* add authentication status to audit log for logouts
* improve audit log testing for other tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* AutoTranslate config settings
* comment out Agents provider
* Add auto translate timeout config validation
* i18n messages for autotranslation config validation
* fix test
* validate url for libreTranslate
* Feedback review
* Admin Console UI for Auto-Translation
* fix admin console conditional section display
* i18n
* removed unintentional change
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* update admin.general.localization.autoTranslateProviderDescription newline
* fix lint
* Fix types
* UX feedback review
* fix typo in i18n
* Fix AutoTranslation feature flag
* feedback review
* Fix test default values
* feedback review
* re-add isHidden property to feature discovery
* Database Migrations, Indexes and Methods for Auto-Translation
* i18n
* fix retrylayer and storetest
* Fix search query
* fix lint
* remove the request.CTX and modify Translation model
* fix lint and external url
* Add settings to playwright
* Add empty as a valid value for the Provider
* Update jsonb queries
* Fix queries and add model methods
* fix go lint
* go lint fix 2
* fix db migrations
* feedback review + store cache
* increase migration number
* cleanup autotranslation store cache
* use NULL as objectType for posts
* fix bad merge
* fix tests
* add missing i18n
* Active WebSocket Connection User Tracking
* copilot feedback and fix styles
* remove duplicate calls
* remove early return to mitigate timing attacks
* Switch prop bags column to boolean
* fix lint
* fix tests
* Remove database search
* use Builder methods
* review feedback
* AutoTranslation interface with Core Translation Logic
* update timeouts to use short/medium/long translations
* external exports
* add configured languages to autotranslations
* added post prop for detected language
* fix bugs for storing translation and call translation service
* clean up interface
* add translations to GetPost repsonses and in the create post response
* use metadata for translation information and add new column for state of a translation
* change websocket event name
* change metadata to a map
* single in memory queue in the cluster leader
* remove unused definition
* Revert "remove unused definition"
This reverts commit e3e50cef30.
* remove webhub changes
* remove last webhub bit
* tidy up interface
* Frontend integration
* tidy up
* fix api response for translations
* Add Agents provider for auto translations (#34706)
* Add LLM backed autotranslation support
* Remove AU changes
* Remove orphaned tests for deleted GetActiveUserIDsForChannel
The GetActiveUserIDsForChannel function was removed from PlatformService
as part of the autotranslations refactoring, but its tests were left behind
causing linter/vet errors. This removes the orphaned test code:
- BenchmarkGetActiveUserIDsForChannel
- TestGetActiveUserIDsForChannel
- waitForActiveConnections helper
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add missing i18n translations and fix linter errors
- Add 17 missing translation strings for autotranslation feature
- Fix shadow variable declarations in post.go and autotranslation.go
- Remove unused autoQueueMaxAge constant
- Remove unused setupWithFastIteration test function
- Use slices.Contains instead of manual loop
- Use maps.Copy instead of manual loop
- Remove empty if branch
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix tests
* Fixes for PR review
* add files
* Update webapp/channels/src/components/admin_console/localization/localization.scss
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* fixes
* Fixes
* Didn't save
* Add a translation
* Fix translations
* Fix shadow err
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* tidy up code for review
* add support for editing posts
* i18n-extract
* i18n
* Rename show translations and add util to get message
* Fix get posts, migrations, websockets and configuration styles
* Fix CI
* i18n-extract
* Fix webapp tests
* Address UX feedback
* i18n-extract
* Fix lint
* updated shimmer animation, fixed issue with the width on compact icon buttons
* fix migrations
* fix markdown masking for bold, italics and strikethrough
* Address feedback
* Add missing changes
* Fix and add tests
* Fix circular dependencies
* lint
* lint
* lint and i18n
* Fix lint
* Fix i18n
* Minor changes
* Add check for whether the channel is translated or not for this user
* Fix lint and add missing change
* Fix lint
* Fix test
* Remove uneeded console log
* Fix duplicated code
* Fix small screen show translation modal
* Remove interactions on show translation modal
* Disable auto translation when the language is not supported
* Fix typo
* Fix copy text
* Fix updating autotranslation for normal users
* Fix autotranslate button showing when it shouldn't
* Fix styles
* Fix test
* Fix frontend member related changes
* Revert post improvements and remove duplicated code from bad merge
* Address feedback
* Fix test and i18n
* Fix e2e tests
* Revert lingering change from post improvements
* Fix lint
---------
Co-authored-by: Elias Nahum <nahumhbl@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: BenCookie95 <benkcooke@gmail.com>
Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* rebased all prev commits into one (see commit desc)
add UsePreferredUsername support to gitlab; tests
resort en.json
update an out of date comment
webapp i18n
simplify username logic
new arguments needed in tests
debug statements -- revert
* merge conflicts
* fix i18n
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-67137 Fix references to window in client package
* Fix Client tests running on compiled code
* Mostly revert changes to limit the chance of accidental changes
* MM-67372: Filter SVG images from OpenGraph metadata to prevent DoS
This commit adds server-side filtering of SVG images from OpenGraph
metadata to mitigate a DoS vulnerability where malicious SVG images
in og:image tags can crash Chromium-based browsers and Safari.
Changes:
- Add IsSVGImageURL() helper function in model package to detect SVG URLs
- Filter SVG images in parseOpenGraphMetadata() for regular HTML pages
- Filter SVG images in parseOpenGraphFromOEmbed() for oEmbed responses
- Add defense-in-depth filtering in TruncateOpenGraph() and getImagesForPost()
- Add comprehensive tests for all SVG filtering functionality
SVG detection is based on:
- File extension (.svg, .svgz) - case-insensitive
- MIME type (image/svg+xml)
Reference: https://issues.chromium.org/issues/40057345
* MM-67372: Filter SVG images from cache/DB and direct SVG URLs
This commit addresses remaining attack vectors for the SVG DoS vulnerability:
1. Cache/DB filtering: Apply TruncateOpenGraph when returning OpenGraph
from cache or database to filter stale data that was stored before
the initial fix was deployed.
2. Direct SVG URLs: Filter PostImage entries with Format="svg" to prevent
browser crashes when someone posts a direct link to an SVG file.
3. Embed creation: Skip creating image embeds for SVG images and create
link embeds instead.
4. New SVG detection: Return nil instead of creating PostImage when
fetching direct SVG URLs to prevent storing them in the database.
These changes ensure that even environments with pre-existing malicious
link metadata will be protected after a server restart.
* MM-67372: Fix test expectation for SVG image handling
* Removed duplicate logic in favor of already implemented FilterSVGImages in model
* Addressing PR comments
* Replacing exact match comparison with prefix check
* Added new test cases for unit tests
The reliance on ViewUsersRestrictions was causing a SQL bug, since the
original query did not join with the Users table. Instead, use
model.GroupSearchOpts to rely on AllowReference, which should be used to
filter the results in all cases, except when the user is a sysadmin (has
the PermissionSysconsoleReadUserManagementGroups permission).
Co-authored-by: Mattermost Build <build@mattermost.com>
This change allows admins to delete protected property fields when the source plugin has been uninstalled, providing a cleanup mechanism for orphaned fields. If a field has the protected attribute set to true, but the associated source plugin is not installed, an admin can remove that field from the admin console.
- Disable editing of protected fields in admin console and user profiles
- Show "Managed by: {pluginId}" indicator for protected fields in admin panel
- Disable dot menu button for protected fields in property management table
- Hide source_only fields from all user/profile views (user settings, profile popover, admin user management)
- source_only fields remain visible only in the field management configuration view
- Add i18n messages for protected field indicators
Updates all Custom Profile Attribute endpoints and app layer methods to pass caller user IDs through to the PropertyAccessService. This connects the access control service introduced in #34812 to the REST API, Plugin API, and internal app operations.
Also updates the OpenAPI spec to document the new field attributes (protected, source_plugin_id, access_mode) and adds notes about protected field restrictions.
Custom profile attributes (properties) in Mattermost need to support security-critical use cases like Attribute-Based Access Control (ABAC), external identity system synchronization, and privacy-preserving collaboration. Without access controls on these properties, any user or component could modify property fields and values, making them unsuitable for security decisions. Additionally, different properties require different visibility patterns - some need to be publicly readable, some should only be visible to their managing system, and some require privacy-preserving visibility where users can only see shared values.
This change introduces the PropertyAccessService, a wrapper around PropertyService that enforces access control for all property operations. This service is introduced in isolation and is not yet hooked up to the Plugin API, REST API, or app layer. It provides the foundation for a single enforcement point that will apply access restrictions consistently across all code paths once integrated.
Option IDs are automatically generated for fields in the REST API, but plugins creating fields directly don't get this behavior. This change makes option ID generation consistent by automatically generating IDs for all select/multiselect options, regardless of whether they're created via REST API or plugin code. The option IDs are generated (if necessary) in the store layer right before saving, which is the same place we generate Field IDs if they don't exist.
* Add the ability to patch channel autotranslations
* Fix lint
* Update docs
* Fix CI
* Fix CI
* Fix mmctl test
* Check whether the channel is translated for the user when checking user enabled
* Fix wrong uses of patch acrros e2e and frontend
* Fix test
* Fix wording
* Fix tests and column name
* Move group constrained test so they don't mess with the basic entities
* Fix patch sending too much information
* Add endpoint to update channel member autotranslations
* Add several improvements and remove unneeded functions
* Add user id to audit record
* Ensure autotranslation is defined
* Update texts
* Fix merge
* Add new column for channel member autotranslations (#35111)
* Minor renamings
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ben Cooke <benkcooke@gmail.com>
This commit reverts PR #30214, which addressed bug MM-60790 but caused a
performance regression tracked by MM-66782.
