in email-settings i18n string "Email settings has unset values." -> "Email settings have unset values." ------ AI assisted commit * Make Azure MakeContainer idempotent Treat a ContainerAlreadyExists response as success so that two nodes racing through TestConnection plus MakeContainer at boot both converge instead of having the loser fail. Mirrors how the S3 backend handles the equivalent BucketAlreadyOwnedByYou case. ------ AI assisted commit * Narrow AzureEndpoint comment to path-style only The setting only builds path-style URLs, so it cannot reach sovereign clouds like Azure Government or Azure China, which require vhost-style endpoints. Update the comment to reflect what the code actually does and document that sovereign-cloud support is out of scope. ------ AI assisted commit	2026-05-14 16:59:18 +00:00
Jesse Hallam	e3fbf8711f	MM-68149: Upgrade to Go 1.26.2 (#36418) ... * MM-68149: upgrade to Go 1.26.2 Update go directive in go.mod and .go-version. * MM-68149: replace pointer helpers with Go 1.26 new() Go 1.26 extends the built-in new() to accept an initial value expression, making typed-pointer helpers like model.NewPointer(x), bToP(x), and boolPtr(x) redundant. Replace every call site with new(x) and remove the now-unused helper functions and their //go:fix inline directives. * MM-68149: apply go fix for reflect API and format-string changes - reflect.Ptr → reflect.Pointer (renamed in Go 1.18, deprecated alias removed in 1.26) - reflect range-over-struct: for i := 0; i < t.NumField(); i++ → for field := range t.Fields() and the equivalent for Methods() and interface types - Fix format-string concatenation and variadic-arg mismatches flagged by go vet * MM-68149: update JPEG fixtures and test infrastructure for Go 1.26 encoder Go 1.26 ships a new image/jpeg encoder that produces slightly different output. Regenerate all JPEG fixture files and switch the comparison helpers from byte-equality to pixel-level comparison with a small per-channel tolerance, so minor encoder drift across patch versions is handled automatically. Add -update-fixtures flag to make it easy to regenerate fixtures after future major Go upgrades. Document the update procedure in tests/README.md. * MM-68149: CI check that go fix ./... produces no changes * Fix real bugs flagged by CodeRabbit review - group.go: set newGroup.MemberCount not group.MemberCount (member count was populated on the wrong variable and lost before publish/return) - file_test.go: guard compareImage(GetFilePreview) on the preview slice length, not the thumbnail slice length (copy-paste error) - config_test.go: remove duplicate MinimumLength assignment * fixup! Fix real bugs flagged by CodeRabbit review	2026-05-12 15:59:12 +00:00
Daniel Espino García	ebc066e7fd	[MM-68273] Add system messages for share / unshare events (#36032) ... * [MM-68273] Add system messages for share / unshare events * Fix CI * Address feedback * Fix CI * Remove unknown prop * Add missing tests	2026-05-05 15:25:25 +02:00
Doug Lauder	c3ab0f7f78	MM-68191: Add plugin Receive APIs for shared channel sync (#35962) ... * Add plugin APIs for plugin to sync data into shared channels	2026-04-14 14:31:25 -04:00
JG Heithcock	88954db3de	[MM-63434] Use forked PDF library with parsing depth limit (#35947) ... * [MM-63434] Use forked PDF library with parsing depth limit Replace github.com/ledongthuc/pdf with a fork that limits object nesting depth during parsing. Add test coverage. * Reverting incorrect merge that lost the change to msgpack The error was in merge 64bdff88d8	2026-04-14 10:28:59 -07:00
Daniel Espino García	ed80e8ba91	Shared channel UI for channel admins (#35448) ... * Shared channel UI for channel admins * Fix lint * Use errors.is instead of using string comparison * Fix configuration check * Handle error when sharing an already shared channel * Remove unneeded disabled prop * Add missing tests * Frontend tweaks * Fix lint * Fix lint and test * Address coderabbit review * Fix removing unconfirmed remotes * Better handle errors while saving state * Remove unneeded state * Fix selector not being stable between different renders * Fix i18n and improve one type * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/add_workspace_dropdown.tsx Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/workspace_list.tsx Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Apply suggestions from code review Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Deal with settings option permissions * Add message when no remotes are available * Add dividers * Add disabled tooltip * Fix tests * Fix lint * Touch update at on share/unshare * Fix tests * Fix lint * Add missing await * Add e2e tests * Fix playwright prettier * Update server.prepare to have connected workspaces enabled by default * Revert changes on server.prepare and try with changes on server.generate * Fix shared channel configuration E2E tests (#35786) * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update initial enabled state to properly handle saves * Update role name in e2e tests --------- Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: yasser khan <attitude3cena.yf@gmail.com> Co-authored-by: Doug Lauder <wiggin77@warpmail.net>	2026-04-14 11:37:09 +02:00
Alejandro García Montoro	161f0713a4	MM-66612: Add health flag to fast-fail when ES is offline (#35843) ... * Add health flag to fast-fail when ES is offline When Elasticsearch goes offline, the watcher takes up to 3 health check cycles (~180 s) to detect the outage and stop the engine. During that window every search query blocks for 30 s before falling back to the database, and indexing goroutines pile up unboundedly — causing server-wide slowness, posting failures, and duplicate posts from client retries (MM-66612). Introduce a `healthy` atomic flag on each ES/OpenSearch engine. The watcher sets it to false on the *first* health-check failure and back to true on success. `Broker.GetActiveEngines()` now requires both `IsActive()` and `IsHealthy()`, so all search and indexing operations skip the unhealthy engine immediately. The existing 3-failure stop/restart cycle is unchanged and continues to handle full recovery. * Fix other tests * Fix unrelated flaky test * Use atomic.int32 everywhere * Revert "Fix unrelated flaky test" This reverts commit a289015637. * Improve coverage for ActiveEngine/GetActiveEngines * Document expectations on SearchEngineInterface * Use mock.On("call").Unset * Remove healthCalls to avoid a flaky test * Be explicit on Unset * Log any change in the health of the search engine * Test the healthy<->unhealthy changes are logged --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-13 22:43:14 +02:00
Alejandro García Montoro	a2a896a5de	MM-67433: Elasticsearch health monitor (#35747) ... * Add HealthCheck to search engine interface The watcher (next commit) needs a way to probe whether ES/OS is still reachable. Each backend does a cluster health request with a 5 s timeout, snapshotting the client under the read lock so the network call doesn't block Stop()/Start(). * Add search engine background watcher The old fire-and-forget ps.Go() calls for ES startup had no retry, no health monitoring, and no backoff. If Start() failed at boot the engine stayed down until the next config change or server restart. Replace with a single watcher goroutine that: - retries Start() with exponential backoff (15 s–5 m) - runs periodic health checks once active - stops the engine after N consecutive failures - reacts immediately to config/license changes - shuts down cleanly via context cancellation * Add tests for search engine watcher Covers retry-then-health transition, exponential backoff capping, disable/enable park-unpark via notify, intermittent vs threshold health failures, and edge cases (Start ok but not active, rapid config changes, failure counter reset). * Address review comments * make i18n-extract * Make Stop() a no-op if already stopped Both Elasticsearch and OpenSearch Stop() methods returned an error when the