Commit Graph

13052 Commits

Author SHA1 Message Date
kolaente 7c04d44e2e
fix: wait for router before dismissing loading screen
The loading screen was dismissed as soon as auth check completed, but
before Vue Router's initial navigation finished. This caused route.name
to be undefined momentarily, making showAuthLayout evaluate to false
and briefly flashing the NoAuthWrapper (login shell) before the
authenticated layout appeared.

Wait for router.isReady() before setting ready = true so the loading
screen stays visible until the route is fully resolved.
2026-02-24 13:13:30 +01:00
kolaente f7a93e4ca3
fix: prevent cursor reset when typing in filter input (#2287)
Fixes #2268
2026-02-24 11:50:45 +00:00
kolaente 9e633b3e82 fix(task): disable Confirm button when no date is selected in absolute reminder picker
Prevents emitting a reminder with reminder=null/relativeTo=null when
the user clicks Confirm without selecting a date first.

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente 5dcea199d2 fix(test): update existing reminder tests to click Confirm after date selection
The DatepickerInline quick-select buttons (Tomorrow, etc.) inside the
reminder popup no longer auto-save. Update existing tests to click
Confirm after selecting a date.

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente f6a35416e5 test(task): add e2e tests for reminder confirm-before-save behavior
- Test that clicking a date in the absolute reminder picker does not
  auto-save, only saves when Confirm is clicked
- Test that the Confirm button is visible when task has no due date
  (defaultRelativeTo is null)

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente b65773eb8f fix(task): require explicit confirmation before saving reminders
Prevent reminders from being saved to the API until the user clicks
Confirm, matching the behavior of the due/start/end date pickers.

- Remove @update:modelValue handler on DatepickerInline so date/time
  changes only update local state
- Change Confirm button condition from showFormSwitch to activeForm so
  it renders even when defaultRelativeTo is null
- Add confirmAndClose function that handles both absolute and relative
  reminder forms
- Remove debounce (useDebounceFn) since saves are now user-initiated

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente 56eb5d3740
fix: show tasks spanning entire gantt date range
Tasks whose start date is before and end date is after the visible
gantt range were not shown because the API filter only checked whether
individual date fields fell within the range. Add a fourth filter
clause to match tasks that fully encompass the visible date range.

Fixes go-vikunja/vikunja#2269
2026-02-24 11:51:13 +01:00
kolaente a13ecbd3cc
fix: prevent browser from caching API responses
Without explicit Cache-Control headers, browsers may heuristically cache
API JSON responses. This causes stale data to be served on normal page
refresh (F5) — for example, projects newly shared with a team not
appearing until the user performs a hard refresh (Ctrl+Shift+R).

Add Cache-Control: no-store to all API responses via middleware and
configure the service worker's NetworkOnly strategy to explicitly bypass
the browser HTTP cache for API requests.

Ref: https://community.vikunja.io/t/team-members-cannot-see-project/1876
2026-02-24 10:37:49 +01:00
Frederick [Bot] 19ccc3cb8e chore(i18n): update translations via Crowdin 2026-02-24 01:13:27 +00:00
renovate[bot] f362738e33 chore(deps): update dev-dependencies to v8.56.1 2026-02-23 20:50:07 +01:00
kolaente 249b651692
fix: treat archived TickTick tasks as done during import
TickTick uses status "2" (Archived) for completed tasks that were
subsequently archived. The import only checked for status "1"
(Completed), causing archived tasks to be imported as open despite
having a completion timestamp.

