Commit Graph

13953 Commits

Author SHA1 Message Date
Tink bot 35aa486eb5 feat(veans): use OAuth 2.0 Authorization Code + PKCE as default auth
Vikunja's built-in OAuth server (Vikunja 2.3+) does not require client
registration and accepts arbitrary client_ids — it just enforces PKCE
(S256) and constrains redirect URIs to the vikunja- scheme. Earlier I
deferred OAuth on the assumption it needed a registered client; that
was wrong, and the docs make the path much smoother than POST /login.

The custom-scheme constraint (no http:// loopback) is side-stepped by
manual paste-back: veans prints the authorize URL, the user signs in,
their browser fails to open vikunja-veans-cli://callback?code=... and
shows an error, the user copies the URL from the address bar and
pastes it back. CLI extracts code + state, verifies state for CSRF,
exchanges via POST /api/v1/oauth/token (JSON body — Vikunja rejects
form-encoded), and returns the access token.

Resolution order in AcquireHumanToken:
  1. --token (paste-in JWT or personal API token; SSO/OIDC users)
  2. --use-password / --username + --password (POST /login)
  3. OAuth flow (interactive default)

login command supports the same --use-password / --token escape hatches
for token rotation on instances with OAuth disabled.

Includes unit tests for the PKCE generator (verifier shape per RFC 7636,
challenge = SHA256(verifier) base64url-no-pad), authorize-URL
construction, and the lenient callback parser (full URL / query-only /
bare code).
2026-05-27 08:21:57 +00:00
Tink bot d0c77ad6fe docs(veans): add README with quick-start guide 2026-05-27 08:21:57 +00:00
Tink bot 950d41df91 ci(veans): add veans-e2e workflow 2026-05-27 08:21:57 +00:00
Tink bot 4c3d449a35 test(veans): add e2e suite covering init, tasks, claim, prime flows 2026-05-27 08:21:57 +00:00
Tink bot 3a7bcb2a50 chore(veans): gitignore built binary 2026-05-27 08:21:57 +00:00
Tink bot df7a60d137 feat(veans): add login command for token rotation 2026-05-27 08:21:57 +00:00
Tink bot 2e2393121b feat(veans): add api passthrough command 2026-05-27 08:21:57 +00:00
Tink bot e8cdfcf023 feat(veans): add prime command for agent prompt injection 2026-05-27 08:21:57 +00:00
Tink bot b9551d55ba feat(veans): add claim command for assigning and bucket transition 2026-05-27 08:21:57 +00:00
Tink bot 6ebe25bfbc feat(veans): add update command with description and status transitions 2026-05-27 08:21:57 +00:00
Tink bot 6b756d92c3 feat(veans): add create command with labels and relations 2026-05-27 08:21:57 +00:00
Tink bot 2425d9923e feat(veans): add label get-or-create helper 2026-05-27 08:21:57 +00:00
Tink bot e88427ca3c feat(veans): add show command with PROJ-NN/#NN ID resolver 2026-05-27 08:21:57 +00:00
Tink bot 5e80c17281 feat(veans): add list command with filters and JSON output 2026-05-27 08:21:57 +00:00
Tink bot 081373bb48 feat(veans): add shared command runtime and git branch helper 2026-05-27 08:21:57 +00:00
Tink bot 81f4845a6b feat(veans): wire init cobra command 2026-05-27 08:21:57 +00:00
Tink bot 37b6ff538b feat(veans): orchestrate init bootstrap from probe to config write 2026-05-27 08:21:57 +00:00
Tink bot d2c3f3244d feat(veans): discover /routes for permission-group negotiation 2026-05-27 08:21:57 +00:00
Tink bot 1f5abaa6fb feat(veans): require APIToken.ExpiresAt with FarFuture sentinel 2026-05-27 08:21:57 +00:00
Tink bot 6b48a37710 feat(veans): add canonical status to bucket-title mapping 2026-05-27 08:21:57 +00:00
Tink bot 36fb0f0ace feat(veans): add .veans.yml schema and config helpers 2026-05-27 08:21:57 +00:00
Tink bot 878233f758 feat(veans): add transient human auth flow 2026-05-27 08:21:57 +00:00
Tink bot f05fc60777 feat(veans): add credential store with keychain, env, and file backends 2026-05-27 08:21:57 +00:00
Tink bot 4b6b8fca78 chore(veans): add magefile build and lint targets 2026-05-27 08:21:57 +00:00
Tink bot 3eec756863 feat(veans): add cobra root and version subcommand 2026-05-27 08:21:57 +00:00
Tink bot 87c312fb2b feat(veans): add JSON HTTP client and wire types 2026-05-27 08:21:57 +00:00
Tink bot e4c4837805 feat(veans): add stable error envelope and code constants 2026-05-27 08:21:57 +00:00
Tink bot 3d0039df2d feat(veans): scaffold Go module 2026-05-27 08:21:57 +00:00
Frederick [Bot] 6abf6c6012 chore(i18n): update translations via Crowdin 2026-05-27 02:31:52 +00:00
Tink bot b8cabcd825 fix(assignees): use db.ILIKE helper for assignee search count query 2026-05-26 19:43:16 +00:00
nithinvarma411 b6a02cb6a5 fix(assignees): resolve 500 error when reading task assignees 2026-05-26 18:59:33 +00:00
dependabot[bot] e0fb3ed732 chore(deps): bump js-cookie from 3.0.5 to 3.0.7 in /frontend
Bumps [js-cookie](https://github.com/js-cookie/js-cookie) from 3.0.5 to 3.0.7.
- [Release notes](https://github.com/js-cookie/js-cookie/releases)
- [Commits](https://github.com/js-cookie/js-cookie/compare/v3.0.5...v3.0.7)