engine was already stopped. This forced every caller to handle or ignore a non-error condition. Returning nil instead is more idiomatic and simplifies all call sites. * Simplify config listener branches Merge the connectionChanged and startingES/stoppingES branches into one. Since Stop() is now a no-op when already stopped, we can always call Stop() then notify the watcher regardless of which condition triggered the change. * Restore license listener conditional order Keep the original order (license-added first, license-removed second) to reduce diff noise. The conditions are mutually exclusive so the order has no semantic effect. * Log consecutive failures in retry phase Track and log consecutiveFailures when Start() fails or returns nil but the engine is not active, so operators can see how many attempts have been made alongside the backoff duration. * Clarify health check timer reset placement Add a comment explaining why the timer reset lives outside the if/else: both success and below-threshold failure share the same health interval, while the critical-failure path continues before reaching this point. * Remove nested select in disabled-engine path Replace the nested select block with timer.Stop() + continue. The main loop's select already handles ctx.Done() and notify, so stopping the timer is enough to park until one of those fires. * Add context.Context to Start() Accept a context in SearchEngineInterface.Start() and propagate it to all network calls (checkMaxVersion, fetchServerInfo, index template creation). This lets the watcher's cancellable context flow through to the HTTP client, so a stuck Start() call returns promptly on shutdown instead of blocking until TCP timeout. * Simplify startSearchEngineWatcher comment Focus on the actual reason (long-lived, owns its lifecycle) rather than the shutdown-blocking detail, which is less relevant now that Start() accepts a cancellable context. * Make the comment on the goroutine more accurate * Fix log * Revert the branches merge This was causing a race condition in the TestElasticsearchAggregation test. * Own Start/Stop by the engine watcher The config listener simply notifies now, so it's easier to follow the logic of the calls. * Refactor the engine watcher into its own type Simplify the code by: 1. Moving the whole watcher into its own type, so that the PlatformService contains an instance of it, instead of all the locks and channels 2. Splitting the main loop into functions. John Carmack may not like this, but it's way easier to read and follow. * make i18n-extract * Rename notify > reevaluate * Park the watcher if there is no license * Call reevaluate from within requestRestart * Use RequestTimeoutSeconds instead of hardcoded 5s * Use atomic.Int32 in the tests as well * Add defensive code ta watcher exit Stop the engine if it was still running when the watcher exits, having a safety net for scenarios like race conditions between Start and a cancelled context. --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-13 11:51:32 +02:00
Doug Lauder	7dccd6eba6	MM-68199: Fix shared channel membership sync error for local users (#35938) ... When a channel is shared between two instances, the sender was including membership changes for users that originated from the target remote. On the receiver those users are local (RemoteID=""), causing the RemoteID check to fail with "remoteID mismatch", creating log noise. Fix both sides: sender now skips users belonging to the target remote, and receiver silently skips local users instead of logging an error.	2026-04-07 15:59:18 -04:00
Doug Lauder	540ccc599b	MM-68179: Run sendLoop workers on all HA nodes (#35909) ... * MM-68179: Run sendLoop workers on all HA nodes In HA clusters, sendLoop worker goroutines only ran on the leader node. When an API request to send a channel invite landed on a non-leader node, SendMsg enqueued the task to a local in-memory channel but no goroutine consumed it, silently losing the message. Fix by starting sendLoop workers in Start() on all nodes, independent of the leader-only ping lifecycle. - Separate sendLoop lifecycle (Start/Shutdown) from ping lifecycle (pingStart/pingStop on leader change) - Rename resume/pause to pingStart/pingStop for clarity - Change Active() to mean "service started" via atomic.Bool - Remove SetActive (no longer needed; tests use Start()) * address review comment * Added idempotency guard to Start() * Start() and Shutdown(): CompareAndSwap instead of Load/Store — eliminates races where concurrent calls could both proceed. Only the winner of the CAS executes; the loser returns nil immediately. Ping test: replaced time.Sleep with assert.Never/assert.Eventually — no more brittle fixed sleeps. Uses assert.Never to verify no pings fire on non-leader, and assert.Eventually to verify pings stop after losing leadership (snapshot-then-compare pattern). * make unit tests parallel capable --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-07 18:49:54 +02:00
Doug Lauder	e694e86d63	MM-68204: Use multi-level logging for shared channel and remote cluster service errors (#35949) ... * Use multi-level logging for shared channel and remote cluster service errors Service-specific log levels (LvlRemoteClusterServiceError, LvlSharedChannelServiceError) were hidden from the main log by default, requiring explicit configuration to see them. Switch all call sites to use LogM with multi-level combos so each log line is attributed to both the standard level (error/warn) and the service-specific level. This surfaces errors in the main log while preserving the ability to isolate them into dedicated files. Each instance was reviewed and either kept as error (DB failures, security issues, config errors, exhausted retries on critical data) or downgraded to warn (transient network failures, remote-side reported errors with retry logic, non-critical data like profile images, reactions, acknowledgements, and status).	2026-04-06 12:17:47 -04:00
Doug Lauder	3888a69479	MM-68158: Fix shared channel remote display and notify UI on invite completion (#35908) ... * MM-68158: Fix shared channel remote display and add WebSocket notification Fix getSharedChannelRemotes API handler passing ChannelId instead of RemoteId to GetRemoteCluster, which always failed the lookup. Add RemoteId to SharedChannelRemoteStatus model and store query. Add shared_channel_remote_updated WebSocket event published from the onInvite callback so the UI refreshes its cached remote names when the async invite completes, instead of showing the generic "Shared with trusted organizations" fallback. * Improved unit tests per review comments	2026-04-03 02:06:01 -04:00
Jesse Hallam	f7f2d944e8	upgrade golangci-lint (#35845)	2026-03-30 13:41:32 -03:00
Miguel de la Cruz	48f2fd0873	Merge the Integrated Boards MVP feature branch (#35796) ... * Add CreatedBy and UpdatedBy to the properties fields and values (#34485) * Add CreatedBy and UpdatedBy to the properties fields and values * Fix types --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds ObjectType to the property fields table (#34908) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Update ObjectType migration setting an empty value and marking the column as not null (#34915) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds uniqueness mechanisms to the property fields (#35058) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Fixing retrylayer mocks * Remove retrylayer duplication * Address review comments * Fix comment to avoid linter issues * Address PR comments * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.down.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.up.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.up.