Commit Graph

39 Commits

Author SHA1 Message Date
kolaente 70393f38d2
feat: add Atom feed for user notifications with API token auth (#2758) 2026-05-15 17:25:09 +02:00
kolaente 138a545523 fix(notifications): pass lang to overdue reminder translation
The call to i18n.T for notifications.task.overdue.overdue was missing
its first positional argument, so the translation key was being passed
as the language code. This surfaced as a "dead key" once the
translation check learned to look for unused entries. Fix the call so
the reminder line is properly localised.
2026-04-23 13:30:51 +02:00
kolaente 0f3730d045 fix(notifications): escape markdown in user-controlled strings in email lines
Task titles, project titles, team names, doer/assignee names, and API
token titles were interpolated raw into Line(...) calls whose content is
rendered to HTML by goldmark and then sanitized with bluemonday UGCPolicy.
UGCPolicy intentionally allows safe <a href> and <img src> with
http/https URLs, so a title containing Markdown link or image syntax
would survive sanitization as a working phishing link or tracking pixel
in a legitimate Vikunja email.

Introduce notifications.EscapeMarkdown, which prefixes every CommonMark
§2.4 backslash-escapable ASCII punctuation character — including '<' so
autolinks like `<https://evil.com>` are neutralized before reaching
goldmark — with a backslash. Apply it to every user-controlled argument
of every Line(...) call in pkg/models that feeds into an i18n template,
and to the hand-built "* [title](url) (project)" Markdown link in the
overdue-tasks digest notification.

Also escape the migration error string in MigrationFailedNotification,
an additional sink not listed in the advisory (error messages can carry
user-controlled content from the external migration source).

Subject(...), Greeting(...), and CreateConversationalHeader(...) are
left unchanged: Subject is passed directly to the mail library and is
not markdown-rendered, Greeting is rendered via html/template's built-in
HTML escaping without markdown, and the conversational header is
sanitized as raw HTML by bluemonday in mail_render.go.

Fixes GHSA-45q4-x4r9-8fqj.
2026-04-09 15:44:04 +00:00
kolaente 5249366aa3 refactor(models): use shared GetMailDomain in getThreadID 2026-04-03 18:30:39 +00:00
kolaente d4577c660f feat: add user_id to webhooks and user-directed event infrastructure
Add user_id column to webhooks table (nullable, for user-level webhooks
vs project-level). Extend webhook model, permissions, and listener to
support user-level webhooks that fire for user-directed events like
task reminders and overdue task notifications.

Add TasksOverdueEvent for dispatching overdue notifications via webhooks.
Update webhook permissions to handle both user-level and project-level
ownership. Add webhook test fixture and register webhooks table in test
fixture loader.
2026-03-08 19:45:53 +01:00
kolaente b3572c5932 feat: convert notifications to conversational email style
Convert task comment, mention, assignment, and reminder notifications
to use the conversational email format. Add Project field to notification
structs, include task identifiers in subjects and headers, add doer
avatars, notification settings links in footers, and From headers.
2026-03-08 16:03:47 +01:00
kolaente fb7764d9f1
feat: format user mentions with display names in email notifications (#1930)
Email notifications now display user mentions with inline avatar images for improved visual recognition and easier identification. Mentions gracefully fall back to display names if avatars are unavailable.
2025-12-10 12:39:05 +01:00
Copilot 5f795bb531
fix: self-assignment notification to use "themselves" instead of repeating username (#1836)
When a user assigns a task to themselves, notifications to other users now
correctly say "User A assigned Task #123 to themselves" instead of
"User A assigned Task #123 to User A"