This revert has two implications:
1. The performance issue is solved.
2. The original bug is re-introduced.
Re-introducing the original bug seems not to be ideal, but I argue that
the original PR did not actually fix the bug:
- Before that PR, looking for a quoted string would return additional
results: the UX was slightly confusing, because when the user looked
for the word "stateful", the results would contain matches like
"states" (see MM-60790).
- After that PR, looking for a quoted string can timeout, so that the
list of results becomes empty. The UX here may be less confusing,
since the user simply doesn't find what they're looking for, and they
may assume that string is not present in any post, but it's completely
wrong: the result list is empty because the SQL query timed out and
thus the endpoint returned 0 results.
The solution to the original issue should be addressed via
Elasticsearch, which should provide a more refined and precise search
results.
For more information on the investigation on this issue and the
motivation behind the revert, see
https://mattermost.atlassian.net/wiki/x/IYAk_w
Co-authored-by: Mattermost Build <build@mattermost.com>
* Adjust registerProduct to accept generic icon
* Undo unnecessary changes
* Anotha one
* Fix linting errors in product menu tests
- Fix jsx-quotes to use single quotes instead of double quotes
- Fix react/jsx-max-props-per-line by placing props on separate lines
- Fix react/jsx-no-literals by wrapping literal strings in JSX expression containers
- Fix react/jsx-wrap-multilines by wrapping multiline JSX in parentheses
- Fix react/jsx-closing-bracket-location for proper bracket alignment
* don't use snapshots or enzyme
* Fix pipelines?
* Allow building the server on FreeBSD
* Fix merge
---------
Co-authored-by: Erwan Martin <erwan@pepper.com>
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
* Channel Info RHS: add rename-from-info and settings access
Add channel name editable area with pencil hover and wire to a lightweight Rename Channel modal; add Channel Settings item to RHS menu with permission checks; ensure navigation after rename uses relative path to avoid 404.
* linter changes
* add padding so field labels don't get cut off
* fixes for keyboard accessibility and tooltips
* don't show channel settings for DMs and GMs
* chore(i18n): run extract to reorder new keys and fix CI
Re-extracted webapp i18n to place newly added keys (editable tooltips and rename modal) in canonical order expected by translation tooling.
* use generic_btn.cancel/save for rename modal buttons
* chore(i18n): remove unused rename_channel.cancel/save keys
* updated tests to account for new elements in the info rhs
* add cypress test for new rhs info function
* fix linting issues
* fixed tests
* linter fixes
* tweak position of edit button
* style tweaks, remove subtitle from info rhs head (redundant now), update archived state
* added 'unarchive' button to archived notice, updated translations
* fixed tests that I broke in channel info header
* add url name to channel info view
* update to 'channel handle' instead of url name'
* change order of channel handle
* add copy button
* Update about_area_channel.test.tsx
* fixed test and brought back channel subtitle in header for consistency
* fixed header test
* make channel info rhs scrollable
* fix merge issue
* Fix lint
---------
Co-authored-by: yasserfaraazkhan <attitude3cena.yf@gmail.com>
This tells the TypeScript compiler (only used for type checking in the web app)
to use the `imports` and `exports` field of a package's `package.json` to find
modules. Those fields are standard in newer versions of Node.js, and hopefully
supporting them means that we'll have to do less work to configure tooling in
the future.
We could also get similar behaviour by using the `nodenext` option, but that
adds some additional requirements to include file extensions which ES Modules
technically require, but I don't think we need to enforce because other tooling
doesn't require them.
I wanted to make that change in all of the subpackages as well, but we can't do
that without having TypeScript output ES Modules which, unless we change their
build processes to generate multiple formats (like the shared package in
client package, or the types package which is more than I want to do at the
moment.
The changes to other files are either because they incorrectly imported types
from a file that isn't intentionally exposed by the plugin or it's because we
had a typo in a file path.
* Fix 500 errors on check-cws-connection in non-Cloud environments
The check-cws-connection endpoint was returning 500 errors in
self-hosted enterprise environments because:
1. The client only checked BuildEnterpriseReady before making the
request, which is true for all enterprise builds
2. The server handler didn't check for a Cloud license before
attempting to connect to CWS
3. The CWS URL is not configured in non-Cloud environments, causing
the connection check to fail
This fix:
- Server: Add IsCloud() license check to match other cloud endpoints,
returning 403 instead of 500 for non-Cloud licenses
- Client: Add Cloud license check to skip the request entirely in
non-Cloud environments
* Add unit tests for check-cws-connection license check
* Return JSON status from check-cws-connection endpoint
Change the check-cws-connection endpoint to return 200 with a JSON body
containing status (available/unavailable) instead of using HTTP error
codes. This allows the endpoint to be used for air-gap detection on
self-hosted instances, not just Cloud deployments.
* i18n
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* feat: run e2e full tests after successful smoke tests both in cypress and playwright
* fix lint check on jsdoc req in playwright test
* update smoke test filter
* update test filter for cypress tests
* update docker services, fix branch convention and rearrange secrets
* update e2e-test workflow docs
* reorganized
* fix lint
* fix playwright template
* fix results assertion
* add retest, e2e-test-verified, gh comments of failed tests, path filters, run e2e-tests check first and demote unstable tests
* run using master image for e2e-only changes, add ts/js actions for cypress and playwright calculations, add verified by label
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-67279: Fix private channel enumeration via /mute slash command
Return the same error message when a user tries to mute a channel
they are not a member of as when the channel doesn't exist. This
prevents authenticated users from discovering private channels
by observing different error responses.
* update i18n
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Improve rewrite menu guidance
Keep AI rewrite prompts visible on focus and clarify the empty-state instruction.
* Apply suggestions from code review
* Apply suggestion from @nickmisasi
* Fix rewrite menu test assertions
Update test expectations to match component string values after defaultMessage changes. Fix syntax error with unterminated string and correct placeholder text expectation.
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Include last root, and most recent 10 posts in a thread with the rewrite system prompt
* Include user's names in the thread context for better reference
* Revert package-lock to master
* Fix tests
When the Type column was added to the Drafts table, it did not add a
DEFAULT value, so we need to handle the NULL values for the pre-existing
rows.
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66789] Fix arbitrary file read vulnerability in advanced logging
Add path validation to prevent reading files outside the logging root
directory via GetAdvancedLogs (used in support packet generation).
Security controls:
- Validate file paths are within logging root before reading
- Support MM_LOG_PATH environment variable to allow system admins
to configure a custom logging root directory
- Resolve symlinks to prevent bypass attacks
- Detect and block path traversal attempts
Also adds:
- Audit logging for support packet generation
- Config-time validation that logs errors for paths outside logging
root (will become blocking in future version)
- Comprehensive test coverage for path validation
* Update server/channels/app/platform/log_test.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix linter errors
* Update server/channels/api4/system.go
Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>
* Simplify unit tests for platform/log_test.go by moving some test logic to config/logger_test.go
* Fix unit tests requiring logging root to be set
* enforce LogSettings.FileLocation path validation; simplify path checking
* fix linter errors
* use dir in logging root for all unit test logging
* MM_LOG_PATH is set once, centrally, for all tests
* fix flaky test
* fix flaky test
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>
* MM-67274: Fix panic in getBrowserVersion with empty User-Agent version
Refactor getBrowserVersion to use a table-driven approach that
centralizes bounds checking, preventing panic when User-Agent strings
contain identifiers like "Mattermost Mobile/" with no version token.
* Refactor user agent tests to use structured test cases
Move expected values into the testUserAgent struct for clarity,
making it easier to see what each test case expects at a glance.
* Add Client4 route building functions
* Make DoAPIRequestWithHeaders add the API URL
This makes it consistent with the other DoAPIXYZ functions, which all
prepend the provided URL with the client's API URL.
* Use the new route building logic in Client4
* Address review comments
- clean renamed to cleanSegment
- JoinRoutes and JoinSegments joined in Join
- newClientRoute uses Join
* Fix new routes from merge
* Remove unused import
* Simplify error handling around clientRoute (#34870)
---------
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Canonicalize IPv4-mapped IPv6 addresses (e.g., ::ffff:127.0.0.1) to
their native IPv4 form in IsReservedIP before checking against reserved
IP ranges. This prevents attackers from bypassing SSRF protections by
using IPv4-mapped IPv6 literals to access internal services.
* remove permalink embeds when user loses access to orginating channel
* remove posts & embeds on team_leave event; simplify preview index.ts
* cleanup
* remove dead code
* more dead code elimination
* MM-67269 - Fix popout windows for subpath deployments
Popout windows were failing with 404 errors when Mattermost is served
from a subpath (e.g., https://company.com/mattermost). The popout
functions were constructing URLs without including the subpath prefix.
Changes:
- Updated popoutThread() and popoutRhsPlugin() to use getBasePath()
helper function which includes window.basename
- Added unit tests to verify popout URLs include subpath when configured
- Follows established pattern used throughout codebase (getSiteURL,
cookie paths, React Router)
This ensures popout windows open at the correct URL:
/subpath/_popout/... instead of /_popout/...
