* MM-66909 - Fix BoR sender not seeing priority label on new post
* Use RequestContextWithMaster for BoR priority fetching
* fix linter
* Add BoR post priority unit test
* unique error code and remove webapp workaround
* fix translation
* remove unnecessary line
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66442 - Add empty state message for ABAC channel modal
* fix translation and ts issue
* Remove empty filter controls border in channel modal
* extract and memoize message
* adjust modal header title style and text color
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-65975 - migrate team modal to generic modal
* add e2e tests to team settings
* apply self review fixes, organize test pom and clean code
* fix cypress tests
* Remove jest-junit and unignore build folder in web app packages
We don't actually use the file output by jest-junit, and I don't think we
have since we moved off of Jenkins for CI
* Move parcel-namer-shared into build folder
* MM-67323 Add loadSharedDependency API and script for plugins to use it
* Fix client and mattermost-redux packages missing const enums
* Change interface for webAppExternals
* Rename "Self-Deleting Messages" to "Burn-on-Read Messages"
Updated the Burn on Read feature naming in the System Console for consistency with the product terminology and made all Posts subsection titles translatable for better internationalization support.
- Renamed section title from "Self-Deleting Messages" to "Burn-on-Read Messages"
- Updated section description to clarify that messages delete after being read (removed "or sent")
- Added translation keys for all 6 Posts subsection titles
- Updated type definitions and UI components to support translatable subsection titles
Co-authored-by: Cursor <cursoragent@cursor.com>
* Linting
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* test: increase parallel tests and removed smoke tests both in cypress and playwright
* add duration and retest info
* indicate overall, first-pass and re-run run and test durations
* Respect user display preferences for date and time formatting
User Preference Support:
- Read isUseMilitaryTime preference from user settings
- Apply 24-hour format when enabled (14:00 instead of 2:00 PM)
- Apply 12-hour format when disabled (2:00 PM instead of 14:00)
- Pass useTime prop to Timestamp component with correct hourCycle/hour12
Date Formatting Consistency:
- Create formatDateForDisplay() utility in date_utils.ts
- Centralize date formatting logic (month: 'short', day/year: 'numeric')
- Use consistent "Jan 15, 2025" format across all date/datetime fields
- Replace DateTime.fromJSDate().toLocaleString() which varies by browser
Components Updated:
- DateTimeInput: Use isMilitaryTime for dropdown and selected time display
- DateTimeInput: Use formatDateForDisplay for date display
- AppsFormDateField: Use formatDateForDisplay instead of inline Intl code
Tests Added:
- 4 tests for user preference handling (military time, locale)
- 5 tests for formatDateForDisplay utility
- Updated snapshot for Timestamp changes
Benefits:
- Single source of truth for date formatting
- Easy to change format globally by updating one function
- Respects user preferences consistently
- Fixes inconsistency where datetime showed "1/1/2026" vs date showing "Jan 1, 2026"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Add timezone and manual time entry support for datetime fields
Object Model:
- Create DialogDateTimeConfig with TimeInterval, LocationTimezone, AllowManualTimeEntry
- Add DateTimeConfig field to DialogElement
- Keep legacy MinDate, MaxDate, TimeInterval for fallback
Timezone Support (location_timezone):
- Display datetime in specific IANA timezone (e.g., "Europe/London", "Asia/Tokyo")
- Show timezone indicator: "🌍 Times in GMT"
- Preserve timezone through all operations
- Fix momentToString to clone before converting to UTC (prevents mutation)
- Use moment.tz array syntax for timezone-safe moment creation
- Generate time intervals starting at midnight in display timezone
Manual Time Entry (allow_manual_time_entry):
- Add parseTimeString() function supporting multiple formats:
- 12-hour: 12a, 12:30p, 3:45pm
- 24-hour: 14:30, 9:15
- Add TimeInputManual component with text input
- Conditional rendering: manual input OR dropdown
- No rounding for manual entry (exact minutes preserved)
- No auto-advance (validation only, show error for invalid format)
- Respects user's 12h/24h preference for placeholder
Critical Bug Fixes:
- Fix getTimeInIntervals to return Moment[] instead of Date[] (preserves timezone)
- Fix momentToString mutation: use .clone() before .utc()
- Use .clone() when calling .startOf('day') to preserve timezone
- Use moment.tz([...], timezone) array syntax instead of .tz().hour() mutation
- Display selected time using .format() instead of Timestamp component
