* [MM-10199] Printing stack traces from http handlers panics in mattermost logs
Previously recovery handlers from gorilla mux was used, which was printing stack traces from panics in stderr
Removing it should print stack traces into logger passed to http.Server, which as of now is created from mlog
Refer #10351
* Logging errors from http server at error level instead of info level
Added test for verifying whether panic gets logged in server logger
* Fixed failing test due to tls error
* Closing temp file for panic log before removing and checking errors for closure and removal
* Added regular log line in panic handler for TestPanicLog to check whether it gets logged
* api4: break out license and config from system
* app: move some config functions from admin.go to config.go
* add ExperimentalSettings.RestrictSystemAdmin
* forbid various actions to restricted system admin
* update default.json
* fix function names in errors
* TestGetLicenseFileFromDisk: avoid using fileutils.FindConfigFile
* config: abstract config-related file access, extend memory store
* simplify config validate to avoid file knowledge
* fix relative file tests
* cluster: fix ConfigChanged event
The old and new configurations were swapped when notifying the enterprise code of configuration changes, creating needless instability in propagating config updates across a cluster.
* config/database: ignore duplicates
* test cleanup
* remove unnecessary Save() in test
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
#### Summary
Unfortunately, `which shadow` didn't resolve to the shadow binary, so hard-code the expected path in `$GOPATH/bin`. At the same time, run `go vet` across both the server and enterprise (if present), reducing the number of required invocations.
This is accompanied by an enterprise change to fix shadowing issues there.
#### Ticket Link
N/A (tooling upgrade)
#### Checklist
- [x] Has enterprise changes: https://github.com/mattermost/enterprise/pull/403
* Added support for PostActions in ephemeral posts
The general approach is that we take all the metadata that DoPostAction
needs to process client DoPostActionRequests, and store it in a
serialized, encrypted Cookie field, in the PostAction struct.
The client then must send it back, and it is then used to process
PostActions as a fallback top the metadata in the database.
This PR adds a new config setting, `ServiceSettings.ActionCookieSecret`.
In a cluster environment it must be the same for all instances.
- Added type PostActionCookie, and a Cookie string to PostAction.
- Added App.AddActionCookiesToPost.
- Use App.AddActionCookiesToPost in api4.createEphemeralPost,
App.SendEphemeralPost, App.UpdateEphemeralPost.
- Added App.DoPostActionWithCookie to process incoming requests with
cookies. For backward compatibility, it prefers the metadata in the
database; falls back to cookie.
- Added plugin.API.UpdateEphemeralPost and plugin.API.DeleteEphemeralPost.
- Added App.encryptActionCookie/App.decryptActionCookie.
* Style
* Fixed an unfortunate typo, tested with matterpoll
* minor PR feedback
* Fixed uninitialized Context
* Fixed another test failure
* Fixed permission check
* Added api test for DoPostActionWithCookie
* Replaced config.ActionCookieSecret with Server.PostActionCookieSecret
Modeled after AsymetricSigningKey
* style
* Set DeleteAt in DeleteEphemeralPost
* PR feedback
* Removed deadwood comment
* Added EXPERIMENTAL comment to the 2 APIs in question
* [MM-12667] Allow including deactivated users in bulk import and export
1. Added `deleteAt` for user type import line
2. Adding deactivated users data in bulk export
3. Importing deactivated users data in bulk import
Added/Updated relevant test cases
* Fixed export of replies to posts by deleted users.
Updated tests for same
* MM-14145: The config store Set will now Save automatically
When UpdateConfig (and configStore.Set) is called in admin.go and
config.go, commonStore.Set now takes a store-specific persist function.
It uses that persist function to save the configuration automatically.
Removed: Now callers do not have to call configStore.Save or
app.PersistConfig, and those functions have been removed.
Possible downside: this means a "failed to persist config" error can now
be thrown during a app.UpdateConfig or commonStore.Set call. But
considering application code never really sets a config without saving
it (except in the test cases, which were testing that -- see below), it
seems fine to group these responsibilities.
Also removed: tests for 'set without save'. Since that can not happen
anymore, the tests are not needed.
* Removed Save completely, cleaned up formatting, joined save test with
set tests.
* fixed shadowed variable error
* Initial solution for Draft PR
* Reformat tabs to spaces for readability
* Remove my comments and debugging lines for Core Commiter to see changes
more easily
* Remove all comments and show only code changes
* Match indentation spacing of new query to old query to make diff reading
easier for core committer
* Remove everything except what want to show core commiter
* Restrucure query and resulting etag value.
get number of users not in team from SELECT subquery.
etag return values is now of the form
<model.CurrenVersion>.<UpdateAt>.<number_profiles_not_int_team>
* Remove skipped test for solution to https://mattermost.atlassian.net/browse/MM-13721.
Remove comment for failing description of test
store u4 with prepended "u4". Similar to u1, u2, u3. This is easier
for debugging when looking in the database
Added skipped test:
check that etag does not change when a user, not in team 1, is added
to different team. UpdateAt will change, but users in the set does
not
* Remove skipped test for solution to https://mattermost.atlassian.net/browse/MM-13721.
Remove comment for failing description of test
store u4 with prepended "u4". Similar to u1, u2, u3. This is easier
for debugging when looking in the database
Added skipped test:
check that etag does not change when a user, not in team 1, is added
to different team. UpdateAt will change, but users in the set does
not
* remove commented out tests
* Restructure and simplify the SQL query for GetEtagForProfilesNotInTeam.
- Build the query to get all profiles not in a specified team
- select latest UpdateAt Value by getting Max value from UpdateAt field.
- select Number of profiles not in Team from count of the returned Ids
The previous query required building a complex query with multiple
joins and repeated code in a select subquery, and derived table
* Format SQL styling indentation, spaces around equal signs, and new lines
* Add description for skipped test
* MM-14194: fix subpath csp directive until server restart
The SiteURL organically doesn't take effect until server restart, but in v5.8, the required CSP directive would change immediately. If changing from one subpath to another, the webapp would effectively be bricked until a server restart.
Avoid this by determining the CSP directive when the static handler is created.
* simplify access to config
This preserves the ability to use custom file names -- required for backwards compatibility -- but forces names upon all newly uploaded certificates, avoiding clashes with other configuration files and skipping the need for file safety checks.
* Change eMail as a post-verification action
* Fix broken test
* comment for special behavior, tests
* govet
* Check for already existent eMails when require email verification is turned on before accepting update
