725 commits

Author	SHA1	Message	Date
Mattermost Build	24bdd773d9	bumps go version to 1.24.13 (#35289) (#35429) ... Automatic Merge	2026-02-25 23:09:31 +01:00
Alejandro García Montoro	094f2c06ce	[MM-67671] Add CJK Post search support for PostgreSQL (#35260) (#35426) ... Automatic Merge	2026-02-25 19:39:30 +01:00
Mattermost Build	67a5ad08ed	update default worker count for autotranslations (#35355) (#35398) ... Automatic Merge	2026-02-23 22:09:29 +01:00
Nick Misasi	11b4428fc3	[MM-67605] Add DCR redirect URI allowlist for OAuth DCR (#35291) (#35394) ... * [MM-67605] Add DCR redirect URI allowlist enforcement Introduce ServiceSettings.DCRRedirectURIAllowlist with glob-based validation and enforce it during OAuth dynamic client registration to block unapproved redirect URIs. Add System Console wiring and tests for config validation, wildcard matching semantics, API error behavior, and localhost wildcard support. * Fix pre-commit checks: TypeScript type assertion, gofmt, and regenerate CI artifacts - admin_definition_dcr_allowlist.test.tsx: Add AdminDefinitionSettingInput type assertion for 'multiple' property - oauth_dcr_test.go: Fix comment spacing (gofmt) - Regenerate mocks, go.sum, gen-serialized, mmctl-docs per CI requirements * Revert unnecessary pre-commit regenerations Revert mmctl docs, mocks, go.sum, and gen-serialized to master. Keep only the TypeScript and gofmt fixes from the previous commit. * Fix import order in admin_definition_dcr_allowlist.test.tsx * Fix i18n * Update server/public/model/oauth_dcr.go * Fix --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-02-20 18:28:41 +02:00
Mattermost Build	9b38d83f16	libre key fix (#35297) (#35357) ... Automatic Merge	2026-02-19 09:09:33 +02:00
Mattermost Build	86ff1d0ad1	Mm 66813 sso callback metadata (#34955) (#35319) ... Automatic Merge	2026-02-17 09:39:28 +02:00
Mattermost Build	3571847419	[MM-67488] Set autotranslation feature flag default to true (#35288) (#35317) ... Automatic Merge	2026-02-16 16:39:28 +02:00
Mattermost Build	d2992fec8f	[MM-67502] Sanitize secret plugin settings inside sections (#35214) (#35227) ... Automatic Merge	2026-02-10 12:23:29 +02:00
Ben Cooke	76b3528c2b	[MM-67231] Etag fixes for autotranslations (#35196)	2026-02-09 18:32:26 -05:00
Andre Vasconcelos	13a0d63b3c	MM-67372: Improve link preview metadata handling and filtering (#35178) ... * MM-67372: Filter SVG images from OpenGraph metadata to prevent DoS This commit adds server-side filtering of SVG images from OpenGraph metadata to mitigate a DoS vulnerability where malicious SVG images in og:image tags can crash Chromium-based browsers and Safari. Changes: - Add IsSVGImageURL() helper function in model package to detect SVG URLs - Filter SVG images in parseOpenGraphMetadata() for regular HTML pages - Filter SVG images in parseOpenGraphFromOEmbed() for oEmbed responses - Add defense-in-depth filtering in TruncateOpenGraph() and getImagesForPost() - Add comprehensive tests for all SVG filtering functionality SVG detection is based on: - File extension (.svg, .svgz) - case-insensitive - MIME type (image/svg+xml) Reference: https://issues.chromium.org/issues/40057345 * MM-67372: Filter SVG images from cache/DB and direct SVG URLs This commit addresses remaining attack vectors for the SVG DoS vulnerability: 1. Cache/DB filtering: Apply TruncateOpenGraph when returning OpenGraph from cache or database to filter stale data that was stored before the initial fix was deployed. 2. Direct SVG URLs: Filter PostImage entries with Format="svg" to prevent browser crashes when someone posts a direct link to an SVG file. 3. Embed creation: Skip creating image embeds for SVG images and create link embeds instead. 4. New SVG detection: Return nil instead of creating PostImage when fetching direct SVG URLs to prevent storing them in the database. These changes ensure that even environments with pre-existing malicious link metadata will be protected after a server restart. * MM-67372: Fix test expectation for SVG image handling * Removed duplicate logic in favor of already implemented FilterSVGImages in model * Addressing PR comments * Replacing exact match comparison with prefix check * Added new test cases for unit tests	2026-02-09 16:26:14 +02:00
David Krauser	1cfe3d92b6	[MM-66836] Integrate PropertyAccessService into API and app layers (#34818) ... Updates all Custom Profile Attribute endpoints and app layer methods to pass caller user IDs through to the PropertyAccessService. This connects the access control service introduced in #34812 to the REST API, Plugin API, and internal app operations. Also updates the OpenAPI spec to document the new field attributes (protected, source_plugin_id, access_mode) and adds notes about protected field restrictions.	2026-02-06 18:06:51 -05:00