---
updated-dependencies:
- dependency-name: js-cookie
  dependency-version: 3.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-26 18:36:29 +00:00
renovate[bot] dc85d2e3cb chore(deps): update dev-dependencies 2026-05-26 18:36:03 +00:00
Frederick [Bot] 56b82b23d8 chore(i18n): update translations via Crowdin 2026-05-24 02:13:34 +00:00
Frederick [Bot] 8a1b2252e2 chore(i18n): update translations via Crowdin 2026-05-23 02:05:00 +00:00
Frederick [Bot] 4a21b2a998 chore(i18n): update translations via Crowdin 2026-05-22 02:28:38 +00:00
Tink bot 20e04f4fcb feat(logging): include user agent in HTTP access log 2026-05-21 13:42:03 +00:00
kolaente 102db344b3
fix(comments): even padding around comment message 2026-05-21 09:53:35 +02:00
Frederick [Bot] 9dfa6fbf89 chore(i18n): update translations via Crowdin 2026-05-21 02:14:41 +00:00
kolaente f05ef2df94
feat(sharing): sort team members by display name in UI and by ID in API (#2784) 2026-05-20 23:32:47 +02:00
kolaente d417a30802 test(e2e): cover comment replies end-to-end
Drives the reply flow through the browser: existing comment is
quoted via the Reply action, the prefilled blockquote round-trips
to the saved reply, the chevron jumps back to the original and
applies the brief highlight.
2026-05-20 21:02:14 +00:00
kolaente 82975f9bd2 feat(comments): reply action with prefilled quote and jump-to-original chevron
Each rendered comment gets a "Reply" action (shown whenever the
viewer has write access, regardless of authorship). Clicking it
prefills the comment editor with a <blockquote data-comment-id="X">
wrapping the parent body so the canonical reply marker is the
blockquote itself.

A Vue NodeView on the blockquote extension renders an author
header + chevron when an injected commentReplyContext can resolve
the parent. The chevron scrolls to and briefly highlights the
original. Quotes whose parent isn't in the in-memory list (deleted,
on another page) render a degraded header with the chevron hidden.
2026-05-20 21:02:14 +00:00
kolaente 46dbeb5784 feat(editor): preserve comment-id on blockquotes
Extend the default Blockquote with a `commentId` attribute that
round-trips through HTML as `data-comment-id`. This single attribute
is the canonical record of a reply: it survives TipTap serialize /
parse so the backend listener and the in-app renderer can both find
the parent comment without a separate schema field.
2026-05-20 21:02:14 +00:00
kolaente 6fc36cb700 feat(comments): treat quoted comment authors as implicit mentions
A comment whose body contains <blockquote data-comment-id="…"> nodes
now triggers the same task-comment mention notification for the
quoted comments' authors, respecting CanRead, subscription, and
existing dedup. Self-quotes, wrong-task quotes, and malformed ids
are silently skipped.
2026-05-20 21:02:14 +00:00
Tink bot a1f81524ab feat(i18n): make Greek available in the language selector
el-GR translations are around 36% complete but were not yet listed in the
UI. Add it to the supported locales list (frontend and backend) and wire
up the dayjs locale mapping.
2026-05-20 20:25:17 +00:00
kolaente 4351ebf411
fix(print): hide reaction create button 2026-05-20 17:58:58 +02:00
kolaente 995aad3d53
fix(print): hide description editor when no description is present 2026-05-20 17:58:13 +02:00
kolaente bc7c2059aa
fix(print): hide bucket select icon 2026-05-20 17:54:15 +02:00
kolaente 612628a657
fix(modal): print full content of modal dialogs
A <dialog> opened via showModal() lives in the browser's top layer, which
renders only on the first page during print — top-layer elements are
viewport-anchored and don't paginate. CSS overrides like position: static
have no effect since top-layer membership is browser-managed.

Swap to a non-modal dialog on beforeprint (removes it from the top layer
so content flows in normal document order) and back to modal on
afterprint. The accompanying @media print rules reset the dialog's fixed
positioning and overflow so the non-modal dialog can paginate freely.
2026-05-20 17:53:01 +02:00
kolaente 44db02ab56
fix(task): print styles 2026-05-20 17:39:11 +02:00