Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: David Krauser <david@krauser.org>
Co-authored-by: avasconcelos114 <andre.onogoro@gmail.com>
The new TestRegisterPluginForSharedChannels tests added in #36126 broke
master CI because RegisterPluginForSharedChannels assigned opts.Displayname
directly to RemoteCluster.Name, which IsValid validates against the slug
regex ^[a-zA-Z0-9.\-_]+$. Display names with spaces (e.g. "legacy plugin")
fail validation. The tests didn't run in the PR's final CI shard and the
issue surfaced post-merge.
Add CleanRemoteName to the public model, mirroring CleanTeamName and
CleanUsername: lowercase, replace spaces and other disallowed characters
with hyphens, trim, truncate to RemoteNameMaxLength, fall back to NewId
when the result is empty. Use it in RegisterPluginForSharedChannels so
Name is always slug-valid while DisplayName keeps the human-readable label.
This also lets real plugins register with display names containing spaces.
* MM-67979 MM-67980: Add SMTP and push proxy connectivity to support packet
Adds a `notifications` section to `diagnostics.yaml` in the support
packet with SMTP email and push proxy connectivity probe results.
- `notifications.email.status`: ok/fail/disabled based on whether
SendEmailNotifications is enabled and an SMTP connection can be
established using mail.TestConnection()
- `notifications.push.status`: ok/fail/disabled based on whether
SendPushNotifications is enabled and an HTTP GET to the configured
PushNotificationServer URL succeeds
- Error messages are included in the `error` field on failure
- No email or push notification is sent during the probe
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
* fix: handle errcheck lint violations in support_packet_test.go
Suppress unhandled error return values from rw.WriteString calls in
the mock SMTP server used in tests.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: use 127.0.0.1 directly in SMTP reachability test
Replace localhost:0 with 127.0.0.1:0 for the mock SMTP listener so
that it always binds to the loopback interface. In CI Docker containers
localhost may resolve to the container IP rather than 127.0.0.1, causing
the SMTP dial to fail with connection refused. Also switch from string
manipulation to net.TCPAddr type assertion for reliable host/port
extraction.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: override MM_EMAILSETTINGS_SMTPSERVER env var in SMTP reachability test
The CI environment sets MM_EMAILSETTINGS_SMTPSERVER=inbucket via
test.env. Mattermost's config Store.Set() calls GetEnvironment()
(os.Environ()) on every UpdateConfig, so env vars silently override
any programmatic config change. Use t.Setenv before UpdateConfig so
the env var points to 127.0.0.1 for the duration of the subtest.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Add model.StatusDisabled constant and use it in support_packet.go
Replace "disabled" string literals with model.StatusDisabled for
consistency with model.StatusOk and model.StatusFail.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor: use utils.GetHostnameFromSiteURL, extract testPushProxyConnection helper, set LDAP StatusDisabled
- Replace manual url.Parse with utils.GetHostnameFromSiteURL (consistent with app/config.go)
- Extract push proxy HTTP check into testPushProxyConnection with TODO to move to its own package
- Set d.LDAP.Status = model.StatusDisabled when LDAP is not configured
- Replace "disabled" string literals in tests with model.StatusDisabled
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: add status field to ElasticSearch diagnostics with ok/fail/disabled
When indexing is enabled, reports ok or fail based on TestConfig result.
When indexing is disabled or the engine is unavailable, reports disabled.
Backend/ServerVersion/ServerPlugins are still collected when the engine
exists regardless of indexing status.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: update Happy path test for LDAP and ES StatusDisabled assertions
Both are disabled in the test environment so they now report StatusDisabled.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: use GET /version endpoint for push proxy connectivity check
Use url.JoinPath to construct the /version path safely, replacing
raw root URL access. Also validate the HTTP status code so non-2xx/3xx
responses are treated as failures.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add XML struct tags and multi-remote registration for shared channels plugin API
Phase 1: Add xml struct tags to model types used in SyncMsg (Post, User,
Reaction, Status, PostAcknowledgement, FileInfo, SyncResponse,
MembershipChangeMsg). Add custom MarshalXML/UnmarshalXML for SyncMsg
(Users map, MentionTransforms map), StringMap, and StringInterface.
