Commit Graph

332 Commits

Author SHA1 Message Date
kolaente 7c021dd663 feat(time-tracking): configure the smart-fill start time in settings 2026-06-08 13:54:09 +00:00
kolaente e948b191b0 feat(time-tracking): add the time-tracking view 2026-06-08 13:54:09 +00:00
kolaente 2ef898e89d feat(time-tracking): add the task-detail time-tracking section 2026-06-08 13:54:09 +00:00
Weijie Zhao 89ed627800 fix(auth): remove stale OIDC callback lock
The OpenID callback view used a localStorage "authenticating" flag to avoid submitting the same authorization code twice when the route was remounted during an auth layout swap.

That layout swap is now guarded by AUTH_ROUTE_NAMES, so openid.auth stays in the unauthenticated shell until redirectIfSaved() navigates away. The persistent flag can instead get stranded when the page is refreshed, closed, or interrupted during the callback, making future OIDC callbacks silently return before exchanging the code.

Remove the flag so each valid callback URL is processed normally while keeping the existing state validation and TOTP retry handling.
2026-06-08 07:22:54 +00:00
kolaente f05ef2df94
feat(sharing): sort team members by display name in UI and by ID in API (#2784) 2026-05-20 23:32:47 +02:00
kolaente 4351ebf411
fix(print): hide reaction create button 2026-05-20 17:58:58 +02:00
kolaente b9e3bb95fa
feat(frontend): add Atom feed settings page and notifications discovery (#2760) 2026-05-15 19:28:29 +02:00
Claude d9a5958bb8 feat: always enable bot users
Removes the `service.enablebotusers` config flag, the matching
`bot_users_enabled` field on /info, and the now-unused
`ErrBotUsersDisabled` error. Bot user routes and the frontend
settings tab are now always available.

https://claude.ai/code/session_01VhAR6xnoCdG1fpX52bzaCC
2026-05-04 10:38:53 +00:00
kolaente d467a06e72 feat(frontend): add bot settings page and services 2026-05-01 14:44:10 +00:00
Xela 4add8abaa1 feat(user): support all weekdays as week start 2026-04-24 11:24:34 +02:00
kolaente 6f85a7fb6b feat(a11y): fix heading hierarchy across pages
- Home: greeting H2 → H1 (page needs a top-level heading)
- Task detail: task ID H1 → span (only title should be H1)
- Task detail: H6 breadcrumb → nav element
- App header: project title H1 → span (avoids duplicate H1)

Fixes WCAG 1.3.1 (Info and Relationships) and 2.4.6 (Headings).
2026-04-21 11:44:36 +00:00
kolaente a34c247611 feat(a11y): use autocomplete='new-password' on register form
Adds autocomplete prop to Password component (defaults to
'current-password'). Register page passes 'new-password' so
password managers offer to generate a strong password.

Fixes WCAG 1.3.5 (Identify Input Purpose).
2026-04-21 11:44:36 +00:00
kolaente f7dc50faf7 refactor(frontend): port checkbox-radio rules into FormCheckbox and drop Bulma import
The Bulma form/checkbox-radio partial only defined two selectors: .checkbox
(consumed exclusively by FormCheckbox.vue) and .radio (consumed by
ViewEditForm.vue and user/settings/Avatar.vue). Ports the %checkbox-radio
placeholder rules (cursor, line-height, position, hover/disabled states,
and the input cursor override) into FormCheckbox's scoped style for the
.checkbox side, and into scoped style blocks on the two remaining .radio
call-sites for the .radio side (including the 0.5em sibling margin via
margin-inline-start). Drops the now-unused @import. Pixel-perfect verified
on /login, /user/settings/general, and /user/settings/avatar: every
measured label/input getBoundingClientRect and computed style matches the
baseline exactly (0px deltas across all 5 sampled checkboxes and all 5
avatar radios).
2026-04-20 19:55:14 +00:00
kolaente 7e4bf83fa0 refactor(frontend): extract SideNavShell for admin and user settings 2026-04-20 18:55:06 +00:00
kolaente 7df5f127ca feat(admin): add frontend admin shell, views, services, and routes 2026-04-20 18:55:06 +00:00
kolaente 89af0a6c14 refactor(frontend): use FormCheckbox for remember-me on Login 2026-04-17 12:54:17 +00:00
kolaente cab970b59b refactor(frontend): use form primitives in user settings General view 2026-04-17 12:54:17 +00:00
Tink 95ec3325c2
refactor(frontend): migrate .box to Card and drop Bulma elements/box (#2640) 2026-04-16 14:14:36 +02:00
kolaente 2c6029eac4 refactor(frontend): replace for...in usages and forbid via lint rule
Replaces 33 for...in loops across 18 files with for...of + Object.keys/entries
or indexed for loops. for...in iterates enumerable string keys including
inherited ones, which is especially risky on reactive arrays (tasks, labels,
assignees, etc.) where polyfilled properties may appear.