David Krauser	63c3c70fe9	[MM-66836] Add some access control mechanisms with a wrapper around the property service (#34812) ... Custom profile attributes (properties) in Mattermost need to support security-critical use cases like Attribute-Based Access Control (ABAC), external identity system synchronization, and privacy-preserving collaboration. Without access controls on these properties, any user or component could modify property fields and values, making them unsuitable for security decisions. Additionally, different properties require different visibility patterns - some need to be publicly readable, some should only be visible to their managing system, and some require privacy-preserving visibility where users can only see shared values. This change introduces the PropertyAccessService, a wrapper around PropertyService that enforces access control for all property operations. This service is introduced in isolation and is not yet hooked up to the Plugin API, REST API, or app layer. It provides the foundation for a single enforcement point that will apply access restrictions consistently across all code paths once integrated.	2026-02-06 16:21:51 -05:00
David Krauser	9f40d051ee	[MM-66942] Ensure consistent option ID generation across all field creation paths (#34725) ... Option IDs are automatically generated for fields in the REST API, but plugins creating fields directly don't get this behavior. This change makes option ID generation consistent by automatically generating IDs for all select/multiselect options, regardless of whether they're created via REST API or plugin code. The option IDs are generated (if necessary) in the store layer right before saving, which is the same place we generate Field IDs if they don't exist.	2026-02-06 16:19:42 -05:00
Daniel Espino García	2bd29c0359	Add the ability to patch channel autotranslations (#35078) ... * Add the ability to patch channel autotranslations * Fix lint * Update docs * Fix CI * Fix CI * Fix mmctl test * Check whether the channel is translated for the user when checking user enabled * Fix wrong uses of patch acrros e2e and frontend * Fix test * Fix wording * Fix tests and column name * Move group constrained test so they don't mess with the basic entities * Fix patch sending too much information	2026-02-06 18:19:06 +01:00
Daniel Espino García	1273632d1a	Add endpoint to update channel member autotranslations (#35072) ... * Add endpoint to update channel member autotranslations * Add several improvements and remove unneeded functions * Add user id to audit record * Ensure autotranslation is defined * Update texts * Fix merge * Add new column for channel member autotranslations (#35111) * Minor renamings --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Ben Cooke <benkcooke@gmail.com>	2026-02-05 13:43:50 +01:00
unified-ci-app[bot]	030a4e1921	Update latest minor version to 11.5.0 (#35176) ... Automatic Merge	2026-02-04 12:23:27 +02:00
Ben Cooke	36479bd721	Configurable workers and move sweeper job to job infra (#35007)	2026-02-02 15:52:42 -05:00
Nick Misasi	fe4100956c	[MM-66581] Include some thread context in AI Rewrites prompt (#34931) ... * Include last root, and most recent 10 posts in a thread with the rewrite system prompt * Include user's names in the thread context for better reference * Revert package-lock to master * Fix tests	2026-01-30 09:14:06 -05:00
Doug Lauder	7f6a98fd7a	MM-66789 Restrict log downloads to a root path for support packets (#35014) ... * [MM-66789] Fix arbitrary file read vulnerability in advanced logging Add path validation to prevent reading files outside the logging root directory via GetAdvancedLogs (used in support packet generation). Security controls: - Validate file paths are within logging root before reading - Support MM_LOG_PATH environment variable to allow system admins to configure a custom logging root directory - Resolve symlinks to prevent bypass attacks - Detect and block path traversal attempts Also adds: - Audit logging for support packet generation - Config-time validation that logs errors for paths outside logging root (will become blocking in future version) - Comprehensive test coverage for path validation * Update server/channels/app/platform/log_test.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix linter errors * Update server/channels/api4/system.go Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com> * Simplify unit tests for platform/log_test.go by moving some test logic to config/logger_test.go * Fix unit tests requiring logging root to be set * enforce LogSettings.FileLocation path validation; simplify path checking * fix linter errors * use dir in logging root for all unit test logging * MM_LOG_PATH is set once, centrally, for all tests * fix flaky test * fix flaky test --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>	2026-01-29 13:29:55 -05:00
Ben Cooke	36173a4948	Use one timeout config for requests to translation providers (#34957)	2026-01-29 10:00:22 -05:00
Alejandro García Montoro	2b075c9b74	MM-65970: New way to build routes in Client4 (#34499) ... * Add Client4 route building functions * Make DoAPIRequestWithHeaders add the API URL This makes it consistent with the other DoAPIXYZ functions, which all prepend the provided URL with the client's API URL. * Use the new route building logic in Client4 * Address review comments - clean renamed to cleanSegment - JoinRoutes and JoinSegments joined in Join - newClientRoute uses Join * Fix new routes from merge * Remove unused import * Simplify error handling around clientRoute (#34870) --------- Co-authored-by: Jesse Hallam <jesse@mattermost.com> Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-01-29 14:26:47 +00:00