Exclude Post.Metadata, PrevStatus, and server-internal FileInfo fields
from XML. JSON serialization is unaffected.
Phase 2: Lift the one-remote-per-plugin constraint so plugins can
register multiple remotes with different SiteURLs. Add SiteURL field to
RegisterPluginOpts (defaults to "plugin_<PluginID>" for backward
compatibility). Add GetAllByPluginID and GetBySiteURL store methods.
Rewrite registration to dedup by SiteURL instead of PluginID. Add
UnregisterPluginRemoteForSharedChannels for single-remote removal with
plugin ownership validation. Validate SiteURL is non-empty in
RemoteCluster.IsValid. Simplify IsPlugin() to check PluginID only.
* ci: compile mmctl e2e tests with requirefips when FIPS_ENABLED=true
Without this, the mmctl test binary was compiled without the requirefips
tag even in the FIPS container, leaving model.FIPSEnabled=false and
PasswordSettings.MinimumLength=8. Short passwords like "somepass" passed
validation and hashing silently succeeded, giving false confidence that
the tests were FIPS-clean.
* tests: fix short password in TestUserConvertCmdF for FIPS
"Valid bot to user convert" reached ConvertBotToUser with "password"
(8 chars), which fails MinimumLength=14 on FIPS builds.
* MM-67319 Move ShortcutKey component into Shared Package
* MM-67322 Add i18n-extract support for shared package and move key constants
* MM-67320 Move WithTooltip into shared package without modification
* Add CSS variables for standard z-indices
* Update TooltipShortcut to point to shared ShortcutKey
* Update TooltipContent to use shared Emoji
* Move isMessageDescriptor into shared package
* Add Floating UI as explicit dependency of shared package
* Fix WithTooltip imports
* Fix imports for ShortcutX types
* Move/copy tooltip constants into shared package
* Fix WithTooltip tests
* Remove unneeded TODO comments
* Actually share new modules with plugins
* Stop publishing src folder for shared package
* omit error_* fields if empty, add status code
* MM-68378: Add tests for 404-delete semantics in ES/OS indexing jobs
* MM-68378: Fix empty error fields and spurious failures for OS/ES bulk deletes
- Log resp.Status unconditionally in OnFailure so status-only failures
(resp.Error nil, err nil) are always identifiable
- Downgrade per-item OnFailure log from Error to Warn; the job-level
Error log already captures the aggregate failure
- Track real failures in a separate atomic counter shared between the
OnFailure callback and the close closure; 404 deletes (document not
found) are silently skipped and not counted
- Report num_failed from the real counter in close stats; retain
stats_num_failed as the raw SDK count for reference
* MM-68353 - show placeholder for redacted files in preview when permission policies are enabled
* add tests for rendering redacted files placeholder in post message preview based on permission policies
* [MM-68231] Tighten post info authorization
Align post info channel access with the standard read path while preserving expected public-channel discoverability. Add regression coverage for guest and compliance-mode access checks.
Made-with: Cursor
* [MM-68231] Strengthen post info test coverage
Tighten the new post info regression coverage so the guest denial case proves its setup and the compliance case asserts the expected non-compliance behavior first.
Made-with: Cursor
* [MM-68231] Expand post info authorization coverage
Add focused regression coverage for invite-team access, compliance behavior on open teams, private-channel permission boundaries, and outsider denial for DM and GM post info.