- Fix null handling: optional fields start empty, show '--:--'
- Manual entry gets exact current time, dropdown gets rounded time
Component Updates:
- DateTimeInput: Add TimeInputManual component, parseTimeString, timezone handling
- AppsFormDateTimeField: Extract config, timezone indicator, pass timezone to child
- Modal components: Handle Moment | null signatures
- CSS: Add manual entry input styles with error states
Features:
- Timezone-aware time generation (dropdown starts at midnight in display TZ)
- Manual entry works with timezones (creates moments in correct TZ)
- Optional fields start empty (null value, no display default)
- Required datetime fields get rounded default from apps_form_component
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Fix momentToString mutation - clone before converting to UTC
Prevents .utc() from mutating the original moment object.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Add E2E test for 12h/24h time preference support
Test MM-T2530H verifies that datetime fields respect user's display preference:
- Sets preference to 24-hour format
- Verifies dropdown shows times as 14:00, 15:00, etc.
- Verifies selected time displays in 24-hour format
- Changes preference to 12-hour format
- Verifies dropdown shows times as 2:00 PM, 3:00 PM, etc.
Uses cy.apiSaveClockDisplayModeTo24HourPreference() to set user preference.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Auto-round time to interval boundaries in DateTimeInput
Automatically rounds displayed time to timePickerInterval to ensure
consistent behavior across all callers.
Problem:
- DND modal and Custom Status modal showed unrounded times (e.g., 13:47)
- Should show rounded times (e.g., 14:00) to match dropdown intervals
- Some callers pre-rounded, others didn't (inconsistent)
Solution:
- Add useEffect in DateTimeInput that auto-rounds on mount
- Only calls handleChange if time needs rounding
- Uses timePickerInterval prop or 30-minute default
- Harmless for callers that already pre-round (no change triggered)
Behavior:
- DND modal: Now shows 14:00 instead of 13:47
- Custom Status: Still works (already pre-rounded, so no-op)
- Post Reminder: Still works (already pre-rounded, so no-op)
- Interactive Dialog: Still works (uses custom intervals)
Added 3 unit tests for auto-rounding behavior.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* lint fix
* Add deferred login cleanup to post_test.go 'not logged in' test
Ensures the test helper is logged back in after the logout test completes, preventing test state issues for subsequent tests.
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Add unit tests for parseTimeString and timezone handling
parseTimeString tests (9 test cases):
- 12-hour format with AM/PM (12a, 3:30pm, etc.)
- 24-hour format (14:30, 23:59, etc.)
- Time without minutes (defaults to :00)
- Invalid hours, minutes, and formats
- Edge cases (midnight 12:00am, noon 12:00pm)
Timezone handling tests (3 test cases):
- Preserve timezone in getTimeInIntervals
- Generate intervals starting at midnight in timezone
- Timezone conversion pattern verification
Total: 12 new tests added (32 total in file)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Add E2E tests and webhook support for timezone/manual entry
E2E Tests Added (MM-T2530O through MM-T2530S):
- MM-T2530O: Manual time entry basic functionality
- MM-T2530P: Manual time entry multiple formats (12a, 14:30, 9pm)
- MM-T2530Q: Manual time entry invalid format handling
- MM-T2530R: Timezone support dropdown (London GMT)
- MM-T2530S: Timezone support manual entry (London GMT)
Webhook Server Support:
- Added getTimezoneManualDialog() to webhook_utils.js
- Added 'timezone-manual' case to webhook_serve.js
- Dialog with 3 fields: local manual, London dropdown, London manual
Bug Fixes:
- Skip auto-rounding for allowManualTimeEntry fields (preserve exact minutes)
- Generate dropdown options even when displayTime is null (use currentTime fallback)
- Scope Cypress selectors with .within() to avoid duplicate ID issues
All tests passing (13 total datetime tests).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Fix ESLint no-multi-spaces in apps.ts
Remove extra spacing before comments to comply with ESLint rules.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Fix gofmt formatting in integration_action.go
Align Options, MultiSelect, and Refresh field spacing to match Go formatting standards.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* more lint fixes
* css lint fix
* i18n-extract
* lint fixes
* update snapshot
* Fix modal scroll containment for datetime fields
The .modal-overflow class was applying overflow: visible to .modal-body,
which broke scroll containment when datetime fields were present. This
caused the entire form to scroll instead of scrolling within the modal-body
viewport.
