Merge branch 'master' into hh_friday-header-tests-and-a11y

.github/holopin.yml

@@ -0,0 +1,5 @@
+organization: mattermost # org name on holopin
+defaultSticker: clul38u2n156490gl8ti3srnek # sticker ID for "Mattermost QA Community Contributors", can be changed in the future
+stickers:
+  - id: clul38u2n156490gl8ti3srnek # sticker id
+    alias: Mattermost QA Community Contributors # shorthand-string

.github/workflows/e2e-fulltests-ci.yml

@@ -30,7 +30,7 @@ on:
         default: NONE
 
 concurrency:
-  group: "${{ github.workflow }}-${{ inputs.PR_NUMBER || inputs.ref }}"
+  group: "${{ github.workflow }}-${{ inputs.PR_NUMBER || inputs.ref }}-${{ inputs.MM_ENV }}"
   cancel-in-progress: true
 
 jobs:
@@ -63,10 +63,14 @@ jobs:
             echo "commit_sha=$(git rev-parse --verify HEAD)" >> $GITHUB_OUTPUT
             echo "BRANCH=${{ inputs.ref || github.sha }}" >> $GITHUB_OUTPUT
           fi
+
   generate-test-variables:
     runs-on: ubuntu-22.04
     needs:
       - resolve-ref
+    permissions:
+      issues: write
+      pull-requests: write
     defaults:
       run:
         shell: bash
@@ -77,12 +81,15 @@ jobs:
       TEST_FILTER: "${{ steps.generate.outputs.TEST_FILTER }}"
       BUILD_ID: "${{ steps.generate.outputs.BUILD_ID }}"
     env:
+      GH_TOKEN: "${{ github.token }}"
+      PR_NUMBER: "${{ inputs.PR_NUMBER || '' }}"
       # We could exclude the @smoke group for PRs, but then we wouldn't have it in the report
       TEST_FILTER_PR: >-
         --stage="@prod"
         --excludeGroup="@te_only,@cloud_only,@high_availability"
         --sortFirst="@compliance_export,@elasticsearch,@ldap_group,@ldap"
         --sortLast="@saml,@keycloak,@plugin,@plugins_uninstall,@mfa,@license_removal"
+      MM_ENV: "${{ inputs.MM_ENV || '' }}"
     steps:
       - name: ci/generate-test-variables
         id: generate
@@ -91,9 +98,10 @@ jobs:
           # BUILD_ID format: $pipelineID-$imageTag-$testType-$serverType-$serverEdition
           # Reference on BUILD_ID parsing: https://github.com/saturninoabril/automation-dashboard/blob/175891781bf1072c162c58c6ec0abfc5bcb3520e/lib/common_utils.ts#L3-L23
           BUILD_ID_PREFIX="${{ github.run_id }}_${{ github.run_attempt }}-${COMMIT_SHA::7}"
+          MM_ENV_HASH=$(md5sum -z <<<"$MM_ENV" | cut -c-8)
           case "${{ inputs.REPORT_TYPE }}" in
             NONE | PR)
-              echo "status_check_context=E2E Tests/test" >> $GITHUB_OUTPUT
+              echo "status_check_context=E2E Tests/test${MM_ENV:+/$MM_ENV_HASH}" >> $GITHUB_OUTPUT
               echo "workers_number=20" >> $GITHUB_OUTPUT
               echo "ENABLED_DOCKER_SERVICES=postgres inbucket minio openldap elasticsearch keycloak" >> $GITHUB_OUTPUT
               echo "TEST_FILTER=$TEST_FILTER_PR" >> $GITHUB_OUTPUT
@@ -104,6 +112,19 @@ jobs:
               echo "Fatal: unimplemented test type. Aborting."
               exit 1
           esac
+      - name: ci/notify-user
+        run: |
+          if [ -n "$PR_NUMBER" ]; then
+            WORKFLOW_RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+            CYCLE_URL="https://automation-dashboard.vercel.app/cycle/${{ github.run_id }}"
+            gh issue -R "${{ github.repository }}" comment "$PR_NUMBER" --body-file - <<EOF
+          E2E test run is starting for commit \`${{ needs.resolve-ref.outputs.commit_sha }}\`${MM_ENV:+, with \`MM_ENV=$MM_ENV\`}.
+          You can check its progress by either:
+          - Looking at the corresponding commit status, which will be available in a few moments: \`${{ steps.generate.outputs.status_check_context }}\`.
+          - Looking at the [E2E test's Workflow Run]($WORKFLOW_RUN_URL), with Run ID \`${{ github.run_id }}\`.
+          - Looking at the [E2E test's Cycle on the Automation Dashboard]($CYCLE_URL).
+          EOF
+          fi
 
   e2e-fulltest:
     needs:

e2e-tests/cypress/tests/integration/channels/settings/display/theme/custom_theme_sidebar_styles_spec.js

