Commit Graph

13782 Commits

Author SHA1 Message Date
kolaente 732b65ba7c feat(a11y): add skip navigation link and main landmark on auth pages
Adds a visually-hidden skip-to-content link as the first focusable
element. Adds id='main-content' to the <main> element. Changes
<section> to <main> on auth pages for proper landmark navigation.

Fixes WCAG 2.4.1 (Bypass Blocks).
2026-04-21 11:44:36 +00:00
kolaente eb441f8b0c feat(a11y): add i18n keys for accessibility labels 2026-04-21 11:44:36 +00:00
renovate[bot] 9d25864b25 chore(deps): pin dependency otplib to 12.0.1 2026-04-21 11:14:41 +00:00
kolaente b90e67d7ca test(e2e): await DELETE in caldav token revoke test to avoid race 2026-04-21 10:50:09 +00:00
kolaente be28ec70d8 test(e2e): await DELETE in session revoke test to avoid race 2026-04-21 10:50:09 +00:00
kolaente c0101afb59 test(e2e): widen recurrence due-date tolerance to 5s
CI shard 4 hit a ~996ms skew between the JS-constructed originalDue and
the backend's advanced due date, enough to bust the <500ms precision
bound. Bump precision to -4 (<5s) — still tight enough to confirm the
regeneration advanced by ~1 day, loose enough to absorb sub-second
round-tripping through Date → ISO → Go time.Time → JSON.
2026-04-21 10:50:09 +00:00
kolaente c3b86b2102 test(e2e): cover link share permission tiers 2026-04-21 10:50:09 +00:00
kolaente 17e0dde7d3 test(e2e): cover link share password protection 2026-04-21 10:50:09 +00:00
kolaente 19d3b9c4bb test(e2e): cover team share revocation 2026-04-21 10:50:09 +00:00
kolaente f20267164f test(e2e): cover team READ_WRITE permission 2026-04-21 10:50:09 +00:00
kolaente be225fd4d3 test(e2e): cover team READ permission boundary 2026-04-21 10:50:09 +00:00
kolaente 01b71577d7 test(e2e): add TeamProjectFactory 2026-04-21 10:50:09 +00:00
kolaente 268c5daf8b test(e2e): drop unused authenticatedPage from recurrence beforeEach 2026-04-21 10:50:09 +00:00
kolaente 37d7f90acf test(e2e): cover monthly repeat mode UI 2026-04-21 10:50:09 +00:00
kolaente 637d810ff7 test(e2e): assert recurring task regenerates on complete 2026-04-21 10:50:09 +00:00
kolaente c93f644363 test(e2e): cover recurrence preset buttons 2026-04-21 10:50:09 +00:00
kolaente f2eee5d8a1 test(e2e): assert readers cannot delete attachments 2026-04-21 10:50:09 +00:00
kolaente 05432d3993 test(e2e): cover attachment deletion 2026-04-21 10:50:09 +00:00
kolaente db634093e0 test(e2e): drop unused authenticatedPage from webhooks beforeEach 2026-04-21 10:50:09 +00:00
kolaente 425889b879 test(e2e): create and delete a webhook 2026-04-21 10:50:09 +00:00
kolaente 5a93149849 test(e2e): require at least one webhook event 2026-04-21 10:50:09 +00:00
kolaente 2f2aafadfd test(e2e): validate webhook target url 2026-04-21 10:50:09 +00:00
kolaente 8bcdc314b1 test(e2e): cover data export request flow 2026-04-21 10:50:09 +00:00
kolaente a9f8fbaba8 test(e2e): cover scheduled deletion cancel flow 2026-04-21 10:50:09 +00:00
kolaente 2a5e4f2b84 test(e2e): cover account deletion request flow 2026-04-21 10:50:09 +00:00
kolaente 0902c009f6 test(e2e): assert current session has no delete control 2026-04-21 10:50:09 +00:00
kolaente 76055b622b test(e2e): assert session delete breaks refresh 2026-04-21 10:50:09 +00:00
kolaente cf9d0a26ab test(e2e): cover sessions list with current marker 2026-04-21 10:50:09 +00:00
kolaente 7145440fe6 test(e2e): assert wrong password blocks email change 2026-04-21 10:50:09 +00:00
kolaente 3dfbcae4d5 test(e2e): cover caldav token deletion 2026-04-21 10:50:09 +00:00
kolaente cd9d2a2245 test(e2e): cover caldav token creation end-to-end 2026-04-21 10:50:09 +00:00
kolaente 912d6a134f test(e2e): assert wrong TOTP passcode is rejected 2026-04-21 10:50:09 +00:00
kolaente 96685fdc5b test(e2e): cover TOTP disable flow 2026-04-21 10:50:09 +00:00
kolaente 5266392bb7 test(e2e): cover TOTP enrollment flow 2026-04-21 10:50:09 +00:00
kolaente 3b7c098c84 test(e2e): add otplib dev dep for TOTP tests 2026-04-21 10:50:09 +00:00
kolaente 3816349258 test(e2e): add TotpFactory with fixed seed 2026-04-21 10:50:09 +00:00
kolaente 3271c8600a test(e2e): add WebhookFactory 2026-04-21 10:50:09 +00:00
kolaente fff7f80994 test(e2e): add SessionFactory with sha256 token hashing 2026-04-21 10:50:09 +00:00
kolaente 726a4df539 test(e2e): add user settings nav helper 2026-04-21 10:50:09 +00:00
kolaente 2fc6f033f2 refactor(handler): return domain error for forbidden instead of echo.HTTPError
Keeps the Do* helpers framework-neutral so non-Echo callers (upcoming
Huma /v2 handlers) don't need a translation shim.

