* [MM-66708] Disallow interacting with password and login method for magic link accounts
* Fix test and update getLoginType response
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add EasyLogin configuration (#34217)
* add easy login config
* add easy login to the invite modal
* add to the query parameters
* Add an API to get login method for the login id (#34223)
* add an api to get login method for the login id
* do not return errors if user is not found
* Add support for Easy Login invitation link sending (#34224)
This generates Easy Login token types when requested. The server
doesn't do anything with these tokens, yet - that will come in a
future change.
* Add support for logging in with easy login (#34236)
* Fix E2E tests (#34240)
* Prevent easy login accounts to reset their password (#34262)
* Add easy login support to login api and limit token to 5 min (#34259)
* webapp easy login ui mods (#34237)
* webapp easy login ui mods
* easy login i18n
* lint issues
* getUserLoginType
* using the real API
* easylogin proper redirect
* remove unneeded functions and files
* duplicated localization
* remove easylogin
* using EnableEasyLogin setting
* localization fix
* fix lint issue
* remove excessive setIsWaiting
* changed logic to make it more readable
* renaming component to make easier editable
* password will disappear when username change
* login test
* text for easy login password
* Add app links to emails
* Update templates and always land in the landing screen
* Update svg image, improve checks on server, fix linking page and show deactivated on login type
* Update naming
* Fix mocks and imports
* Remove all sessions on disable and forbid user promotion
* Fix layer and tests
* Address feedback
* Fix tests
* Fix missing string
* Fix texts
* Fix tests
* Fix constant name
* Fix tests
* Fix test
* Address feedback
* Fix lint
* Fix test
* Address feedback
* Fix test
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: David Krauser <david@krauser.org>
Co-authored-by: Daniel Espino <larkox@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-65084: (server-side) PKCE code-exchange for SSO
Server side changes needed for MM-65084. Guarded by MobileSSOCodeExchange feature flag.
* Update users.yaml for vet-api testing
* Change error for not saving SAML token to existing generic 'can't save token' message
* Restricting to sha256 only PKCEs
* Change out PKCE terminology to SAML
This came out as Claude used "PKCE" as a shorthand for the style and I did not know better. SAML is the correct term here.
This also fixes a linter issue where we were assigning `codeVerifier` to `computed` but then overwriting it in all cases (so that was misleading and unecessary)
* Adding ConsumeTokenOnce and IsExpired as suggested by security review
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-64486: Remove telemetry
Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information.
* recover mock for SystemStore.Get
* Fix TestClearPushNotificationSync by adding missing SystemStore mock
The test was failing because the SystemStore mock was missing the Get()
method that's required by the ServerId() function. Added the missing mock
to return a StringMap with SystemServerId.
* fix mocking issue
* Remove now-unused telemetry and constants
* Remove "Disable telemetry events" debug setting
* Remove empty functions
* Remove most "Telemetry tracking removed" comments
* Remove remains of DataPrefetch telemetry
* Remove now-unused prop from InviteMembersButton
* Remove trackDotMenuEvent
* Remove some more leftover comments
* Remove lingering logic related to trackingLocation
* Remove now-unused argument from useCopyText
* Remove lingering telemetry references from PreparingWorkspace
* fixup Remove trackDotMenuEvent
* Remove lingering telemetry references from signup page and password check
* Update snapshots and fix test broken by my changes
* Fix unintended behavior change in thread list filtering
Remove handleSetFilter wrapper that was accidentally modified during
telemetry removal. The function was calling clear() when switching to
unread filter, which was not the original behavior. Use setFilter
directly instead, restoring the original functionality.
* Remove unused useOpenDowngradeModal hook
The useOpenDowngradeModal hook was not being used anywhere in the codebase.
* Remove unused expandableLink from useExpandOverageUsersCheck
The expandableLink return value was not being used by any components.
* Re-add missing TeamLinkClicked performance telemetry
The mark(Mark.TeamLinkClicked) call was accidentally removed from the
handleSwitch function. This telemetry is needed for Looker-based
performance tracking.
* drop LogSettings.VerboseDiagnostics
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
This feature has never worked as advertised. Let's deprecate it,
retaining the config field so we can fail server startup to ensure it's
not being used at all.