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Clear mocks and set default base path in tests
---------
Co-authored-by: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add pluggable ChannelHeaderIcon
* Add orchestration for post/channel/team citations in post render
* Updates to suit new format cor citations
* Fix linter
* Fix stylelint property order errors in _markdown.scss
* Fix TypeScript type errors
- Add missing ChannelHeaderIcon to initialComponents in plugins reducer
- Fix SelectProps generic to use 'false' instead of 'boolean' for isMulti in dropdown_input_hybrid
* Update channel_header snapshots to include ChannelHeaderIcon Pluggable
* PR feedback changes
* Add snapshots
* Add export for DatePicker
* PR Feedback
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add tooltip support and error handling for action buttons
- Add tooltip field to PostAction type definition
- Display tooltips on hover for action buttons
- Add comprehensive error handling for button actions
- Show error messages when actions fail
- Clear previous errors on subsequent actions
- Add tests for error handling functionality
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add E2E tests for action button error handling and tooltips
- Test error message display when action buttons fail
- Test error clearing when successful actions are performed
- Test tooltip display on action button hover
- Use scoped selectors to avoid test interference
- Cover complete error lifecycle and tooltip functionality
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Use WithTooltip component for action button tooltips
Replace native HTML title attribute with WithTooltip component to provide
consistent tooltip styling and behavior across the application.
Changes:
- Import and wrap ActionBtn with WithTooltip component
- Remove title attribute from ActionBtn
- Update E2E test to check for .tooltipContainer instead of title attribute
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix TypeScript errors and test patterns in message attachment tests
- Fix TypeScript type errors in mock event objects by using arrow functions instead of jest.fn()
- Update async test pattern to use process.nextTick() with done callback instead of await
- Update test snapshots to reflect error handling wrapper div
- Fix whitespace formatting in E2E test file
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* updated actionError to accept react node, replace hardcoded error with FormattedMessage components
* Fix test to handle FormattedMessage in actionError state
Update test expectation to check for FormattedMessage React element
instead of plain string when no error message is provided. This aligns
with the recent change to support internationalization in error messages.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Disable tooltip interactions when no tooltip text is present
Adds disabled prop to WithTooltip component when action.tooltip is empty or undefined, preventing unnecessary tooltip event handlers from being attached to action buttons that don't have tooltips.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Add tests for action button tooltip behavior
Adds three test cases to verify tooltip functionality:
- Tooltip is disabled when action.tooltip is undefined
- Tooltip is disabled when action.tooltip is empty string
- Tooltip is enabled and displays correctly when action.tooltip has a value
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* fix e2e test
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-67290] Document that Elasticsearch backend type change requires server restart
* Update Elasticsearch settings test snapshots
Update snapshots to reflect the new help text for the backend type
setting that documents the server restart requirement.
* MM-61383 - add back offline user help for messagging
* Apply suggestions from code review
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Apply suggestions from code review
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Use non-breaking spaces for code indendation display
* Fix avatar status badge being cut off in Mentioning Help page
* show help in popout, if available
* fix styling
* missing i18n
* help page titles
* missing i18n
* additional i18n
* fix missing values
* Make help link always visible, fix accessibility
* Fix CSS property ordering in help button styles
---------
Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add TS definitions for every WebSocket event
* Remove unused WebSocket events
* Add a few extra fields to POSTED events
* Stop reusing WS event types as Redux actions
* Remove now-unused WS event types from mattermost-redux
* Rename some types to be clearer
* Use new WebSocketEvents and WebSocketMessage type everywhere
* Reorganize and export named types for WS messages
* Use new types in websocket_actions.jsx the best we can
* Rename websocket_actions.jsx to websocket_actions.tsx
* Migrate websocket_actions.tsx to TypeScript
* Break up websocket_messages.ts and group together WebSocketMessages types
* Rename websocket_actions.tsx to websocket_actions.ts
* remove newsletter signup and replace with terms/privacy agreement
* removed subscribeToSecurityNewsletter, made checkbox required
* update signup test to remove newsletter and ensure the terms checkbox is required
* update unit test and e2e test to reflect changes
* fix e2e test
* Removed susbcribe-newsletter endpoint in server
* Update signup.test.tsx
* remove unused css
* remove unused css
* fixed broken tests
* fixed linter issues
* Remove redundant IntlProvider and comments
* Remove usage of test IDs from Signup tests
* Remove usage of fireEvent
* Remove usage of mountWithIntl from Signup tests
* update e2e tests
* fix playwright test
* Fix Lint in signup.ts
---------
Co-authored-by: maria.nunez <maria.nunez@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: yasserfaraazkhan <attitude3cena.yf@gmail.com>
* chore: playwright upgrade
* add luxon and chalk as dependency, and relax peer dependency to @playwright/test with >=1.55.0
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* move measureAndReport out of setTimeOut and reduce minimum time
* fix z-index issue where system console header shows on top
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Remove some unused props
* Removed unused state and actions involving profilesWithoutTeam
* Remove unused page prop from DataGrid
* Remove some unused props from system console components
* Remove some unused props related to self serve and trials
* Remove unused props from post related components
* Remove unused props from user settings components
* Remove some more unused props
* Remove legacy quoteColumnName() utility
Since Mattermost only supports PostgreSQL, the quoteColumnName() helper
that was designed to handle database-specific column quoting is no longer
needed. The function was a no-op that simply returned the column name
unchanged.
Remove the function from utils.go and update status_store.go to use
the "Manual" column name directly.
* Remove legacy driver checks from store.go
Since Mattermost only supports PostgreSQL, remove conditional checks
for different database drivers:
- Simplify specialSearchChars() to always return PostgreSQL-compatible chars
- Remove driver check from computeBinaryParam()
- Remove driver check from computeDefaultTextSearchConfig()
- Simplify GetDbVersion() to use PostgreSQL syntax directly
- Remove switch statement from ensureMinimumDBVersion()
- Remove unused driver parameter from versionString()
* Remove MySQL alternatives for batch delete operations
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
DELETE...LIMIT syntax and keep only the PostgreSQL array-based approach:
- reaction_store.go: Use PostgreSQL array syntax for PermanentDeleteBatch
- file_info_store.go: Use PostgreSQL array syntax for PermanentDeleteBatch
- preference_store.go: Use PostgreSQL tuple IN subquery for DeleteInvalidVisibleDmsGms
* Remove MySQL alternatives for UPDATE...FROM syntax
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
UPDATE syntax that joins tables differently:
- thread_store.go: Use PostgreSQL UPDATE...FROM syntax in
MarkAllAsReadByChannels and MarkAllAsReadByTeam
- post_store.go: Use PostgreSQL UPDATE...FROM syntax in deleteThreadFiles
* Remove MySQL alternatives for JSON and subquery operations
Since Mattermost only supports PostgreSQL, remove the MySQL-specific
JSON and subquery syntax:
- thread_store.go: Use PostgreSQL JSONB operators for updating participants
- access_control_policy_store.go: Use PostgreSQL JSONB @> operator for
querying JSON imports
- session_store.go: Use PostgreSQL subquery syntax for Cleanup
- job_store.go: Use PostgreSQL subquery syntax for Cleanup
* Remove MySQL alternatives for CTE queries
Since Mattermost only supports PostgreSQL, simplify code that
uses CTEs (Common Table Expressions):
- channel_store.go: Remove MySQL CASE-based fallback in
UpdateLastViewedAt and use PostgreSQL CTE exclusively
- draft_store.go: Remove driver checks in DeleteEmptyDraftsByCreateAtAndUserId,
DeleteOrphanDraftsByCreateAtAndUserId, and determineMaxDraftSize
* Remove driver checks in migrate.go and schema_dump.go
Simplify migration code to use PostgreSQL driver directly since
PostgreSQL is the only supported database.
* Remove driver checks in sqlx_wrapper.go
Always apply lowercase named parameter transformation since PostgreSQL
is the only supported database.
* Remove driver checks in user_store.go
Simplify user store functions to use PostgreSQL-only code paths:
- Remove isPostgreSQL parameter from helper functions
- Use LEFT JOIN pattern instead of subqueries for bot filtering
- Always use case-insensitive LIKE with lower() for search
- Remove MySQL-specific role filtering alternatives
* Remove driver checks in post_store.go
Simplify post_store.go to use PostgreSQL-only code paths:
- Inline getParentsPostsPostgreSQL into getParentsPosts
- Use PostgreSQL TO_CHAR/TO_TIMESTAMP for date formatting in analytics
- Use PostgreSQL array syntax for batch deletes
- Simplify determineMaxPostSize to always use information_schema
- Use PostgreSQL jsonb subtraction for thread participants
- Always execute RefreshPostStats (PostgreSQL materialized views)
- Use materialized views for AnalyticsPostCountsByDay
- Simplify AnalyticsPostCountByTeam to always use countByTeam
* Remove driver checks in channel_store.go
Simplify channel_store.go to use PostgreSQL-only code paths:
- Always use sq.Dollar.ReplacePlaceholders for UNION queries
- Use PostgreSQL LEFT JOIN for retention policy exclusion
- Use PostgreSQL jsonb @> operator for access control policy imports
- Simplify buildLIKEClause to always use LOWER() for case-insensitive search
- Simplify buildFulltextClauseX to always use PostgreSQL to_tsvector/to_tsquery
- Simplify searchGroupChannelsQuery to use ARRAY_TO_STRING/ARRAY_AGG
* Remove driver checks in file_info_store.go
Simplify file_info_store.go to use PostgreSQL-only code paths:
- Always use PostgreSQL to_tsvector/to_tsquery for file search
- Use file_stats materialized view for CountAll()
- Use file_stats materialized view for GetStorageUsage() when not including deleted
- Always execute RefreshFileStats() for materialized view refresh
* Remove driver checks in attributes_store.go
Simplify attributes_store.go to use PostgreSQL-only code paths:
- Always execute RefreshAttributes() for materialized view refresh
- Remove isPostgreSQL parameter from generateSearchQueryForExpression
- Always use PostgreSQL LOWER() LIKE LOWER() syntax for case-insensitive search
* Remove driver checks in retention_policy_store.go
Simplify retention_policy_store.go to use PostgreSQL-only code paths:
- Remove isPostgres parameter from scanRetentionIdsForDeletion
- Always use pq.Array for scanning retention IDs
- Always use pq.Array for inserting retention IDs
- Remove unused json import
* Remove driver checks in property stores
Simplify property_field_store.go and property_value_store.go to use
PostgreSQL-only code paths:
- Always use PostgreSQL type casts (::text, ::jsonb, ::bigint, etc.)