@@ -67,17 +67,16 @@ describe('Custom Theme - Sidebar Styles', () => {
 
     it('MM-T3853_2 Should observe color change in Settings modal before saving', () => {
         // * Check Sidebar BG color change
-        cy.get('.settings-links').should('have.css', 'background-color', rgbArrayToString(themeRgbColor.sidebarBg));
+        cy.get('.settings-links').should('have.css', 'background-color', 'rgba(63, 67, 80, 0.04)');
 
         // * Check Sidebar Text color change
-        const rgbArr = themeRgbColor.sidebarText;
-        cy.get('#displayButton').should('have.css', 'color', `rgba(${rgbArr[0]}, ${rgbArr[1]}, ${rgbArr[2]}, 0.6)`);
+        cy.get('#displayButton').should('have.css', 'color', 'rgb(28, 88, 217)');
 
         // * Check Sidebar Header BG color change
-        cy.get('#accountSettingsHeader').should('have.css', 'background', `${rgbArrayToString(themeRgbColor.sidebarHeaderBg)} none repeat scroll 0% 0% / auto padding-box border-box`);
+        cy.get('#accountSettingsHeader').should('have.css', 'background', 'rgba(0, 0, 0, 0) none repeat scroll 0% 0% / auto padding-box border-box');
 
         // * Check Sidebar Header Text color change
-        cy.get('#accountSettingsModalLabel').should('have.css', 'color', rgbArrayToString(themeRgbColor.sidebarHeaderTextColor));
+        cy.get('#accountSettingsModalLabel').should('have.css', 'color', 'rgb(63, 67, 80)');
 
         cy.uiSaveAndClose();
     });

e2e-tests/cypress/tests/integration/channels/system_console/site_configuration/announcement_banner_spec.js

@@ -113,6 +113,9 @@ describe('Announcement Banner', () => {
                 cy.get(`a[href="${bannerEndLink}"]`).should('not.be.visible');
             });
 
+        // Go back to Channels
+        cy.get('a.backstage-navbar__back').click();
+
         // # Hover over the banner
         cy.get('@announcementBanner').trigger('mouseover');
 

e2e-tests/cypress/tests/integration/channels/system_console/site_configuration/link_customization_e20_1_spec.js

@@ -53,7 +53,7 @@ describe('SupportSettings', () => {
             // * Verify links changed
             [
                 {text: 'Report a problem', link: problemLink},
-                {text: 'Help resources', link: helpLink},
+                {text: 'Ask the community', link: askCommunityLink},
             ].forEach((guide) => {
                 cy.findByText(guide.text).
                     parent().
@@ -168,7 +168,6 @@ describe('SupportSettings', () => {
         cy.uiOpenHelpMenu().within(() => {
             // * Verify 4 options shown
             cy.findByText('Ask the community');
-            cy.findByText('Help resources');
             cy.findByText('Report a problem');
             cy.findByText('Keyboard shortcuts');
 
@@ -193,16 +192,10 @@ describe('SupportSettings', () => {
 
         // # Open help menu
         cy.uiOpenHelpMenu().within(() => {
-            // * Verify 3 options shown
-            cy.findByText('Help resources');
+            // * Verify 2 options shown
             cy.findByText('Report a problem');
             cy.findByText('Keyboard shortcuts');
 
-            // * Verify help link has changed
-            cy.findByText('Help resources').
-                parent().
-                should('have.attr', 'href', helpLink);
-
             // * Verify report a problem link has changed
             cy.findByText('Report a problem').
                 parent().