Changes:
- Remove .modal-body overflow override from .modal-overflow class to
preserve scroll containment while still allowing date/time popups to
display correctly via z-index
- Remove italic styling from timezone indicator for cleaner appearance
- Remove redundant "Time" label from manual time entry input (aria-label
is sufficient for accessibility)
- Add CSS rule to ensure "(optional)" label text is not bold
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* fixes for cypress tests
* fix for using timezone crossing dates
* fix dateonly strings parse failures
* regex fix
* linter fix
---------
Co-authored-by: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add support for channel mentions in webhook attachments
Implement client-side channel mention rendering in incoming webhook
attachments. Channel mentions (~channel-name) now render as clickable
links in attachment content fields (pretext, text, field values) while
correctly remaining as plain text in title/label fields.
* feat: filewillbedonwloaded hook
* feat: error popup
* chore: make generated pluginapi
* tests
* feat: different errors for different download types
* feat: allow toast positions
* fix: avoid using deprecated i18n function
* feat: add plugin API to show toasts
* feat: downloadType parameter
* tests: updated tests
* chore: make check-style
* chore: i18n
* chore: missing fields in tests
* chore: sorted i18n for webapp
* chore: run mmjstool
* test: fixed webapp tests with new changes
* test: missing mocks
* fix: ensure one-file attachments (previews) are handler properly as thumbnails
* chore: lint
* test: added new logic to tests
* chore: lint
* Add SendToastMessage API and FileWillBeDownloaded hook
- Introduced SendToastMessage method for sending toast notifications to users with customizable options.
- Added FileWillBeDownloaded hook to handle file download requests, allowing plugins to control access to files.
- Updated related types and constants for file download handling.
- Enhanced PluginSettings to include HookTimeoutSeconds for better timeout management.
* Update webapp/channels/src/components/single_image_view/single_image_view.tsx
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* chore: copilot reviews
* test: head requests
* chore: linted the webapp
* tests: fixed path
* test: fixed mocked args
* allow sending message to a connection directly
* fix: hook thread safety
* chore: formatting
* chore: remove configuration from system console
* chore: release version
* chore: update signature
* chore: update release version
* chore: addressed comments
* fix: update file rejection handling to use 403 Forbidden status and include rejection reason header
* Fix nil pointer panic in runFileWillBeDownloadedHook
The atomic.Value in runFileWillBeDownloadedHook can be nil if no
plugins implement the FileWillBeDownloaded hook. This causes a panic
when trying to assert the nil interface to string.
This fix adds a nil check before the type assertion, defaulting to
an empty string (which allows the download) when no hooks have run.
Fixes:
- TestUploadDataMultipart/success panic
- TestUploadDataMultipart/resume_success panic
* test: move the logout test last
* chore: restored accidential deletion
* chore: lint
* chore: make generated
* refactor: move websocket events to new package
* chore: go vet
* chore: missing mock
* chore: revert incorrect fmt
* chore: import ordering
* chore: npm i18n-extract
* chore: update constants.tsx from master
* chore: make i18n-extract
* revert: conflict merge
* fix: add missing isFileRejected prop to SingleImageView tests
* fix: mock fetch in SingleImageView tests for async thumbnail check
The component now performs an async fetch to check thumbnail availability
before rendering. Tests need to mock fetch and use waitFor to handle
the async state updates.
