* Adds elasticsearch to the user and channel autocompletion functions
* Implement channel store GetChannelsByIds test
* Style changes and govet fixes
* Add gofmt fixes
* Extract default channel search limit to a const
* Add StringSliceDiff function to the utils package
* Honor USER_SEARCH_MAX_LIMIT on the user autocomplete api handler
* Change the elasticsearch development image
* transplant the existing PR into the working tree
* start addressing review comments
* move existing direct channel export code into this branch
* modify channel exporter to use squirell and populate members in two steps
* use squirrel to build sql queries for channel and dm/gm export methods
* remove debug helpers and use Username instead of UserId
* unit test for DM Channel exporter
* add more unit tests for channel export
* add test for DM/GM post export
* checkpoint with failing test for postgres
* use getQueryBuilder to make sure squirrel uses the correct formatting
for each database
* add a test for post export
* fix shadowed vars that broke the build
* address review comments and add tests to support it
* address review comments and add a mlog call
* s/Info/Debug/
* address review comments in post_store
* address review comments in channel_store
* address review comments in export
* address review comment in post_store: drop GroupBy
* address review comment on supplier: move getQueryBuilder to sqlstore
* address review comments: explicit TearDown
* address review comments: improve test coverage
* address review comments: make sure public and private channels are excluded
* address review comments: improve test coverage
* address review comments: make sure Channels table gets truncated after
each test
* more cleanups and better assertions
* wrap PostStore in a StoreTestWithSqlSupplier
* last minute changes: improve post export test coverage and check members
* address review comments: make sure all posts have their channel
members set
* address review comments: make sure all posts have their ChannelMembers
exported correctly
* gofmt fix
* sort channels so it's possible to assert on index
* api4: break out license and config from system
* app: move some config functions from admin.go to config.go
* add ExperimentalSettings.RestrictSystemAdmin
* forbid various actions to restricted system admin
* update default.json
* fix function names in errors
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
* Added support for PostActions in ephemeral posts
The general approach is that we take all the metadata that DoPostAction
needs to process client DoPostActionRequests, and store it in a
serialized, encrypted Cookie field, in the PostAction struct.
The client then must send it back, and it is then used to process
PostActions as a fallback top the metadata in the database.
This PR adds a new config setting, `ServiceSettings.ActionCookieSecret`.
In a cluster environment it must be the same for all instances.
- Added type PostActionCookie, and a Cookie string to PostAction.
- Added App.AddActionCookiesToPost.
- Use App.AddActionCookiesToPost in api4.createEphemeralPost,
App.SendEphemeralPost, App.UpdateEphemeralPost.
- Added App.DoPostActionWithCookie to process incoming requests with
cookies. For backward compatibility, it prefers the metadata in the
database; falls back to cookie.
- Added plugin.API.UpdateEphemeralPost and plugin.API.DeleteEphemeralPost.
- Added App.encryptActionCookie/App.decryptActionCookie.
* Style
* Fixed an unfortunate typo, tested with matterpoll
* minor PR feedback
* Fixed uninitialized Context
* Fixed another test failure
* Fixed permission check
* Added api test for DoPostActionWithCookie
* Replaced config.ActionCookieSecret with Server.PostActionCookieSecret
Modeled after AsymetricSigningKey
* style
* Set DeleteAt in DeleteEphemeralPost
* PR feedback
* Removed deadwood comment
* Added EXPERIMENTAL comment to the 2 APIs in question
This preserves the ability to use custom file names -- required for backwards compatibility -- but forces names upon all newly uploaded certificates, avoiding clashes with other configuration files and skipping the need for file safety checks.
* [MM-13828] Running tests from a new temp folder with all test resources
Possible fix for #10132
All packages which have a TestMain and use testlib.MainHelper will have a new current working directory which will have all the test
resources copied.