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update field validation to check only for valid target types * Update migrations to avoid concurrent index creation within a transaction * Update migrations to make all index ops concurrent * Update tests to use valid PSAv2 property fields * Adds a helper for valid PSAv2 TargetTypes --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Fix property tests (#35388) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds Integrated Boards feature flag (#35378) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds Integrated Boards MVP API changes (#34822) This PR includes the necessary changes for channels and posts endpoints and adds a set of generic endpoints to retrieve and manage property fields and values following the new Property System approach. Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Mattermost Build <build@mattermost.com> * Property System Architecture permissions for v2 (#35113) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Fix i18n sorting --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Add Views store and app layer (#35361) * Add Views store and app layer for Integrated Boards Implements the View entity (model, SQL store, service, app) as described in the Integrated Boards tech spec. Views are channel-scoped board configurations with typed props (board, kanban subviews) and soft-delete. - public/model: View, ViewBoardProps, Subview, ViewPatch types with PreSave/PreUpdate/IsValid/Patch/Clone/Auditable - Migration 158: Views table with jsonb Props column and indexes - SqlViewStore: CRUD with nil-safe Props marshaling (AppendBinaryFlag) - ViewService: CreateView seeds default kanban subview and links the boards property field; caches boardPropertyFieldID at startup - App layer: CreateView/GetView/GetViewsForChannel/UpdateView/DeleteView with channel-membership permission checks and WebSocket events (view_created, view_updated, view_deleted) - doSetupBoardsPropertyField: registers the Boards property group and board field in NewServer() before ViewService construction - GetFieldByName now returns store.ErrNotFound instead of raw sql.ErrNoRows * Move permission checks out of App layer for views - Remove HasPermissionToChannel calls from all App view methods - Drop userID params from GetView, GetViewsForChannel, UpdateView, DeleteView - Fix doSetupBoardsPropertyField to include required TargetType for PSAv2 field * Make View service generic and enforce board validation in model - Remove board-specific auto-setup from service and server startup - Enforce that board views require Props, at least one subview, and at least one linked property in IsValid() - Move default subview seeding out of app layer; callers must provide valid props - Call PreSave on subviews during PreUpdate to assign IDs to new subviews - Update all tests to reflect the new validation requirements * Restore migrations files to match base branch * Distinguish ErrNotFound from other errors in view store Get * Use CONCURRENTLY and nontransactional for index operations in views migration * Split views index creation into separate nontransactional migrations * Update migrations.list * Update i18n translations for views * Fix makeView helper to include required Props for board view validation * Rename ctx parameter from c to rctx in OAuthProvider mock * Remove views service layer, call store directly from app * Return 500 for unexpected DB errors in GetView, 404 only for not-found * Harden View model: deep-copy Props, validate linked property IDs - Add ViewBoardProps.Clone() to deep-copy LinkedProperties and Subviews - Use it in View.Clone() and View.Patch() to prevent shared-slice aliasing - Iterate over LinkedProperties in View.IsValid() and reject invalid IDs with a dedicated i18n key - Register ViewStore in storetest AssertExpectations so mock expectations are enforced - Add tests covering all new behaviours * Restore autotranslation worker_stopped i18n translation * Fix view store test IDs and improve error handling in app layer - Use model.NewId() for linked property IDs in testUpdateView to fix validation failure (IsValid rejects non-UUID strings) - Fix import grouping in app/view.go (stdlib imports in one block) - Return 404 instead of 500 when Update/Delete store calls return ErrNotFound (e.g. concurrent deletion TOCTOU race) * Add View store mock to retrylayer test genStore helper The View store was added to the store interface but the genStore() helper in retrylayer_test.go was not updated, causing TestRetry to panic. Also removes the duplicate Recap mock registration. * Refactor view deletion and websocket event handling; update SQL store methods to use query builder * revert property field store * Remove useless migrations * Add cursor-based pagination to View store GetForChannel - Add ViewQueryCursor and ViewQueryOpts types with validation - Return (views, cursor, error) for caller-driven pagination - PerPage clamping: <=0 defaults to 20, >200 clamps to 200 - Support IncludeDeleted filter - Add comprehensive store tests for pagination, cursor edge cases, PerPage clamping, and invalid input rejection - Add app layer test for empty channelID → 400 - Update interface, retrylayer, timerlayer, and mock signatures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Refactor test loops in ViewStore tests for improved readability * change pagination to limit/offset * Add upper-bound limits on View Subviews and LinkedProperties Defense-in-depth validation: cap Subviews at 50 and LinkedProperties at 500 to prevent abuse below the 300KB payload limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * MM-67388, MM-66528, MM-67750: Add View REST API endpoints, websocket events, and sort order (#35442) * Add Views store and app layer for Integrated Boards Implements the View entity (model, SQL store, service, app) as described in the Integrated Boards tech spec. Views are channel-scoped board configurations with typed props (board, kanban subviews) and soft-delete. - public/model: View, ViewBoardProps, Subview, ViewPatch types with PreSave/PreUpdate/IsValid/Patch/Clone/Auditable - Migration 158: Views table with jsonb Props column and indexes - SqlViewStore: CRUD with nil-safe Props marshaling (AppendBinaryFlag) - ViewService: CreateView seeds default kanban subview and links the boards property field; caches boardPropertyFieldID at startup - App layer: CreateView/GetView/GetViewsForChannel/UpdateView/DeleteView with channel-membership permission checks and WebSocket events (view_created, view_updated, view_deleted) - doSetupBoardsPropertyField: registers the Boards property group and board field in NewServer() before ViewService construction - GetFieldByName now returns store.ErrNotFound instead of raw sql.ErrNoRows * Move permission checks out of App layer for views - Remove HasPermissionToChannel calls from all App view methods - Drop userID params from GetView, GetViewsForChannel, UpdateView, DeleteView - Fix doSetupBoardsPropertyField to include required TargetType for PSAv2 field * Make View service generic and enforce board validation in model - Remove board-specific auto-setup from service and server startup - Enforce that board views require Props, at least one subview, and at least one linked property in IsValid() - Move default subview seeding out of app layer; callers must provide valid props - Call PreSave on subviews during PreUpdate to assign IDs to new subviews - Update all tests to reflect the new validation requirements * Restore migrations files to match base branch * Distinguish ErrNotFound from other errors in view store Get * Use CONCURRENTLY and nontransactional for index operations in views migration * Split views index creation into separate nontransactional migrations * Update migrations.list * Update i18n translations for views * Fix makeView helper to include required Props for board view validation * Rename ctx parameter from c to rctx in OAuthProvider mock * Remove views service layer, call store directly from app * Return 500 for unexpected DB errors in GetView, 404 only for not-found * Harden View model: deep-copy Props, validate linked property IDs - Add ViewBoardProps.Clone() to deep-copy LinkedProperties and Subviews - Use it in View.Clone() and View.Patch() to