* MM-16506: conditionally build go.mod for plugins
Unless `GO111MODULE=off`, generate a `go.mod` that points at the local copy of `mattermost-server` to ensure plugin tests that compile source code on demand always test with the local copy of mattermost-server. This also fixes an issue with early adopters of `GO111MODULE=on` on the server failing to find the right version of go-i18n dependencies.
* plugin: enable testlib resource management
* customize fileutils.Find* for testlib
* Add config setting to explicitly define which IP headers are trusted
* fix variable shadowing
* Optimize code flow; Add Ratelimit test for header set
* Extend Ratelimit tests
* Add additional unit tests
* Structured logging
* Rework default password requirements
* Update API Test Lib Default User PW
* Remove unused function; Disable password reqs in dev mode
* Disable strict password requirements for unit tests
* Update unit tests
* Remove NotificationRegistry table and use structured logging
* Fix ackId for notification sent
* Notification logger at server level
* Remove unused i18n strings
* MM-14030 Add initial CountFrames
* MM-14030 Add format and frame count to image metadata
* Fix tests and stop using image dimensions from OpenGraph
* Fix copyright header
* Move license to NOTICE.txt
This change is being made to address an issue where the go-i18n
translation library would result in partial-translations when a
given language dictionary was missing a given plural keyword. The
improvement made here leads the translation library to try an
'other' keyword lookup if the first plural keyword fails to have
a value.
This change was not accepted upstream due to concern regarding
changing the behavior, so we are using a fork at this time to
address the issue.
* MM-14575 - Automatically serve static files for plugins
* Added static handler for plugin public files
* Added StaticFilesPath method to Environment for use by MainRouter
* Added "static_files" property to Manifest Server
* Added unit tests for these changes
* MM-14575: Adding comment for cache control value
* MM-14575: Moved Static Plugin Request handler to plugin_requests
* Updated testing
* MM-14575: Removing the StaticFiles from Manifest Server
* MM-14575: Removing static files from test
* MM-14575: Updating static files test
* MM14575: Removing cache directive from plugin static files
* MM14575: Moving plugin public directory to root
* MM-14575: Updating tests for changed public directory
* MM-14575: Moved compileGo to a common utils package for tests
* MM-14575: Moving plugins initialization to InitPlugins find in tests
* Update utils/test_files_compiler.go
Adding Copyright header
Co-Authored-By: happygaijin <happygaijin@users.noreply.github.com>
* MM-14575: Consistent usage of static vs public name
* Removing spurious newline
* Comment typo
Co-Authored-By: happygaijin <happygaijin@users.noreply.github.com>
* Removing spurious new line
Co-Authored-By: happygaijin <happygaijin@users.noreply.github.com>
* MM14575: Adding a test to make sure only public files can be requested
* MM-14575 Adding a test for redirects on public files
* tweak utils.Merge docs
* move merge_test to utils_test package for easier testing
* utils: support MergeConfig and StructFieldFilter
* constrain updating certain fields by the restricted system admin
* MM-14442: Merge function, to enable merging of configs
Merge will return a new struct of the same type as base and
patch, with patch merged into base. Specifically, patch's values will be preferred
except when patch's value is `nil`.
Restrictions/guarantees:
- base or patch will not be modified
- base and patch can be pointers or values
- base and patch must be the same type
- base and patch must have no unexported types (at the moment)
- if maps or slices are different, the entire map or slice will be
replaced (at the moment)
* License header
* major rewrite addressing PR comments from Jesse
* MM-14442: merge function for config files
- simplified merge for slices and maps
- fixed many problems with nested pointers/maps/slices
- all references are cloned
- 54 new tests, simplified tests for specific problems
* MM-14442: fixing formatting, comments
* Adds elasticsearch to the user and channel autocompletion functions
* Implement channel store GetChannelsByIds test
* Style changes and govet fixes
* Add gofmt fixes
* Extract default channel search limit to a const
* Add StringSliceDiff function to the utils package
* Honor USER_SEARCH_MAX_LIMIT on the user autocomplete api handler
* Change the elasticsearch development image
* TestGetLicenseFileFromDisk: avoid using fileutils.FindConfigFile
* config: abstract config-related file access, extend memory store
* simplify config validate to avoid file knowledge
* fix relative file tests
* cluster: fix ConfigChanged event
The old and new configurations were swapped when notifying the enterprise code of configuration changes, creating needless instability in propagating config updates across a cluster.