* refactor: move hook logic to app layer
* chore: update version to 11.5
* Scope file download rejection toast to the requesting connection
Thread the Connection-Id header through RunFileWillBeDownloadedHook and
sendFileDownloadRejectedEvent so the WebSocket event is sent only to the
connection that initiated the download, instead of all connections for
the user.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* MM-66813 - Add server origin verification to mobile SSO callbacks
* Enhance mobile SSO security and deprecate code-exchange
* Update code-exchange deprecation to follow MM standards
* Use config SiteURL for srv param, fix flow terminology
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
The generation of notice-file is failing with
```
2026/02/16 10:20:39 NPM load failed @mattermost/shared
2026/02/16 10:20:39 Error occured while generating notice.txt @mattermost/shared:http status code 404 when downloading "https://registry.npmjs.org/@mattermost/shared"
```
This relates with https://github.com/mattermost/mattermost/pull/35065 because
the package is still local and isn't yet published in npm
So, this is ignores the shared package while it isn't published.
* fix guest user import when guest user doesn't have any memberships
This PR fixes an issue where a guest user without channel or team memberships
is not being imported and the importer will then throw an error and abort.
Key changes:
1. Updated validateGuestRoles function to allow system guests without any teams/channels
2. Improved error handling with specific error messages for different validation failures
3. Updated tests to reflect new behavior allowing system guests with no team memberships
4. Added new i18n error messages for better user feedback
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Extract i18n strings and update English locale
- Ran 'make i18n-extract' to extract translation strings from source code
- Alphabetically sorted translation keys in server/i18n/en.json
- Moved guest user validation error messages to proper alphabetical positions
- Removed obsolete/unused translation entries for cleaner locale file
Co-authored-by: Jesse Hallam <lieut-data@users.noreply.github.com>
* Revert "Extract i18n strings and update English locale"
This reverts commit 9d3887cb2e.
* actually fix i18n, needs enterprise access
* add integration test for importing guest user without team/channel memberships
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jesse Hallam <lieut-data@users.noreply.github.com>
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
The Active() check was incorrectly preventing the slash command from working on non-leader nodes in HA clusters. Active() only returns true on the cluster leader (which runs the sync loop), but slash commands can be routed to any node via the load balancer. A nil check is sufficient to verify the service is licensed and configured.
* MM-66937 Add E2E tests for bug
* MM-66937 Remove delayInputUpdate on that input to fix the bug
* Remove delayInputUpdate prop from QuickInput and SuggestionBox
* Run prettier
* Inline updateInputFromProps and remove eslint-disable that's no longer needed
* Fix snapshots
* Change moduleResolution to bundler
This makes TS follow the module resolution of newer versions of Node.js which
makes it use the `imports` and `exports` fields of the package.json while not
requiring file extensions in some cases which it does when set to node16 or
nodenext.
I'm changing this to make it so that VS Code can correctly import things from
our types package without adding `/src/` to the import path erroneously.
Hopefully it doesn't introduce any other issues.
* Change make clean to use package.json script
* Remove missing fields from SystemEmoji type
These were removed from emoji.json in
https://github.com/mattermost/mattermost-webapp/pull/9597, but we forgot to
remove the fields from the type definition. They weren't used anyway.
* MM-66867 Add initial version of shared package
This initial version includes the shared context, React Intl support (although
that's currently untested), linting, and testing support. It builds with
Parcel.
* Move isSystemEmoji into Types package
* MM-67318 Add Emoji component to shared package
To limit the number of changes to the web app, it still uses RenderEmoji which
wraps the new component for the time being. I'll likely replace RenderEmoji
with using it directly in a future PR, but I may leave it as-is if the changes
are too big because the API is different.
* Add postinstall script to build shared package
* Revert changes to moduleResolution and add typesVersions to shared package
I plan to still change moduleResolution to bundler since it's the new default
for TS projects, and since it lets TS use the exports field in package.json,
but it requires other changes to fix some minor issues in this repo which I
don't want to muddy this PR with.
Adding typesVersions lets TS resolve the components in the shared package like
it does with the types package while using the old value for moduleResolution.
