Commit Graph

342 Commits

Author SHA1 Message Date
kolaente 42534cdd79
fix: don't panic when using api token when not correctly put into context (#1119) 2025-07-15 21:26:28 +00:00
Vlad Yarotsky d4347f00f6
fix(caldav): make CalDAV REPORT request properly respond with VTODO objects (#1116) 2025-07-14 21:57:55 +00:00
Dominik Pschenitschni efff6955c5
fix: remove fmt output in token check 2025-07-03 17:09:41 +02:00
Dominik Pschenitschni 9efdde8f1a
docs: delete caldav token uses DELETE instead of GET 2025-07-03 17:06:20 +02:00
kolaente 4d36771362
feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
Dominik Pschenitschni d48d88d442 fix: comment typo and misspellings 2025-07-02 17:46:21 +02:00
kolaente 3b05f7859f
fix(users): refresh initials avatar refresh after name change (#1047) 2025-06-30 16:20:54 +00:00
kolaente 99bc065272
feat(user): use name for initals avatar, not username
For external auth providers, the username might be randomly generated,
which results in a random initial - this is unexpected and confusing for
users.
2025-06-27 14:13:49 +02:00
kolaente 0ecbd9e1a3
feat(user): add avatar cache flushing (#1041) 2025-06-27 14:01:43 +02:00
Weijie Zhao a214d68a44
feat(auth): sync avatar from OpenID providers (#821) 2025-06-16 15:59:31 +02:00
kolaente 59a0b9c40d
feat(auth): require auth to fetch avatars (#930) 2025-06-14 13:12:41 +00:00
kolaente 842e7f524b
fix: always add public url to allowed cors origins
This fixes a bug where it was not possible to do anything because the public url was not allowed by default for CORS requests.

Regression from 433b8b9115

Resolves https://github.com/go-vikunja/vikunja/issues/916
2025-06-11 14:29:38 +02:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
kolaente 44b3e46325
fix: return correct mimetype for openapi docs.json
Resolves https://github.com/go-vikunja/vikunja/issues/864
2025-06-04 16:12:46 +02:00
kolaente ca98b7da73
feat: add /token/test route
This new route returns 200 if a valid bearer token was presented. It does not return any information about the user.
2025-05-21 22:27:34 +02:00
kolaente 3e46457c03
fix: remove unused import 2025-05-15 09:54:15 +02:00
kolaente 13dfe78121
fix(project): correctly handle invalid project id error 2025-05-15 09:50:33 +02:00
renovate[bot] 4a75f7d4da
chore(deps): update golangci/golangci-lint-action action to v7 (#462)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-04-02 09:28:56 +02:00
kolaente bbd9d0d0b3
fix(comment): add validation check for the max comment length
Resolves https://vikunja.sentry.io/issues/6441922105/events/245b8f1de3e64951a108e2f6cb654c58/
2025-03-23 18:03:29 +01:00
kolaente 4e504c288e
fix(auth): hide two factor authentication when using non-local user
Resolves https://github.com/go-vikunja/vikunja/issues/431
2025-03-23 17:43:36 +01:00
kolaente ea42fef2da
feat: don't log all headers when debug log is enabled
This reverts commit 9fc6cdd076.
2025-03-19 15:15:04 +01:00
kolaente e12ebfebed
feat(ldap): sync avatar from ldap 2025-03-18 18:28:54 +01:00
kolaente 26c7ceaed4
chore(avatar): decouple upload from web handler 2025-03-18 18:28:54 +01:00
kolaente 216df5bedc feat(ldap): make group sync configurable 2025-03-18 16:36:00 +00:00
kolaente e94c744477
fix(auth): return ldap as auth provider name when using it 2025-03-09 09:23:40 +01:00
kolaente 9fc6cdd076
feat: log request headers when debug logs are enabled
Related to https://github.com/go-vikunja/vikunja/issues/415
2025-03-08 14:47:21 +01:00
kolaente c6cade3aeb
feat(i18n): automatically set language during registration 2025-03-02 13:21:24 +01:00
das_j 989a40ad42 fix(caldav): return other status codes than 500 when projects are not found (#3065)
This allows CalDav clients to behave properly. In particular, DavX5 will error out on syncing the collections list rather than removing deleted projects from its local cache.