* server: allow access to channel bookmarks in an archived channel
* server: allow access to posts in archived channels
* server: allow accessing channel members for archived channels
* server: allow autocompleting/searching archived channels
* server: allow access to files from archived channels
* server: fix access issue on database error
* server: allow access to archived channels
* server: remove TeamSettings.ExperimentalViewArchivedChannels from telemetry
* server: remove ExperimentalViewArchivedChannels from client config
* webapp: simplify delete channel
* webapp: simplify channel settings modal
* webapp: do not redirect away from archived channel
* webapp: rhs, always search posts from archived channels
* webapp: switch channels, always support archived channels
* webapp: search channel provider, always support archived channels
* webapp: browse channels, always support archived channels
* webapp, search results? fixup?
* webapp, confusing type issue
* webapp: unarchive, no need to report view archived
* webapp: command test, no need for ExperimentalViewArchivedChannels in config
* webapp: remove ExperimentalViewArchivedChannels from system console
* webapp: redux, do not delete posts, also fix LEAVE_CHANNEL
* update e2e tests
* server: fail startup if ExperimentalViewArchivedChannels is not enabled
* extract i18n
* updated snapshots
* update tests
* simplify posts reducer
* updated tests
* additional e2e tests
* Fix locale consistency in Jest tests
Added consistent locale environment variables (LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8)
to all Jest test scripts to prevent locale-dependent date formatting differences
across development environments.
This resolves snapshot test failures where DateTime.toLocaleString() would produce
different date formats on different systems (e.g., "6/8/2025" vs "08/06/2025" vs "2025-06-08").
Updated test scripts:
- test, test:watch, test:updatesnapshot, test:debug, test-ci
Updated snapshot to consistent en_US format.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove includeArchivedChannels parameter from GetMemberForPost
* Remove unnecessary includeDeleted variable assignments
* Deprecate ExperimentalViewArchivedChannels config field
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Remove pricing modal. Adjust everywhere to instead open mattermost.com/pricing. When air gapped, don't show buttons to view plans.
* Fix lint
* Further clean up of unused code. Fixes for linter
* Remove onboarding tasklist for previews, add Cloud previer banner
* Fixes for linter, i18n
* Revert dev lines
* Fix lint
* When below one minute, switch to seconds
* fix linter
* Add scaffolding for new Cloud Preview Modal
* Style updates
* Fix tests
* fixes for PR feedback
* useExternalLink for opening pricing modal with enriched params
* Fix i17n
* fix style
* Fix style, tests
* Fix linter, types
* Add file
* Make types even more fixed
* fix: correct test case for SKU label not provided scenario
The test "should not render SKU label when not provided" was incorrectly using baseContent which includes a SKU label. Fixed by creating contentWithoutSku that explicitly sets skuLabel to undefined to properly test the scenario where no SKU label is provided.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Fine I'll do it myself
* fix linter
* Refactors
* Adjustments from PR review. Adjustments to video experience (poster/play button) and starting to translate
* Fix i18n
* Accept use case in CWS login, redirect to proper team, with filtered content in preview modal
* Wrap translation strings with defineMessage for i18n extraction
- Add import for defineMessage and MessageDescriptor from react-intl
- Update type definition to use MessageDescriptor for better type safety
- Wrap all skuLabel, title, and subtitle objects with defineMessage() calls
- This ensures the i18n-extract tool can properly detect translation strings
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Fix i18n
* Hiding modal will presist through refreshes
* Fix linter
* Add exception to notification permission bar for cloud previews
* Use regular modal close button
* Fix pipelines
* Fix i18n
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.tsx
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_controller.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Update webapp/channels/src/components/cloud_preview_modal/preview_modal_content.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Remove unnecessary CSS properties from preview modal content
Remove display: flex, height: 100%, and flex-direction: column from .preview-modal-content selector as they have no effect per code review feedback.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* feat: use getBool selector instead of get for boolean preference check
- Replace getPreference with getBool to avoid explicit === 'true' comparison
- Follows Harrison's review suggestion for cleaner boolean handling
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fix linter
* Fixes for PR review
* Fix linter
* Fix i18n
* fix linter
* Changes to address Harrison's feedback
* Change file name, remove index.tsx
* change file name, remove index.tsx
* Add the new files
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
This commit exposes audit logging functionality to plugins via the plugin API, allowing plugins to create and log audit records. Additionally, it addresses a gob encoding issue that could cause plugin crashes when audit data contains nil pointers or unregistered types.