Closes go-vikunja/vikunja#2278
2026-02-23 14:52:20 +01:00
renovate[bot] 524d8f522d chore(deps): update dependency caniuse-lite to v1.0.30001774 2026-02-23 10:24:42 +01:00
renovate[bot] 5ff1596314 chore(deps): update dev-dependencies 2026-02-23 10:14:21 +01:00
kolaente 1ccc8dce3a
fix: load file content before generating attachment preview
LoadFileByID() was called after the preview branch, so GetPreview()
received a nil io.Reader causing a panic in image.Decode.
2026-02-22 09:28:25 +01:00
kolaente d222d4502a fix: escape attachment download filename 2026-02-22 00:00:11 +01:00
kolaente c6370bb739 fix: fall back to application/octet-stream when the file has no mime type stored 2026-02-22 00:00:11 +01:00
kolaente 55c122fb42 feat: add repair-file-mime-types CLI command
Add a CLI command that finds all files in the database with no MIME type
set, detects it from the stored file content, and updates the database.
This is useful for backfilling MIME types on files created before MIME
detection was added on upload.
2026-02-22 00:00:11 +01:00
kolaente 4915f535d0 fix: add Content-Disposition attachment header to task attachment downloads
Set Content-Disposition to "attachment" instead of "inline" so browsers
trigger a file download with the correct filename. Also move shared
response headers (Content-Type, Content-Length, Last-Modified) out of
the S3-specific branch so they apply to both storage backends.
2026-02-22 00:00:11 +01:00
kolaente 519f66a51f fix: detect and store mime type when creating file attachments
Use mimetype.DetectReader in files.Create to automatically detect and
store the MIME type from file content. This fixes task attachment
previews, S3 Content-Type headers, and UI display for newly uploaded
files.
2026-02-22 00:00:11 +01:00
renovate[bot] 4babc477ef chore(deps): update dev-dependencies 2026-02-21 23:12:36 +01:00
kolaente 4cee2cf128 fix: reset throttle on logout so checkAuth clears auth state
logout() calls checkAuth() to clear the authenticated flag and user
info. But since checkAuth() likely ran within the last minute (on the
navigation that triggered logout), the now-working throttle would
return early, leaving authenticated=true in the store despite the
token being removed. This could cause Login.vue to redirect back
to home.

Resetting lastUserInfoRefresh to null before checkAuth() ensures
the logout flow always runs fully.
2026-02-21 23:08:24 +01:00
kolaente 65806df605 fix: keep token expiry in sync when skipping setUser from JWT
When the setUser call is skipped for an already-loaded user,
info.value.exp was never updated with the renewed token's expiry.
This caused useRenewTokenOnFocus to compute a stale expiresIn,
eventually forcing a logout even though the token was still valid.

Now we always update exp from the JWT, even when skipping the
full setUser call.
2026-02-21 23:08:24 +01:00
kolaente 1d420dd1dc fix: don't overwrite user info with incomplete JWT data on navigation
The JWT token only contains id, username, type, and exp — not the
display name. Previously, every route navigation called setUser() with
this incomplete data, causing the display name to flash to the username
before the API call completed and restored the full name.

Now we skip setUser() if a complete user object with the same ID is
already loaded.

Fixes https://github.com/go-vikunja/vikunja/issues/2270
2026-02-21 23:08:24 +01:00
kolaente a11cde1afc fix: correct broken throttle in checkAuth that never triggered
The throttle checked `lastUserInfoRefresh > now + 1 minute` which is
never true since lastUserInfoRefresh is set to the current time.
Changed to `now - 1 minute` so the check actually prevents redundant
API calls within a one-minute window.
2026-02-21 23:08:24 +01:00
kolaente 1dc625f9e8 test: add unit tests for getDisplayName 2026-02-21 23:08:24 +01:00
kolaente fec1c038ff fix: use in-memory SQLite and log temp directory cleanup in test:e2e
Switch from file-based SQLite to VIKUNJA_DATABASE_PATH=memory which uses
file::memory:?cache=shared. Also add a visible log line when cleaning up
the temp directory so the teardown sequence is clear.
2026-02-21 22:32:09 +01:00
kolaente 8f6f8f9e21 docs: document mage test:e2e in AGENTS.md 2026-02-21 22:32:09 +01:00
kolaente d00851292d fix: use preview:dev for correct dist dir and kill process groups in test:e2e
- build:dev outputs to dist-dev/ but preview serves from dist/,
  so use preview:dev which serves from dist-dev/
- pnpm spawns child processes, so SIGINT only hits the wrapper;
  use setpgid + kill(-pgid) to terminate the entire process group
2026-02-21 22:32:09 +01:00
kolaente 51a9f9c9f8 fix: fix API_URL trailing slash and remove CORS env var overrides in test:e2e
The API_URL needs a trailing slash so Playwright resolves relative URLs
correctly (e.g. "test/users" → "/api/v1/test/users" instead of
"/api/test/users"). CORS env vars are removed because Viper parses
comma-separated env vars as a single string instead of a slice, breaking
origin matching. The defaults already include the correct patterns.
2026-02-21 22:32:09 +01:00
kolaente c5ae7974e1 feat: add mage test:e2e for isolated end-to-end testing 2026-02-21 22:32:09 +01:00
kolaente 6a4401eb7c feat(frontend): make dev server port configurable via VIKUNJA_FRONTEND_PORT env var 2026-02-21 22:32:09 +01:00
Frederick [Bot] 05ff67b681 chore(i18n): update translations via Crowdin 2026-02-21 01:09:54 +00:00
Massimo Nadalin 8fd256a5d9
feat: clickable task notifications (#2258)
Make task-related notifications clickable, allowing users to directly
open the corresponding task.
2026-02-20 22:34:53 +00:00
renovate[bot] d00bb999b5 chore(deps): update dev-dependencies 2026-02-20 22:44:24 +01:00
renovate[bot] 1c8b9e8810 chore(deps): update dependency rollup-plugin-visualizer to v6.0.8 2026-02-20 11:32:32 +01:00
Frederick [Bot] a8d3594ceb chore(i18n): update translations via Crowdin 2026-02-20 01:12:20 +00:00
kolaente bc2f7e5840
fix: break long continuous strings in editor to prevent overflow
Fixes https://github.com/go-vikunja/vikunja/issues/2266
2026-02-19 16:11:43 +01:00
kolaente df05c51457
fix: clamp gantt bar title position when task starts before visible range
Resolves go-vikunja/vikunja#149
2026-02-19 16:08:52 +01:00
kolaente 7862651b12
fix: don't show export ready message when no export exists
The API returns an empty object {} with 200 status when no export
exists. This truthy value was being set as exportInfo, causing the
"ready for download" message and button to render with a blank date.
2026-02-19 16:01:32 +01:00
Frederick [Bot] 3ce8c5bdda [skip ci] Updated swagger docs 2026-02-19 13:35:37 +00:00
William Guinaudie bf8138ec3c
feat: add discard and reload confirmation modal (#2154) 2026-02-19 14:27:27 +01:00
kolaente 8144560dd7 test(comments): add e2e tests for comment sort order
Cover default order, toggle to newest-first, new comment insertion
position, scroll-into-view behaviour, pagination with sort order,
initial-load shortcut, setting persistence across reloads, and
pre-saved setting on page load.
2026-02-19 14:20:52 +01:00
kolaente 6555595a5c feat(comments): add sort order toggle for task comments
Allow users to switch between oldest-first and newest-first comment
ordering via a toggle button in the comments heading. The preference is
persisted as a frontend setting (commentSortOrder) and passed to the API
as the order_by query parameter so pagination works correctly.