Made-with: Cursor
* Adds version to the property group model
* Ensures that the REST API rejects v1 group calls
* Ensures field version and group version match
* Simplify property groups on app layer tests
* Add GetByID to PropertyGroupStore and enforce field/group version match on update
* Simplify bits of the code
* Fix i18n and add generic errors
* Fix PropertyGroupStore mock to return stable IDs and default zero version to V1
* Fix tests that were using nonexistent group IDs
* Fix rigidness on valid group names
* Update group not found slug
* Temporary allow to use tempaltes with v1
* Explicitly including tempaltes in the IsPSAv1 check for conflict check
* Return 404 on group not found and template explicit inclusion on patch API endpoint
* Fix CPA test that would use fields from unregistered groups
---------
Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>
sqlstore's TestMain calls sqlstore.InitTest (which opens postgres and
drops tables) before mainHelper.Main, so the -test.list bailout added
in #36222 never fired and shard-split discovery failed on the GitHub
host. Bail out at the top of TestMain instead, and restore HEAVY_MS
so sqlstore can still be treated as whole.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Fix invite modal input text clipping and modal width overflow
Root cause: react-select v5 auto-sizes the input container using a CSS
grid with data-value attribute, which grows the grid columns based on
input text width. This caused the control, modal-content, and the
dropdown menu to exceed the modal-dialog's 600px width.
Changes:
1. invitation_modal.scss: Add max-width:100% and overflow:hidden on
.modal-content to prevent it from overflowing the 600px modal-dialog.
2. users_emails_input.tsx: Override react-select's styles:
- input.gridTemplateColumns: '0 minmax(0, 1fr)' prevents the sizer
column from auto-expanding based on typed text width.
- valueContainer.gridTemplateColumns: 'minmax(0, 1fr)' prevents the
value-container grid from auto-sizing columns beyond the container.
- Remove old display:flex and width:100% overrides that fought with
react-select v5's inline-grid layout.
3. users_emails_input.scss:
- Remove legacy width:1px on react-select input wrapper.
- Add min-width:0 and max-width:100% on value-container and
input-container for proper flex/grid containment.
- Constrain dropdown menu to max-width:100%.
- Allow no-match text and menu notices to wrap with overflow-wrap
and word-break. Use min-height instead of fixed height so wrapped
text fits.
Fixes: MM-68461
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* Fix stylelint property order in invitation_modal.scss
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* Update snapshot for react-select style changes
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* Add min-width: 0 to input-container to prevent shrink/overflow regressions
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Introduce model.SanitizeFilename and model.IsValidFilename, and
apply them in genFileInfoFromReader and FileInfo.IsValid. The
sanitizer uses filepath.Base, NFC-normalizes Unicode, strips ASCII
control characters, collapses backslashes to forward slashes, and
truncates to the VARCHAR(256) fileinfo.name column width.
The react-select input uses classNamePrefix ManagedCategory, so it did not
inherit the global react-select__input theme color. Set color to
var(--center-channel-color) on the input and input-container to match
placeholder and single-value styling.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Devin Binnie <devinbinnie@users.noreply.github.com>
* MM-66082: Fix invite modal paste by reading text/plain from clipboard
UsersEmailsInput always called preventDefault on paste but read clipboard
data with the legacy 'Text' type, which is empty in modern browsers.
That blocked default paste while adding nothing. Read text/plain first,
fall back to Text, skip custom handling when there is no meaningful
content, and only preventDefault when handling pasted text.
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* Fix ESLint no-void in UsersEmailsInput paste handler
Replace void promise with .catch(() => undefined) so async paste
processing satisfies the no-void rule.
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* MM-66082: Keep arbitrary pasted invite text as draft
Only treat obvious list pastes (comma, semicolon, newline) as bulk
invite input. Let arbitrary pasted text remain in the input so the
existing search and no-match UX can handle it, and keep space-delimited
text as draft rather than splitting it into invite tokens.
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* MM-66082: Restore space-delimited email paste handling
Treat space-separated paste as bulk invite input only when every token
is a valid email. Keep mixed or free-form space-separated paste as draft
text so the existing no-match search UX still applies.
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* MM-66082: Fix invite paste parsing in modal input
Treat pasted input as bulk invite tokens only when it is a single valid
email, an obvious comma/semicolon/newline list, or a space-separated list
of valid emails. Leave mixed or arbitrary pasted text as draft so the
existing no-match search UX still applies. Add focused widget and invite
view regression coverage for the affected paste paths.
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* tests: use example invite paste fixtures
Replace product-specific test data with example.com values, restore the
space-paste length assertion, rename the invalid-word fixture, and remove
extra clipboard MIME lookups that were not needed for the supported paste
path.
