* [MM-67605] Add DCR redirect URI allowlist enforcement
Introduce ServiceSettings.DCRRedirectURIAllowlist with glob-based validation and enforce it during OAuth dynamic client registration to block unapproved redirect URIs. Add System Console wiring and tests for config validation, wildcard matching semantics, API error behavior, and localhost wildcard support.
* Fix pre-commit checks: TypeScript type assertion, gofmt, and regenerate CI artifacts
- admin_definition_dcr_allowlist.test.tsx: Add AdminDefinitionSettingInput type assertion for 'multiple' property
- oauth_dcr_test.go: Fix comment spacing (gofmt)
- Regenerate mocks, go.sum, gen-serialized, mmctl-docs per CI requirements
* Revert unnecessary pre-commit regenerations
Revert mmctl docs, mocks, go.sum, and gen-serialized to master. Keep only
the TypeScript and gofmt fixes from the previous commit.
* Fix import order in admin_definition_dcr_allowlist.test.tsx
* Fix i18n
* Update server/public/model/oauth_dcr.go
* Fix
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Remove legacy quoteColumnName() utility
Since Mattermost only supports PostgreSQL, the quoteColumnName() helper
that was designed to handle database-specific column quoting is no longer
needed. The function was a no-op that simply returned the column name
unchanged.
Remove the function from utils.go and update status_store.go to use
the "Manual" column name directly.
* Remove legacy driver checks from store.go
Since Mattermost only supports PostgreSQL, remove conditional checks
for different database drivers:
- Simplify specialSearchChars() to always return PostgreSQL-compatible chars
- Remove driver check from computeBinaryParam()
- Remove driver check from computeDefaultTextSearchConfig()
- Simplify GetDbVersion() to use PostgreSQL syntax directly
- Remove switch statement from ensureMinimumDBVersion()
- Remove unused driver parameter from versionString()
* Remove MySQL alternatives for batch delete operations
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
DELETE...LIMIT syntax and keep only the PostgreSQL array-based approach:
- reaction_store.go: Use PostgreSQL array syntax for PermanentDeleteBatch
- file_info_store.go: Use PostgreSQL array syntax for PermanentDeleteBatch
- preference_store.go: Use PostgreSQL tuple IN subquery for DeleteInvalidVisibleDmsGms
* Remove MySQL alternatives for UPDATE...FROM syntax
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
UPDATE syntax that joins tables differently:
- thread_store.go: Use PostgreSQL UPDATE...FROM syntax in
MarkAllAsReadByChannels and MarkAllAsReadByTeam
- post_store.go: Use PostgreSQL UPDATE...FROM syntax in deleteThreadFiles
* Remove MySQL alternatives for JSON and subquery operations
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
JSON and subquery syntax:
- thread_store.go: Use PostgreSQL JSONB operators for updating participants
- access_control_policy_store.go: Use PostgreSQL JSONB @> operator for
querying JSON imports
- session_store.go: Use PostgreSQL subquery syntax for Cleanup
- job_store.go: Use PostgreSQL subquery syntax for Cleanup
* Remove MySQL alternatives for CTE queries
Since Mattermost only supports PostgreSQL, simplify code that
uses CTEs (Common Table Expressions):
- channel_store.go: Remove MySQL CASE-based fallback in
UpdateLastViewedAt and use PostgreSQL CTE exclusively
- draft_store.go: Remove driver checks in DeleteEmptyDraftsByCreateAtAndUserId,
DeleteOrphanDraftsByCreateAtAndUserId, and determineMaxDraftSize
* Remove driver checks in migrate.go and schema_dump.go
Simplify migration code to use PostgreSQL driver directly since
PostgreSQL is the only supported database.
* Remove driver checks in sqlx_wrapper.go
Always apply lowercase named parameter transformation since PostgreSQL
is the only supported database.
