* Add Entra ID token authentication and Intune MAM config exposure
* Add Intune MAM toggle to Mobile Security admin console
* Add IntuneSettings with the AuthService to use and its own TenantID andClientID for the Entra App registration
Include Admin console changes
switch from /oauth/entra to /oauth/intune endpoint
* openAPI documentation
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: yasser khan <attitude3cena.yf@gmail.com>
* Mock react-virtualized-auto-sizer in all unit tests to ensure contents are mounted
Without mocking that, anything inside of an `AutoSizer` wouldn't be rendered
at all, leading to weird behaviour like the emoji picker being empty in tests.
* Fix EmojiPickerCategoryRow not having a defaultMessage
This caused any unit tests involving the emoji picker to error unless you
also provided an intlMessages object which is hard to do due to how Jest's
`moduleNameMapper` option is configured currently.
* Fixed incorrect usage of useCallback in EmojiPickerItem
The way this was previously written, we weren't specifying dependencies
properly for those callbacks which lead to some actual performance issues
because of how heavy the emoji picker is, and it also lead to issues where
click handlers would have to be triggered multiple times in unit tests
for some reason.
* MM-66659 Stop using caretPosition in useEditorEmojiPicker
This bug seems to be caused by a race condition between React and Chrome which
only occurs on Windows and only now that we've upgraded to React 18. That race
condition occurs with how we map the selection range in the post textbox to
its `caretPosition` state. That state has always been pretty janky, so I've
decided to remove it.
This also has some other benefits like improving UX by using `execCommand`
which preserves the undo/redo stack when using the emoji picker and simplifying
the code because we no longer have to manually mess with the cursor position.
Also, while I was in there, I fixed some minor weirdness around how whitespace
is handled when adding those emojis.
* MM-66659 Stop using caretPosition in useKeyHandler
* MM-66659 Stop using caretPosition for prefill message
* MM-66659 Remove remaining traces of caretPosition in AdvancedTextEditor
* Fix exclusive test
* Fix "Fixed incorrect usage of useCallback in EmojiPickerItem"
* Fixed incorrect usage of FixedSizeList in emoji picker
This is the actual fix to the issue I thought I fixed previously by changing
how `useCallback` was called in EmojiPickerItem.
It turns out the actual issue is that we were passing a new function as the
child of FixedSizeList on every render cycle which caused it to re-render all
of the rows which somehow also assigned them new DOM Nodes as well. The
EmojiPicker re-renders whenever we mouse over an emoji, so it would re-render
the FixedSizeList and all of its children frequently when mousing over things.
Apart from causing performance issues, that also seems to cause RTL to fail to
click on an emoji the first time you call `userAgent.click` because the first
call would move the mouse which would trigger a re-render, and that would
seemingly cause RTL to forget what to click on.
To fix that, I used a new React context to pass the extra props to the
EmojiPickerCategoryOrEmojiRow. I could've also done that by adding them to the
FixedSizeList's `itemData` prop, but that already contains a lot of heavy data,
and I didn't want to add to that.
* Revert changes to postMessageOnKeyPress
* Run Prettier in playwright folder
* Added docs to new Playwright test
* Address feedback
* Add EasyLogin configuration (#34217)
* add easy login config
* add easy login to the invite modal
* add to the query parameters
* Add an API to get login method for the login id (#34223)
* add an api to get login method for the login id
* do not return errors if user is not found
* Add support for Easy Login invitation link sending (#34224)
This generates Easy Login token types when requested. The server
doesn't do anything with these tokens, yet - that will come in a
future change.