e2e-tests/cypress/tests/support/index.js

@@ -183,7 +183,7 @@ function printServerDetails() {
     cy.apiGetConfig().then(({config}) => {
         cy.log(`Notable Server Config:
   - ServiceSettings.EnableSecurityFixAlert  = ${config.ServiceSettings.EnableSecurityFixAlert}
-  - LogSettings.EnableDiagnostics           = ${config.LogSettings.EnableDiagnostics}`);
+  - LogSettings.EnableDiagnostics           = ${config.LogSettings?.EnableDiagnostics}`);
     });
 }
 

server/Makefile

@@ -146,7 +146,7 @@ TEMPLATES_DIR=templates
 PLUGIN_PACKAGES ?= $(PLUGIN_PACKAGES:)
 PLUGIN_PACKAGES += mattermost-plugin-calls-v0.27.0
 PLUGIN_PACKAGES += mattermost-plugin-github-v2.2.0
-PLUGIN_PACKAGES += mattermost-plugin-gitlab-v1.9.0
+PLUGIN_PACKAGES += mattermost-plugin-gitlab-v1.9.1
 PLUGIN_PACKAGES += mattermost-plugin-jira-v4.1.1
 PLUGIN_PACKAGES += mattermost-plugin-playbooks-v1.39.3
 PLUGIN_PACKAGES += mattermost-plugin-nps-v1.3.3

server/channels/api4/channel.go

@@ -1750,7 +1750,7 @@ func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
 	audit.AddEventParameter(auditRec, "post_root_id", postRootId)
 
 	if ok && len(postRootId) == 26 {
-		rootPost, err := c.App.GetSinglePost(postRootId, false)
+		rootPost, err := c.App.GetSinglePost(c.AppContext, postRootId, false)
 		if err != nil {
 			c.Err = err
 			return

server/channels/api4/channel_local.go

@@ -176,7 +176,7 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
 	audit.AddEventParameter(auditRec, "post_root_id", postRootId)
 
 	if ok && len(postRootId) == 26 {
-		rootPost, err := c.App.GetSinglePost(postRootId, false)
+		rootPost, err := c.App.GetSinglePost(c.AppContext, postRootId, false)
 		if err != nil {
 			c.Err = err
 			return

server/channels/api4/post.go

@@ -55,8 +55,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Strip away delete_at if passed
-	post.DeleteAt = 0
+	post.SanitizeInput()
 
 	post.UserId = c.AppContext.Session().UserId
 
@@ -564,7 +563,7 @@ func getEditHistoryForPost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	originalPost, err := c.App.GetSinglePost(c.Params.PostId, false)
+	originalPost, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false)
 	if err != nil {
 		c.SetPermissionError(model.PermissionEditPost)
 		return
@@ -601,7 +600,7 @@ func deletePost(c *Context, w http.ResponseWriter, _ *http.Request) {
 	defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
 	audit.AddEventParameter(auditRec, "post_id", c.Params.PostId)
 
-	post, err := c.App.GetSinglePost(c.Params.PostId, false)
+	post, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false)
 	if err != nil {
 		c.SetPermissionError(model.PermissionDeletePost)
 		return
@@ -845,7 +844,7 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	originalPost, err := c.App.GetSinglePost(c.Params.PostId, false)
+	originalPost, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false)
 	if err != nil {
 		c.SetPermissionError(model.PermissionEditPost)
 		return
@@ -917,7 +916,7 @@ func patchPost(c *Context, w http.ResponseWriter, r *http.Request) {
 	// Updating the file_ids of a post is not a supported operation and will be ignored
 	post.FileIds = nil
 
-	originalPost, err := c.App.GetSinglePost(c.Params.PostId, false)
+	originalPost, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false)
 	if err != nil {
 		c.SetPermissionError(model.PermissionEditPost)
 		return
@@ -1024,7 +1023,7 @@ func saveIsPinnedPost(c *Context, w http.ResponseWriter, isPinned bool) {
 	audit.AddEventParameter(auditRec, "post_id", c.Params.PostId)
 	defer c.LogAuditRecWithLevel(auditRec, app.LevelContent)
 
-	post, err := c.App.GetSinglePost(c.Params.PostId, false)
+	post, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false)
 	if err != nil {
 		c.SetPermissionError(model.PermissionReadChannelContent)
 		return
@@ -1118,7 +1117,7 @@ func unacknowledgePost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	_, err := c.App.GetSinglePost(c.Params.PostId, false)
+	_, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false)
 	if err != nil {
 		c.Err = err
 		return