prevent shared-slice aliasing - Iterate over LinkedProperties in View.IsValid() and reject invalid IDs with a dedicated i18n key - Register ViewStore in storetest AssertExpectations so mock expectations are enforced - Add tests covering all new behaviours * Restore autotranslation worker_stopped i18n translation * Fix view store test IDs and improve error handling in app layer - Use model.NewId() for linked property IDs in testUpdateView to fix validation failure (IsValid rejects non-UUID strings) - Fix import grouping in app/view.go (stdlib imports in one block) - Return 404 instead of 500 when Update/Delete store calls return ErrNotFound (e.g. concurrent deletion TOCTOU race) * Add View store mock to retrylayer test genStore helper The View store was added to the store interface but the genStore() helper in retrylayer_test.go was not updated, causing TestRetry to panic. Also removes the duplicate Recap mock registration. * Refactor view deletion and websocket event handling; update SQL store methods to use query builder * revert property field store * Add View API endpoints with OpenAPI spec, client methods, and i18n Implement REST API for channel views (board-type) behind the IntegratedBoards feature flag. Adds CRUD endpoints under /api/v4/channels/{channel_id}/views with permission checks matching the channel bookmark pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove useless migrations * Add cursor-based pagination to View store GetForChannel - Add ViewQueryCursor and ViewQueryOpts types with validation - Return (views, cursor, error) for caller-driven pagination - PerPage clamping: <=0 defaults to 20, >200 clamps to 200 - Support IncludeDeleted filter - Add comprehensive store tests for pagination, cursor edge cases, PerPage clamping, and invalid input rejection - Add app layer test for empty channelID → 400 - Update interface, retrylayer, timerlayer, and mock signatures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add cursor-based pagination to View API for channel views * Enhance cursor handling in getViewsForChannel and update tests for pagination * Refactor test loops in ViewStore tests for improved readability * Refactor loop in TestGetViewsForChannel for improved readability * change pagination to limit/offset * switch to limit/offset pagination * Add upper-bound limits on View Subviews and LinkedProperties Defense-in-depth validation: cap Subviews at 50 and LinkedProperties at 500 to prevent abuse below the 300KB payload limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add view sort order API endpoint Add POST /api/v4/channels/{channel_id}/views/{view_id}/sort_order endpoint following the channel bookmarks reorder pattern. Includes store, app, and API layers with full test coverage at each layer. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add connectionId to view WebSocket events and sort_order API spec Thread connectionId from request header through all view handlers (create, update, delete, sort_order) to WebSocket events, matching the channel bookmarks pattern. Add sort_order endpoint to OpenAPI spec. Update minimum server version to 11.6. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove duplicate View/ViewPatch definitions from definitions.yaml The merge from integrated-boards-mvp introduced duplicate View and ViewPatch schema definitions that were already defined earlier in the file with more detail (including ViewBoardProps ref and enums). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update minimum server version to 11.6 in views API spec Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add missing translations for view sort order error messages Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Merge integrated-boards-mvp into ibmvp_api-views; remove spec files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix flaky TestViewStore timestamp test on CI Add sleep before UpdateSortOrder to ensure timestamps differ, preventing same-millisecond comparisons on fast CI machines. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * remove duplicate views.yaml imclude * Use c.boolString() for include_deleted query param in GetViewsForChannel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix views.yaml sort order schema: use integer type and require body Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Refactor view sort order tests to use named IDs instead of array indices Extract idA/idB/idC from views slice and add BEFORE/AFTER comments to make stateful subtest ordering easier to follow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Return 404 instead of 403 for view operations on deleted channels Deleted channels should appear non-existent to callers rather than revealing their existence via a 403. Detailed error text explains the context for debugging. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * add missing channel deleteat checks * Use c.Params.Page instead of manual page query param parsing in getViewsForChannel c.Params already validates and defaults page/per_page, so the manual parsing was redundant. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add support for total count in views retrieval * Add tests for handling deleted views in GetViewsForChannel and GetView * Short-circuit negative newIndex in UpdateSortOrder before opening transaction Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add per-channel limit on views to bound UpdateSortOrder cost Without a cap, unbounded view creation makes sort-order updates increasingly expensive (CASE WHEN per view, row locks). Adds MaxViewsPerChannel=50 constant and enforces it in the app layer before saving. Includes API and app layer tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove include_deleted support from views API Soft-deleted views are structural metadata with low risk, but no other similar endpoint (e.g. channel bookmarks) exposes deleted records without an admin gate. Rather than adding an admin-only permission check for consistency, remove the feature entirely since there is no current use case. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update view permissions to require `create_post` instead of channel management permissions * Remove obsolete view management error messages for direct and group messages --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat(migrations): add user tracking and object type to property fields - Introduced user tracking columns (CreatedBy, UpdatedBy) to PropertyFields and PropertyValues. - Added ObjectType column to PropertyFields with associated unique indexes for legacy and typed properties. - Created new migration scripts for adding and dropping these features, including necessary indexes for data integrity. - Established views for managing property fields with new attributes. This update enhances the schema to support better tracking and categorization of property fields. * Add Property System Architecture v2 API endpoints (#35583) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Adds the Property System Architecture v2 API endpoints * Adds permission checks to the create field endpoint * Add target access checks to value endpoints * Add default branches for object_type and target_type and extra guards for cursor client4 methods * Fix vet API mismatch * Fix error checks * Fix linter * Add merge semantics for property patch logic and API endpoint * Fix i18n * Fix duplicated patch elements and early return on bad cursor * Update docs to use enums * Fix i18n sorting * Update app layer to return model.AppError * Adds a limit to the number of property values that can be patched in the same request * Require target_type filter when searching property fields * Add objectType validation as part of field.IsValid() * Fix linter * Fix test with bad objecttpye * Fix test grouping --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * MM-67968: Flatten view model — remove icon, subviews, typed board props (#35726) * feat(views): flatten view model by removing icon, subview, and board props Simplifies the View data model as part of MM-67968: removes Icon, Subview, and ViewBoardProps types; renames ViewTypeBoard to ViewTypeKanban; replaces typed Props with StringInterface (map[string]any); adds migration 000167 to drop the Icon column from the Views table. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * feat(api): update views OpenAPI spec to reflect flattened model Removes ViewBoardProps, Subview, and icon from the View and ViewPatch schemas. Changes type enum from board to kanban. Replaces typed props with a free-form StringInterface object. Aligns with MM-67968. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * refactor(views): simplify store by dropping dbView and marshalViewProps StringInterface already implements driver.Valuer and sql.Scanner, so the manual JSON marshal/unmarshal and the dbView intermediate struct were redundant. model.View now scans directly from the database. Also removes the dead ViewMaxLinkedProperties constant and wraps the Commit() error in UpdateSortOrder. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * fix(api): allow arbitrary JSON in view props OpenAPI schema The props field was restricted to string values via additionalProperties: { type: string }, conflicting with the Go model's StringInterface (map[string]any). Changed to additionalProperties: true in View, ViewPatch, and inline POST schemas. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Adds basic implementation of the generic redux store for PSAv2 (#35512) * Adds basic implementation of the generic redux store for PSAv2 * Add created_by and updated_by to the test fixtures * Make target_id, target_type and object_type mandatory * Wrap getPropertyFieldsByIds and getPropertyValuesForTargetByFieldIds with createSelector * Address PR comments --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds websocket messages for the PSAv2 API events (#35696) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Adds the Property System Architecture v2 API endpoints * Adds permission checks to the create field endpoint * Add target access checks to value endpoints * Add default branches for object_type and target_type and extra guards for cursor client4 methods * Fix vet API mismatch * Fix error checks * Fix linter * Add merge semantics for property patch logic and API endpoint * Fix i18n * Fix duplicated patch elements and early return on bad cursor * Update docs to use enums * Fix i18n sorting * Update app layer to return model.AppError * Adds a limit to the number of property values that can be patched in the same request * Adds websocket messages for the PSAv2 API events * Add IsPSAv2 helper to the property field for clarity * Add guard against nil returns on field deletion * Add docs to the websocket endpoints --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * migrations: consolidate views migrations and reorder after master - Merged 000165 (create Views) with 000167 (drop Icon) since Icon was never needed - Renumbered branch migrations 159-166 → 160-167 so master's 000159 (deduplicate_policy_names) runs first - Regenerated migrations.list Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add API endpoint to retrieve posts for a specific view (#35604) Automatic Merge * Apply fixes after merge * Return a more specific error from getting multiple fields * Prevent getting broadcast params on field deletion if not needed * Remove duplicated migration code * Update property conflict code to always use master * Adds nil guard when iterating on property fields * Check that permission level is valid before getting rejected by the database * Validate correctness on TargetID for PSAv2 fields * Avoid PSAv1 using permissions or protected * Fix test data after validation change * Fix flaky search test * Adds more posts for filter use cases to properly test exclusions --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: Julien Tant <julien@craftyx.fr> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Julien Tant <785518+JulienTant@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-27 10:36:35 +01:00
Christopher Poile	fb11968f87	[MM-65701] Fix for docextractor archive handling (#34983) ... * do not attempt to decompress 7zip files in docextractor * use SevenZip.Match to detect a 7z file instead of our own method * merge conflicts --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-25 19:17:33 +00:00
Doug Lauder	f0b2a36dbc	MM-67616: Refactor shared channel membership sync to use ChannelMemberHistory (#35619) ... * Refactor shared channel membership sync to use ChannelMemberHistory (MM-67616) Replace the trigger-time membership sync mechanism with a cursor-based approach using ChannelMemberHistory, aligning membership sync with the established pattern used by posts and reactions. Previously, membership changes were built into SyncMsg at trigger time and sent via a separate TopicChannelMembership code path. This meant removals were lost if a remote was offline, since ChannelMembers hard-deletes rows. Now, membership changes are fetched from ChannelMemberHistory at sync time using the LastMembersSyncAt cursor, detecting both joins and leaves reliably. The data flows through the normal syncForRemote pipeline alongside posts, reactions, and other sync data. Key changes: - Add GetMembershipChanges store method for ChannelMemberHistory - Add fetchMembershipsForSync and sendMembershipSyncData to sync pipeline - Replace HandleMembershipChange with NotifyMembershipChanged (trigger-only) - Remove conflict detection (idempotent add/remove resolves naturally) - Remove per-user membership tracking (GetUserChanges, UpdateUserLastMembershipSyncAt) - Add MembershipErrors to SyncResponse - Keep TopicChannelMembership receiver for one release cycle (backward compat)	2026-03-23 10:12:17 -04:00
Andre Vasconcelos	ad03248cd3	MM-67872 Fixing detection issue in image proxy (#35669) ... * Refactoring image proxy * Improving resilience of peeking mechanism * Moving should304 check * Replacing functions with text encoding library	2026-03-19 15:12:19 +02:00
Lorenzo	742e0be950	Validate RefreshedToken differs from original invite token (#34864) ... * Validate that RefreshedToken differs from original invite token in remote cluster confirmation * Add unit test for MM-67098 --------- Co-authored-by: JG Heithcock <jgheithcock@gmail.com>	2026-03-13 19:07:40 +00:00
Carlos Garcia	3057ae7e83	MM-67646 slack import improvements (#35490) ... * improves logging during slack import * add imported users with no password and force reset flow * use i18n key ids during test	2026-03-11 11:26:50 +01:00
Ben Schumacher	b6e5264731	[MM-67739] Rename SlackAttachment to MessageAttachment across the codebase (#35445) ... Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-10 16:37:21 +01:00
Christopher Poile	2ada8d7659	MM-67540 - Allow searching public channel messages without channel membership (#35298) ... * UpdateByQuery methods for channel_type; rewrite reindexChannelPosts log pre-fetch error in channel Update and upgrade reindexChannelPosts to error level * add backfill orchestration, config listener, webapp toggle changes fix misleading backfill complete log when SaveOrUpdate fails * add integration & unit tests for public channel search and backfill * fix nil pointer dereference on UpdateByQuery response and log partial failures * add tests for compliance mode override and P channel post leakage * update system console snapshots * add instructions to error message * improve compliance-mode test * getAllChannels doesn't filter by O/S, need to do ourselves * in search, load channel info for channels we're not a member of * blank commit -- something is wrong with github, maybe this will help * improve channelType passing; error msg; simplify settings naming * debug logging for timing backfill and channel change; TO BE REVERTED * fix getMissingChannelsFromFiles in search as well * blank commit	2026-03-09 14:07:44 -04:00