* Add support for logging in with easy login (#34236)
* Fix E2E tests (#34240)
* Prevent easy login accounts to reset their password (#34262)
* Add easy login support to login api and limit token to 5 min (#34259)
* webapp easy login ui mods (#34237)
* webapp easy login ui mods
* easy login i18n
* lint issues
* getUserLoginType
* using the real API
* easylogin proper redirect
* remove unneeded functions and files
* duplicated localization
* remove easylogin
* using EnableEasyLogin setting
* localization fix
* fix lint issue
* remove excessive setIsWaiting
* changed logic to make it more readable
* renaming component to make easier editable
* password will disappear when username change
* login test
* text for easy login password
* Add app links to emails
* Update templates and always land in the landing screen
* Update svg image, improve checks on server, fix linking page and show deactivated on login type
* Update naming
* Fix mocks and imports
* Remove all sessions on disable and forbid user promotion
* Fix layer and tests
* Address feedback
* Fix tests
* Fix missing string
* Fix texts
* Fix tests
* Fix constant name
* Fix tests
* Fix test
* Address feedback
* Fix lint
* Fix test
* Address feedback
* Fix test
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: David Krauser <david@krauser.org>
Co-authored-by: Daniel Espino <larkox@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* updated aws-sdk dependency to aws-sdk-go-v2
* simplify error handling in case of timeout errors
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* add option to run fips build
* modify gh comments
* organize gh and commit status
* sanitize inputs, handle group concurrency
* indicate fix in status context and fix comparison
* handle fips comparison
* updated per comments
* reverted missed lines
* fix failed cypress test by migrating to playwright
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Initial Implementation of Push Proxy Authentication
* Include Config Listener for Leader plus delete startup function as job scheduler runs on initialization
* Remove push proxy auth from local imports
* Add push proxy auth to external imports
* Add push proxy auth error messages
* Update error codes
* Fix enterprise dep definition
* make i18n-extract
* Mock System store Get
* m
* m
* m
* m
* Update serverID header
* Add install type env var to docker
* Update Push Proxy config with new options
Global, US, Germany and Japan. Previous configurations will keep working
* use model.SafeDereference
* Delete token when new push proxy URL is empty
* ServerID header only if auth token is available
---------
Co-authored-by: Daniel Schalla <daniel@mattermost.com>
Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Revert "MM-13657: Set ExperimentalStrictCSRFEnforcement to true by default (#33444)"
This reverts commit 257eec43ed.
* Fix call to checkCSRFToken
* Adapt test that relied on strict CSRF enforcement
This test was added after
https://github.com/mattermost/mattermost/pull/33444, so it assumed
strict CSRF enforcement to be enabled. When reverting that PR, we need
to adapt the test to account for both cases.
* Fix newer tests to use older setting
* Dependencies: Remove unused dependency on @mattermost/dynamic-virtualized-list
* Update Components package to React 18 and new version of RTL
* Upgrade React, React Redux, RTL, and associated libraries
I had to upgrade React Redux for the new version of React, and that
brought with it new versions of associated packges (Redux, Reselect,
Redux Thunk). A few other libraries needed to be updated or have their
explicit dependencies overridden for the new version of Redux as well.
To note for future dependency upgrades, redux-mock-store is deprecated,
and redux-batched-actions and redux-persist are inactive.
For RTL:
1. `@testing-library/react-hooks` has been rolled into
`@testing-library/react`, and its interface has changed.
2. I had to make some changes to get TS to use the types for the new
methods added to `expect`.
* Dependencies: Fix dom-accessibility-api patch from #33553
* Tests: Fix tests that use jest.spyOn with react-redux
* Functional: Remove usage of defaultProps on function components
* Tests: Remove usage of react-dom/test-utils
* Functional: Rename conflicting context prop on Apps components
* Tests: Always await on userEvent calls
* Functional: Patch react-overlays to fix pressing escape in unit tests
I did something similar in React Bootstrap a few weeks ago.
See https://github.com/mattermost/react-bootstrap/pull/5
* Tests: Prevent tests from fetching from real URLs
* Tests: Update snapshots changed by upgrading react-redux and styled-components
* Functional: Stop passing deprecated pure parameter to connect
* Tests: Change how we intercept console errors in tests to preserve stack traces
* Tests: Fix incorrect usage of act in Enzyme tests
These tests are a mix of:
1. Not calling act when performing something that will update the DOM (like clicking on a button or invoking a method) which either caused warnings or failed snapshots as changes weren't visible.
2. Calling act in weird ways (such as wrapping mount in an async act) which caused Enzyme to not function
Some of these changes just silence warnings, but most of them are required to make the test even run
* Tests: Fix incorrect usage of act in RTL tests
* Tests: Fix a few minor issues in tests
* Functional: Add note for why we're not using ReactDOM.createRoot
* Functional: Fix focus trap infinite recursion in test
* Types: Replace removed React.SFC
* Types: Fix type of functions in FormattedMessage values prop
* Functional: Fix DropdownInputHybrid placeholder
* Types: Patch type definitions of react-batched-actions
* Types: Fix mattermost-redux build failing due to type check in Redux Dev Tools
* Dependencies: Add type definitions for react-is
* Types: Update types around ReactNode and ReactElement
React's gotten more strict with these, so we need to be more careful with what
we return from a render method. In some of these places, we also misused some
types, so hopefully I've sorted those out.