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
* MM-66082: Fix invite input typing regressions
Fix premature chip creation while typing valid emails by using the paste
classifier only when it returns bulk mode, keep the valid address default
message wired correctly, and add regression coverage for typing and blur
behavior in both UsersEmailsInput and InviteView.
Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* MM-67352 Prevent composer scroll jumps on formatting click
Keep formatting controls from stealing textarea focus on mousedown so long drafts stay in place when markdown buttons are clicked. Add a regression test for the formatting bar interaction.
Made-with: Cursor
* Update webapp/channels/src/components/advanced_text_editor/formatting_bar/formatting_icon.tsx
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* fix(mmctl): prevent nil pointer panic in websocket command on connection failure
When the WebSocket connection fails immediately, Listen() closes EventChannel
via defer. Reading from a closed channel with a plain receive returns nil,
causing a panic in ToJSON(). Switch to range so the loop exits cleanly,
add a nil guard, and surface ListenError to the caller.
Fixes MM-68351
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(mmctl): add unit tests for websocket nil event and ListenError handling
Extracts the event-processing loop into processWebSocketEvents to enable
unit testing, and adds tests covering the nil-event skip and error surfacing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(mmctl): add happy-path subtest for processWebSocketEvents
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* MM-67975: Add container CPU and memory limits to support packet diagnostics
Add two new optional fields to SupportPacketDiagnostics.Server:
- container_cpu_limit (float64): effective CPU limit in CPUs (e.g. 0.5, 2.0)
- container_memory_limit_mb (uint64): memory limit in MB
Both fields are populated from cgroups v2 (/sys/fs/cgroup/memory.max and
/sys/fs/cgroup/cpu.max) on Linux. Fields use omitempty so they are absent
from the output on bare metal or when no container limits are configured,
preserving backwards compatibility.
Non-Linux builds compile and produce no output for these fields via a
container_limits_other.go stub, following the existing memory_linux.go /
memory_other.go pattern.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
* Fix golangci-lint errors: govet shadow and gofmt formatting
- Fix govet shadow: use var memBytes uint64 + err = instead of memBytes, err :=
to avoid shadowing the outer err variable (which is reused after this block)
- Fix gofmt: add extra space before // 512 MB comment to align with
the longer v2CPUMax line in the same assignment block
* fix(platform): ceil memory MB conversion and return zero-values for missing cgroup files
- Use ceiling division for MemoryLimitMB so sub-1MB limits map to 1 instead
of 0 (which omitempty would silently drop)
- Absorb os.ErrNotExist in getContainerLimits so non-v2/bare-metal hosts
return ContainerLimits{}, nil as the function comment promises
- Update test: missing cgroup file now asserts zero-values, not an error
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(platform): add subtest locking ceil-to-MB behavior for sub-MB memory limits
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(platform): add subtest for missing cpu.max returning zero values
Locks in the os.ErrNotExist branch for cpu.max (lines 57-60 in
container_limits_linux.go), which was previously unreachable via the
existing missing-memory test since that test returns early before
reading cpu.max.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
* Default template property field permissions to sysadmin
Templates define the schema that linked fields inherit, so their
permission levels should default to sysadmin rather than member. This
aligns the create handler with TestLinkedProperties expectations.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Require sysadmin for template property field creation
The target_type-based scope check lets team admins create template
fields with target_type=team, which would then inherit sysadmin-level
permission defaults and lock the creator out. Enforce manage_system for
any template creation so the permission gate matches the intent of the
"create template field as non-admin fails" test.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Surface ws_event type in oversized cluster publish message logs
When a best-effort UDP gossip send fails with "message too long", the log
only shows event: publish with no further context. Tag the ClusterMessage
with the originating WebSocket event type so it appears in the error log.
* Update enterprise.pin to latest after enterprise PR #2133 merged
https://claude.ai/code/session_01Y1Abg1eDjKQBJvy7XhCtG6
* Bump
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Claude <noreply@anthropic.com>
The Coverage job ran the same tests as Postgres with only ENABLE_COVERAGE=true
and a Codecov upload as differences. Enable coverage directly on the Postgres
job under the same release-branch skip condition, eliminating 4x 8-core runner
hours per PR.