* Remove driver checks in user_store.go
Simplify user store functions to use PostgreSQL-only code paths:
- Remove isPostgreSQL parameter from helper functions
- Use LEFT JOIN pattern instead of subqueries for bot filtering
- Always use case-insensitive LIKE with lower() for search
- Remove MySQL-specific role filtering alternatives
* Remove driver checks in post_store.go
Simplify post_store.go to use PostgreSQL-only code paths:
- Inline getParentsPostsPostgreSQL into getParentsPosts
- Use PostgreSQL TO_CHAR/TO_TIMESTAMP for date formatting in analytics
- Use PostgreSQL array syntax for batch deletes
- Simplify determineMaxPostSize to always use information_schema
- Use PostgreSQL jsonb subtraction for thread participants
- Always execute RefreshPostStats (PostgreSQL materialized views)
- Use materialized views for AnalyticsPostCountsByDay
- Simplify AnalyticsPostCountByTeam to always use countByTeam
* Remove driver checks in channel_store.go
Simplify channel_store.go to use PostgreSQL-only code paths:
- Always use sq.Dollar.ReplacePlaceholders for UNION queries
- Use PostgreSQL LEFT JOIN for retention policy exclusion
- Use PostgreSQL jsonb @> operator for access control policy imports
- Simplify buildLIKEClause to always use LOWER() for case-insensitive search
- Simplify buildFulltextClauseX to always use PostgreSQL to_tsvector/to_tsquery
- Simplify searchGroupChannelsQuery to use ARRAY_TO_STRING/ARRAY_AGG
* Remove driver checks in file_info_store.go
Simplify file_info_store.go to use PostgreSQL-only code paths:
- Always use PostgreSQL to_tsvector/to_tsquery for file search
- Use file_stats materialized view for CountAll()
- Use file_stats materialized view for GetStorageUsage() when not including deleted
- Always execute RefreshFileStats() for materialized view refresh
* Remove driver checks in attributes_store.go
Simplify attributes_store.go to use PostgreSQL-only code paths:
- Always execute RefreshAttributes() for materialized view refresh
- Remove isPostgreSQL parameter from generateSearchQueryForExpression
- Always use PostgreSQL LOWER() LIKE LOWER() syntax for case-insensitive search
* Remove driver checks in retention_policy_store.go
Simplify retention_policy_store.go to use PostgreSQL-only code paths:
- Remove isPostgres parameter from scanRetentionIdsForDeletion
- Always use pq.Array for scanning retention IDs
- Always use pq.Array for inserting retention IDs
- Remove unused json import
* Remove driver checks in property stores
Simplify property_field_store.go and property_value_store.go to use
PostgreSQL-only code paths:
- Always use PostgreSQL type casts (::text, ::jsonb, ::bigint, etc.)
- Remove isPostgres variable and conditionals
* Remove driver checks in channel_member_history_store.go
Simplify PermanentDeleteBatch to use PostgreSQL-only code path:
- Always use ctid-based subquery for DELETE with LIMIT
* Remove remaining driver checks in user_store.go
Simplify user_store.go to use PostgreSQL-only code paths:
- Use LEFT JOIN for bot exclusion in AnalyticsActiveCountForPeriod
- Use LEFT JOIN for bot exclusion in IsEmpty
* Simplify fulltext search by consolidating buildFulltextClause functions
Remove convertMySQLFullTextColumnsToPostgres and consolidate
buildFulltextClause and buildFulltextClauseX into a single function
that takes variadic column arguments and returns sq.Sqlizer.
* Simplify SQL stores leveraging PostgreSQL-only support
- Simplify UpdateMembersRole in channel_store.go and team_store.go
to use UPDATE...RETURNING instead of SELECT + UPDATE
- Simplify GetPostReminders in post_store.go to use DELETE...RETURNING
- Simplify DeleteOrphanedRows queries by removing MySQL workarounds
for subquery locking issues
- Simplify UpdateUserLastSyncAt to use UPDATE...FROM...RETURNING
instead of fetching user first then updating
- Remove MySQL index hint workarounds in ORDER BY clauses
- Update outdated comments referencing MySQL
- Consolidate buildFulltextClause and remove convertMySQLFullTextColumnsToPostgres
* Remove MySQL-specific test artifacts
- Delete unused MySQLStopWords variable and stop_word.go file
- Remove redundant testSearchEmailAddressesWithQuotes test
(already covered by testSearchEmailAddresses)
- Update comment that referenced MySQL query planning
* Remove MySQL references from server code outside sqlstore
- Update config example and DSN parsing docs to reflect PostgreSQL-only support
- Remove mysql:// scheme check from IsDatabaseDSN
- Simplify SanitizeDataSource to only handle PostgreSQL
- Remove outdated MySQL comments from model and plugin code
* Remove MySQL references from test files
- Update test DSNs to use PostgreSQL format
- Remove dead mysql-replica flag and replicaFlag variable
- Simplify tests that had MySQL/PostgreSQL branches
* Update docs and test config to use PostgreSQL
- Update mmctl config set example to use postgres driver
- Update test-config.json to use PostgreSQL DSN format
* Remove MySQL migration scripts, test data, and docker image
Delete MySQL-related files that are no longer needed:
- ESR upgrade scripts (esr.*.mysql.*.sql)
- MySQL schema dumps (mattermost-mysql-*.sql)
- MySQL replication test scripts (replica-*.sh, mysql-migration-test.sh)
- MySQL test warmup data (mysql_migration_warmup.sql)
- MySQL docker image reference from mirror-docker-images.json
* Remove MySQL references from webapp
- Simplify minimumHashtagLength description to remove MySQL-specific configuration note
- Remove unused HIDE_MYSQL_STATS_NOTIFICATION preference constant
- Update en.json i18n source file
* clean up e2e-tests
* rm server/tests/template.load
* Use teamMemberSliceColumns() in UpdateMembersRole RETURNING clause
Refactor to use the existing helper function instead of hardcoding
the column names, ensuring consistency if the columns are updated.