- Remove isPostgres variable and conditionals
* Remove driver checks in channel_member_history_store.go
Simplify PermanentDeleteBatch to use PostgreSQL-only code path:
- Always use ctid-based subquery for DELETE with LIMIT
* Remove remaining driver checks in user_store.go
Simplify user_store.go to use PostgreSQL-only code paths:
- Use LEFT JOIN for bot exclusion in AnalyticsActiveCountForPeriod
- Use LEFT JOIN for bot exclusion in IsEmpty
* Simplify fulltext search by consolidating buildFulltextClause functions
Remove convertMySQLFullTextColumnsToPostgres and consolidate
buildFulltextClause and buildFulltextClauseX into a single function
that takes variadic column arguments and returns sq.Sqlizer.
* Simplify SQL stores leveraging PostgreSQL-only support
- Simplify UpdateMembersRole in channel_store.go and team_store.go
to use UPDATE...RETURNING instead of SELECT + UPDATE
- Simplify GetPostReminders in post_store.go to use DELETE...RETURNING
- Simplify DeleteOrphanedRows queries by removing MySQL workarounds
for subquery locking issues
- Simplify UpdateUserLastSyncAt to use UPDATE...FROM...RETURNING
instead of fetching user first then updating
- Remove MySQL index hint workarounds in ORDER BY clauses
- Update outdated comments referencing MySQL
- Consolidate buildFulltextClause and remove convertMySQLFullTextColumnsToPostgres
* Remove MySQL-specific test artifacts
- Delete unused MySQLStopWords variable and stop_word.go file
- Remove redundant testSearchEmailAddressesWithQuotes test
(already covered by testSearchEmailAddresses)
- Update comment that referenced MySQL query planning
* Remove MySQL references from server code outside sqlstore
- Update config example and DSN parsing docs to reflect PostgreSQL-only support
- Remove mysql:// scheme check from IsDatabaseDSN
- Simplify SanitizeDataSource to only handle PostgreSQL
- Remove outdated MySQL comments from model and plugin code
* Remove MySQL references from test files
- Update test DSNs to use PostgreSQL format
- Remove dead mysql-replica flag and replicaFlag variable
- Simplify tests that had MySQL/PostgreSQL branches
* Update docs and test config to use PostgreSQL
- Update mmctl config set example to use postgres driver
- Update test-config.json to use PostgreSQL DSN format
* Remove MySQL migration scripts, test data, and docker image
Delete MySQL-related files that are no longer needed:
- ESR upgrade scripts (esr.*.mysql.*.sql)
- MySQL schema dumps (mattermost-mysql-*.sql)
- MySQL replication test scripts (replica-*.sh, mysql-migration-test.sh)
- MySQL test warmup data (mysql_migration_warmup.sql)
- MySQL docker image reference from mirror-docker-images.json
* Remove MySQL references from webapp
- Simplify minimumHashtagLength description to remove MySQL-specific configuration note
- Remove unused HIDE_MYSQL_STATS_NOTIFICATION preference constant
- Update en.json i18n source file
* clean up e2e-tests
* rm server/tests/template.load
* Use teamMemberSliceColumns() in UpdateMembersRole RETURNING clause
Refactor to use the existing helper function instead of hardcoding
the column names, ensuring consistency if the columns are updated.
* u.id -> u.Id
* address code review feedback
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Remove unused Channel.Etag
Computing the etag for a channel is complex due to user-specific data,
so we remove the unused Etag function to avoid confusion until a
performance need for it arises.
* Remove etag from Client4.GetChannel and tests
* make mocks
* Fix missing GetChannel calls
* Add support for autocomplete of plugin-created bots
* stashing
* Add support for including agents in the autocomplete list for @ mentions
* Change server response to be users rather than interface
* fix
* Add audit logging for recap API endpoints
- Add audit event constants for all recap operations
- Implement Auditable interface for Recap model
- Add comprehensive audit logging to all 6 recap endpoints
- Log channel_ids to track implicit channel content access
- Use LevelContent for content-related operations, LevelAPI for listing
* Address PR feedback: standardize audit method order and extract helper function
- Standardized order of audit record method calls across all handlers:
set object type first, then prior state (if applicable), then result state
- Extracted duplicated channel ID extraction logic into addRecapChannelIDsToAuditRec helper function
* MM-66092 - enhance permissions validations
* Remove unnecessary empty role updates from tests
* Strengthen scheme role validation in member role updates including imports
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* migrate tests to rtl
* keep snapshots but the rtl way and maintain the same test cases
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* migrate tests to RTL on batches E1 and E2
* maintain snapshot and match orig test cases
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add CLAUDE.md documentation files for webapp directories
- Add root webapp CLAUDE.md with overview and build commands
- Add channels CLAUDE.md with architecture and testing info
- Add documentation for actions, components, selectors, utils
- Add documentation for sass, tests, and mattermost-redux
- Add platform documentation for client and types
- Update .gitignore
* Add CLAUDE docs and allow tracking
* Clarify CLAUDE instructions for i18n workflow
* Refactor webapp/CLAUDE.md into a nested hierarchy
Decomposed the monolithic webapp/CLAUDE.md into focused, context-aware
files distributed across the directory structure:
- webapp/CLAUDE.md (Root overview)
- webapp/channels/CLAUDE.md (Channels workspace)
- webapp/channels/src/components/CLAUDE.md
- webapp/channels/src/actions/CLAUDE.md
- webapp/channels/src/selectors/CLAUDE.md
- webapp/channels/src/packages/mattermost-redux/CLAUDE.md
- webapp/platform/CLAUDE.md (Platform workspace)
- webapp/platform/client/CLAUDE.md
* Move files to optional, then add script to move them to proper claud.md
* MM-66561 Add distinct archive icon for private channels
Archived private channels now display an archive-lock icon instead of the standard archive icon to better indicate their original privacy level. Implemented utility functions to centralize icon selection logic across all channel list views, sidebars, headers, and suggestion providers.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* MM-66561 Fix linting and TypeScript errors
Fix ESLint and TypeScript issues introduced in the archive icon implementation:
- Remove extra blank lines to comply with no-multiple-empty-lines rule
- Remove unused container variables in test files
- Fix import order to comply with import/order rule
- Remove unused React import
- Fix TypeScript type errors by using General.OPEN_CHANNEL/PRIVATE_CHANNEL from mattermost-redux/constants which preserves literal types
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* MM-66561 Fix test failures for archive icon changes
Update test snapshots and fix test data issues related to the new distinct archive icons for public and private channels.
- Update snapshots for channel list components to include new channelType prop and data-testid attributes
- Fix channel_mention_provider test by preserving actual module exports in mock
- Add missing purpose field to searchable_channel_list test data
- Fix async state handling in new_channel_modal test using waitFor instead of act
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* MM-66561 Fix remaining Cypress E2E test failures for archive icons
Fix three failing Cypress tests related to archive icon changes:
1. join_archived_channel_spec.ts (MM-T1682, MM-T1683)
- Add data-testid to archive icon in channel header
- Update test to use findByTestId instead of CSS class selector
- Compass icon components render as SVG, not <i> with classes
2. archived_channels_spec.js (system console tests)
- Add "000-" prefix to private channel name/display name
- Ensures proper alphabetical sorting on first page of results
3. long_draft_spec.js (MM-T211)
- Fix Cypress alias timing issues in nested then() callbacks
- Use local variable to track height changes during iteration
- Replace cy.get('@alias').should() with direct expect() assertions
All tests now pass with the distinct archive icons for private channels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* fix lint issue
* MM-66561 Refine archive icon styling and search results display
- Restore CSS classes on channel header icon for proper color and size
- Fix icon alignment by removing top offset in channel header context
- Replace "Archived" text with icon-only tooltip in search results
- Add context-specific styling to prevent conflicts between header and search
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* tweaks to css and move withtooltip to wrap the span
* lint fix
* lint fix
* Fix archived channel icons visual test API usage
Update test to use correct Playwright API patterns:
- Use adminClient.createChannel with pw.random.channel for channel creation
- Use adminClient.deleteChannel instead of pw.apiClient.deleteChannel
- Use pw.testBrowser.login(adminUser) instead of loginAsAdmin
- Remove channelsPage.toBeVisible check for archived channels since they lack post-create element
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Apply prettier formatting to archived channel icons test
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
* Fix timing issue in MM-T633 Elasticsearch webhook attachment search test
The test was intermittently failing because it searched immediately after posting the webhook, before Elasticsearch had time to index the new post. Added explicit wait for post to appear and increased indexing wait time to 3 seconds to ensure the attachment text is indexed before performing the search.