* gather plugin metrics and serve on /metrics
* tests
* fix recent conflicts from master
* fix linting
* address review feedback: feature flag, route guard, and unit tests for plugin metrics
- Add PluginMetricsCollection feature flag (default true) to allow disabling plugin metric collection without a deploy
- Only wrap the /metrics handler with plugin metric collection (not arbitrary plugin routes, which would cause double-listing)
- Extract wrapping logic into wrapMetricsHandler for clarity
- Add unit tests for addPluginLabelToMetrics covering no-label, existing-label, comments, empty lines, and multiple metrics cases
* fix integration tests to use /metrics route so wrapMetricsHandler runs
* switch addPluginLabelToMetrics to use expfmt for correct label injection
Replace string manipulation with expfmt parse→mutate→re-encode, which
correctly handles all metric types, timestamps, and malformed input.
Output is normalized: blank lines are dropped and TYPE headers are
injected for undeclared metrics. Update unit tests accordingly.
* refine addPluginLabelToMetrics: log warnings, drop sort, use assert.Contains
- Log a warning (instead of silently discarding) on parse or encode errors,
returning empty string in both cases
- Remove name sorting — metric family order is irrelevant to Prometheus scrapers
- Switch unit test assertions to assert.Contains per line so tests are
order-independent
* replace strPtr helper with model.NewPointer
* fix gofmt: remove extra blank line
* replace existing plugin_id label instead of appending a duplicate
If a plugin already exports a plugin_id label, overwrite it rather than
appending a second one, which would produce invalid Prometheus output.
Add test coverage for the replace path.
* add missing test coverage per mattermost-build feedback
- Unit test: malformed input returns empty string without panicking
- Integration: PluginMetricsCollection=false excludes plugin metrics
- Integration: plugin returning non-200 status excluded from response
- Integration: plugin returning empty body excluded from response
* rename PluginMetricsCollection to AggregatePluginMetrics, default false
---------
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
* Fix bot import panic when user exists without bot record
The original importBot error handler re-declared `var appErr *model.AppError`
inside the CreateBot failure block, shadowing the outer appErr with a typed nil
pointer. When errors.As received this (*model.AppError)(nil), it was a non-nil
interface — so instead of returning false, it called AppError.Unwrap() on the
nil receiver, causing a panic.
This commit:
- Fixes the variable shadowing that caused the panic
- Adds recovery logic: when CreateBot fails because the username is taken,
look up the existing user and create/update just the bot record
- Fixes pre-existing silent error swallowing in Bot().GetByUsername — now
distinguishes store.ErrNotFound from real database errors
- Fixes pre-existing bug where DisplayName changes on re-import were lost
because DisplayName is stored in Users.FirstName, not the Bots table
- Adds logging at every step of the recovery path (Info for normal flow,
Warn for fallback/error paths)
- Uses distinct variable names (saveErr/updateErr) in the Save→Update
fallback to avoid the same class of variable-reuse hazard
- Adds comprehensive test suite (11 subtests) covering dry-run, apply,
re-import, recovery, regression/panic guard, idempotency, DisplayName
update, and plugin-owner edge cases
* Address review findings: tighten assertions, fix error ID, add coverage
- Use require.ErrorAs for store.ErrNotFound instead of generic require.Error
in the dry-run test, so it catches only not-found rather than any store error
- Add time.Sleep before idempotent re-import to ensure any real write would
produce a different UpdateAt timestamp at millisecond resolution
- Fix misleading error ID "app.bot.createbot.internal_error" to
"app.bot.update.internal_error" in the Update fallback path
- Add test for non-username CreateBot failure (email conflict) to cover
the error passthrough at line 907-908
* Add missing i18n translations for bot import error strings
Add translation entries for app.bot.update.internal_error,
app.import.import_bot.lookup_error, and
app.import.import_bot.user_not_found.error to fix enterprise CI
i18n check failure.