Jesse Hallam	5d787969c2	MM-67268: Fix SSRF bypass via IPv4-mapped IPv6 literals (#35097) ... Canonicalize IPv4-mapped IPv6 addresses (e.g., ::ffff:127.0.0.1) to their native IPv4 form in IsReservedIP before checking against reserved IP ranges. This prevents attackers from bypassing SSRF protections by using IPv4-mapped IPv6 literals to access internal services.	2026-01-29 14:36:47 +01:00
Scott Bishel	c537b88f93	MM-65023 Add tooltip to actions buttons, display error (#33773) ... * Add tooltip support and error handling for action buttons - Add tooltip field to PostAction type definition - Display tooltips on hover for action buttons - Add comprehensive error handling for button actions - Show error messages when actions fail - Clear previous errors on subsequent actions - Add tests for error handling functionality 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Add E2E tests for action button error handling and tooltips - Test error message display when action buttons fail - Test error clearing when successful actions are performed - Test tooltip display on action button hover - Use scoped selectors to avoid test interference - Cover complete error lifecycle and tooltip functionality 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Use WithTooltip component for action button tooltips Replace native HTML title attribute with WithTooltip component to provide consistent tooltip styling and behavior across the application. Changes: - Import and wrap ActionBtn with WithTooltip component - Remove title attribute from ActionBtn - Update E2E test to check for .tooltipContainer instead of title attribute 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix TypeScript errors and test patterns in message attachment tests - Fix TypeScript type errors in mock event objects by using arrow functions instead of jest.fn() - Update async test pattern to use process.nextTick() with done callback instead of await - Update test snapshots to reflect error handling wrapper div - Fix whitespace formatting in E2E test file 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com> * updated actionError to accept react node, replace hardcoded error with FormattedMessage components * Fix test to handle FormattedMessage in actionError state Update test expectation to check for FormattedMessage React element instead of plain string when no error message is provided. This aligns with the recent change to support internationalization in error messages. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com> * Disable tooltip interactions when no tooltip text is present Adds disabled prop to WithTooltip component when action.tooltip is empty or undefined, preventing unnecessary tooltip event handlers from being attached to action buttons that don't have tooltips. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com> * Add tests for action button tooltip behavior Adds three test cases to verify tooltip functionality: - Tooltip is disabled when action.tooltip is undefined - Tooltip is disabled when action.tooltip is empty string - Tooltip is enabled and displays correctly when action.tooltip has a value 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com> * fix e2e test --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-01-26 20:07:09 -07:00
Ben Cooke	a1c85007e1	Autotranslations MVP (#34696) ... --------- Co-authored-by: Elias Nahum <nahumhbl@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Nick Misasi <nick.misasi@mattermost.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-01-26 17:05:34 -05:00
Harrison Healey	777867dc36	Define types for WebSocket messages and migrate WebSocket actions to TS (#34603) ... * Add TS definitions for every WebSocket event * Remove unused WebSocket events * Add a few extra fields to POSTED events * Stop reusing WS event types as Redux actions * Remove now-unused WS event types from mattermost-redux * Rename some types to be clearer * Use new WebSocketEvents and WebSocketMessage type everywhere * Reorganize and export named types for WS messages * Use new types in websocket_actions.jsx the best we can * Rename websocket_actions.jsx to websocket_actions.tsx * Migrate websocket_actions.tsx to TypeScript * Break up websocket_messages.ts and group together WebSocketMessages types * Rename websocket_actions.tsx to websocket_actions.ts	2026-01-23 14:29:40 -05:00
Matthew Birtch	09c4a61fed	[MM-67030] Remove newsletter signup and replace with terms/privacy agreement (#34801) ... * remove newsletter signup and replace with terms/privacy agreement * removed subscribeToSecurityNewsletter, made checkbox required * update signup test to remove newsletter and ensure the terms checkbox is required * update unit test and e2e test to reflect changes * fix e2e test * Removed susbcribe-newsletter endpoint in server * Update signup.test.tsx * remove unused css * remove unused css * fixed broken tests * fixed linter issues * Remove redundant IntlProvider and comments * Remove usage of test IDs from Signup tests * Remove usage of fireEvent * Remove usage of mountWithIntl from Signup tests * update e2e tests * fix playwright test * Fix Lint in signup.ts --------- Co-authored-by: maria.nunez <maria.nunez@mattermost.com> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com> Co-authored-by: yasserfaraazkhan <attitude3cena.yf@gmail.com>	2026-01-23 18:24:27 +00:00