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
* Add documentation for plugin RPC architecture
Document the bidirectional RPC communication between Mattermost server
and plugin processes. Added an architectural overview with ASCII diagram
and godoc comments for hooksRPCClient, hooksRPCServer, apiRPCClient,
and apiRPCServer explaining their roles in the plugin system.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* update
---------
Co-authored-by: Claude <noreply@anthropic.com>
* chore: upgrade to node 24 and dependencies mainly with babel, webpack and jest
* fix components tests, make trial modal passed on all node 20-24
* fix cache for platform packages
* updated test
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* remove illustrations no longer used
* fix paths without fills
* fixes to illustrations
* svg fixes
* update preparing workspace illustrations and fix some styles
* remove unused
* updated ip filtering
* updated search hint image, remove old one
* update threads search hint
* remove unused wrench illustration
* update initial loading screen
* fix to invite illustration
* removed comments to disable the redirect
* change to use media queries for dark mode
* fixed issue with shortcut not being visible on light themes in search hint
* remove unneeded js for darkmode since we use css
* fix linter issue
* remove unused css
* updated snapshot
* update access problem illustration
* remove access denied svg and replace with access problem (since it's the same)
* remove access denied happy and replace with access problem svg
* Update access_problem_svg.tsx
* rename man_with_mailbox to email_inbox
* fixed colors of access_problem
* rename illustrations to have consistent _svg suffix
* do not return channels from teams a user is not a member of
* add explicit tests (clearer than adding it above)
* linting
* explicitly test incudeDeleted true and false--it was implicit before
* initial commit for POC of Plugin Bridge
* Updates
* POC for plugin bridge
* Updates from collaboration
* Fixes
* Refactor Plugin Bridge to use HTTP/REST instead of RPC
- Remove ExecuteBridgeCall hook and Context.SourcePluginId
- Implement HTTP-based bridge using existing PluginHTTP infrastructure
- Add CallPlugin API method with endpoint parameter instead of method name
- Update CallPluginBridge to construct HTTP POST requests
- Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID
- Use 'com.mattermost.server' as plugin ID for core server calls
- Update ai.go to use REST endpoint /inter-plugin/v1/completion
- Add comprehensive spec documentation in server/spec.md
- Add MIGRATION_GUIDE.md for plugin developers
- Fix 401/404 issues by setting correct headers and URL paths
* Improve Plugin Bridge security and architecture
- Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin)
- Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest
- Improve separation of concerns: business logic vs HTTP transport
- Add security documentation explaining header protection
Security Improvements:
- ServeInternalPluginRequest is NOT exposed as HTTP route (internal only)
- Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code
- External requests cannot spoof these headers (stripped by servePluginRequest)
- Core calls use 'com.mattermost.server' as plugin ID for authorization
- Plugin-to-plugin calls use real plugin ID (enforced by server)
Backward Compatibility:
- Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated)
- All tests pass
Docs:
- Update spec.md with security model explanation
- Update MIGRATION_GUIDE.md with correct header usage examples
* Space
* cursor please stop creating markdown files
* Fix style
* Fix i18n, linter
* REMOVE MARKDOWN
* Remove CallPlugin method from plugin API interface
Per review feedback, this method is no longer needed.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Remove CallPlugin method implementation from PluginAPI
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fixes
* Add AI OpenAPI spec
* fix openapi spec
* Use agents client (#34225)
* Use agents client
* Remove default agent
* Fixes
* fix: modify system prompts to ensure JSON is being returned
* Base implementation for recaps working
* small fixes
* Adjustments
* remove webapp changes
* Add feature flags for rewrites and ai bridge, clean up
* Remove comments that aren't helpful
* Fix i18n
* Remove rewrites
* Fix tests
* Fix i18n
* adjust i18n again
* Add back translations
* Remove leftover mock code
* remove model file
* Changes from PR review
* Make the real substitutions
* Include a basic invokation of the client with noop to ensure build works
* more fix
* Remove unneeded change
* Updates from review
* Fixes
* Remove some logic from rewrites to clean up branch
* Use v1.5.0 of agents plugin
* A bunch more additions for general UX flow
* Add missing files
* Add mocks
* Fixes for vet-api, i18n, build, types, etc
* One more linter fix
* Fix i18n and some tests
* Refactors and cleanup in backend code
* remove rogue markdown file
* fixes after refactors from backend
* Add back renamed files, and add tests
* More self code review
* More fixes
* More refactors
* Fix call stack exceeded bug
* Include read messages if there are no unreads
* Fix test failure: use correct error message key for recap permission denied
The getRecapAndCheckOwnership function was using strings.ToLower(callerName)
to generate error keys, which caused 'GetRecap' to become 'getrecap' instead
of the expected 'get'. Changed to use the correct static key that matches
the en.json localization file.
Fixes TestGetRecap/get_recap_by_non-owner test failure.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Consolidate permission errors down to a single string
* Fixes for i18n, worktrees making this difficult
* Fix i18n
* Fix i18n once and for all (for real) (final)
* Fix duplicate getAgents method in client4.ts
* Remove duplicate ai state from initial_state.ts
* Fix types
* Fix tests
* Fix return type of GetAgents and GetServices
* Add tests for recaps components
* Fix types
* Update i18n
* Fixes
* Fixes
* More cleanup
* Revert random file
* Use undefined
* fix linter
* Address feedback
* Missed a git add
* Fixes
* Fix i18n
* Remove fallback
* Fixes for PR
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Felipe Martin <me@fmartingr.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Simplifies test code by using ElementsMatch which handles order-independent
slice comparison. Removes custom sort implementations and manual sorting
that was only needed for equality checks.
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66840] Add CPU cores and total memory to support packet
Add system resource information to support packet diagnostics to help
with troubleshooting and capacity analysis.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Clarify that memory is in MB
* Add comment clarifying CPU/memory are host values
Clarifies that the CPU cores and total memory values in the support
packet represent the host machine's resources, not any container limits
that may be configured in Docker or Kubernetes environments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat(webapp): migrate i18n extraction from mmjstool to @formatjs/cli
Replace custom mmjstool with industry-standard @formatjs/cli for i18n
message extraction. Adds support for localizeMessage as a recognized
extraction function and enables comprehensive ESLint rules for i18n.
Changes by area:
Dependencies (package.json):
- Add @formatjs/cli v6.7.4
- Remove @mattermost/mmjstool dependency
- Replace i18n-extract script with formatjs command
- Remove mmjstool-specific scripts (clean-empty, check-empty-src)
- Add i18n-extract:check for diff validation
Code (utils.tsx):
- Refactor localizeMessage to accept MessageDescriptor format
- Support {id, defaultMessage, description} parameters
- Maintain Redux store access (non-React context compatible)
- Add comprehensive JSDoc documentation
Linting (.eslintrc.json):
- Configure formatjs settings with additionalFunctionNames
- Enable 9 formatjs ESLint rules including enforce-id (error)
- Ensure all messages require explicit manual IDs
CI/CD (webapp-ci.yml):
- Simplify i18n check to formatjs extraction + diff
- Remove mmjstool and mobile-dir references
Context: Second attempt at PR #25830. Uses manual IDs only with
[id] placeholder pattern to enforce explicit ID requirements.
ESLint will catch missing IDs during development.
* chore(webapp): add temporary i18n reconciliation tooling
Add helper script to analyze conflicts between en.json and
defaultMessage values in code. This tooling will be reverted
after initial migration cleanup is complete.
Tooling added:
- scripts/i18n-reconcile-conflicts.js: Analyzes conflicts
- Detects spelling corrections
- Identifies placeholder mismatches
- Flags significant content changes
- Provides recommendations on which version to keep
- npm script: i18n-reconcile
Usage:
npm run i18n-reconcile
This will be reverted after reconciling the ~50 duplicate message
warnings and determining correct versions for conflicting messages.
* chore(webapp): upgrade eslint-plugin-formatjs and centralize formatjs deps
Move @formatjs/cli to root webapp package.json alongside other formatjs
dependencies for better monorepo organization. Upgrade eslint-plugin-formatjs
from 4.12.2 to 5.4.2 for latest features and bug fixes.
Changes:
- Upgrade eslint-plugin-formatjs: 4.12.2 → 5.4.2
- Move @formatjs/cli to webapp/package.json (from channels)
- Centralize formatjs tooling at monorepo root level
This provides:
- Better dependency management in monorepo
- Latest formatjs ESLint rules and features
- Consistent tooling across workspaces
* feat(webapp): make localizeMessage fully compatible with formatMessage API
Extend localizeMessage to accept a values parameter for placeholder
interpolation, making it fully compatible with react-intl's formatMessage API.
Remove the now-redundant localizeAndFormatMessage function.
Changes to localizeMessage:
- Add values parameter for {placeholder} interpolation
- Use getIntl() for proper ICU message formatting
- Support full formatMessage feature parity outside React contexts
- Update JSDoc with interpolation examples
- Mark as deprecated (prefer useIntl in React components)
Code cleanup:
- Remove localizeAndFormatMessage function (redundant)
- Migrate all localizeAndFormatMessage usages to localizeMessage
- Remove unused imports: getCurrentLocale, getTranslations
- Add getIntl import
Files migrated:
- notification_actions.tsx: notification.crt message
- app_command_parser_dependencies.ts: intlShim formatMessage
This consolidates i18n logic and provides a single, feature-complete
localization function for non-React contexts.
Example usage:
// Before (old function)
localizeAndFormatMessage(
{id: 'welcome', defaultMessage: 'Hello {name}'},
{name: 'John'}
)
// After (consolidated)
localizeMessage(
{id: 'welcome', defaultMessage: 'Hello {name}'},
{name: 'John'}
)
* refactor(i18n): remove intlShim abstraction, use IntlShape directly
Remove intlShim wrapper and use react-intl's IntlShape type throughout.