Plugins still use the old value for moduleResolution, so this will let them use
the shared package with fewer updates changes as well.
* Fix Webpack not always watching other packages for changes
* Add shared package dependencies and build output to CI cache
* Update @parcel/watcher to fix segfaults
This package seems to be older than the rest of the newly added Parcel
dependencies because it's used by sass.
* Fix build script not doing that
* Go back to manually specifying postinstall order
I just learned that postinstall scripts run in parallel because I was running
into an issue where the client and types packages were building at the same
time, causing one of them to fail. They still run in parallel, so that may
still occasionally happen, but by specifying the order manually, we hopefully
avoid that happening like we seemed to do before.
* Further revert changes to postinstall script
The subpackages were also being built when installed
by a plugin
* Increment cache keys
* Fix typo
* Change the cache busting to look at shared/package.json
* Attempt to debug tests and caching
* Debugging...
* Add shared package to platform code coverage
* Remove caching of package builds and manually run postinstall during web app CI setup
* Debugging...
* Remove CI debugging logic
* Update package-lock.json
* Change Emoji component back to taking an emojiName prop
* Add .parcel-cache to .gitignore
* Respect user display preferences for date and time formatting
User Preference Support:
- Read isUseMilitaryTime preference from user settings
- Apply 24-hour format when enabled (14:00 instead of 2:00 PM)
- Apply 12-hour format when disabled (2:00 PM instead of 14:00)
- Pass useTime prop to Timestamp component with correct hourCycle/hour12
* MM-67312: Restrict Burn-on-Read for self DMs and bot users
* fix lint issues
* use utility function to make code more reliable
* add test case for deleted user and handle restrictively that scenario
* fix i18n
* Allow bots to send BoR; block only self-DMs & DMs with bots
* Refactor BoR validation to API layer with individual params
* adjust comment
* Fix BoR validation to fail-closed when context unavailable
* Fix variable shadowing in CreatePost burn-on-read validation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* remove translation entry
* fix linter
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Claude <noreply@anthropic.com>
* fix: webapp/channels/package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
* Update package-lock.json
---------
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
* Draft changes for BoR post soft-deletion
* Handled the case for author's BoR post read receipt
* lint fix
* Updated text
* Updated tests
* review fixes
* review fixes
* Paginated and batched temperory post deletion
* Updated test
* unmocked store
* logged instead of erroring out
* i18n fix
* review fixes
* support for Elastic(Open)search CJK analysis plugins
* addresses PR review comments
* addresses PR comments
* moves CJK based tests to own file and adds some more
Dockerfile for open and elasticsearch are changed to install required
plugins for testing or running locally.
* properly sort error messages
* fix style issues
* removes trailing space
* Add default agent support and App Bar integration
- Add Agents section to App Bar, separating it from Core Products.
- Implement Default Agent logic in AtMentionProvider:
- Promote default agent to top of suggestions for empty '@' prefix.
- Filter duplicate agent entry from main list when default is shown.
- Add `AgentTag` component for UI distinction.
- Update `mattermost-plugin-ai` and `server/public` dependencies.
- Add unit tests for default agent suggestion logic.
* Add missing files (server deps, types)
* Fix pre-commit check failures
- Fix TypeScript errors in test files:
- Add missing displayName property to defaultAgent in at_mention_provider test
- Add missing fetchAgents mock in textbox test
- Fix Go assignment mismatch in integration_action_test.go (CreatePostAsUser returns 3 values)
- Fix license copyright year in plugins/mattermost-ai/assets/embed.go
- Update i18n translations (add tag.default.agent)
- Regenerate Go serialized files, mmctl docs, and update go.mod/go.sum
* Update snapshot tests for textbox and at_mention_suggestion
* Undo mmctl docs changes
* Undo more changes
* revert package-lock.json
* Update dep for ai plugin
* Update again
* Update at_mention_provider to filter out agent duplicates and add .cursor/ to gitignore
- Filter agent usernames from priorityProfiles and localAndRemoteMembers to prevent duplicate entries in autocomplete suggestions
- Add .cursor/ directory to .gitignore
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