Ben Schumacher	ed3a7e8539	Add trigger field to command execution logs (#34950) ... Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-21 11:31:05 +01:00
Jesse Hallam	41e5c7286b	Remove vestigial MySQL support (#34865) ... * Remove legacy quoteColumnName() utility Since Mattermost only supports PostgreSQL, the quoteColumnName() helper that was designed to handle database-specific column quoting is no longer needed. The function was a no-op that simply returned the column name unchanged. Remove the function from utils.go and update status_store.go to use the "Manual" column name directly. * Remove legacy driver checks from store.go Since Mattermost only supports PostgreSQL, remove conditional checks for different database drivers: - Simplify specialSearchChars() to always return PostgreSQL-compatible chars - Remove driver check from computeBinaryParam() - Remove driver check from computeDefaultTextSearchConfig() - Simplify GetDbVersion() to use PostgreSQL syntax directly - Remove switch statement from ensureMinimumDBVersion() - Remove unused driver parameter from versionString() * Remove MySQL alternatives for batch delete operations Since Mattermost only supports PostgreSQL, remove the MySQL-specific DELETE...LIMIT syntax and keep only the PostgreSQL array-based approach: - reaction_store.go: Use PostgreSQL array syntax for PermanentDeleteBatch - file_info_store.go: Use PostgreSQL array syntax for PermanentDeleteBatch - preference_store.go: Use PostgreSQL tuple IN subquery for DeleteInvalidVisibleDmsGms * Remove MySQL alternatives for UPDATE...FROM syntax Since Mattermost only supports PostgreSQL, remove the MySQL-specific UPDATE syntax that joins tables differently: - thread_store.go: Use PostgreSQL UPDATE...FROM syntax in MarkAllAsReadByChannels and MarkAllAsReadByTeam - post_store.go: Use PostgreSQL UPDATE...FROM syntax in deleteThreadFiles * Remove MySQL alternatives for JSON and subquery operations Since Mattermost only supports PostgreSQL, remove the MySQL-specific JSON and subquery syntax: - thread_store.go: Use PostgreSQL JSONB operators for updating participants - access_control_policy_store.go: Use PostgreSQL JSONB @> operator for querying JSON imports - session_store.go: Use PostgreSQL subquery syntax for Cleanup - job_store.go: Use PostgreSQL subquery syntax for Cleanup * Remove MySQL alternatives for CTE queries Since Mattermost only supports PostgreSQL, simplify code that uses CTEs (Common Table Expressions): - channel_store.go: Remove MySQL CASE-based fallback in UpdateLastViewedAt and use PostgreSQL CTE exclusively - draft_store.go: Remove driver checks in DeleteEmptyDraftsByCreateAtAndUserId, DeleteOrphanDraftsByCreateAtAndUserId, and determineMaxDraftSize * Remove driver checks in migrate.go and schema_dump.go Simplify migration code to use PostgreSQL driver directly since PostgreSQL is the only supported database. * Remove driver checks in sqlx_wrapper.go Always apply lowercase named parameter transformation since PostgreSQL is the only supported database. * Remove driver checks in user_store.go Simplify user store functions to use PostgreSQL-only code paths: - Remove isPostgreSQL parameter from helper functions - Use LEFT JOIN pattern instead of subqueries for bot filtering - Always use case-insensitive LIKE with lower() for search - Remove MySQL-specific role filtering alternatives * Remove driver checks in post_store.go Simplify post_store.go to use PostgreSQL-only code paths: - Inline getParentsPostsPostgreSQL into getParentsPosts - Use PostgreSQL TO_CHAR/TO_TIMESTAMP for date formatting in analytics - Use PostgreSQL array syntax for batch deletes - Simplify determineMaxPostSize to always use information_schema - Use PostgreSQL jsonb subtraction for thread participants - Always execute RefreshPostStats (PostgreSQL materialized views) - Use materialized views for AnalyticsPostCountsByDay - Simplify AnalyticsPostCountByTeam to always use countByTeam * Remove driver checks in channel_store.go Simplify channel_store.go to use PostgreSQL-only code paths: - Always use sq.Dollar.ReplacePlaceholders for UNION queries - Use PostgreSQL LEFT JOIN for retention policy exclusion - Use PostgreSQL jsonb @> operator for access control policy imports - Simplify buildLIKEClause to always use LOWER() for case-insensitive search - Simplify buildFulltextClauseX to always use PostgreSQL to_tsvector/to_tsquery - Simplify searchGroupChannelsQuery to use ARRAY_TO_STRING/ARRAY_AGG * Remove driver checks in file_info_store.go Simplify file_info_store.go to use PostgreSQL-only code paths: - Always use PostgreSQL to_tsvector/to_tsquery for file search - Use file_stats materialized view for CountAll() - Use file_stats materialized view for GetStorageUsage() when not including deleted - Always execute RefreshFileStats() for materialized view refresh * Remove driver checks in attributes_store.go Simplify attributes_store.go to use PostgreSQL-only code paths: - Always execute RefreshAttributes() for materialized view refresh - Remove isPostgreSQL parameter from generateSearchQueryForExpression - Always use PostgreSQL LOWER() LIKE LOWER() syntax for case-insensitive