Harrison Healey	033867a344	MM-67522 Add tests for syncing user statuses (#35269) ... * MM-67522 Add tests for syncing user statuses * Clean up newly added tests * Fix style * Use SyncResponse.StatusErrors when statuses fail to sync	2026-02-20 16:21:05 -05:00
catalintomai	8738f8c4b3	MM-67099 - Membership Sync fix (#35230)	2026-02-16 16:05:04 +01:00
Doug Lauder	c6d00615dd	Force membership sync on reconnect (#35299) ... Co-authored-by: Mattermost Build <build@mattermost.com>	2026-02-16 09:02:36 +00:00
Ibrahim Serdar Acikgoz	b947f1c38a	Add fileSize limit to extractors (#35200)	2026-02-09 15:22:30 +01:00
Daniel Espino García	b5a816a657	Add audits for accessing posts without membership (#31266) ... * Add audits for accessing posts without membership * Fix tests * Use correct audit level * Address feedback * Add missing checks all over the app * Fix lint * Fix test * Fix tests * Fix enterprise test * Add missing test and docs * Fix merge * Fix lint * Add audit logs on the web socket hook for permalink posts * Fix lint * Fix merge conflicts * Handle all events with "non_channel_member_access" parameter * Fix lint and tests * Fix merge * Fix tests	2026-01-20 10:38:27 +01:00
Doug Lauder	338cf4a5a0	Add docs re Shared Channels APIs calls and data flow (#34682) ... * Add docs re Shared Channels APIs calls and data flow * add diagrams	2025-12-21 16:15:07 -05:00
Carlos Garcia	a0326c91ac	[MM-66203] removes direct jaytaylor/html2text dependency (#34539) ... * removes direct jaytaylor/html2text dependency there is still some indirect dependency on the library preventing to use latest tablewriter with a PR made to the outdated library that should be monitored as stated in go.mod comments. * makes variable not shadow outer one * fixes typo and makes test fail on error * uses current docconv dependency to generate plain text email content	2025-12-04 17:15:01 +01:00
Jesse Hallam	61db53dd1a	[MM-66718] Remove unneeded HTML templates watcher (#34557) ... * [MM-66718] Remove unneeded HTML templates watcher The templates package currently supports filesystem watching to automatically reload templates when files change. This feature is unnecessary in production and adds complexity. Changes: - Removed NewWithWatcher() function from templates package - Removed Close() method from Container - Removed watch-related fields (watch, stop, stopped) from Container - Removed fsnotify dependency usage - Updated server.go to use New() instead of NewWithWatcher() - Updated email/helper_test.go to use New() - Removed watcher-related tests from templates_test.go Template updates now require a server restart, which provides clearer behavior and reduces code complexity. * Remove unused fsnotify dependency	2025-11-27 16:24:59 -04:00
Carlos Garcia	4ba7f7e16e	MM-66202: Migrate to aws-sdk-go-v2 (#34496) ... * updated aws-sdk dependency to aws-sdk-go-v2 * simplify error handling in case of timeout errors --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-11-20 11:26:09 +01:00
Ben Schumacher	b2df9be70b	Fix errcheck linter errors in helpers (#31578)	2025-11-12 13:00:51 +01:00
Ben Schumacher	892a7c9c69	Use golangci-lints's build-in modernize linter (#34341)	2025-11-04 12:09:11 +01:00
JG Heithcock	1386024013	Fix MM-65152 (#34199)	2025-10-29 07:52:34 -07:00
Harshil Sharma	c21ef29f02	Flag post API (#33765) ... * Added enable/disable setting and feature flag * added rest of notifgication settings * Added backend for content flagging setting and populated notification values from server side defaults * WIP user selector * Added common reviewers UI * Added additonal reviewers section * WIP * WIP * Team table base * Added search in teams * Added search in teams * Added additional settings section * WIP * Inbtegrated reviewers settings * WIP * WIP * Added server side validation * cleanup * cleanup * [skip ci] * Some refactoring * type fixes * lint fix * test: add content flagging settings test file * test: add comprehensive unit tests for content flagging settings * enhanced tests * test: add test file for content flagging additional settings * test: add comprehensive unit tests for ContentFlaggingAdditionalSettingsSection * Added additoonal settings test * test: add empty test file for team reviewers section * test: add comprehensive unit tests for TeamReviewersSection component * test: update tests to handle async data fetching in team reviewers section * test: add empty test file for content reviewers component * feat: add comprehensive unit tests for ContentFlaggingContentReviewers component * Added ContentFlaggingContentReviewersContentFlaggingContentReviewers test * test: add notification settings test file for content flagging * test: add comprehensive unit tests for content flagging notification settings * Added ContentFlaggingNotificationSettingsSection tests * test: add user profile pill test file * test: add comprehensive unit tests for UserProfilePill component * refactor: Replace enzyme shallow with renderWithContext in user_profile_pill tests * Added UserProfilePill tests * test: add empty test file for content reviewers team option * test: add comprehensive unit tests for TeamOptionComponent * Added TeamOptionComponent tests * test: add empty test file for reason_option component * test: add comprehensive unit tests for ReasonOption component * Added ReasonOption tests * cleanup * Fixed i18n error * fixed e2e test lijnt issues * Updated test cases * Added snaoshot * Updated snaoshot * lint fix * WIP * lint fix * Added post flagging properties setup * review fixes * updated snapshot * CI * Added base APIs * Fetched team status data on load and team switch * WIP * Review fixes * wip * WIP * Removed an test, updated comment * CI * Added tests * Added tests * Lint fix * Added API specs * Fixed types * CI fixes * API tests * lint fixes * Set env variable so API routes are regiustered * Test update * term renaming and disabling API tests on MySQL * typo * Updated store type definition * Minor tweaks * Added tests * Removed error in app startup when content flaghging setup fails * Updated sync condition: * Flag message modal basE * added post preview * displaying options * Adde comment input * Updated tests and docs * finction rename * WIP * Updated tests * refactor * lint fix * MOved to data migration * lint fix * CI * added new migration mocks * Used setup for tests * some comment * Removed unnecesseery nil check * Form validation * WIP tests * WIP tests * WIP tests * fix: mock content flagging config selector with correct reasons format Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat> * fix: add mock for getContentFlaggingConfig in flag post modal test Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat> * Updated error code order in API docs * removed empty files * Added tests * lint fixes * minor tweak * lint fix * type fix * fixed test * nit * test enhancements * API WIP * API WIP * creating values * creating content flagging channel and properties * Able to save properties * Added another property field * WIP * WIP * Added validations * Added data validations and hidden post if confifgured to * lint fixes * Added API spec * Added some tests * Added tests for getContentReviewBot * test: add comprehensive tests for getContentReviewChannels function * Added more app layer tests * Added TestCanFlagPost * test: Add comprehensive tests for FlagPost function * Added all app layer tests * Removed a file that was reamoved downstream * test: add content flagging test file * test: add comprehensive tests for FlagContentRequest.IsValid method * Added model tests * test: add comprehensive tests for SqlPropertyValueStore.CreateMany * test: add comprehensive tests for flagPost() API function * Added API tests * linter fix * WIP * sent post flagging confirmation message * fixed i18n nissues * fixed i18n nissues * CI * Updated test * fix: reset contentFlaggingGroupId for test isolation in content flagging tests * removed cached group ID * removed debug log * review fixes * Used correct ot name * CI * Updated mobile text * Handled JSON error * fixerdf