* Types: Explicitly added types to all instances of useCallback
* Types/Tests: Update typing of Redux actions and hooks
useDispatch is sort of stricter now, but it doesn't seem to rely on the global type of `Dispatch` any more, so I ended up having to add an extra overload to make that work.
* Tests: Update new tests in useChannelSystemPolicies for new version of RTL
These were added on master after I updated RTL on the branch
* Tests: Update action used to test initial store state
* Functional: Remove remnants of code for hot reloading Redux store
* Types/Tests: Update typing around React Router
* Types/Functional: Update typing involving the FormattedMessage values prop
There's a couple functional changes to ensure that the value passed is either a valid string or Date
* Types: Misc fixes
* Functional: Don't pass unused props to ChannelHeader
* Functional: Ensure plugin setting text is rendered before passing to Setting component
The previous version might've allowed MessageDescriptors to be passed unformatted
into the Setting component (which would then be rendered in the DOM). As best as
I can tell, we never actually did that, so this shouldn't change anything in practice.
* Tests: Make tests for identifyElementRegion more reliable
* Tests: Update recent tests for new version of RTL
* E2E: Make editLastPostWithNewMessage more reliable
* Downgrade React to 18.2.0 and manually dedupe React versions
18.2.0 and 18.3.0 are nearly identical to one another, except 18.3.x includes
warnings when using any API that will be removed in React 19. I don't want to
flood the console and test logs with warnings for things we're not addressing
for the time being.
Also, they didn't export act from React itself until 18.3.1 for some reason
(despite the old import path printing a warning), so I needed to revert the
changes to its import path.
To get this all to work, for some reason, I had to manually delete all the
entries for `react` and `react-dom` from the lockfile to get NPM to use a
single version of React and ReactDOM everywhere. I did discover `npm dedupe`
in the process, but that didn't solve this problem where I was trying to
consistently downgrade everything.
* Revert changes to notice file build tool to speed up CI
* Add explicit version of types/scheduler
The version of `@types/react` that we use says it works with any version of
`@types/scheduler` which causes NPM to install a newer version of it which
is missing a file of types that it needs.
* Update new test to await on userEvent
* Fix Playwright test that relied on autogenerated class name
* Tests: Disable test for identifyElementRegion
* Functional: Change DynamicVirtualizedList ListItem to use useLayoutEffect
In a previous commit, I changed the RHS to use the monorepo
DynamicVirtualizedList instead of the old version that lived in its own repo.
That caused the RHS to no longer scroll to the bottom on initial mount or be
able to render additional pages (even though the posts are loaded). This seems
like it has to do with the improved size calculation that Zubair made because
that's the main difference in the monorepo version of that component.
For some reason I don't entirely understand, changing to useLayoutEffect seems
to fix that. I think that's because the old measurement code is written as a
class component, and useLayoutEffect fires at the same time as
componentDidMount/componentDidUpdate.
* Types: Revert some type changes to reduce test log output
* Functional: Fix places where useSelector returned new results when called with the same arguments
I wasn't planning on fixing this now, but I think the increased length of the warning logs in the tests are causing
the GitHub action for the unit tests to abort as it reaches around 10000 lines long.
* Tests: Fix place where mocked selector returned new results when called with the same arguments
Same reason as before, but this one only occurred because of a test's mocked selector. I replaced it with
a real one to get around that.
* Tests: Fail tests when selector returns new results when called with the same arguments
* Attempt to fix web app unit tests failing in CI
* Change CI tests to set workerIdleMemoryLimit instead of reducing maxWorkers
* Increase workerIdleMemoryLimit in CI
* Revert changes to test-ci command and revert changes to how unit test logs are collected
* Unrevert changes to test logging, re-add workerIdleMemoryLimit, and try disabling test coverage
* Actually disable coverage
* Fix flaky test
* Update a couple new tests to fit PR and remove an unnecessary act
* Replace bad mock in new unit test
* Fix types of new code
* Remove mock from new unit test
* MM-64486: Remove telemetry
Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information.
* recover mock for SystemStore.Get
* Fix TestClearPushNotificationSync by adding missing SystemStore mock
The test was failing because the SystemStore mock was missing the Get()
method that's required by the ServerId() function. Added the missing mock
to return a StringMap with SystemServerId.