* config/database: ignore duplicates
* test cleanup
* remove unnecessary Save() in test
* Added support for PostActions in ephemeral posts
The general approach is that we take all the metadata that DoPostAction
needs to process client DoPostActionRequests, and store it in a
serialized, encrypted Cookie field, in the PostAction struct.
The client then must send it back, and it is then used to process
PostActions as a fallback top the metadata in the database.
This PR adds a new config setting, `ServiceSettings.ActionCookieSecret`.
In a cluster environment it must be the same for all instances.
- Added type PostActionCookie, and a Cookie string to PostAction.
- Added App.AddActionCookiesToPost.
- Use App.AddActionCookiesToPost in api4.createEphemeralPost,
App.SendEphemeralPost, App.UpdateEphemeralPost.
- Added App.DoPostActionWithCookie to process incoming requests with
cookies. For backward compatibility, it prefers the metadata in the
database; falls back to cookie.
- Added plugin.API.UpdateEphemeralPost and plugin.API.DeleteEphemeralPost.
- Added App.encryptActionCookie/App.decryptActionCookie.
* Style
* Fixed an unfortunate typo, tested with matterpoll
* minor PR feedback
* Fixed uninitialized Context
* Fixed another test failure
* Fixed permission check
* Added api test for DoPostActionWithCookie
* Replaced config.ActionCookieSecret with Server.PostActionCookieSecret
Modeled after AsymetricSigningKey
* style
* Set DeleteAt in DeleteEphemeralPost
* PR feedback
* Removed deadwood comment
* Added EXPERIMENTAL comment to the 2 APIs in question
* [MM-13828] Running tests from a new temp folder with all test resources
Possible fix for #10132
All packages which have a TestMain and use testlib.MainHelper will have a new current working directory which will have all the test
resources copied.
Note: default.json is copied as config.json as well to make sure tests don't have any impact due to changes in config by devs
* [MM-13828] Added TestMain to remaining packages to use testlib.MainHelper
This makes sure tests from all packages run with same test resources, setup in a new temp folder for each package
* Updated Jenkins file to not not config/default.json
This makes sure CI has same config files as a dev's machine
* [MM-13828] Changes requested from code review
Added accessor methods to testlib.MainHelper for accessing members
Fixed some broken tests due to change in cwd while tests run
Some other code refactoring and improvements
* [MM-13828] Added new factory method with options for creating test main helper and some code refactoring
testlib.NewMainHelperWithOptions supports options to turn on/off test dependencies and environment setup
Some other code refactoring
* Exporting members of testlib.MainHelper to make enterprise tests work
* Fixed gofmt error
* [MM-13828] removed unwanted dependency on plugins directory while setting up test resources
* [MM-13828] Fixed some tests failing due to them being running from temp folder
* [MM-13828] Some code changes suggested in PR review
* Fixed gofmt error
* MM-14052: fix subpath yet again
The server now emits a script-src directive that overrides the root.html
rewrite. Fix this by emitting the requisite sha-256 hash server-side as
well as rewriting root.html. We can't remove the root.html rewrite,
since the assets may be on a CDN instead and we use the same code path
to rewrite them (on demand).
Prior to this change, going from / -> /subpath -> / would leave changes
in root.html: the Content-Security-Policy header would still have the
sha-256 hash, and the inline script would still override the publicPath
but to the default subpath value. To avoid sending down a sha-256 hash
server-side when no subpath is required, change this to fully strip out
the subpath changes. This is the only unit test change, as the existing
coverage proves the algorithm still works.
* fix subpath concatenation in test
path.Join isn't meant to work with a URL + path, and my test was effectively working with the subpath "/localhost:8065/subpath" instead of just "/subpath". The CI servers presumably caught this due to a different configuration than my local development.
* refactor utils/config* to config/
* pull validateLdapFilter into app
* clean up Config/GetConfig/GetSanitizedConfig usage
Eliminate app.GetConfig() in favour of just using app.Config() directly,
but expose app.GetSanitizedConfig() for when the old behaviour was
required.