search * Remove driver checks in retention_policy_store.go Simplify retention_policy_store.go to use PostgreSQL-only code paths: - Remove isPostgres parameter from scanRetentionIdsForDeletion - Always use pq.Array for scanning retention IDs - Always use pq.Array for inserting retention IDs - Remove unused json import * Remove driver checks in property stores Simplify property_field_store.go and property_value_store.go to use PostgreSQL-only code paths: - Always use PostgreSQL type casts (::text, ::jsonb, ::bigint, etc.) - Remove isPostgres variable and conditionals * Remove driver checks in channel_member_history_store.go Simplify PermanentDeleteBatch to use PostgreSQL-only code path: - Always use ctid-based subquery for DELETE with LIMIT * Remove remaining driver checks in user_store.go Simplify user_store.go to use PostgreSQL-only code paths: - Use LEFT JOIN for bot exclusion in AnalyticsActiveCountForPeriod - Use LEFT JOIN for bot exclusion in IsEmpty * Simplify fulltext search by consolidating buildFulltextClause functions Remove convertMySQLFullTextColumnsToPostgres and consolidate buildFulltextClause and buildFulltextClauseX into a single function that takes variadic column arguments and returns sq.Sqlizer. * Simplify SQL stores leveraging PostgreSQL-only support - Simplify UpdateMembersRole in channel_store.go and team_store.go to use UPDATE...RETURNING instead of SELECT + UPDATE - Simplify GetPostReminders in post_store.go to use DELETE...RETURNING - Simplify DeleteOrphanedRows queries by removing MySQL workarounds for subquery locking issues - Simplify UpdateUserLastSyncAt to use UPDATE...FROM...RETURNING instead of fetching user first then updating - Remove MySQL index hint workarounds in ORDER BY clauses - Update outdated comments referencing MySQL - Consolidate buildFulltextClause and remove convertMySQLFullTextColumnsToPostgres * Remove MySQL-specific test artifacts - Delete unused MySQLStopWords variable and stop_word.go file - Remove redundant testSearchEmailAddressesWithQuotes test (already covered by testSearchEmailAddresses) - Update comment that referenced MySQL query planning * Remove MySQL references from server code outside sqlstore - Update config example and DSN parsing docs to reflect PostgreSQL-only support - Remove mysql:// scheme check from IsDatabaseDSN - Simplify SanitizeDataSource to only handle PostgreSQL - Remove outdated MySQL comments from model and plugin code * Remove MySQL references from test files - Update test DSNs to use PostgreSQL format - Remove dead mysql-replica flag and replicaFlag variable - Simplify tests that had MySQL/PostgreSQL branches * Update docs and test config to use PostgreSQL - Update mmctl config set example to use postgres driver - Update test-config.json to use PostgreSQL DSN format * Remove MySQL migration scripts, test data, and docker image Delete MySQL-related files that are no longer needed: - ESR upgrade scripts (esr.*.mysql.*.sql) - MySQL schema dumps (mattermost-mysql-*.sql) - MySQL replication test scripts (replica-*.sh, mysql-migration-test.sh) - MySQL test warmup data (mysql_migration_warmup.sql) - MySQL docker image reference from mirror-docker-images.json * Remove MySQL references from webapp - Simplify minimumHashtagLength description to remove MySQL-specific configuration note - Remove unused HIDE_MYSQL_STATS_NOTIFICATION preference constant - Update en.json i18n source file * clean up e2e-tests * rm server/tests/template.load * Use teamMemberSliceColumns() in UpdateMembersRole RETURNING clause Refactor to use the existing helper function instead of hardcoding the column names, ensuring consistency if the columns are updated. * u.id -> u.Id * address code review feedback --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-01-20 21:01:59 +00:00
Alejandro García Montoro	5e99f12c3a	MM-67119: Remove unused Channel.Etag (#34951) ... * Remove unused Channel.Etag Computing the etag for a channel is complex due to user-specific data, so we remove the unused Etag function to avoid confusion until a performance need for it arises. * Remove etag from Client4.GetChannel and tests * make mocks * Fix missing GetChannel calls	2026-01-20 17:46:17 +01:00
Daniel Espino García	b5a816a657	Add audits for accessing posts without membership (#31266) ... * Add audits for accessing posts without membership * Fix tests * Use correct audit level * Address feedback * Add missing checks all over the app * Fix lint * Fix test * Fix tests * Fix enterprise test * Add missing test and docs * Fix merge * Fix lint * Add audit logs on the web socket hook for permalink posts * Fix lint * Fix merge conflicts * Handle all events with "non_channel_member_access" parameter * Fix lint and tests * Fix merge * Fix tests	2026-01-20 10:38:27 +01:00
Nick Misasi	b2f93dec1a	[MM-67118] Add Agents to @ mention autocomplete in channel (#34881) ... * Add support for autocomplete of plugin-created bots * stashing * Add support for including agents in the autocomplete list for @ mentions * Change server response to be users rather than interface * fix	2026-01-19 16:10:57 -05:00