Key Changes:
- Remove intlShim constant from app_command_parser_dependencies.ts
- Update errorMessage() signature to accept IntlShape parameter
- Use IntlShape for intl properties in AppCommandParser and ParsedCommand
- Call getIntl() at function start in actions (command.ts, marketplace.ts)
- Pass IntlShape to AppCommandParser and doAppSubmit consistently
Files Modified:
- app_command_parser_dependencies.ts: Remove intlShim, update errorMessage
- app_command_parser.ts: Use IntlShape type
- command.ts, marketplace.ts: Call getIntl() early, pass to parser
- app_provider.tsx, command_provider.tsx: Use getIntl() in constructor
- apps.ts: Update doAppSubmit signature
Benefits: Better type safety, standard react-intl patterns, eliminates
unnecessary abstraction.
Context: Part of migration to @formatjs/cli tooling.
* refactor(webapp): remove deprecated t() function and refactor login validation
Remove the deprecated t() function that was used as a marker for the old
mmjstool extraction. With @formatjs/cli, this is no longer needed as
extraction happens directly from formatMessage calls.
Changes:
- Remove t() function definition from utils/i18n.tsx
- Remove t() import and marker calls from login.tsx
- Refactor login validation logic from multiple if statements to a clean
switch(true) pattern that evaluates boolean combinations directly
- Add helpful comments documenting the structure of login method combinations
- Add default case as safety fallback
The switch(true) pattern eliminates the need to build a key string and makes
the login method combination logic clearer and more maintainable.
Prompt: Remove deprecated t() translation marker function used by old mmjstool.
Refactor login validation from if blocks to switch(true) with boolean cases.
* refactor(i18n): share IntlProvider's intl instance with getIntl()
Make getIntl() return the same IntlShape instance that IntlProvider creates,
ensuring consistency between React components (using useIntl()) and non-React
contexts (using getIntl()).
Changes:
- Add intlInstance storage in utils/i18n.tsx
- Export setIntl() function to store the intl instance
- Modify getIntl() to return stored instance if available, with fallback to
createIntl() for tests and early initialization
- Add IntlCapture component in IntlProvider that uses useIntl() hook to
capture and store the intl instance via setIntl()
Benefits:
- Single source of truth: Both React and non-React code use the same IntlShape
- Consistent translations: No duplicate translation loading or potential desync
- Leverages IntlProvider's translation loading lifecycle automatically
- Maintains fallback for edge cases where IntlProvider hasn't mounted yet
Prompt: Refactor getIntl() to reuse IntlProvider's intl instance instead of
creating a separate instance, ensuring both React and non-React contexts use
the same translations and intl configuration.
* 1
* exclude test files
* reset en.json
* refactor(i18n): inline message ID constants for formatjs extraction
Replace dynamic ID references with literal strings to enable proper formatjs
extraction. Formatjs can only extract from static message IDs, not from
variables or computed IDs.
Changes:
- configuration_bar.tsx: Inline AnnouncementBarMessages constants to literal
string IDs ('announcement_bar.error.past_grace', 'announcement_bar.error.preview_mode')
- system_analytics.test.tsx: Replace variable IDs (totalPlaybooksID,
totalPlaybookRunsID) with literal strings ('total_playbooks', 'total_playbook_runs')
- password.tsx: Use full message descriptor from passwordErrors object instead
of dynamic ID with hardcoded defaultMessage. The errorId is still built
dynamically using template strings, but the actual message is looked up from
the passwordErrors defineMessages block where formatjs can extract it.
This eliminates all "[id]" placeholder entries from extraction output and
ensures all messages have proper extractable definitions.
Prompt: Fix dynamic message ID references that formatjs extraction can't parse.
Inline constants and use message descriptor lookups to enable clean extraction
without [id] placeholders.
* fix(i18n): add missing defaultMessage to drafts.tooltipText
The drafts.tooltipText FormattedMessage had an empty defaultMessage, causing
formatjs extraction to output an empty string for this message.
Added the proper defaultMessage with plural formatting for draft and scheduled
post counts.
Prompt: Fix empty defaultMessage in drafts tooltip causing extraction issues.
* feat(i18n): add --preserve-whitespace flag to formatjs extraction
Add the --preserve-whitespace flag to ensure formatjs extraction maintains
exact whitespace from defaultMessage values. This is important for messages
with intentional formatting like tabs, multiple spaces, or line breaks.
Prompt: Add --preserve-whitespace to i18n extraction to maintain exact formatting.
* feat(i18n): add custom formatjs formatter matching mmjstool ordering
Create custom formatter that replicates mmjstool's sorting behavior:
- Case-insensitive alphabetical sorting
- Underscore (_) sorts before dot (.) to match existing en.json ordering
- Simple key-value format (extracts defaultMessage)
The underscore-before-dot collation matches mmjstool's actual behavior and
reduces diff size by 50% compared to standard alphabetical sorting.
Changes:
- scripts/formatter.js: Custom compareMessages, format, and compile functions
- package.json: Use --format scripts/formatter.js instead of --format simple
Prompt: Create custom formatjs formatter matching mmjstool's exact sorting
behavior including underscore-before-dot collation to minimize migration diff.
* feat(i18n): enhance reconciliation script with git history metadata
Add git log lookups to show when each message was last modified in both
en.json and code files. This enables data-driven decisions about which
version to keep when resolving conflicts.
Enhancements:
- getEnJsonLastModified(): Find when an en.json entry last changed
- findCodeFile(): Locate source file for a message ID (handles id= and id:)
- getCodeLastModified(): Get last modification date for source files
- Caching for performance (minimizes git operations)
Output includes:
📅 en.json: [date] | [hash] | [commit message]
📅 code: [date] | [hash] | [commit message]
📂 file: [source file path]
Analysis shows en.json entries from 2023 while code actively updated
2024-2025, indicating code is more authoritative.
Prompt: Add git history to reconciliation report showing modification dates
for data-driven conflict resolution decisions.
* feat(i18n): add optional duplicate message ID check script
Add i18n-extract:check-duplicates script that fails if the same message ID
has different defaultMessages in multiple locations. This is kept as an
optional standalone script rather than auto-chained with i18n-extract to
allow the migration to proceed while duplicates are addressed separately.
Usage:
npm run i18n-extract:check-duplicates
The script runs formatjs extract to /dev/null and checks stderr for
"Duplicate message id" warnings, failing if any are found.
Prompt: Add optional duplicate ID check as standalone npm script for gradual
migration without blocking on existing duplicate message IDs.
* about.enterpriseEditionLearn
* admin.accesscontrol.title
* eslint-plugin-formatjs version to eslint 8 compat
* admin.channel_settings.channel_detail.access_control_policy_title
* admin.connectionSecurityTls
- now: admin.connectionSecurityTls.title
* admin.customProfileAttribDesc
now:
- admin.customProfileAttribDesc.ldap
- admin.customProfileAttribDesc.saml
* admin.gitlab.clientSecretExample
* package-lock
* admin.google.EnableMarkdownDesc
- fix err `]` in admin.google.EnableMarkdownDesc.openid
- now:
- admin.google.EnableMarkdownDesc.oauth
- admin.google.EnableMarkdownDesc.openid
* admin.image.amazonS3BucketExample
- now:
- admin.image.amazonS3BucketExample
- admin.image.amazonS3BucketExampleExport
* admin.license.trialCard.contactSales
* admin.log.AdvancedLoggingJSONDescription
- now:
- admin.log.AdvancedLoggingJSONDescription
- admin.log.AdvancedAuditLoggingJSONDescription
* admin.rate.noteDescription
- now
- admin.rate.noteDescription
- admin.info_banner.restart_required.desc (3)
* admin.system_properties.user_properties.title
- now:
- admin.system_properties.user_properties.title
- admin.accesscontrol.user_properties.link.label
* admin.system_users.filters.team.allTeams, admin.system_users.filters.team.noTeams
* admin.user_item.email_title
* announcement_bar.error.preview_mode
* channel_settings.error_purpose_length
* deactivate_member_modal.desc
- now:
- deactivate_member_modal.desc
- deactivate_member_modal.desc_with_confirmation
* deleteChannelModal.canViewArchivedChannelsWarning
* edit_channel_header_modal.error
* filtered_channels_list.search
- now:
- filtered_channels_list.search
- filtered_channels_list.search.label
* flag_post.flag
* generic_icons.collapse
* installed_outgoing_oauth_connections.header
* intro_messages.group_message
* intro_messages.notificationPreferences
- now:
- intro_messages.notificationPreferences
- intro_messages.notificationPreferences.label
* katex.error
* multiselect.placeholder
- now:
- multiselect.placeholder
- multiselect.placeholder.addMembers
* post_info.pin, post_info.unpin, rhs_root.mobile.flag
take en.json
* texteditor.rewrite.rewriting
* user_groups_modal.addPeople
split to user_groups_modal.addPeople.field_title
* user.settings.general.validImage
take en.json
* userSettings.adminMode.modal_header
take en.json
* webapp.mattermost.feature.start_call
split to user_profile.call.start
* admin.general.localization.enableExperimentalLocalesDescription
take en.json
* login.contact_admin.title, login.contact_admin.detail
take en.json
* fix: correct spelling of "complementary" in accessibility sections
* Revert "about.enterpriseEditionLearn"
This reverts commit 23ababe1ce.
* about.enterpriseEditionLearn, about.planNameLearn
* fix: improve clarity and consistency in activity log and command descriptions
* fix: update emoji upload limits and improve help text for emoji creation
* fix easy round 1
* fix: improve messaging for free trial notifications and sales contact
take en.json
* admin.billing.subscription.planDetails.features.limitedFileStorage
take en.json
* admin.billing.subscription.updatePaymentInfo
take en.json
* fix easy round 2
* admin.complianceExport.exportFormat.globalrelay
take en.json
* fix round 3
* fix round 4
* fix round 5
* fix round 6
* fix closing tag, newlines, and popout title
* fix linting, +
* update snapshots
* test(webapp): update tests to match formatjs migration message changes
Update test assertions to reflect message text changes from the
mmjstool → @formatjs/cli migration. All changes align with the
corresponding i18n message updates in the codebase.