i18n * CI * Integrate flag post api (#33798) * WIP * WIP * Added API call * test: add test for Client4.flagPost API call in FlagPostModal * fix: remove userEvent.setup() from flag post modal test * test: wrap submit button click in act for proper state updates * Updated tests * lint fix * CI * Updated to allow special characters in comments * Handled empty comment * Used finally * CI * Fixed test * Spillage card integration (#33832) * Created getContentFlaggingFields API * created getPostPropertyValues API * WIP * Created useContentFlaggingFields hook * WIP * WIP * Added option to retain data for reviewers * Displayed deleted post's preview * DIsplayed all properties * Adding field name i18n * WIP - managing i18n able texts * Finished displaying all fields * Manual cleanup * lint fixes * team role filter logic fix * Fixed tests * created new API to fetch flagged posts * lint fix * Added new client methods * test: add comprehensive tests for content flagging APIs * Added new API tests * fixed openapi spec * Fixed DataSpillageReport tests * Fixed PostMarkdown test * Fixed PostPreviewPropertyRenderer test * Added metadata to card renderer * test fixes * Added no comment placeholder * Fixed test * refactor: improve test mocking for data spillage report component * test mock updates * Updated reducer * not resetting mocks * WIP * review fixes * CI * Fixed * fixes * Content flagging actions implementation (#33852) * Added view detail button * Created RemoveFlaggedMessageConfirmationModal modal * Added key and remove flag request modal * IMplemented delete flagged post * Handled edge cases of deleting flagged post * keep message * UI integration * Added WS event for post report update and handled deleted files of flagged post * Added error handling in keep/remove forms * i18n fixes * Updated OpenAPI specs * fixed types * fixed types * refactoring * Fixed tests * review fixes * Added new property translations * Improved test * fixed test * CI * fixes * CI * fixed a test * CI --------- Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat>	2025-10-02 20:24:29 +05:30
Ben Schumacher	18eb1347db	[MM-64900] Migrate to use request.CTX instead of context.Context (#33541) ... * Migrate GetRoleByName * Migrate users GetUsers * Migrate Post and Thread store * Migrate channel store * Fix TestConvertGroupMessageToChannel * Fix TestGetMemberCountsByGroup * Fix TestPostStoreLastPostTimeCache	2025-09-18 16:14:24 +02:00
Jesse Hallam	06b1bf3a51	MM-64878: FIPS Build (#33809) ... * pin to ubuntu-24.04 * always use FIPS compatible Postgres settings * use sha256 for remote cluster IDs * use sha256 for client config hash * rework S3 backend to be FIPS compatible * skip setup-node during build, since already in container * support FIPS builds * Dockerfile for FIPS image, using glibc-openssl-fips * workaround entrypoint inconsistencies * authenticate to DockerHub * fix FIPS_ENABLED, add test-mmctl-fips * decouple check-mattermost-vet from test/build steps * fixup! decouple check-mattermost-vet from test/build steps * only build-linux-amd64 for fips * rm entrypoint workaround * tweak comment grammar * rm unused Dockerfile.fips (for now) * ignore gpg import errors, since would fail later anyway * for fips, only make package-linux-amd64 * set FIPS_ENABLED for build step * Add a FIPS-specific list of prepackaged plugins Note that the names are still temporary, since they are not uploaded to S3 yet. We may need to tweak them when that happens. * s/golangci-lint/check-style/ This ensures we run all the `check-style` checks: previously, `modernize` was missing. * pin go-vet to @v2, remove annoying comment * add -fips to linux-amd64.tz.gz package * rm unused setup-chainctl * use BUILD_TYPE_NAME instead * mv fips build to enterprise-only * fixup! use BUILD_TYPE_NAME instead * temporarily pre-package no plugins for FIPS * split package-cleanup * undo package-cleanup, just skip ARM, also test * skip arm for FIPS in second target too * fmt Makefile * Revert "rm unused Dockerfile.fips (for now)" This reverts commit 601e37e0ff. * reintroduce Dockerfile.fips and align with existing Dockerfile * s/IMAGE/BUILD_IMAGE/ * bump the glibc-openssl-fips version * rm redundant comment * fix FIPS checks * set PLUGIN_PACKAGES empty until prepackaged plugins ready * upgrade glibc-openssl-fips, use non-dev version for final stage * another BUILD_IMAGE case * Prepackage the FIPS versions of plugins * relocate FIPS_ENABLED initialization before use * s/Config File MD5/Config File Hash/ * Update the FIPS plugin names and encode the + sign * add /var/tmp for local socket manipulation --------- Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-09-15 10:53:28 -03:00
Ben Schumacher	d78d59babe	Standardize request.CTX parameter naming to rctx (#33499) ... * Standardize request.CTX parameter naming to rctx - Migrate 886 request.CTX parameters across 147 files to use consistent 'rctx' naming - Updated function signatures from 'c', 'ctx', and 'cancelContext' to 'rctx' - Updated function bodies to reference the new parameter names - Preserved underscore parameters unchanged as they are unused - Fixed method receiver context issue in store.go 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Use request.CTX interface in batch worker * Manual fixes * Fix parameter naming * Add linter check --------- Co-authored-by: Claude <noreply@anthropic.com>	2025-09-10 15:11:32 +02:00
Jesse Hallam	8cace74692	MM-64486: Remove telemetry (#33606) ... * MM-64486: Remove telemetry Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information. * recover mock for SystemStore.Get * Fix TestClearPushNotificationSync by adding missing SystemStore mock The test was failing because the SystemStore mock was missing the Get() method that's required by the ServerId() function. Added the missing mock to return a StringMap with SystemServerId. * fix mocking issue * Remove now-unused telemetry and constants * Remove "Disable telemetry events" debug setting * Remove empty functions * Remove most "Telemetry tracking removed" comments * Remove remains of DataPrefetch telemetry * Remove now-unused prop from InviteMembersButton * Remove trackDotMenuEvent * Remove some more leftover comments * Remove lingering logic related to trackingLocation * Remove now-unused argument from useCopyText * Remove lingering telemetry references from PreparingWorkspace * fixup Remove trackDotMenuEvent * Remove lingering telemetry references from signup page and password check * Update snapshots and fix test broken by my changes * Fix unintended behavior change in thread list filtering Remove handleSetFilter wrapper that was accidentally modified during telemetry removal. The function was calling clear() when switching to unread filter, which was not the original behavior. Use setFilter directly instead, restoring the original functionality. * Remove unused useOpenDowngradeModal hook The useOpenDowngradeModal hook was not being used anywhere in the codebase. * Remove unused expandableLink from useExpandOverageUsersCheck The expandableLink return value was not being used by any components. * Re-add missing TeamLinkClicked performance telemetry The mark(Mark.TeamLinkClicked) call was accidentally removed from the handleSwitch function. This telemetry is needed for Looker-based performance tracking. * drop LogSettings.VerboseDiagnostics --------- Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-09-04 18:46:18 +00:00