When all comments fit on a single page, toggling reverses them
client-side to avoid an extra API call. New comments are inserted at the
correct position based on the active sort order, and in newest-first
mode the view scrolls to the top after adding a comment.

Link-share users fall back to a local (non-persisted) sort order since
they cannot save user settings.
2026-02-19 14:20:52 +01:00
kolaente c12bbbe93e feat(comments): support order_by query parameter in comments API
Add an OrderBy field to the TaskComment struct with a query:"order_by"
tag so that the frontend can request ascending or descending comment
order. The value is validated to only accept "asc" or "desc", defaulting
to "asc". Also adds the corresponding swagger @Param annotation.
2026-02-19 14:20:52 +01:00
kolaente b64926be73
chore(deps): update minimatch to ^10.2.1 via pnpm overrides
Add pnpm overrides in frontend and desktop to consolidate all
transitive minimatch versions (3.1.2, 5.1.6, 9.0.1, 9.0.5, 10.1.1)
to 10.2.1, resolving the known ReDoS vulnerability in older versions.
2026-02-19 14:20:29 +01:00
dependabot[bot] e7ea3e491a chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1
Bumps [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) from 1.1.0 to 1.1.1.
- [Commits](https://github.com/FiloSottile/edwards25519/compare/v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: filippo.io/edwards25519
  dependency-version: 1.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-19 13:22:27 +01:00
renovate[bot] 37a013c472 chore(deps): update dev-dependencies 2026-02-19 13:08:14 +01:00
kolaente 50d7458519 feat(attachments): open file picker directly from sidebar button
Clicking the sidebar "Attachments" button (or pressing `f`) now opens
the browser file picker directly, eliminating the redundant two-step
flow of first revealing the section and then clicking upload.
2026-02-19 12:56:46 +01:00
kolaente 0026c74fb5 fix(tests): properly assert sort order including task47 in web tests
Restore full sort-order assertions that verify task47 appears at the
end of priority-sorted results. The previous fix incorrectly removed
the trailing `]` which meant the tests no longer verified the last
element in the sorted array.
2026-02-19 12:40:29 +01:00
kolaente c3e223887d fix(tests): update web test assertions for new task47 fixture
Remove trailing `]` from JSON substring assertions in priority sort
tests since task47 now appears after the previously-last task in the
sort order.
2026-02-19 12:40:29 +01:00