Nick Misasi	c62d103d76	[MM-67160] Add audit logging for recap API endpoints (#34929) ... * Add audit logging for recap API endpoints - Add audit event constants for all recap operations - Implement Auditable interface for Recap model - Add comprehensive audit logging to all 6 recap endpoints - Log channel_ids to track implicit channel content access - Use LevelContent for content-related operations, LevelAPI for listing * Address PR feedback: standardize audit method order and extract helper function - Standardized order of audit record method calls across all handlers: set object type first, then prior state (if applicable), then result state - Extracted duplicated channel ID extraction logic into addRecapChannelIDsToAuditRec helper function	2026-01-19 13:46:43 -05:00
Devin Binnie	f00dd11e34	[MM-67138][MM-67139] Update Audit/Activity logging for Desktop App external auth (#34928) ... * [MM-67138][MM-67139] Update Audit/Activity logging for Desktop App external auth * PR feedback --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-01-16 13:28:44 -05:00
Ben Schumacher	cf1682a0e7	Add documentation for plugin RPC architecture (#34587) ... * Add documentation for plugin RPC architecture Document the bidirectional RPC communication between Mattermost server and plugin processes. Added an architectural overview with ASCII diagram and godoc comments for hooksRPCClient, hooksRPCServer, apiRPCClient, and apiRPCServer explaining their roles in the plugin system. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * update --------- Co-authored-by: Claude <noreply@anthropic.com>	2026-01-14 09:58:40 +01:00
Nick Misasi	8e4cadbc88	[MM-66359] Recaps MVP (#34337) ... * initial commit for POC of Plugin Bridge * Updates * POC for plugin bridge * Updates from collaboration * Fixes * Refactor Plugin Bridge to use HTTP/REST instead of RPC - Remove ExecuteBridgeCall hook and Context.SourcePluginId - Implement HTTP-based bridge using existing PluginHTTP infrastructure - Add CallPlugin API method with endpoint parameter instead of method name - Update CallPluginBridge to construct HTTP POST requests - Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID - Use 'com.mattermost.server' as plugin ID for core server calls - Update ai.go to use REST endpoint /inter-plugin/v1/completion - Add comprehensive spec documentation in server/spec.md - Add MIGRATION_GUIDE.md for plugin developers - Fix 401/404 issues by setting correct headers and URL paths * Improve Plugin Bridge security and architecture - Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin) - Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest - Improve separation of concerns: business logic vs HTTP transport - Add security documentation explaining header protection Security Improvements: - ServeInternalPluginRequest is NOT exposed as HTTP route (internal only) - Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code - External requests cannot spoof these headers (stripped by servePluginRequest) - Core calls use 'com.mattermost.server' as plugin ID for authorization - Plugin-to-plugin calls use real plugin ID (enforced by server) Backward Compatibility: - Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated) - All tests pass Docs: - Update spec.md with security model explanation - Update MIGRATION_GUIDE.md with correct header usage examples * Space * cursor please stop creating markdown files * Fix style * Fix i18n, linter * REMOVE MARKDOWN * Remove CallPlugin method from plugin API interface Per review feedback, this method is no longer needed. Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com> * Remove CallPlugin method implementation from PluginAPI Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com> * fixes * Add AI OpenAPI spec * fix openapi spec * Use agents client (#34225) * Use agents client * Remove default agent * Fixes * fix: modify system prompts to ensure JSON is being returned * Base implementation for recaps working * small fixes * Adjustments * remove webapp changes * Add feature flags for rewrites and ai bridge, clean up * Remove comments that aren't helpful * Fix i18n * Remove rewrites * Fix tests * Fix i18n * adjust i18n again * Add back translations * Remove leftover mock code * remove model file * Changes from PR review * Make the real substitutions * Include a basic invokation of the client with noop to ensure build works * more fix * Remove unneeded change * Updates from review * Fixes * Remove some logic from rewrites to clean up branch * Use v1.5.0 of agents plugin * A bunch more additions for general UX flow * Add missing files * Add mocks * Fixes for vet-api, i18n, build, types, etc * One more linter fix * Fix i18n and some tests * Refactors and cleanup in backend code * remove rogue markdown file * fixes after refactors from backend * Add back renamed files, and add tests * More self code review * More fixes * More refactors * Fix call stack exceeded bug * Include read messages if there are no unreads * Fix test failure: use correct error message key for recap permission denied The getRecapAndCheckOwnership function was using strings.ToLower(callerName) to generate error keys, which caused 'GetRecap' to become 'getrecap' instead of the expected 'get'. Changed to use the correct static key that matches the en.json localization file. Fixes TestGetRecap/get_recap_by_non-owner test failure. Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com> * Consolidate permission errors down to a single string * Fixes for i18n, worktrees making this difficult * Fix i18n * Fix i18n once and for all (for real) (final) * Fix duplicate getAgents method in client4.ts * Remove duplicate ai state from initial_state.ts * Fix types * Fix tests * Fix return type of GetAgents and GetServices * Add tests for recaps components * Fix types * Update i18n * Fixes * Fixes * More cleanup * Revert random file * Use undefined * fix linter * Address feedback * Missed a git add * Fixes * Fix i18n * Remove fallback * Fixes for PR --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com> Co-authored-by: Christopher Speller <crspeller@gmail.com> Co-authored-by: Felipe Martin <me@fmartingr.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-01-13 11:59:22 -05:00
Ben Schumacher	43bfdbfd1b	[MM-66840] Add CPU cores and total memory to Support Packet (#34658) ... * [MM-66840] Add CPU cores and total memory to support packet Add system resource information to support packet diagnostics to help with troubleshooting and capacity analysis. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Clarify that memory is in MB * Add comment clarifying CPU/memory are host values Clarifies that the CPU cores and total memory values in the support packet represent the host machine's resources, not any container limits that may be configured in Docker or Kubernetes environments. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>	2026-01-13 16:23:32 +01:00
Carlos Garcia	81dc5f8801	bumps go version to 1.24.11 (#34876)	2026-01-09 17:22:23 +01:00
unified-ci-app[bot]	4389116b19	Update latest minor version to 11.4.0 (#34874) ... Automatic Merge	2026-01-08 09:47:31 +02:00
Pablo Vélez	e0052be9c3	MM-66890 - Set default for BurnOnRead feature flag to true (#34763) ... * MM-66890 - Set default for BurnOnRead feature flag to true * enable the feature by default * fix unit tests * fix e2e tests --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-12-18 09:39:44 +01:00
Daniel Espino García	0901686681	[MM-66710] Do not allow MFA enforcement on magic link accounts (#34614) ... * [MM-66710] Do not allow MFA enforcement on magic link accounts * Update server/i18n/en.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Fix blocker when changing configuration --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-12-17 15:46:41 +01:00
Jesse Hallam	6404ab29ac	MM-66424: Improve team filtering in common teams API (#34454) ... * add Client4.GetDirectOrGroupMessageMembersCommonTeams * Improve team filtering in common teams API Filter the common teams to only include teams the requesting user is a member of, ensuring proper access control. * simplify GetDirectOrGroupMessageMembersCommonTeamsAsUser	2025-12-15 15:06:48 -04:00
Devin Binnie	959022f953	[MM-66875][MM-66876] Implement RHS plugin popout (#34692) ... * [MM-66875] Implement RHS popout component * [MM-66876] Add RHS plugin popouts * Give plugins a way to check when popouts are opened * Fix test * Fix border radius * Fix lint * Update title to just show plugin name * Add server name to plugin popout for Desktop App * Fix test --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-12-11 14:04:43 -05:00
Ibrahim Serdar Acikgoz	084006c0ea	[MM-61758] Burn on read feature (#34703) ... * Add read receipt store for burn on read message types * update mocks * fix invalidation target * have consistent case on index creation * Add temporary posts table * add mock * add transaction support * reflect review comments * wip: Add reveal endpoint * user check error id instead * wip: Add ws events and cleanup for burn on read posts * add burn endpoint for explicitly burning messages * add translations * Added logic to associate files of BoR post with the post * Added test * fixes * disable pinning posts and review comments * MM-66594 - Burn on read UI integration (#34647) * MM-66244 - add BoR visual components to message editor * MM-66246 - BoR visual indicator for sender and receiver * MM-66607 - bor - add timer countdown and autodeletion * add the system console max time to live config * use the max expire at and create global scheduler to register bor messages * use seconds for BoR config values in BE * implement the read by text shown in the tooltip logic * unestack the posts from same receiver and BoR and fix styling * avoid opening reply RHS * remove unused dispatchers * persis the BoR label in the drafts * move expiration value to metadata * adjust unit tests to metadata insted of props * code clean up and some performance improvements; add period grace for deletion too * adjust migration serie number * hide bor messages when config is off * performance improvements on post component and code clean up * keep bor existing post functionality if config is disabled * Add read receipt store for burn on read message types * Add temporary posts table * add transaction support * reflect review comments * wip: Add reveal endpoint * user check error id instead * wip: Add ws events and cleanup for burn on read posts * avoid reacting to unrevealed bor messages * adjust migration number * Add read receipt store for burn on read message types * have consistent case on index creation * Add temporary