Loops that mutate via splice during iteration now iterate backwards to avoid
index-shift bugs. Adds a no-restricted-syntax ESLint rule forbidding
ForInStatement to prevent regressions.

Closes #513
2026-04-15 11:44:47 +00:00
kolaente 338d4d8b76 feat(settings): surface quick add default reminders in user settings
Adds the settings field next to the quick add magic mode select, hidden
when that mode is set to Disabled. Uses Reminders.vue directly with
allow-absolute=false and default-relative-to pinned to due date.
2026-04-11 21:51:41 +00:00
kolaente dc4b7a5510 refactor(reminders): make Reminders.vue take ITaskReminder[] directly
Reminders.vue only read three task fields (dueDate/startDate/endDate)
and wrote one back (reminders). The ITask coupling was accidental.

Flip the prop to ITaskReminder[] and pass defaultRelativeTo / allowAbsolute
as plain props. TaskDetailView now owns the due/start/end priority
computation and binds v-model="task.reminders" directly. This also lets
the settings page reuse Reminders.vue for configuring default reminders.
2026-04-11 21:51:41 +00:00
kolaente e85f3fd84c feat(settings): add quickAddDefaultReminders field to frontend settings 2026-04-11 21:51:41 +00:00
kolaente b642b2a453 feat(auth): prompt for TOTP code in the OIDC callback flow
When the backend reports that 2FA is required (412/1017), the OIDC
callback view now shows a TOTP input and restarts the OIDC dance
with the typed passcode stashed in localStorage so it can be
submitted alongside a fresh authorization code.

Refs GHSA-8jvc-mcx6-r4cg
2026-04-09 17:25:47 +00:00
kolaente cee2babc58 feat(tasks): use platform-aware delete shortcut on task detail view 2026-04-09 08:07:48 +00:00
kolaente 3437f98dc3 feat(migration): add skip rows option to CSV import
Allow users to skip the first N data rows when importing CSV files.
This is useful when the CSV contains metadata rows before the actual
task data begins. Adds skip_rows to ImportConfig (backend) and a
number input in the parsing options UI (frontend).
2026-04-07 15:20:06 +00:00
Claude f555762def feat(migration): add generic CSV import with column mapping
Add a new CSV migration module that allows users to import tasks from
any CSV file with custom column mapping and parsing options.

Backend changes:
- New CSV migrator module with detection, preview, and import endpoints
- Auto-detection of delimiter, quote character, and date format
- Suggested column mappings based on column name patterns
- Transactional import using InsertFromStructure

Frontend changes:
- New CSV migration UI with two-step flow (upload -> mapping -> import)
- Column mapping selectors for all task attributes
- Live preview showing first 5 tasks with current mapping
- Parsing option controls for delimiter and date format

The CSV migrator creates a parent "Imported from CSV" project with
child projects based on the project column if provided, or a default
"Tasks" project for tasks without a specified project.
2026-04-07 15:20:06 +00:00
surfingbytes 84f4c16425
feat(user): add option to hide last viewed projects on overview page (#2429) 2026-04-07 16:56:13 +02:00
kolaente 34480ef513 fix(migration): center and style migrator logos on migration page
Use inline-flex layout to center logos with titles below. Constrain
logo size with max-block-size and use logical CSS properties.
2026-04-07 12:05:47 +00:00
kolaente 1a1fd780ec feat(migration): add WeKan to migration page with logo
Register WeKan in the AvailableMigrators list and add the frontend
migrator entry with the WeKan logo, referenced as "WeKan ®".
2026-04-07 12:05:47 +00:00
kolaente 063155a46b fix(overview): disable checkbox for read-only tasks on overview page
The Overview's ShowTasks component was not passing the canMarkAsDone prop
to SingleTaskInProject, which defaults to true. This caused read-only tasks
to show an interactive checkbox even though the user doesn't have write
permission.

Use the project's maxPermission from the project store to determine if the
user can mark the task as done. Also fix the disabled condition to use OR
logic so the checkbox is disabled when ANY condition applies: archived,
disabled, or when the user lacks write permission.