Changes:
- limits.test.tsx: Update capitalization (Message History → Message history,
File Storage → File storage)
- emoji_picker.test.tsx: Update label (Recent → Recently Used)
- command.test.js: Add period to error message
- channel_activity_warning_modal.test.tsx: Update warning text assertion
- channel_settings_archive_tab.test.tsx: Update archive warning text
- feature_discovery.test.tsx: Update agreement name (Software and Services
License Agreement → Software Evaluation Agreement)
- flag_post_modal.test.tsx: Update placeholder text (Select a reason for
flagging → Select a reason)
- channel_intro_message.test.tsx: Remove trailing space from assertion
- elasticsearch_settings.tsx: Fix searchableStrings placeholder names
(documentationLink → link) to match updated message format
All 983 test suites passing (12 tests fixed, 9088 tests total).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore(i18n): improve cross-platform compatibility and cleanup temporary tooling
Simplify i18n check scripts to reuse npm run i18n-extract, improving
cross-platform compatibility and reducing duplication.
Changes:
- Refactor i18n-extract:check to reuse base extraction command
- Uses project-local temp file instead of /tmp (Windows compatible)
- Simplified from duplicated formatjs command to npm run reuse
- Add --throws flag to fail fast on extraction errors
- Add helpful error message: "To update: npm run i18n-extract"
- Add i18n-extract:check to main check script
- Now runs alongside ESLint and Stylelint checks
- Ensures en.json stays in sync with code changes
- Remove i18n-extract:check-duplicates script
- Redundant - duplicates are caught by i18n-extract automatically
- Avoided grep dependency (not cross-platform)
- Remove temporary reconciliation tooling
- Deleted scripts/i18n-reconcile-conflicts.js (served its purpose)
- Removed i18n-reconcile npm script
- Add .i18n-check.tmp.json to .gitignore
i18n-extract:check now works on Windows, macOS, and Linux.
Requires only diff command (available via Git on Windows).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* ci(webapp): simplify i18n check using npm script
Replace custom i18n check in CI with npm run i18n-extract:check for
consistency with local development workflow.
Changes:
- Update check-i18n job to use npm run i18n-extract:check
- Remove manual cp/extract/diff steps (3 lines → 1 line)
- Consistent behavior between CI and local development
- Cross-platform compatible (no /tmp dependency)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(i18n): add i18n extraction targets to Makefile and workspace scripts
Add Make targets and npm workspace scripts for i18n message extraction
to provide consistent tooling access across the project.
Changes:
- Add make i18n-extract target to webapp/Makefile
- Extracts i18n messages from code to en.json
- Add make i18n-extract-check target to webapp/Makefile
- Checks if en.json is in sync with code
- Add i18n-extract workspace script to webapp/package.json
- Runs extraction across all workspaces
- Add i18n-extract:check workspace script to webapp/package.json
- Runs sync check across all workspaces
Usage:
make i18n-extract # Extract messages
make i18n-extract-check # Check if en.json needs update
npm run i18n-extract # From webapp root
npm run i18n-extract:check
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(i18n): add cross-platform cleanup utility for temp files
Add Node.js cleanup script to handle temporary file removal in a
cross-platform manner, replacing platform-specific rm commands.
Changes:
- Add webapp/scripts/cleanup.js
- Cross-platform file deletion utility
- Silently handles missing files
- Works on Windows/Mac/Linux
- Update i18n-extract:check to use cleanup script
- Removes .i18n-check.tmp.json after diff
- Cleans up on both success and failure paths
Usage:
node scripts/cleanup.js <file1> [file2] [...]
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore(i18n): remove 'defineMessage' from additionalFunctionNames in ESLint config
* chore(i18n): update i18n-extract check script and remove unused cleanup utility
context: WSL is already required on windows
* chore(i18n): remove ESLint rule disabling for formatjs placeholders in admin definition
* chore(i18n): admin_definition
- re-add defineMessage to eslint additionalfunctionnames
- mark additional individual placeholder lines in admin_definition
* fix(i18n): correct typo in enterprise edition link message
* chore(i18n): fix escape sequences
* revert emoji.ts changes
* fix snapshots
* fix admin.google.EnableMarkdownDesc
- keep en.json but fix linkAPI and <strong>Create</strong>
* restore newlines, and final corrections check
* update snapshots
* fix: i18n
* chore(e2e): admin.complianceExport.exportJobStartTime.title
* chore(e2e): emoji_picker.travel-places
* chore(e2e): user.settings.general.incorrectPassword
* chore(e2e): signup_user_completed.create
* chore(e2e): fix Invite People
* chore(fix): admin console email heading
* chore(e2e): fix edit_channel_header_modal.placeholder
* chore(e2e): fix Create account
* chore(e2e): fix Create account
* chore(e2e): correct success message text in password update alert
* fix: admin guide label
* chore(e2e): update role name in invite people combobox
* chore(e2e): more "Create account"
* chore(e2e): fix authentication_spec
* lint
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66898] Adjust popout titles
* Added support for browser window titles, fixed a bug in the thread menu
* Fix conflicting web app title
* Fix issue with DM channel thread with user not on team and no replies
* Fix again
* Fix lint
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* fix SELECT * in user_store.go
* MM-62151: Avoid SELECT * in post store SQL queries
Replace all SELECT * patterns in post_store.go with explicit column
specifications using postSliceColumns() and postSliceColumnsWithName()
helper functions. This prevents unnecessary data transfer and protects
against schema changes.
Changes:
- Use Squirrel's .Column() method for cleaner query building
- Remove unqueryvet linter exception for post_store.go
- Fix 11 SELECT * occurrences in various query methods
* leverage postsQuery where we can
* more builder simplifications
* add noSelectStar to linter
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66769: Suppress browser notification warning for MS 365 mobile apps
When accessing Mattermost through MS Teams or Outlook mobile embedded
browsers, users were seeing an "unsupported browser" warning banner.
These browsers intentionally don't support the Notification API, but
are otherwise fully functional.
This change adds detection for Teams and Outlook mobile browsers and
suppresses the notification warning banner for these apps:
- Added isTeamsMobile(), isOutlookMobile(), and isM365Mobile() to user_agent.tsx
- Updated NotificationPermissionBar to skip showing warning for M365 mobile apps
- Detection patterns: TeamsMobile-Android/iOS, Teams/ on mobile, and PKeyAuth/1.0
* Don't show unsupported notice in Notification settings for MS 365 mobile apps
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Guest cannot add file to post without upload_file permission
* Move checks to api layer, addd checks in update patch post scheduled post
* Minor
* Linter fixes
* i18n translations
* removed the duplicated check from scheduled_post app layer
* Move scheduled post permission test from app layer to API layer
The permission check for updating scheduled posts belonging to other
users was moved from the app layer to the API layer in the PR. This
commit moves the corresponding test to the API layer to match.
* Move scheduled post delete permission check to API layer
Move the permission check for deleting scheduled posts from the app
layer to the API layer, consistent with update permission check.
Also enhance API tests to verify posts aren't modified after forbidden
operations.
* Fix inconsistent status code for non-existent scheduled post
Return StatusNotFound instead of StatusInternalServerError when a
scheduled post doesn't exist in UpdateScheduledPost, matching the
API layer behavior.
* Fix flaky TestAddUserToChannelCreatesChannelMemberHistoryRecord test
Use ElementsMatch instead of Equal to compare user ID slices since the
order returned from GetUsersInChannelDuring is not guaranteed.
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
* Fliter post in search api with no read content channel permission
* Added test
* Review comments
* reverted the unnecessary code
* linter fixes
* Fix filter functions to handle non-existent channels gracefully
When filtering posts/files by channel permissions, GetChannels() returns
a 404 error if all requested channels don't exist. This caused the
entire filter operation to fail. Now we ignore 404 errors and continue
processing, allowing non-existent channels to be filtered out as expected.
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
This makes the content of the channel info right sidebar scrollable by
wrapping its components in a `<Scrollbars>` component.
Signed-off-by: Kuruyia <github@kuruyia.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66800 Migrate Add Channels menu to new menu component
* Re-run i18n-extract
* Apply hovered style to Add Channels button when menu is open
* Update menu alignment
* Update snapshots
This change enhances security by preventing ImportSettings.Directory from being modified through the API and adds validation to prevent directory conflicts.
Changes:
- Restricted ImportSettings.Directory from being changed via API
- Added validation to prevent directory conflicts with plugin directory
- Added error message translation
- Updated and added comprehensive tests
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66910 - Fix isPostInteractable to exclude burn-on-read posts
* prevent R reply, clean up test files and improve structure
* remove unused canPostBeForwarded variable and use props for forward check
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66924 - MarkAllThreadsAsReadModal to use ConfirmModal and remove unused styles
* adjust translations
* adjust texts as requested and do not use confirm modal
* update mark all threads as read modal description for clarity
* Disabled flagging BoR post
* Added post type checks in flagPost() API
* i18n fixes
* fixes
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* refactor(generated_setting): migrate GeneratedSetting to a function component
* refactor(generated_setting): wrap regenerate function with useCallback
* test(custom_plugin_settings): update snapshots
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Also keep it unchanged in padding-bottom: 0 in the mobile view.