* web: isolate config setup
* TestInvitePeopleProvider: make config explicit
* regenerateClientConfig: avoid racey map access
* integrate watch flag into app.ConfigFile option
* make app.Option return an error
* release.mk: only cp static files from config/
* release.mk: fix cp static files from config/
* api4: TestPlugin cleanup
* s/c/cfg/ for clarity
* fix merge conflict
* testlib: allow customization of testlib driver name
* MM 10658 Change config fields to pointers (#8898)
* Change fields of config structs to pointers and set defaults
MM-10658 https://github.com/mattermost/mattermost-server/issues/8841
* Fix tests that go broken during switching config structs to pointers
MM-10658 https://github.com/mattermost/mattermost-server/issues/8841
* Apply changes of current master while switching config structs to pointers
MM-10658 https://github.com/mattermost/mattermost-server/issues/8841
* Fix new config pointer uses
* Fix app tests
* Fix mail test
* remove debugging statement
* fix TestUpdateConfig
* assign config consistently
* initialize AmazonS3Region in TestS3TestConnection
* initialize fields for TestEmailTest
* fix TestCheckMandatoryS3Fields
* MM-10417 Add local image proxy and enable by default
* Remove unused function
* Add dependencies for willnorris/imageproxy
* Fixed compilation errors
* Lock to the master version of willnorris/imageproxy
* Fix atmos/camo proxy when no SiteURL is specified
* Re-add default values for deprecated settings
* Fix unit tests added by merge
* Pass imageproxy to App struct
* Remove unneeded locking when creating the image proxy
* Remove empty test file
This fixes a race condition client-side that fails to connect to websockets during MFA enforcement since the necessary config data isn't fetched. There are no security concerns in exposing this data to non-authenticated users, though we'd like to revisit this to tighten it down later: https://mattermost.atlassian.net/browse/MM-13785.
* Initial models, API, app, and persistence of groups and group syncing.
* Consistent letter casing in ldif.
* Moves group-specific migrations into func.
* Adds API endpoint to retrieve LDAP groups (and associated MM groups) one tree level at a time.
* Adds mattermost group id to SCIMGroup (if available).
* Splits user and group creation so that memberOf works. Returns users from ldap interface.
* Updates method name.
* Returns users IDs instead of User.
* Removes non-essential group data.
* MM-11807: Add GroupFilter to LDAP config. (#9513)
* MM-11807: Add GroupFilter to LDAP config.
* Add diagnostic.
* Adds new config option for using 'memberOf' overlay.
* Adds API endpoint to link a group.
* Removes debug statements.
* Adds unlink group API endpoint.
* Fix to LDAP API. Adds API method to client4 and app.
* Adds some missing app methods. Renames API unexported func.
* Fixes link/unlink API path to accept valid DNs.
* Allow any character for DN portion of path.
* Switches from DN to objectGUID or entryUUID as the remote identifier linking LDAP groups to MM groups.
* Formatting.
* Formatting.
* Setting group name field to an ID for phase 1.
* Adds an LDAP config field to Setting up configuration for local LDAP.
* Changes to LDAP and GroupStore interfaces.
* Draft of nesting groups in API response.
* Removes unnecessary tree models.
* Updates group membershipt create store method to also restore.
* Adds new config to test config.
* Accept AD format length.
* Switches to SetUniqueTogether method.
* Updates revert.
* Tweaks to syncing queries .
* Updates query for pending team and channel memberships.
* Removes old GroupSyncableScanner usage. Some formatting and renaming.
* Fixes bug setting syncable type in selecting paged.
* Adds tests for syncables populator.
* Only add users to teams and channels that are not deleted.
* Renames method.
* Updates test LDAP setup.
* Removes memberof config stuff.
* Renames.
* Updates test data.
* Fix for gofmt.
* Adds missing license.
* Adds missing teardowns.
* Test fix.
* Adds a cycle to the groups test data.
* Changes API to return flat list.
* Removes some unused interface and app methods.
* Returns empty braces if results are empty.
* Adds more LDAP test data.
* Fix for test data error.
* Adds error.
* Moves test groups.
* Adds OU for load test data.
* Moves load test ou creation to load data.
* Adds a new bool flag to SCIMGroups.
* Removes SCIMGroup completely.
* Removes FULL JOIN because it is not supported in MySQL.
* Adds tests for sync queries; renames constant.
* Bad merge fix.