* fix mocking issue
* Remove now-unused telemetry and constants
* Remove "Disable telemetry events" debug setting
* Remove empty functions
* Remove most "Telemetry tracking removed" comments
* Remove remains of DataPrefetch telemetry
* Remove now-unused prop from InviteMembersButton
* Remove trackDotMenuEvent
* Remove some more leftover comments
* Remove lingering logic related to trackingLocation
* Remove now-unused argument from useCopyText
* Remove lingering telemetry references from PreparingWorkspace
* fixup Remove trackDotMenuEvent
* Remove lingering telemetry references from signup page and password check
* Update snapshots and fix test broken by my changes
* Fix unintended behavior change in thread list filtering
Remove handleSetFilter wrapper that was accidentally modified during
telemetry removal. The function was calling clear() when switching to
unread filter, which was not the original behavior. Use setFilter
directly instead, restoring the original functionality.
* Remove unused useOpenDowngradeModal hook
The useOpenDowngradeModal hook was not being used anywhere in the codebase.
* Remove unused expandableLink from useExpandOverageUsersCheck
The expandableLink return value was not being used by any components.
* Re-add missing TeamLinkClicked performance telemetry
The mark(Mark.TeamLinkClicked) call was accidentally removed from the
handleSwitch function. This telemetry is needed for Looker-based
performance tracking.
* drop LogSettings.VerboseDiagnostics
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
This feature has never worked as advertised. Let's deprecate it,
retaining the config field so we can fail server startup to ensure it's
not being used at all.
* MM-64807: Deprecate format parameter in client config endpoint
- Remove requirement for format=old query parameter in /api/v4/config/client
- Endpoint now returns client configuration by default without parameters
- Maintain backward compatibility - format parameter is accepted but ignored
- Replace GetOldClientConfig with GetClientConfig across all clients
- Update API documentation to reflect simplified endpoint
- Update webapp client to remove format parameter usage
The endpoint previously returned HTTP 501 without format=old parameter.
Now it returns the client configuration directly, making the API more
intuitive while preserving compatibility with existing clients.
* Update i18n strings after format parameter deprecation
* Update E2E tests to use getClientConfig instead of getClientConfigOld
- Replace getClientConfigOld calls in playwright test library
- Aligns with format parameter deprecation in MM-64807
* Keep format=old parameter in webapp getClientConfig for pre-v11 compatibility
- Remove NotificationLogSettings configuration entirely
- Add new notification-specific log levels (NotificationError, NotificationWarn, NotificationInfo, NotificationDebug, NotificationTrace)
- Consolidate all notification logs into standard mattermost.log file
- Update all notification logging code to use new multi-level logging (MlvlNotification*)
- Remove notification logger infrastructure and support packet integration
- Update test configurations and remove deprecated functionality tests
- Add comprehensive tests for new notification log levels
This change simplifies log analysis by unifying all application logging while maintaining flexibility through Advanced Logging configuration for administrators who need separate notification logs.
🤖 Generated with [Claude Code](https://claude.ai/code)
---------
Co-authored-by: Claude <noreply@anthropic.com>
* server: allow access to channel bookmarks in an archived channel
* server: allow access to posts in archived channels
* server: allow accessing channel members for archived channels
* server: allow autocompleting/searching archived channels
* server: allow access to files from archived channels
* server: fix access issue on database error
* server: allow access to archived channels
* server: remove TeamSettings.ExperimentalViewArchivedChannels from telemetry
* server: remove ExperimentalViewArchivedChannels from client config
* webapp: simplify delete channel
* webapp: simplify channel settings modal
* webapp: do not redirect away from archived channel
* webapp: rhs, always search posts from archived channels
* webapp: switch channels, always support archived channels
* webapp: search channel provider, always support archived channels
* webapp: browse channels, always support archived channels
* webapp, search results? fixup?
* webapp, confusing type issue
* webapp: unarchive, no need to report view archived
* webapp: command test, no need for ExperimentalViewArchivedChannels in config
* webapp: remove ExperimentalViewArchivedChannels from system console
* webapp: redux, do not delete posts, also fix LEAVE_CHANNEL
* update e2e tests
* server: fail startup if ExperimentalViewArchivedChannels is not enabled
* extract i18n
* updated snapshots
* update tests
* simplify posts reducer
* updated tests
* additional e2e tests
* Fix locale consistency in Jest tests
Added consistent locale environment variables (LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8)
to all Jest test scripts to prevent locale-dependent date formatting differences
across development environments.