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-11-17 23:07:48 +00:00
Copilot f2a1348c51
feat: add thread IDs to task notification emails for client-side threading (#1826)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-11-15 18:58:32 +01:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
kolaente c4566fdb53
chore(i18n): improve overdue task emails translation 2025-05-21 10:28:50 +02:00
kolaente cb0e68f625
fix(i18n): make notification settings link translatable 2025-05-15 09:18:27 +02:00
kolaente f7229ba647
fix(i18n): translate all parts of reminder notifications 2025-05-12 16:24:20 +02:00
kolaente e3f006c527
fix(i18n): add missing translations 2025-03-20 17:41:45 +01:00
kolaente 732431773d
fix(i18n): remove duplicate api strings 2025-03-18 18:23:47 +01:00
kolaente 250bb8ec99
fix(i18n): pass language to notification mail function 2025-03-02 12:29:31 +01:00
kolaente e11a3026b9
feat: translate notifications 2025-03-02 11:41:38 +01:00
kolaente f25f983417
feat(notifications): include link to settings in notifications 2025-01-20 17:38:18 +01:00
kolaente 8d8406df05
fix: task overdue at the same time as the notification
If a task is overdue at the same time the notification is sent, it would contain a message like "overdue since" without a time. This now shows "overdue now" instead.
2024-12-03 08:33:16 +01:00
kolaente 191a476823
fix(notifications): only sanitze html content in notifications, do not convert it to markdown
Resolves https://community.vikunja.io/t/trello-import-html-mails/2197
2024-04-07 13:34:53 +02:00
kolaente 119c68be9d
feat: rename frontend url config to public url 2024-02-09 14:41:55 +01:00
kolaente e03920b84a
fix(assignees): improve wording for assignee emails 2024-01-28 13:11:37 +01:00
kolaente 32611dc2d7
feat(reminders): persist reminders in the db 2023-12-23 15:40:03 +01:00
kolaente 66cf7ab50a
feat(reminders): include project in reminder notification 2023-10-20 13:56:14 +02:00
kolaente e518fb1191
chore: remove year from copyright headers
Resolves https://kolaente.dev/vikunja/api/pulls/1483
2023-09-01 08:32:28 +02:00
kolaente 69bd023b62
fix(tasks): return a correct task identifier if the list does not have a good one set 2023-06-07 18:17:08 +02:00
kolaente 1a840c8b87
fix(tasks): make sure task deleted notification actually has information about the deleted task 2023-06-07 18:14:20 +02:00
kolaente 349e6a5905
feat: rename lists to projects 2023-03-13 14:28:06 +01:00
kolaente 45defebcf4
fix: tasks with the same assignee as doer should not appear twice in overdue task mails 2022-09-30 18:35:40 +02:00
kolaente c2b6119434
fix: make sure the full task is available in notifications 2021-10-16 16:38:59 +02:00
konrad 90146aea5b User Data Export and import (#967)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/967
Co-authored-by: konrad <k@knt.li>
Co-committed-by: konrad <k@knt.li>
2021-09-04 19:26:31 +00:00
konrad 1571dfa825 Task mentions (#926)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/926
Co-authored-by: konrad <konrad@kola-entertainments.de>
Co-committed-by: konrad <konrad@kola-entertainments.de>
2021-07-29 15:42:49 +00:00
kolaente 6e263b6a91
Improve sending overdue task reminders by only sending one for all overdue tasks 2021-04-18 15:32:02 +02:00
kolaente 7ff7b0d743
Improve duration format of overdue tasks in reminders 2021-04-18 14:25:50 +02:00
konrad d07b284ee3 Add reminders for overdue tasks (#832)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/832
Co-authored-by: konrad <konrad@kola-entertainments.de>
Co-committed-by: konrad <konrad@kola-entertainments.de>
2021-04-11 15:08:43 +00:00
konrad 2178166ece Add crud endpoints for notifications (#801)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/801
Co-authored-by: konrad <konrad@kola-entertainments.de>
Co-committed-by: konrad <konrad@kola-entertainments.de>
2021-02-21 14:50:34 +00:00
kolaente c873c1ec32
Send a notification to the user when they are added to the list 2021-02-17 20:48:06 +01:00
konrad e7875ecb3b Subscriptions and notifications for namespaces, tasks and lists (#786)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/786
Co-authored-by: konrad <konrad@kola-entertainments.de>
Co-committed-by: konrad <konrad@kola-entertainments.de>
2021-02-14 19:18:14 +00:00
konrad 015ca310e9 Add notifications package for easy sending of notifications (#779)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/779
Co-authored-by: konrad <konrad@kola-entertainments.de>
Co-committed-by: konrad <konrad@kola-entertainments.de>
2021-02-07 21:05:09 +00:00