Alejandro García Montoro	553f99612e	MM-60441: Re-index public channels when a user joins a team (#33400) ... * Index all public channels when a user joins a team * Precompute team members for indexChannelsForTeam * Refactor RequestContextWithMaster to store package This way, we can import it from both the sqlstore and the searchlayer packages. The alternative for this is duplicating the code in those two packages, but that will *not* work: The context package expects custom types for the keys stored in it, so that different packages never clash with each other when trying to register a new key. See the docs for the WithValue function: https://pkg.go.dev/context#WithValue If we try to duplicate the storeContextKey type in both the sqlstore and searchlayer packages, although they *look* the same, they are not, and HasMaster will fail to get the value of the storeContextKey(useMaster) key if it's from the other package. * Use master in call to GetTeamMembersForChannel In GetTeamMembersForChannel, use the DB from the newly passed context, which will be the receiving context everywhere except in the call done from indexChannelsForTeam, to avoid the read after write issue when saving a team member. * Fix GetPublicChannelsForTeam paging We were using the page and perPage arguments as is in the call to GetPublicChannelsForTeam, but that function expects and offset and a limit as understood by SQL. Although perPage and limit are interchangeable, offset is not equal to page, but to page * perPage. * Add a synchronous bulk indexer for Opensearch * Implement Opensearch's SyncBulkIndexChannels * Add a synchronous bulk indexer for Elasticsearch * Implement Elasticsearch's SynkBulkIndexChannels * Test SyncBulkIndexChannels * make mocks * Bulk index channels on indexChannelsForTeam * Handle error from SyncBulkIndexChannels * Fix style * Revert indexChannelWithTeamMembers refactor * Remove defensive code on sync bulk processor * Revert "Add a synchronous bulk indexer for Opensearch" This reverts commit bfe4671d96. * Revert "Add a synchronous bulk indexer for Elasticsearch" This reverts commit 6643ae3f30. * Refactor bulk indexers with a common interface * Test all the different implementations Assisted by Claude * Remove debug statements * Refactor common code into _stop * Rename getUserIDsFor{,Private}Channel * Wrap error * Make perPage a const * Fix typos * Call GetTeamsForUser only if needed * Differentiate errors for sync/async processors --------- Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-08-25 19:28:19 +02:00
Jesse Hallam	d4d8643e29	Remove certificate-based auth (#33751) ... This feature has never worked as advertised. Let's deprecate it, retaining the config field so we can fail server startup to ensure it's not being used at all.	2025-08-21 09:59:20 -03:00
Pablo Vélez	6b4ff48bef	Mm 64925 - prevent slack import email auto validation for non admin users (#33609) ... * MM-64925 - slack import issue autoverifying emails * system admins imports auto verify emails * pass just the isAdmin instead of the entire user struct * enhance documentation and handle mattermost cmd import --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-08-20 17:13:01 +02:00
Ben Schumacher	36b00d9bb6	[MM-64485] Remove separate notification log file (#33473) ... - Remove NotificationLogSettings configuration entirely - Add new notification-specific log levels (NotificationError, NotificationWarn, NotificationInfo, NotificationDebug, NotificationTrace) - Consolidate all notification logs into standard mattermost.log file - Update all notification logging code to use new multi-level logging (MlvlNotification*) - Remove notification logger infrastructure and support packet integration - Update test configurations and remove deprecated functionality tests - Add comprehensive tests for new notification log levels This change simplifies log analysis by unifying all application logging while maintaining flexibility through Advanced Logging configuration for administrators who need separate notification logs. 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Claude <noreply@anthropic.com>	2025-08-20 10:17:45 +02:00
Jesse Hallam	c8d6630141	MM-63240: Always allow viewing archived channels (#32162) ... * server: allow access to channel bookmarks in an archived channel * server: allow access to posts in archived channels * server: allow accessing channel members for archived channels * server: allow autocompleting/searching archived channels * server: allow access to files from archived channels * server: fix access issue on database error * server: allow access to archived channels * server: remove TeamSettings.ExperimentalViewArchivedChannels from telemetry * server: remove ExperimentalViewArchivedChannels from client config * webapp: simplify delete channel * webapp: simplify channel settings modal * webapp: do not redirect away from archived channel * webapp: rhs, always search posts from archived channels * webapp: switch channels, always support archived channels * webapp: search channel provider, always support archived channels * webapp: browse channels, always support archived channels * webapp, search results? fixup? * webapp, confusing type issue * webapp: unarchive, no need to report view archived * webapp: command test, no need for ExperimentalViewArchivedChannels in config * webapp: remove ExperimentalViewArchivedChannels from system console * webapp: redux, do not delete posts, also fix LEAVE_CHANNEL * update e2e tests * server: fail startup if ExperimentalViewArchivedChannels is not enabled * extract i18n * updated snapshots * update tests * simplify posts reducer * updated tests * additional e2e tests * Fix locale consistency in Jest tests Added consistent locale environment variables (LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8) to all Jest test scripts to prevent locale-dependent date formatting differences across development environments. This resolves snapshot test failures where DateTime.toLocaleString() would produce different date formats on different systems (e.g., "6/8/2025" vs "08/06/2025" vs "2025-06-08"). Updated test scripts: - test, test:watch, test:updatesnapshot, test:debug, test-ci Updated snapshot to consistent en_US format. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Remove includeArchivedChannels parameter from GetMemberForPost * Remove unnecessary includeDeleted variable assignments * Deprecate ExperimentalViewArchivedChannels config field --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-08-15 13:50:20 -03:00
Agniva De Sarker	41e88b74ac	MM-61407: Remove Bleve (#33430) ... https://mattermost.atlassian.net/browse/MM-61407 ```release-note NONE ``` * webapp i18n ```release-note NONE ``` * Fix e2e tests ```release-note NONE ``` * fix roles in e2e tests ```release-note NONE ``` * some review comments ```release-note NONE ``` * add back permissions to deprecated list ```release-note NONE ```	2025-07-31 09:35:29 +05:30
catalintomai	594c5d23ac	MM-64926: Membership sync sends sensitive data to remote (#33560)	2025-07-28 23:03:12 +03:00
Agniva De Sarker	257eec43ed	MM-13657: Set ExperimentalStrictCSRFEnforcement to true by default (#33444) ... https://mattermost.atlassian.net/browse/MM-13657 ```release-note We change ServiceSettings.ExperimentalStrictCSRFEnforcement to be true by default for new installations. For existing installations, the value will remain unchanged. ``` * Remove ''Experimental'' prefix from CSRF enforcement field Change field name from ExperimentalStrictCSRFEnforcement to StrictCSRFEnforcement across all files Co-authored-by: Agniva De Sarker <agnivade@users.noreply.github.com> * lint fix ```release-note NONE ``` * fix test ```release-note NONE ``` * set StrictCSRFEnforcement to false on starting a test server --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: Agniva De Sarker <agnivade@users.noreply.github.com> Co-authored-by: Saturnino Abril <5334504+saturninoabril@users.noreply.github.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-07-24 13:51:29 +05:30
Agniva De Sarker	9dd8c056e7	MM-63368: Remove MySQL (#33458) ... https://mattermost.atlassian.net/browse/MM-63368 ```release-note Remove MySQL support from the codebase entirely. ```	2025-07-22 20:40:55 +05:30
Agniva De Sarker	bc859d7fb0	MM-64522: Use PBKDF2 as the new key derivation for remote cluster invitation (#33493) ... https://mattermost.atlassian.net/browse/MM-64522 ```release-note NONE ```	2025-07-21 19:08:31 +05:30
Ben Schumacher	9add320011	[MM-64654] Migrate to modern Go features (#31820)	2025-07-18 12:54:51 +02:00