* u.id -> u.Id
* address code review feedback
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
This feature has never worked as advertised. Let's deprecate it,
retaining the config field so we can fail server startup to ensure it's
not being used at all.
* MM-63726: Adjust default MaxOpenConns/MaxIdleConns settings
- Change MaxOpenConns from 300 to 100
- Change MaxIdleConns from 20 to 50
- Establish a healthier 2:1 ratio instead of the previous 15:1
- Remove hardcoded values from config files to use new defaults
* Fix mmctl config test for updated MaxIdleConns default
Update test expectation from 20 to 50 to match the new default
value for SqlSettings.MaxIdleConns that was changed in the previous
commit.
* Add report a problem type and allow logs config
* Improve device type logic
* Add tests and minor fixes
* Add texts
* Fix tests by avoiding circular dependencies
* Fix test
* Fix useexternallink updating mailtos, and changing the content of query parameters
* Fix texts
* Fix e2e test
* Fix tsc
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* feat: Add EnableCrossTeamSearch configuration option to ServiceSettings
* feat: Add EnableCrossTeamSearch configuration option to ServiceSettings
* feat: Enable cross-team search by default
* include old FF in client config
* do not error on exportFile error
* add tests for local and s3 storage exporting with missing file
* linting
* fix attachment path validation in mmctl
* Added support for S3 storage classes
* Added missing translations for S3 storage class
* Changed default storage class values to preserve original behaviour
* Changed storage class description and example
* Fix translations ordering
* Change configuration defaults to empty strings
* Remove redundant empty string check
* Validate storage class variable against constants from S3 API docs
* Validate export storage class against constants
* Use slices for config validation
* Applied patch for translation ordering
* Bulk import: stream file attachments uploads
* Add comment with context on buffer size
* Add file name to logs
* Use sha256 to do checksum
* Fix bad merge
* Fix import file
* Update test
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* don't use old hardcoded rule for validating imported posts
* fix http verb in doc
* Use client config
* Handle local mode
* E2E tests
* Enforce default if unable to use real limit
* Unit tests
* Fix tests
* Use model.PostMessageMaxRunesV2 as lower default
* Update direct post message length validation
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: streamer45 <cstcld91@gmail.com>
MySQL 5.7 is at end of life.
https://mattermost.atlassian.net/browse/MM-55589
```release-note
We bump up minimum MySQL version to be 8.0.0
```
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
* Remove all occurrences of ExperimentalTimezone in /server
This removes all uses of ExperimentalTimezone and makes all conditions using this setting being either removed (== false) or always used (== true)
* Remove timezone parameter for getChannelMemberByGroup
As timezone is always enabled this function no longer has a second parameter. The endpoint will always be called with includeTimezones set to true
* Remove all uses of ExperimentalTimezone in webapp
All conditions dependent of this are adjusted to always be true if experimentalTimezone should be true and vice versa
* Change all tests checking for correct usage of ExperimentalTimezone
As this parameter is no longer used, the tests which check for correct behaviour of this is no longer needed
* Fix type errors
Tests regarding types does now pass
'npm run check-types' will run successfully
* fix lint issues
Fix all current lint errors and now lint test goes through
* Fix test regarding profile popover
enableTimezone now is gone and all profile_popover.test.tsx can run successfully.
Added state.entities.users.profiles[] as it before threw an error without it.
* Fix tests where "April 1 2019" was changed to "April 01 2019"
Now it will show "April 1 2019" and "timeZone" will only show if its other than empty ("").
* Fix test where date was set to NaN
Now date will show correctly and will not be NaN
* fix minor test case that failed before
* fix linting in server
* Delete tests that are not valid with timeZoneEnabled removed
tests in advanced_create_comment and advanced_create_post had timeZoneEnabled
set to false as default. The tests that use this are now changed to once which are meant to have timeZoneEnabled set to true.