server/channels/api4/post_test.go

@@ -230,6 +230,24 @@ func TestCreatePost(t *testing.T) {
 	rpost, _, err = th.SystemAdminClient.CreatePost(context.Background(), post)
 	require.NoError(t, err)
 	require.Equal(t, post.CreateAt, rpost.CreateAt, "create at should match")
+
+	t.Run("Should not be able to define the RemoteId of a post from the API", func(t *testing.T) {
+		newPost := &model.Post{
+			RemoteId:  model.NewString(model.NewId()),
+			ChannelId: th.BasicChannel.Id,
+			Message:   "post content " + model.NewId(),
+			DeleteAt:  0,
+		}
+
+		respPost, resp, err := th.SystemAdminClient.CreatePost(context.Background(), newPost)
+		require.NoError(t, err)
+		CheckCreatedStatus(t, resp)
+		require.Zero(t, *respPost.RemoteId)
+
+		createdPost, appErr := th.App.GetSinglePost(respPost.Id, false)
+		require.Nil(t, appErr)
+		require.Zero(t, *createdPost.RemoteId)
+	})
 }
 
 func TestCreatePostForPriority(t *testing.T) {
@@ -1627,7 +1645,7 @@ func TestPinPost(t *testing.T) {
 	_, err := client.PinPost(context.Background(), post.Id)
 	require.NoError(t, err)
 
-	rpost, appErr := th.App.GetSinglePost(post.Id, false)
+	rpost, appErr := th.App.GetSinglePost(th.Context, post.Id, false)
 	require.Nil(t, appErr)
 	require.True(t, rpost.IsPinned, "failed to pin post")
 
@@ -1657,7 +1675,7 @@ func TestUnpinPost(t *testing.T) {
 	_, err := client.UnpinPost(context.Background(), pinnedPost.Id)
 	require.NoError(t, err)
 
-	rpost, appErr := th.App.GetSinglePost(pinnedPost.Id, false)
+	rpost, appErr := th.App.GetSinglePost(th.Context, pinnedPost.Id, false)
 	require.Nil(t, appErr)
 	require.False(t, rpost.IsPinned)
 

server/channels/api4/preference.go

@@ -116,7 +116,7 @@ func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	for _, pref := range preferences {
 		if pref.Category == model.PreferenceCategoryFlaggedPost {
-			post, err := c.App.GetSinglePost(pref.Name, false)
+			post, err := c.App.GetSinglePost(c.AppContext, pref.Name, false)
 			if err != nil {
 				c.SetInvalidParam("preference.name")
 				return

server/channels/api4/user_test.go

@@ -115,6 +115,33 @@ func TestCreateUser(t *testing.T) {
 		_, appErr = th.App.GetUserByUsername(user3.Username)
 		require.NotNil(t, appErr)
 	}, "Should not be able to create two users with the same email but spaces in it")
+
+	th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) {
+		email := th.GenerateTestEmail()
+		newUser := &model.User{
+			Id:            model.NewId(),
+			RemoteId:      model.NewString(model.NewId()),
+			Email:         email,
+			Password:      "Password1",
+			Username:      GenerateTestUsername(),
+			EmailVerified: true,
+		}
+
+		_, resp, err = client.CreateUser(context.Background(), newUser)
+		require.Error(t, err)
+		require.ErrorContains(t, err, "Must call update for existing user")
+		CheckBadRequestStatus(t, resp)
+		_, appErr := th.App.GetUserByEmail(email)
+		require.NotNil(t, appErr)
+
+		newUser.Id = ""
+		_, resp, err = client.CreateUser(context.Background(), newUser)
+		require.NoError(t, err)
+		CheckCreatedStatus(t, resp)
+		createdUser, appErr := th.App.GetUserByEmail(email)
+		require.Nil(t, appErr)
+		require.Zero(t, *createdUser.RemoteId)
+	}, "Should not be able to define the RemoteID of a user through the API")
 }
 
 func TestCreateUserAudit(t *testing.T) {
@@ -3845,7 +3872,8 @@ func TestLogin(t *testing.T) {
 	t.Run("remote user login rejected", func(t *testing.T) {
 		email := th.GenerateTestEmail()
 		user := model.User{Email: email, Nickname: "Darth Vader", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SystemAdminRoleId + " " + model.SystemUserRoleId, RemoteId: model.NewString("remote-id")}
-		ruser, _, _ := th.Client.CreateUser(context.Background(), &user)
+		ruser, appErr := th.App.CreateUser(th.Context, &user)
+		require.Nil(t, appErr)
 
 		_, err := th.SystemAdminClient.UpdateUserPassword(context.Background(), ruser.Id, "", "password")
 		require.NoError(t, err)