Resolves: https://community.vikunja.io/t/deleting-a-project-breaks-caldav/3315/3
Co-authored-by: Janne Heß <janne@hess.ooo>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3065
Reviewed-by: konrad <k@knt.li>
Co-authored-by: das_j <das_j@noreply.kolaente.dev>
Co-committed-by: das_j <das_j@noreply.kolaente.dev>
2025-02-06 12:38:27 +00:00
kolaente e9d9f04763
chore: improve debug logging 2025-02-03 17:42:17 +01:00
kolaente 90bf5ba81b chore(auth): refactor registration enabled setting in /info 2025-01-28 09:59:08 +00:00
kolaente 9dc351f5a4 feat(auth): show login form when only ldap is enabled 2025-01-28 09:59:08 +00:00
kolaente f01dd2ff52 feat(auth): make sure local auth and ldap can both work when configured at the same time 2025-01-28 09:59:08 +00:00
kolaente 38bb8de4f1 feat(auth): authenticate users via ldap 2025-01-28 09:59:08 +00:00
kolaente 090dd4b2f6
fix(user): do not allow changing name in settings when the user originates from an external auth provider
This improves the UX because it does not allow external users to change their name in Vikunja, since that change would be overridden once they log in again.

Resolves https://github.com/go-vikunja/vikunja/issues/357
2025-01-21 16:27:06 +01:00
kolaente 7ac2c42e4d
fix(caldav): fetch saved filter
This fixes a bug which caused fetching saved filter and favorite projects to crash, because the respective project ID is not a valid project id without special handling.
2024-12-11 17:05:51 +01:00
kolaente 5abca0927b
fix(caldav): do not crash with error 400 when fetching the list of all projects
Because the "all projects" handler is the same as the one to fetch a single project, the handler would fail because no project was specified. However, it should return an empty project instead so that it later fetches all projects.

Resolves https://community.vikunja.io/t/http-400-when-trying-to-connect-via-caldav/3054
2024-12-11 16:51:30 +01:00
kolaente 8732837596
chore: simplify sentry code 2024-11-22 12:05:02 +01:00
kolaente 4556cfb057
fix(attachments): return error message when attachment upload is not multipart form request
Resolves https://vikunja.sentry.io/issues/6041469388/
2024-11-04 12:26:53 +01:00
kolaente d081cf80fc
chore(caldav): refactor fetching projects 2024-10-30 08:37:27 +01:00
kolaente 7055d7341c
feat(sharing): add config so that users only find members of their teams
This adds a feature where you can enable users to only find members of teams they're part of. This makes the user search when sharing projects less confusing, because users only see other users they already know.
It is still possible to add users to teams with their email address, if they have that enabled in the user settings.
2024-10-28 11:08:06 +01:00
jd 84dbc5fd84 fix: partial fix to allow list tasks in ios reminders app (#2717)
This PR introduces a partial fix for the CalDAV task listing bug (#753) when handling PROPFIND requests with `Depth: 1`, improving task visibility in the iOS Reminders app.

Notes:
* This might make Thunderbird somewhat usable when interacting with tasks using the `/dav/projects/{id} url`.
* This does not fully resolve the issue where the Reminders app will only display the last project after some time when adding the URL.

This is my first time working with Golang and CalDAV, so I’d really appreciate any feedback or suggestions on the code structure, style, or any improvements I could make.

Co-authored-by: JD <43763092+jdw1023@users.noreply.github.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2717
Reviewed-by: konrad <k@knt.li>
Co-authored-by: jd <jd@noreply.kolaente.dev>
Co-committed-by: jd <jd@noreply.kolaente.dev>
2024-09-28 09:06:32 +00:00
kolaente 1085a6583b
fix(caldav): reject invalid project id with error 400
Resolves https://vikunja.sentry.io/share/issue/6fc18edefa0e4db3b2e10efe36deeaa4/
2024-09-10 17:32:35 +02:00
kolaente 5c1b2846a1
docs(api): use correct return type for the /user endpoint 2024-09-07 13:27:06 +02:00
kolaente 68636f27da
fix(files): use absolute path everywhere 2024-09-06 12:59:48 +02:00
kolaente 02c1de55c4
chore(attachments): refactor building image preview 2024-09-06 09:43:59 +02:00
kolaente c2b116de70
chore(files): use absolute file path to retrieve and save files 2024-09-05 15:03:32 +02:00
kolaente 6fb314b326
chore(web): use logger directly 2024-09-01 19:37:27 +02:00
kolaente 9b01666ec6
chore(web): use web auth factory directly 2024-09-01 19:37:27 +02:00
kolaente bcfd72c645
chore(web): use config directly 2024-08-29 18:41:20 +02:00
kolaente 499f66b7ae
chore(web): directly use new db session 2024-08-29 16:31:46 +02:00