Note: default.json is copied as config.json as well to make sure tests don't have any impact due to changes in config by devs
* [MM-13828] Added TestMain to remaining packages to use testlib.MainHelper
This makes sure tests from all packages run with same test resources, setup in a new temp folder for each package
* Updated Jenkins file to not not config/default.json
This makes sure CI has same config files as a dev's machine
* [MM-13828] Changes requested from code review
Added accessor methods to testlib.MainHelper for accessing members
Fixed some broken tests due to change in cwd while tests run
Some other code refactoring and improvements
* [MM-13828] Added new factory method with options for creating test main helper and some code refactoring
testlib.NewMainHelperWithOptions supports options to turn on/off test dependencies and environment setup
Some other code refactoring
* Exporting members of testlib.MainHelper to make enterprise tests work
* Fixed gofmt error
* [MM-13828] removed unwanted dependency on plugins directory while setting up test resources
* [MM-13828] Fixed some tests failing due to them being running from temp folder
* [MM-13828] Some code changes suggested in PR review
* Fixed gofmt error
* config file store
Introduce an interface and concrete implementation for accessing the config.
This mostly maps 1:1 with the exiting usage in `App`, except for internalizing the watcher. A future change will likely eliminate `App.PersistConfig()` and make this implicit on `Set` or `Patch`
* experimental file test changes
* emoji: move file driver checks from api4 to app
It is no longer possible to app.UpdateConfig and provide an invalid configuration, making it hard to test this case. This check doesn't really belong in the api anyway, since it's a configuration validity check and not a permissions check. Either way, the check now occurs at the App level.
* api4: generate valid public link salts for test
* TestStartServerRateLimiterCriticalError: use mock store to test invalid config
* remove config_test.go
* remove needsSave, and have Load() save to the backing store as necessary
* restore README.md
* move ldap UserFilter check to model isValid checks
* remove databaseStore until ready
* remove unimplemented Patch
* simplify unlockOnce implementation
* revert forgetting to set s.Ldap
* config/file.go: rename ReadOnlyConfigurationError to ErrReadOnlyConfiguration
* config: export FileStore
* add TestFileStoreSave
* improved config/utils test coverage
* restore config/README.md copy
* tweaks
* file store: acquire a write lock on Save/Close to safely close watcher
* fix unmarshal_test.go
* Adds configuration for separate reply-to email header.
* Changes config setting name.
* Using a separate variable and value in test.
* Updates for config pointer changes in another PR.
* Adds new key to test config. Adds default value.
* Check for password when updating the eMail
* Require password for email change
* Enhance unit testing
* Restructure error handling for update email path
* govet
* CSRF Token Implementation + Tests
Remove debug statements
Implement requested changes
* Fix non-cookie authentication methods stripping auth data from requests
* Fail when CSRF cookie is not returned as part of login
* MM-13207 Add customizable timeout for link metadata and improve caching of errors
* Rename LinkMetadataTimeout to LinkMetadataTimeoutMilliseconds
* Add diagnostics for LinkMetadataTimeoutMilliseconds
* MM 10658 Change config fields to pointers (#8898)
* Change fields of config structs to pointers and set defaults
MM-10658 https://github.com/mattermost/mattermost-server/issues/8841
* Fix tests that go broken during switching config structs to pointers
MM-10658 https://github.com/mattermost/mattermost-server/issues/8841
* Apply changes of current master while switching config structs to pointers
MM-10658 https://github.com/mattermost/mattermost-server/issues/8841
* Fix new config pointer uses
* Fix app tests
* Fix mail test
* remove debugging statement
* fix TestUpdateConfig
* assign config consistently
* initialize AmazonS3Region in TestS3TestConnection
* initialize fields for TestEmailTest
* fix TestCheckMandatoryS3Fields
* MM-13664 Added LinkMetadata types
* MM-13664 Use LinkMetadata when populating post metadata
* Fix unused import
* Fix index name on SQLite
* Finish adding unit tests
* Address feedback
* Increase max length of URL column to 2048 characters
* MM-10417 Add local image proxy and enable by default
* Remove unused function
* Add dependencies for willnorris/imageproxy
* Fixed compilation errors
* Lock to the master version of willnorris/imageproxy
* Fix atmos/camo proxy when no SiteURL is specified
* Re-add default values for deprecated settings
* Fix unit tests added by merge
* Pass imageproxy to App struct
* Remove unneeded locking when creating the image proxy
* Remove empty test file
* Webhooks: Allow "true"/"false" for bool values in payload body
Some slack integrations encode bool fields as "true"/"false", which
was previously unsupported in mattermost due to how encoding/json works.