Addresses review feedback on #2670.
2026-04-21 09:23:13 +00:00
kolaente 939381fb12 refactor(handler): extract DoDelete from DeleteWeb 2026-04-21 09:23:13 +00:00
kolaente 1f4471c38f refactor(handler): extract DoUpdate from UpdateWeb 2026-04-21 09:23:13 +00:00
kolaente 0e800b4936 refactor(handler): extract DoReadAll from ReadAllWeb 2026-04-21 09:23:13 +00:00
kolaente 9ec5c2672f refactor(handler): extract DoReadOne from ReadOneWeb 2026-04-21 09:23:13 +00:00
kolaente 11c9137080 refactor(handler): extract DoCreate from CreateWeb 2026-04-21 09:23:13 +00:00
renovate[bot] 73a597345a chore(deps): update dev-dependencies to v4.2.3 2026-04-21 07:41:56 +00:00
kolaente f7dc50faf7 refactor(frontend): port checkbox-radio rules into FormCheckbox and drop Bulma import
The Bulma form/checkbox-radio partial only defined two selectors: .checkbox
(consumed exclusively by FormCheckbox.vue) and .radio (consumed by
ViewEditForm.vue and user/settings/Avatar.vue). Ports the %checkbox-radio
placeholder rules (cursor, line-height, position, hover/disabled states,
and the input cursor override) into FormCheckbox's scoped style for the
.checkbox side, and into scoped style blocks on the two remaining .radio
call-sites for the .radio side (including the 0.5em sibling margin via
margin-inline-start). Drops the now-unused @import. Pixel-perfect verified
on /login, /user/settings/general, and /user/settings/avatar: every
measured label/input getBoundingClientRect and computed style matches the
baseline exactly (0px deltas across all 5 sampled checkboxes and all 5
avatar radios).
2026-04-20 19:55:14 +00:00
renovate[bot] 5a1db90103 chore(deps): update dev-dependencies to v8.59.0 2026-04-20 19:28:55 +00:00
Frederick [Bot] 5d3e34e870 [skip ci] Updated swagger docs 2026-04-20 19:16:29 +00:00
kolaente af8beb5758 fix(user): skip last-admin guard when target is already unreachable
GuardLastAdmin counted only active, non-deletion-scheduled admins, but gated only on target.IsAdmin. Demoting or deleting an already-disabled or deletion-scheduled admin would then be blocked whenever exactly one active admin remained, even though removing a user who isn't in the reachable set can't reduce the count. Return early when the target isn't part of the counted set.
2026-04-20 18:55:06 +00:00