* MM-64330 - filter abac users in channel invite
* implement cursor functionality for abac user filtering
* remove unnecessary comments
* refactor the backend implementation simplifying the functions
* refactor api to use opts as parameters, rename function
* add missing translation
* remove unnecesary test code
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
On page load, we load ALL channels and channel members from all teams.
But then, on team_switch, we would again load channels and channel
members from that team. This was redundant and mainly kept
because previously the websocket events were considered unreliable.
Now with reliable websockets, and client-side pings, we can detect
broken connections faster and recover without loss.
Additionally, the getAllChannelMembers call would page through
all responses on the client side. This was inefficient and incur
extra latency. To optimize for this, we introduce server-side
streaming of the full response if page is set to -1.
This optimizes the intial response as well.
https://mattermost.atlassian.net/browse/MM-56906
```release-note
Optimize team switch operation by removing calls to get channels
and channel members.
```
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-57516 - restrict activation/deactivation over ldap users
* Add unit tests
* refactor test to unify repeated actions
* add disable actions in user details too
* migrate test to use react-testing-library
* add new ldap user test and fix other existing tests
* restrict ldap users status management via api
* use correct server status and update tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Ignore performance counts if notifications are blocked by the device
* Change the endpoint to allow more information
* Add tests and API description
* Remove wrong test
* Address feedback
* Only update the cache when there is no error
* Follow same casing as other props
* use one single endpoint
* Fix tests
* Fix i18n
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Allow end users to fetch the group members list of groups which allow @-mentions
* Update server/channels/api4/group_test.go
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
* Fix test name
* Move into subtest
---------
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
* Added hard limits when creating user
* Added check to user activation
* Added missing check for licensed servers
* Fix i18n
* Fixed style order
* Added a separate hard limit along with existing 10k user soft limit
* For CI
* Fixing flaky test, hopefully
* Added tests
* POC for API handler opts modifier
* Made upload POSt api a file upload API
* Specified file upload local API
* Specified file upload local API
* Specified file upload API
* Simplified handler params
* Added basic security checks
* Fixed i18n
* used type for API handler options
* Removed limited reader from util deserializers (#26263)
* update ArrayFromJSON to use LimitedReader
* update for bad merge
* fix lint errors
* update test code
* update unit tests
* update unit tests
* fix unit tests
* use consts, other cleanup
* add non sorting duplicate check
* set config to default value, then config setting if available
* fix lint errors
* fixes and debugs
* fix log test
* remove setting from Client, add unlimited Parser to client
* a couple more fixes
* another fix
* rename some variables
* remove superflous call
* check for valid MaximumPayloadSize
* update language file
* fix for e2e-tests
* update util function to return error
* lint fix
* update config property name to include unit
* fix for unit test
* add new config to telemetry
* call function to create LimitedReader
* Deprecate old function, use new function name
* return new AppError on failed parse
* return new AppError on failed parse
* return new AppError on failed parse
* add constant for i18n valid constants
* Update server/public/model/utils_test.go
Co-authored-by: Miguel de la Cruz <mgdelacroix@gmail.com>
* Apply suggestions from code review
Co-authored-by: Miguel de la Cruz <mgdelacroix@gmail.com>
* update error variable, remove unnecessary check
* Update function names
* fix errors from merge
* update unit test to create unique ids
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Miguel de la Cruz <mgdelacroix@gmail.com>
* Added materialized view migration
* Renamed mat view
* Added channel membership mat view and indexes
* Added channel membership mat view and indexes
* Added new index
* WIP
* Simplifying user reporting code
* Created app and API layer for cahnnel reporting, reporting refactoring in general
* New router
* Remobved channel reporting meanwhile
* Upodated autogenerated stuff
* Lint fix
* Fixed typo
* api vet
* i18n fix
* Fixed API vetting and removed channel reporting constants
* yaml
* removed app pagination tests
* Add store method to get reporting data
* Some store changes
* Added app layer
* Added API call, some miscellaneous fixes
* Fix lint
* Fix serialized check
* Add API docs
* Fix user store tests leaking users
* Fix test
* PR feedback
* Add filtering for role/team/activated user, filter out bot users
* Fix mock
* Fix test
* Oops
* Switch to using struct filter
* More PR feedback
* Fix gen
* Fix test
* Fix API docs
* Fix test
* Fix possible SQL injection, some query optimization
* Fix migrations
* Oops
* Add role to API
* Fix check
* Add Client4 API call for load testing
* Fix test
* Update server/channels/store/storetest/user_store.go
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
* PR feedback
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