This commit adds an aliased type for bool that implements json.Unmarshaler
to maintain compatibility with Slack.
* Add missing copyright header to added files
* MM-13718 Prevent files from being attached to multiple posts
* Switch back to non-batched AttachToPost
* Change status code when failing to attach a file
* 7494 added the role to the user search filter
* 7494 changed the getUser function to accept the options
* added the role filter for the getAllProfiles method
* 7494 added the Inactive filter for AllProfiles
* 7494 refactored the where clause generation
* 7494 added the roles and inactive filters for inTeam Query
* 7494 fixed the review comments
* Initial models, API, app, and persistence of groups and group syncing.
* Consistent letter casing in ldif.
* Moves group-specific migrations into func.
* Adds API endpoint to retrieve LDAP groups (and associated MM groups) one tree level at a time.
* Adds mattermost group id to SCIMGroup (if available).
* Splits user and group creation so that memberOf works. Returns users from ldap interface.
* Updates method name.
* Returns users IDs instead of User.
* Removes non-essential group data.
* MM-11807: Add GroupFilter to LDAP config. (#9513)
* MM-11807: Add GroupFilter to LDAP config.
* Add diagnostic.
* Adds new config option for using 'memberOf' overlay.
* Adds API endpoint to link a group.
* Removes debug statements.
* Adds unlink group API endpoint.
* Fix to LDAP API. Adds API method to client4 and app.
* Adds some missing app methods. Renames API unexported func.
* Fixes link/unlink API path to accept valid DNs.
* Allow any character for DN portion of path.
* Switches from DN to objectGUID or entryUUID as the remote identifier linking LDAP groups to MM groups.
* Formatting.
* Formatting.
* Setting group name field to an ID for phase 1.
* Adds an LDAP config field to Setting up configuration for local LDAP.
* Changes to LDAP and GroupStore interfaces.
* Draft of nesting groups in API response.
* Removes unnecessary tree models.
* Updates group membershipt create store method to also restore.
* Adds new config to test config.
* Accept AD format length.
* Switches to SetUniqueTogether method.
* Updates revert.
* Tweaks to syncing queries .
* Updates query for pending team and channel memberships.
* Removes old GroupSyncableScanner usage. Some formatting and renaming.
* Fixes bug setting syncable type in selecting paged.
* Adds tests for syncables populator.
* Only add users to teams and channels that are not deleted.
* Renames method.
* Updates test LDAP setup.
* Removes memberof config stuff.
* Renames.
* Updates test data.
* Fix for gofmt.
* Adds missing license.
* Adds missing teardowns.
* Test fix.
* Adds a cycle to the groups test data.
* Changes API to return flat list.
* Removes some unused interface and app methods.
* Returns empty braces if results are empty.
* Adds more LDAP test data.
* Fix for test data error.
* Adds error.
* Moves test groups.
* Adds OU for load test data.
* Moves load test ou creation to load data.
* Adds a new bool flag to SCIMGroups.
* Removes SCIMGroup completely.
* Removes FULL JOIN because it is not supported in MySQL.
* Adds tests for sync queries; renames constant.
* Bad merge fix.
* Vet fix.
* Returning OK on delete ldap group link
* Removes foreign key constraints.
* Adding total to the ldap getAllGroups api endpoint
* Adds get group members page.
* Removes pagination from groups syncables list API.
* Adding syncable check now that foreign key constraint is removes.
* Joins teams and channels to group syncables.
* Adds group member count.
* Adding GetAllChannels and SearchAllChannels for system admins only
* Fix.
* Test fix from pagination removal.
* Orders groupmembers by createat.
* Fixing search of all channels
* Test fix after removing pagination.
* JSON syntax error fix.
* Changing tests (for now) pending investigation.