This resolves snapshot test failures where DateTime.toLocaleString() would produce
different date formats on different systems (e.g., "6/8/2025" vs "08/06/2025" vs "2025-06-08").
Updated test scripts:
- test, test:watch, test:updatesnapshot, test:debug, test-ci
Updated snapshot to consistent en_US format.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove includeArchivedChannels parameter from GetMemberForPost
* Remove unnecessary includeDeleted variable assignments
* Deprecate ExperimentalViewArchivedChannels config field
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Ensure all Suggestion rendering code always uses an array of components
* Ensure all Suggestion rendering code always uses a single matchedPretext
* Pass SuggestionResults around through suggestion components instead of raw arrays
* Have new search component use SuggestionListStatus
* Have new search and ForwardPostModal use SuggestionResults helpers
* Migrate SuggestionList and AtMentionProvider to support suggestion groups
* Migrate SearchSuggestionList and SearchChannelProvider to support suggestion groups
* Migrate NewSearch to support suggestion groups
* Make ExtensionSuggestionsProvider group results
* Make ChannelMentionProvider group results
* Make AppProvider and CommandProvider group results
* Make EmoticonProvider group results
* Don't migrate SuggestionDate to support suggestion groups
* Make SearchUserProvider group results
* Make SwitchChannelProvider group results
* Remove lingering parts of old implementations of dividers between suggestions
* Remove unused prop on SuggestionList
* Update E2E tests and stop using data-testid for SuggestionList
* Uncomment accidentally commented out lines
* Fix quick switch modal being ordered incorrectly and unskip test
* Remove leftover TODOs
* Remove unused component
* Fix comment
* Rename suggestion_list_structure.tsx to suggestion_list_contents.tsx
* Pull out isItemLoaded helper
* Add a bunch of tests
* Add more comments to suggestion_results.ts
* Make SuggestionResults type parameter default to unknown
https://mattermost.atlassian.net/browse/MM-13657
```release-note
We change ServiceSettings.ExperimentalStrictCSRFEnforcement to be
true by default for new installations. For existing installations,
the value will remain unchanged.
```
* Remove ''Experimental'' prefix from CSRF enforcement field
Change field name from ExperimentalStrictCSRFEnforcement to StrictCSRFEnforcement across all files
Co-authored-by: Agniva De Sarker <agnivade@users.noreply.github.com>
* lint fix
```release-note
NONE
```
* fix test
```release-note
NONE
```
* set StrictCSRFEnforcement to false on starting a test server
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Agniva De Sarker <agnivade@users.noreply.github.com>
Co-authored-by: Saturnino Abril <5334504+saturninoabril@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-63652: Transition gossip encryption functionality to GA
Create a new config setting, and migrate the old values to new.
https://mattermost.atlassian.net/browse/MM-63652
Skip-Enterprise-PR: true
```release-note
NONE
```
* fix i18n
also fix unit tests
```release-note
NONE
```
* For fresh installations, default to true
```release-note
NONE
```
* gofmt files
```release-note
NONE
```
* Fixing some more strings
```release-note
NONE
```
* Update e2e tests
```release-note
NONE
```
* Add server settings to further lock files on mobile
* fix format with prettier
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Saturnino Abril <5334504+saturninoabril@users.noreply.github.com>
* [MM-63008] Make collapse button on search bar an actual button
* [MM-63004][MM-63020] Convert search box to floating-ui, fix some of the roles and labels that were incorrect
* [MM-63009] Add radiogroup and radio roles to the search box types
* [MM-63007] Ensure search box reads out number of results with suggestion items
* Fix playwright tests
* PR feedback
* Remove floating ui overlay
* Remove unnecessary .first() by being more specific about the search box
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-63041] Convert many inputs to the Input component, replace clientError with more correct client-side validation that conforms to the input
* Fix line length
* PR feedback
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-63411 Don't focus thread textbox automatically when it has a draft
* Add E2E test
* Add test files forgotten in previous commit
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-62980] Set aria-describedby for Input component when again custom message is set
* [MM-62970] Change password reset send link input to Input
* Fix i18n
* Fix e2e
* fix snapshots
---------
Co-authored-by: yasserfaraazkhan <attitude3cena.yf@gmail.com>