posts table * add mock * add transaction support * reflect review comments * wip: Add reveal endpoint * user check error id instead * wip: Add ws events and cleanup for burn on read posts * add burn endpoint for explicitly burning messages * adjust post reveal and type with backend changes * use real config values, adjust icon usage and style * adjust the delete from from sender and receiver * improve self deleting logic by placing in badge, use burn endpoint * adjust websocket events handling for the read by sender label information * adjust styling for concealed and error state * update burn-on-read post event handling for improved recipient tracking and multi-device sync * replace burn_on_read with type in database migrations and model * remove burn_on_read metadata from PostMetadata and related structures * Added logic to associate files of BoR post with the post * Added test * adjust migration name and fix linter * Add read receipt store for burn on read message types * update mocks * have consistent case on index creation * Add temporary posts table * add mock * add transaction support * reflect review comments * wip: Add reveal endpoint * user check error id instead * wip: Add ws events and cleanup for burn on read posts * add burn endpoint for explicitly burning messages * Added logic to associate files of BoR post with the post * Added test * disable pinning posts and review comments * show attachment on bor reveal * remove unused translation * Enhance burn-on-read post handling and refine previous post ID retrieval logic * adjust the returning chunk to work with bor messages * read temp post from master db * read from master * show the copy link button to the sender * revert unnecessary check * restore correct json tag * remove unused error handling and clarify burn-on-read comment * improve type safety and use proper selectors * eliminate code duplication in deletion handler * optimize performance and add documentation * delete bor message for sender once all receivers reveal it * add burn on read to scheduled posts * add feature enable check * use master to avoid all read recipients race condition --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com> Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com> * squash migrations into single file * add configuration for the scheduler * don't run messagehasbeenposted hook * remove parallel tests on burn on read * add clean up for closing opened modals from previous tests * simplify delete menu item rendering * add cleanup step to close open modals after each test to prevent pollution * streamline delete button visibility logic for Burn on Read posts * improve reliability of closing post menu and modals by using body ESC key --------- Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com> Co-authored-by: Pablo Vélez <pablovv2012@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-12-11 07:59:50 +01:00
Elias Nahum	4589005a54	feat: Add Microsoft Intune MAM authentication support (#34577) ... * Add Entra ID token authentication and Intune MAM config exposure * Add Intune MAM toggle to Mobile Security admin console * Add IntuneSettings with the AuthService to use and its own TenantID andClientID for the Entra App registration Include Admin console changes switch from /oauth/entra to /oauth/intune endpoint * openAPI documentation --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: yasser khan <attitude3cena.yf@gmail.com>	2025-12-10 08:31:53 +02:00
Jesse Hallam	fcdd6962ff	MM-65575: Fix server panic when bot posts trigger persistent notifications (#34174) ... * reproduce panic with test * allow bots in the profile map * explicitly prevent sending notifications to bots * persistent notifications: handle senders not in the channel	2025-12-08 20:41:29 +00:00
unified-ci-app[bot]	2397ad59fd	Update latest minor version to 11.3.0 (#34673) ... Automatic Merge	2025-12-08 13:24:15 +02:00
Ben Schumacher	6e87c94f29	[MM-62770] Validate log levels in AdvancedLoggingJSON (#34414)	2025-12-08 10:54:33 +01:00
Jesse Hallam	5956e4d624	Fix PluginHTTPStream request body closing before read (#34434) ... * Fix regression in PluginHTTPStream where request body closed prematurely When WriteHeader was called before reading the request body in inter-plugin communication, the body would be closed prematurely due to defer r.Body.Close() executing when the function returned (after starting the response goroutine). This fix moves defer r.Body.Close() into the goroutine to ensure the request body remains available until after the response is fully processed. Added test case TestInterpluginPluginHTTPWithBodyAfterWriteHeader to verify the fix and prevent future regressions. * Fix resource leak by closing request body in all PluginHTTPStream error paths --------- Co-authored-by: Christopher Speller <crspeller@gmail.com>	2025-12-01 08:26:33 -08:00
Ben Cooke	c78ebc5ec1	add audit logs to DCR (#34598)	2025-11-28 11:44:15 -05:00
Catena cyber	758bdd785f	perf: apply perfpsrint linter (#33967) ... * perf: apply perfpsrint linter * further simplifications * improved TestParseHashtags coverage * more simplifications * simplify renderBlockHTML further --------- Co-authored-by: Jesse Hallam <jesse@mattermost.com>	2025-11-28 11:23:51 -04:00