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-66890 - Set default for BurnOnRead feature flag to true
* enable the feature by default
* fix unit tests
* fix e2e tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Added debug log to indicate the job is not running as the node is not cluster node
* Setting log level to info for debugging test server issue
* testing
* Removed debugging code
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* add Client4.GetDirectOrGroupMessageMembersCommonTeams
* Improve team filtering in common teams API
Filter the common teams to only include teams the requesting user is a
member of, ensuring proper access control.
* simplify GetDirectOrGroupMessageMembersCommonTeamsAsUser
* Disabled user ID auth if email and username login are disabled
* Added tests
* lint fix
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* avoid replica race lag when remembering ServerID
In an HA environment, with a master and read replica, querying the server id from the store runs the risk of returning a value saved to master but not yet replicated. Avoid this by using the telemetry service value directly when available.
Fixes: MM-65960
* Add Get(ByName)WithContext
* explicitly use master for ServerId
* mock GetByNameWithContext
* more mocking
* more mocks
* [MM-66875] Implement RHS popout component
* [MM-66876] Add RHS plugin popouts
* Give plugins a way to check when popouts are opened
* Fix test
* Fix border radius
* Fix lint
* Update title to just show plugin name
* Add server name to plugin popout for Desktop App
* Fix test
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-66708] Disallow interacting with password and login method for magic link accounts
* Fix test and update getLoginType response
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
The production password hasher uses PBKDF2 with 600,000 iterations,
which is slow especially when combined with race detection. This
adds a fast test hasher (work factor 1) that can be used during tests
to speed up user creation.
The fast hasher is only available in non-production builds via build
tags, ensuring it cannot be used in production.
* Add read receipt store for burn on read message types
* update mocks
* fix invalidation target
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* add translations
* Added logic to associate files of BoR post with the post
* Added test
* fixes
* disable pinning posts and review comments
* MM-66594 - Burn on read UI integration (#34647)
* MM-66244 - add BoR visual components to message editor
* MM-66246 - BoR visual indicator for sender and receiver
* MM-66607 - bor - add timer countdown and autodeletion
* add the system console max time to live config
* use the max expire at and create global scheduler to register bor messages
* use seconds for BoR config values in BE
* implement the read by text shown in the tooltip logic
* unestack the posts from same receiver and BoR and fix styling
* avoid opening reply RHS
* remove unused dispatchers
* persis the BoR label in the drafts
* move expiration value to metadata
* adjust unit tests to metadata insted of props
* code clean up and some performance improvements; add period grace for deletion too
* adjust migration serie number
* hide bor messages when config is off
* performance improvements on post component and code clean up
* keep bor existing post functionality if config is disabled
* Add read receipt store for burn on read message types
* Add temporary posts table
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* avoid reacting to unrevealed bor messages
* adjust migration number
* Add read receipt store for burn on read message types
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* adjust post reveal and type with backend changes
* use real config values, adjust icon usage and style
* adjust the delete from from sender and receiver
* improve self deleting logic by placing in badge, use burn endpoint
* adjust websocket events handling for the read by sender label information
* adjust styling for concealed and error state
* update burn-on-read post event handling for improved recipient tracking and multi-device sync
* replace burn_on_read with type in database migrations and model
* remove burn_on_read metadata from PostMetadata and related structures
* Added logic to associate files of BoR post with the post
* Added test
* adjust migration name and fix linter
* Add read receipt store for burn on read message types
* update mocks
* have consistent case on index creation
* Add temporary posts table
* add mock
* add transaction support
* reflect review comments
* wip: Add reveal endpoint
* user check error id instead
* wip: Add ws events and cleanup for burn on read posts
* add burn endpoint for explicitly burning messages
* Added logic to associate files of BoR post with the post
* Added test
* disable pinning posts and review comments
* show attachment on bor reveal
* remove unused translation
* Enhance burn-on-read post handling and refine previous post ID retrieval logic
* adjust the returning chunk to work with bor messages
* read temp post from master db
* read from master
* show the copy link button to the sender
* revert unnecessary check
* restore correct json tag
* remove unused error handling and clarify burn-on-read comment
* improve type safety and use proper selectors
* eliminate code duplication in deletion handler
* optimize performance and add documentation
* delete bor message for sender once all receivers reveal it
* add burn on read to scheduled posts
* add feature enable check
* use master to avoid all read recipients race condition
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
* squash migrations into single file
* add configuration for the scheduler
* don't run messagehasbeenposted hook
* remove parallel tests on burn on read
* add clean up for closing opened modals from previous tests
* simplify delete menu item rendering
* add cleanup step to close open modals after each test to prevent pollution
* streamline delete button visibility logic for Burn on Read posts
* improve reliability of closing post menu and modals by using body ESC key
---------
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
Co-authored-by: Pablo Vélez <pablovv2012@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
2025-12-11 07:59:50 +01:00
1905 changed files with 160263 additions and 64827 deletions
Runs E2E tests for every PR commit after the enterprise docker image is built. Fails if the commit is not associated with an open PR.
**Trigger chain:**
```
PR commit ─► Enterprise CI builds docker image
─► Argo Events detects "Enterprise CI/docker-image" status
─► dispatches e2e-tests-ci.yml
```
For PRs from forks, `body.branches` may be empty so the workflow falls back to `master` for workflow files (trusted code), while `commit_sha` still points to the fork's commit.
**Jobs:** 2 (cypress + playwright), each does smoke -> full
After full tests complete, a webhook notification is sent to the configured `REPORT_WEBHOOK_URL`. The results line uses the same `commit_status_message` as the GitHub commit status. The source line varies by pipeline using `report_type` and `ref_branch`.
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
---
## opensearch-project/opensearch-go
@ -10893,6 +10861,21 @@ Internationalize React apps. This library provides React components and an API t
---
## react-intl
This product contains 'react-intl' by Eric Ferraiuolo.
Internationalize React apps. This library provides React components and an API to format dates, numbers, and strings, including pluralization and handling translations.
* HOMEPAGE:
* https://formatjs.github.io/docs/react-intl
* LICENSE: BSD-3-Clause
---
## react-is
@ -12897,6 +12880,48 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
---
## x/sys
This product contains 'x/sys' by Go.
[mirror] Go packages for low-level interaction with the operating system
* HOMEPAGE:
* https://golang.org/x/sys
* LICENSE: BSD 3-Clause "New" or "Revised" License
Copyright 2009 The Go Authors.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google LLC nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
---
## x/term
@ -13048,5 +13073,3 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Partially update a channel by providing only the fields you want to
update. Omitted fields will not be updated. The fields that can be
updated are defined in the request body, all other provided fields will
be ignored.
update. Omitted fields will not be updated. At least one of the allowed
fields must be provided.
**Publicand private channels:** Can update `name`, `display_name`,
`purpose`, `header`, `group_constrained`, `autotranslation`, and
`banner_info` (subject to permissions and channel type).
**Directand group message channels:** Only `header` and (when not
restricted by config) `autotranslation` can be updated; the caller
must be a channel member. Updating `name`, `display_name`, or `purpose`
is not allowed.
The default channel (e.g. Town Square) cannot have its `name` changed.
##### Permissions
If updating a public channel, `manage_public_channel_members` permission is required. If updating a private channel, `manage_private_channel_members` permission is required.
- **Publicchannel:** For property updates (name, display_name, purpose, header, group_constrained),
`manage_public_channel_properties` is required. For `autotranslation`, `manage_public_channel_auto_translation`
is required. For `banner_info`, `manage_public_channel_banner` is required (Channel Banner feature and
Enterprise license required).
- **Privatechannel:** For property updates, `manage_private_channel_properties` is required. For
`autotranslation`, `manage_private_channel_auto_translation` is required. For `banner_info`,
`manage_private_channel_banner` is required (Channel Banner feature and Enterprise license required).
- **Director group message channel:** Must be a member of the channel; only `header` and (when allowed)
`autotranslation` can be updated.
operationId:PatchChannel
parameters:
- name:channel_id
in:path
description:Channel GUID
description:Channel ID
required:true
schema:
type:string
@ -630,20 +648,34 @@
name:
type:string
description:The unique handle for the channel, will be present in the
channel URL
channel URL. Cannot be updated for direct or group message channels.
Cannot be changed for the default channel (e.g. Town Square).
display_name:
type:string
description:The non-unique UI name for the channel
description:The non-unique UI name for the channel. Cannot be updated
for direct or group message channels.
purpose:
type:string
description:A short description of the purpose of the channel
description:A short description of the purpose of the channel. Cannot
be updated for direct or group message channels.
header:
type:string
description:Markdown-formatted text to display in the header of the
channel
group_constrained:
type:boolean
description:When true, only members of the linked LDAP groups can join
the channel. Only applicable to public and private channels.
autotranslation:
type:boolean
description:Enable or disable automatic message translation in the
channel. Requires the auto-translation feature and appropriate
channel permission. May be restricted for direct and group message
channels by server configuration.
banner_info:
$ref:"#/components/schemas/ChannelBanner"
description:Channel object to be updated
description:Channel patch object; include only the fields to update. At least
description:The password used for email authentication.
type:string
magic_link_token:
description:Magic link token for passwordless guest authentication. When provided, authenticates the user using the magic link token instead of password. Requires guest magic link feature to be enabled.
cy.findByText('Your password must be 5-72 characters long and include both lowercase and uppercase letters, numbers, and special characters.').should('be.visible');
cy.get('.error').should('be.visible').and('have.text','The email you provided does not belong to an accepted domain for guest accounts. Please contact your administrator or sign up with a different email.');