Adjust jest function in advanced_create_post to get correct stacktrace
* Parameter deleted
isTimeZoneEnabled is always true and therefore the parameter can be deleted
* adjust to prettier standard
* Remove all occurrences of ExperimentalTimezone in /server
This removes all uses of ExperimentalTimezone and makes all conditions using this setting being either removed (== false) or always used (== true)
* Remove timezone parameter for getChannelMemberByGroup
As timezone is always enabled this function no longer has a second parameter. The endpoint will always be called with includeTimezones set to true
* Remove all uses of ExperimentalTimezone in webapp
All conditions dependent of this are adjusted to always be true if experimentalTimezone should be true and vice versa
* Change all tests checking for correct usage of ExperimentalTimezone
As this parameter is no longer used, the tests which check for correct behaviour of this is no longer needed
* Fix type errors
Tests regarding types does now pass
'npm run check-types' will run successfully
* fix lint issues
Fix all current lint errors and now lint test goes through
* Fix test regarding profile popover
enableTimezone now is gone and all profile_popover.test.tsx can run successfully.
Added state.entities.users.profiles[] as it before threw an error without it.
* Fix tests where "April 1 2019" was changed to "April 01 2019"
Now it will show "April 1 2019" and "timeZone" will only show if its other than empty ("").
* Fix test where date was set to NaN
Now date will show correctly and will not be NaN
* fix minor test case that failed before
* fix linting in server
* Delete tests that are not valid with timeZoneEnabled removed
tests in advanced_create_comment and advanced_create_post had timeZoneEnabled
set to false as default. The tests that use this are now changed to once which are meant to have timeZoneEnabled set to true.
Adjust jest function in advanced_create_post to get correct stacktrace
* Parameter deleted
isTimeZoneEnabled is always true and therefore the parameter can be deleted
* adjust to prettier standard
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* move plugin signature verification to caller
The semantics for when plugin signature validation is required are unique to the caller, so move this logic there instead of masking it, thus simplifying some of the downstream code.
* support transitionally prepacked plugins
Transitionally prepackaged plugins are prepackaged plugins slated for unpackaging in some future release. Like prepackaged plugins, they automatically install or upgrade if the server is configured to enable that plugin, but unlike prepackaged plugins they don't add to the marketplace to allow for offline installs. In fact, if unlisted from the marketplace and not already enabled via `config.json`, a transitionally prepackaged plugin is essentially hidden.
To ensure a smooth transition in the future release when this plugin is no longer prepackaged at all, transitionally prepackaged plugins are persisted to the filestore as if they had been installed by the enduser. On the next restart, even while the plugin is still transitionally prepackaged, the version in the filestore will take priority. It remains possible for a transitionally prepackaged plugin to upgrade (and once again persist) if we ship a newer version before dropping it altogether.
Some complexity arises in a multi-server cluster, primarily because we don't want to deal with multiple servers writing the same object to the filestore. This is probably fine for S3, but has undefined semantics for regular filesystems, especially with some customers backing their files on any number of different fileshare technologies. To simplify the complexity, only the cluster leader persists transitionally prepackaged plugins.
Unfortunately, this too is complicated, since on upgrade to the first version with the transitionally prepackaged plugin, there is no guarantee that server will be the leader. In fact, as all nodes restart, there is no guarantee that any newly started server will start as the leader. So the persistence has to happen in a job-like fashion. The migration system might work, except we want the ability to run this repeatedly as we add to (or update) these transitionally prepackaged plugins. We also want to minimize the overhead required from the server to juggle any of this.
As a consequence, the persistence of transitionally prepackaged plugins occurs on every cluster leader change. Each server will try at most once to persist its collection of transitionally prepackaged plugins, and newly started servers will see the plugins in the filestore and skip this step altogether.
The current set of transitionally prepackaged plugins include the following, but this is expected to change:
* focalboard
* complete list of transitionally prepackaged plugins
* update plugin_install.go docs
* updated test plugins
* unit test transitionally prepackged plugins
* try restoring original working directory
* Apply suggestions from code review
Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com>
* clarify processPrepackagedPlugins comment
---------
Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com>
* [MM-53124] Add optional Forgot Password custom link to override the default flow on the login page
* Fix i18n
* Fix test
* Added the enable/disable flag
* Fix test
* Fix e2e
* Add blockable link for the Customization navigation