* Adding GetAllChannels and SearchAllChannels tests for the store
* Adding GetAllChannels and SearchAllChannels API tests
* Omit empty JSON values of group syncables.
* Fixing GetAllChannels and SearchAllChannels tests
* Fixing GetAllChannels and SearchAllChannels store tests
* Fixing GetAllChannels api tests
* Adds 'LDAP groups' feature flag. (#9861)
* Migrate new client functions to idiomatic error handling
* Test fixes.
* Simplification of groups api (#9860)
* Simplification of groups api
* Fixing RequireSyncableType
* Test fix.
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Fix copy/paste error.
* Fix copy/paste error.
* Adds missing return, changes to correct HTTP status code.
* Adds missing return, changes status codes.
* Check for license.
* Renames variable for new signature.
* Adds client method to get a group.
* Adds client method and tests for PatchGroup.
* Adds more API tests.
* Adds groups API tests.
* Adds client method and tests for getting group syncables.
* Adds tests for patching group teams and channels.
* Update to translations.
* Removes test.
* Fix incorrect conditional.
* Removes unnecessary nil check.
* Removes unnecessary return.
* Updates comment, removes unused variable.
* Uses consistent JSON unmarshal pattern.
* Uses consistent JSON unmarshal pattern.
* Moves const block.
* Switches 'already linked' from error to success response.
* Removes commented-out code.
* Switched to status ok.
* Add parens for readability.
* Fix copy/paste error.
* Unexport some structs.
* Removes repeated validity check.
* Return without attempting commit if there's a rollback.
* Fix incorrect HTTP status code.
* Update store/sqlstore/group_supplier.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Adds utility methods for going from groupsyncable to groupteam and groupchannel.
* Fixing george suggestions (#9911)
* Test fix.
* Adds QA data to VC with visualization.
* Fixes typo in graph image.
* Update display name when re-linking in case it has changed in LDAP.
* Adds ability to configure group display name and unique identifier. (#9923)
* Adds ability to configure group display name and unique identifier.
* Adds some configs to confi-ldap make command.
* Fix for move of session.
* Exposes method for use by SAML package.
* Switches GroupSyncableType from int to string.
* Update Jenkins build files.
* Removes unused variable assignment.
* Removes old unnecessary early return.
* Removes unnecessary variable.
* Moves param parsing before license and permissions checks.
* Removes old code.
* Compares agains underlying error rather than error id.
* Switches tests to assertions.
* Adds more assertions.
* Adds missing return.
* Adds space after comma for added legibility.
* Moves a view model to the api package.
* Unexports method.
* Uses id validator function.
* Fix docker-compose flag.
* Typo fix.
* Moves index creation to supplier.
* Removes bad merge.
* Renames parameter.
* Re-adds space.
* Removes unnecessary transaction.
* Escapes the Groups table name with backticks because it is a reserved keyword.
* Fix roles cache bug
* Removing unnecesiary deserializing function
* Switches table name rather than custom SQL everywhere for Postgres without backticks.
* Removes redundant check for sql.ErrNoRows.
* Removes redundant check for sql.ErrNoRows.
* Removes data integrity check and redundant nil conditional.
* Removes redundant check for sql.ErrNoRows.
* Removes unnecessary query.
* Removes ID length validation from persistence tier.
* Makes some supplier methods idempotent.
* Removes some empty switch defaults.
* Renames Group Type field to Source.
* Fix for mistaken field name change.
* Uses IsValidId function.
* Removes comment.
* Changes json key name.
* Removes test because no longer validating user.
* Moves model state validation to app layer.
* Don't create Groups.CanLeave column until phase 2.
* Removes state validation until properties are used in phase 2.
* Removes duplicated check.
* Removes state validation until properties are used in phase 2.
* Removes some tests until phase 2.
* Comment-out a bunch of test related to CanLeave.
* Extra unmarshal validation check. Removes more code for CanLeave.
* Removes tests for CanLeave.
* Explict error msg.
* Rewrite queries.
* Changes index name. Adds index.
* Removes assertion.
* Adds experimental feature flag.
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