* Vet fix.
* Returning OK on delete ldap group link
* Removes foreign key constraints.
* Adding total to the ldap getAllGroups api endpoint
* Adds get group members page.
* Removes pagination from groups syncables list API.
* Adding syncable check now that foreign key constraint is removes.
* Joins teams and channels to group syncables.
* Adds group member count.
* Adding GetAllChannels and SearchAllChannels for system admins only
* Fix.
* Test fix from pagination removal.
* Orders groupmembers by createat.
* Fixing search of all channels
* Test fix after removing pagination.
* JSON syntax error fix.
* Changing tests (for now) pending investigation.
* Adding GetAllChannels and SearchAllChannels tests for the store
* Adding GetAllChannels and SearchAllChannels API tests
* Omit empty JSON values of group syncables.
* Fixing GetAllChannels and SearchAllChannels tests
* Fixing GetAllChannels and SearchAllChannels store tests
* Fixing GetAllChannels api tests
* Adds 'LDAP groups' feature flag. (#9861)
* Migrate new client functions to idiomatic error handling
* Test fixes.
* Simplification of groups api (#9860)
* Simplification of groups api
* Fixing RequireSyncableType
* Test fix.
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Update api4/group.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Fix copy/paste error.
* Fix copy/paste error.
* Adds missing return, changes to correct HTTP status code.
* Adds missing return, changes status codes.
* Check for license.
* Renames variable for new signature.
* Adds client method to get a group.
* Adds client method and tests for PatchGroup.
* Adds more API tests.
* Adds groups API tests.
* Adds client method and tests for getting group syncables.
* Adds tests for patching group teams and channels.
* Update to translations.
* Removes test.
* Fix incorrect conditional.
* Removes unnecessary nil check.
* Removes unnecessary return.
* Updates comment, removes unused variable.
* Uses consistent JSON unmarshal pattern.
* Uses consistent JSON unmarshal pattern.
* Moves const block.
* Switches 'already linked' from error to success response.
* Removes commented-out code.
* Switched to status ok.
* Add parens for readability.
* Fix copy/paste error.
* Unexport some structs.
* Removes repeated validity check.
* Return without attempting commit if there's a rollback.
* Fix incorrect HTTP status code.
* Update store/sqlstore/group_supplier.go
Co-Authored-By: mkraft <martinkraft@gmail.com>
* Adds utility methods for going from groupsyncable to groupteam and groupchannel.
* Fixing george suggestions (#9911)
* Test fix.
* Adds QA data to VC with visualization.
* Fixes typo in graph image.
* Update display name when re-linking in case it has changed in LDAP.
* Adds ability to configure group display name and unique identifier. (#9923)
* Adds ability to configure group display name and unique identifier.
* Adds some configs to confi-ldap make command.
* Fix for move of session.
* Exposes method for use by SAML package.
* Switches GroupSyncableType from int to string.
* Update Jenkins build files.
* Removes unused variable assignment.
* Removes old unnecessary early return.
* Removes unnecessary variable.
* Moves param parsing before license and permissions checks.
* Removes old code.
* Compares agains underlying error rather than error id.
* Switches tests to assertions.
* Adds more assertions.
* Adds missing return.
* Adds space after comma for added legibility.
* Moves a view model to the api package.
* Unexports method.
* Uses id validator function.
* Fix docker-compose flag.
* Typo fix.
* Moves index creation to supplier.
* Removes bad merge.
* Renames parameter.
* Re-adds space.
* Removes unnecessary transaction.
* Escapes the Groups table name with backticks because it is a reserved keyword.
* Fix roles cache bug
* Removing unnecesiary deserializing function
* Switches table name rather than custom SQL everywhere for Postgres without backticks.
* Removes redundant check for sql.ErrNoRows.
* Removes redundant check for sql.ErrNoRows.
* Removes data integrity check and redundant nil conditional.
* Removes redundant check for sql.ErrNoRows.
* Removes unnecessary query.
* Removes ID length validation from persistence tier.
* Makes some supplier methods idempotent.
* Removes some empty switch defaults.
* Renames Group Type field to Source.
* Fix for mistaken field name change.
* Uses IsValidId function.
* Removes comment.
* Changes json key name.
* Removes test because no longer validating user.
* Moves model state validation to app layer.