Fixes #2399
2026-04-03 19:01:45 +00:00
Lars de Ridder cb4f92980b
feat(task): allow changing bucket from task detail view (#2233) 2026-04-02 12:18:34 +02:00
kolaente cef03cb2a0 refactor: replace Modal div-based implementation with native dialog element
Replace the custom div-based Modal with the native HTML <dialog> element
using showModal()/close() API. Uses CSS opacity transitions with a
data-closing attribute for Firefox-compatible close animations, Teleport
to body, and focus save/restore. Updates E2E test selectors and fixes
QuickAddOverlay selectors for the new dialog structure.
2026-04-01 22:27:13 +00:00
kolaente bc47826690 feat(frontend): add configurable quick entry shortcut setting
Add desktopQuickEntryShortcut to frontend settings with a Desktop
App section in General settings, only visible when running in the
Electron app. The setting syncs to the desktop main process via
IPC whenever settings are loaded or saved.
2026-04-01 21:38:38 +00:00
kolaente af7eaa9aea
fix(desktop): use stored URL instead of window.API_URL in template
window is not accessible as a global in Vue templates, causing
"Cannot read properties of undefined (reading 'API_URL')" when
clicking sign in on the desktop app.
2026-04-01 20:53:29 +02:00
kolaente cdd46c0d6c fix: add proper autocomplete and name attributes to email update form
Adds name="email" to the email field and fixes the password field's
autocomplete from the invalid "password" to "current-password", also
adding name="current-password". This helps password managers correctly
identify the form as a settings change rather than a login form,
preventing them from autofilling the username into the email field.

Closes go-vikunja/vikunja#2512
2026-03-31 21:57:12 +00:00
kolaente 495f34f60e feat: show close-tab message after OAuth redirect
Show a "You can close this tab now" message after the OAuth
authorize page redirects to the desktop app, instead of leaving
a stale "Authenticating..." message in the browser tab.
2026-03-30 20:12:25 +00:00
kolaente a12002de6d feat: add server selection UI for desktop OAuth login
Add a server selection screen matching the mobile app UX with
Vikunja Cloud, Try the Demo, and Custom Server URL options.
Extract all desktop login logic into a dedicated DesktopLogin
component. Use the existing ApiConfig component for custom server
URL input. Skip loading server config on startup to avoid showing
motd/demo popups on the login screen.
2026-03-30 20:12:25 +00:00
kolaente c2cfcb4684 feat: add API token hint to CalDAV settings page 2026-03-30 12:09:53 +00:00
kolaente 0471f8a729 feat: add frontend OAuth authorize route and component
Add /oauth/authorize frontend route with OAuthAuthorize.vue that
handles the OAuth authorization flow: validates required query params,
calls the API to generate an authorization code, and redirects to the
callback URI. Authentication is handled by the standard router guard.
2026-03-27 23:05:04 +00:00
Miikka Kulmala b89b402bc2
feat: improve wording and UX around CalDAV tokens (#2476) 2026-03-26 10:02:04 +01:00
kolaente 44d01a0f82 refactor: rename parseTaskText module to quickAddMagic
Rename the frontend parsing module from `parseTaskText` to `quickAddMagic`
for clarity. The module handles much more than text parsing — it's the
core of the quick add magic feature. This rename makes its purpose
immediately obvious and aligns with how the feature is referenced
throughout the UI and documentation.

No logic changes — only directory/file renames and import updates.
2026-03-25 09:38:41 +00:00
kolaente dca041459f feat: show info when saved homepage filter is ignored for label browsing 2026-03-24 21:55:26 +00:00
kolaente fd4f7accc3 fix: ignore saved homepage filter when browsing by label 2026-03-24 21:55:26 +00:00
kolaente 74d1bddb3a fix: hide link sharing section in UI for non-admin users 2026-03-23 20:39:31 +00:00
Claude 0085772b63 fix: include kanban bucket move permission in tasks preset
The kanban task move endpoint (POST /projects/:project/views/:view/
buckets/:bucket/tasks) is registered under the projects group as
views_buckets_tasks. Without this permission, the tasks preset cannot
move tasks between kanban buckets.

https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
Claude 652eb9bba3 fix: remove small class from preset label
https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
Claude 68097cf700 feat: add quick presets for API token permission selection
Add preset buttons (Read Only, Task Management, Project Management, Full
Access) to the API token creation form so users don't have to manually
select every individual permission.

https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
kolaente c81b0eb463 fix(attachments): sync kanban store and task ref on attachment changes
When attachments are uploaded (either via file picker or pasting into
the description editor), update both the local task ref and the kanban
store so that the attachment list and kanban card icons stay in sync.
2026-03-20 10:38:47 +01:00
kolaente 2675bcb56c refactor(attachments): use local state instead of global attachment store
TaskDetailView now computes hasAttachments from the task ref and
handles the update:attachments emit from the Attachments component.
2026-03-20 10:38:47 +01:00
kolaente 3bc0093686 fix: invalidate all sessions when enabling TOTP
When a user enables two factor authentication, all existing sessions are
now invalidated, requiring re-authentication. This prevents pre-existing
sessions from bypassing 2FA. The frontend now shows a notice explaining
the logout before the user confirms, and properly logs out after enabling.

Ref: GHSA-pgc7-cmvg-mvp4
2026-03-19 12:27:44 +01:00