* Don't create Groups.CanLeave column until phase 2.
* Removes state validation until properties are used in phase 2.
* Removes duplicated check.
* Removes state validation until properties are used in phase 2.
* Removes some tests until phase 2.
* Comment-out a bunch of test related to CanLeave.
* Extra unmarshal validation check. Removes more code for CanLeave.
* Removes tests for CanLeave.
* Explict error msg.
* Rewrite queries.
* Changes index name. Adds index.
* Removes assertion.
* Adds experimental feature flag.
* MM-10856: deduplicate posts with the same pending post id
Leverage a fixed size cache with a window of 30 seconds to deduplicate posts received by a single app server. Clients that duplicate the same pending post id will see one request potentially delayed until the first finishes, after which the same payload should be returned by both. Duplicate posts outside the 30 second window will not be de-duplicated.
Note that the cache is not synchronized between app servers. In an HA cluster consisting of more than one app server, sticky load balancing (e.g. hashing by IP or Session ID) is required to route the users to the same app instance for multiple requests.
Other options considered for this feature:
* adding a column to the `Posts` table: rejected as being too heavyweight
* maintaining a `PendingPostIds` table: similarly rejected for the database impact
* using the pending post id as the post id and relying on the unique constraints on the Post table: rejected for being difficult to show that it's safe to use a client-provided value as the row identifier
* utils/lru: simplify to ttl internally and for new methods
* move seenPendingPostIdsCache to App.Server
* just fail concurrent post requests, vs. trying to wait
* add debug log when create post is deduplicated
* #132 added UserTermsOfService model
* #132 added UserTermsOfService model
* #132 added logic to save user TOS data in a new table
* #132 Added logic to save and delete user TOS. Updated user TOS action logic
* #132 updated store mocks
* #132 added tests
* #132 removed cache from UserTermsOfService SQL store
* #132 fixed styling and license check
* #132 added message translations in en.json
* #132 fixed save user TOS logic to work second time as well
* #132 removed User.AcceptedTermsOfService colum and migrated accepted TOS data into new table
* #132 fixed formatting
* #132 fixed formatting
* #146 added field 'mandatory' to terms of service
* #146 updated tests
* #146 added getLatestTermsOfService API
* #146 Added tests
* #146 fixed styling
* #146 removed code for managing mandatory/optional TOS
* #146 Added TOS re-acceptance period config
* #146 fixed styling
* #146 removed some code left for debugging
* #146 added TOS re-acceptance period in config
* #146 fixed a json name from service_terms to terms_of_service
* #146 Minor refactoring and added TOS re-acceptance period to diagnistics
* Fixed style
* Updated upgraded script to keep app backward compatible
* Move OpenGraph code into its own file
* Move OpenGraph image proxying to app layer
* Move test file code out of api4 package
* MM-11272 Add OpenGraph and image dimension metadata to posts
* #124 renamed identififers from service terms to terms of service
* #124 renamed identififers from service terms to terms of service
* 124 renamed ServiceTerms model to TermsOfService
* 124 Renamed EnableCustomServiceTerms feature flag to EnableCustomTermsOfService
* 124 Renamed EnableCustomServiceTerms feature flag to EnableCustomTermsOfService
* #124 fixed formatting
* #124 fixed formatting
* #132 renamed table ServiceTerms to TermsOfService
* #124 renamed some missed files from 'service_terms' to 'terms_of_service'
* #124 removed fixed TODOs
* drop migrate of ServiceTerms table, since backporting
* s/ServiceTerms/TermsOfService/ in tests
* s/AcceptedServiceTermsId/AcceptedTermsOfServiceId/
Change the model attribute, even though the column name will eventually be removed.
* s/accepted_service_terms_id/accepted_terms_of_service_id/ to match redux
* s/serviceTerms/termsOfService
* rename column too, and add max size constraint
* s/EnableCustomServiceTerms/EnableCustomTermsOfService
Previously, mattermost-server would always request with the default
user-agent of Go's net/http package that is `Go-http-client/1.1` or
something similar.
This has several disadvantages, one is that the default user-agent
made it pretty hard to distinguish mattermost requests from other
service requests in a network log for example.
Now a user-agent of the form `mattermost-<current-version>` is set in
the client.
- [x] Added or updated unit tests (required for all new features)
