Commit Graph

13481 Commits

Author SHA1 Message Date
kolaente b20df2ef63
fix(deps): update brace-expansion to 5.0.5
Fixes zero-step sequence causing process hang and memory
exhaustion (Dependabot #168).
2026-04-07 15:39:33 +02:00
kolaente efc9b41349
fix(deps): update lodash to 4.18.1
Fixes code injection via _.template (Dependabot #176, #178) and
prototype pollution via _.unset/_.omit (Dependabot #175, #177).
2026-04-07 15:38:52 +02:00
kolaente f40eddd4e3
fix(deps): update defu to 6.1.7
Fixes prototype pollution via __proto__ key (Dependabot #180).
2026-04-07 15:38:17 +02:00
Frederick [Bot] 7820bb1ffd [skip ci] Updated swagger docs 2026-04-07 12:22:00 +00:00
kolaente e40877cca1 fix(migration): delete all default buckets when migration provides its own
Previously only the "To-Do" default bucket was deleted, leaving "Doing"
and "Done" as duplicates alongside migration-provided buckets. Now all
default-created buckets are removed when migration data already provides
bucket assignments for all tasks.
2026-04-07 12:05:47 +00:00
kolaente ccf1468884 fix(migration): correct TickTick swagger annotation to PUT 2026-04-07 12:05:47 +00:00
kolaente 34480ef513 fix(migration): center and style migrator logos on migration page
Use inline-flex layout to center logos with titles below. Constrain
logo size with max-block-size and use logical CSS properties.
2026-04-07 12:05:47 +00:00
kolaente 1a1fd780ec feat(migration): add WeKan to migration page with logo
Register WeKan in the AvailableMigrators list and add the frontend
migrator entry with the WeKan logo, referenced as "WeKan ®".
2026-04-07 12:05:47 +00:00
kolaente 64aa7a9e75 feat(migration): register WeKan migration routes 2026-04-07 12:05:47 +00:00
kolaente 56ce73738d test(migration): add WeKan migration tests and fixture
Add comprehensive tests for the WeKan conversion function including
edge cases (empty board, orphan cards, color mapping, multiple
checklists, unsupported fields) and a realistic JSON fixture file.
2026-04-07 12:05:47 +00:00
kolaente 4cc7715951 feat(migration): add WeKan board JSON import
Add a file-based migration importer that reads WeKan board JSON exports
and creates Vikunja projects with kanban buckets, tasks, labels,
checklists, and comments.

WeKan lists become kanban buckets. Checklists are converted to HTML
task lists in the description. Card descriptions and comments are
converted from markdown to HTML using goldmark. Label colors are
mapped from WeKan's CSS color names to their actual hex values.
2026-04-07 12:05:47 +00:00
renovate[bot] 33886d2e3c chore(deps): update dev-dependencies 2026-04-06 16:23:31 +00:00
Frederick [Bot] 41a5087198 chore(i18n): update translations via Crowdin 2026-04-06 01:26:55 +00:00
kolaente 4b3b5bb87c docs(helpers): explain djb2 seed constant in stringHash 2026-04-05 12:24:45 +00:00
kolaente 65b6e55252 test(e2e): relax home greeting assertions for rotating pool 2026-04-05 12:24:45 +00:00
kolaente b9c41e0cbf feat(home): rotate greetings from a deterministic per-user daily pool 2026-04-05 12:24:45 +00:00
kolaente fad432a072 i18n: add rotating home greeting variants 2026-04-05 12:24:45 +00:00
kolaente b0bc41291e feat(helpers): add deterministic stringHash for stable daily selection 2026-04-05 12:24:45 +00:00
kolaente ac76bce5cd fix: use recursive CTE in accessibleProjectIDsSubquery for inherited project permissions
Resolves #2490. Users with team access on a parent project were not seeing
subtask relations for tasks in child projects because getUserProjectsStatement
does not walk the project hierarchy. The fix wraps the base query in a
recursive CTE that traverses child projects via parent_project_id.
2026-04-05 12:20:35 +00:00
kolaente 856011f132 ci: auto-close 'waiting for reply' issues after 30 days of inactivity 2026-04-05 12:04:33 +00:00
kolaente d45ae31d8c fix(gantt): preserve query parameters when closing task modal
When closing a task modal opened from the Gantt view, the date range
query parameters were lost because closeModal() reconstructed the
route with only projectId and viewId. Now preserves query parameters
from the backdrop view.
2026-04-05 11:31:37 +00:00
kolaente 642134d16f test(gantt): add e2e test for date range preservation after task modal close
Verifies that opening and closing a task modal on the Gantt view
does not lose the date range query parameters.
2026-04-05 11:31:37 +00:00
kolaente d152fa8475 fix(gantt): use reactive date range in Flatpickr config to prevent reset on task update
Replace static initialDateRange snapshot with reactive filters.value
references inside the computed flatPickerConfig. This ensures the
Flatpickr defaultDate always reflects the current user-selected range
instead of the mount-time values.

Ref #2462
2026-04-05 11:31:37 +00:00
Frederick [Bot] 23d9cbc664 [skip ci] Updated swagger docs 2026-04-05 10:05:20 +00:00
kolaente 297c0c1d8b fix(e2e): seed project in empty-tasks overview test
With truncateAll wiping all tables, the test user has no projects,
so ShowTasks never renders and tasksLoaded stays false — meaning
ImportHint (which is gated on tasksLoaded) never appears. Seed a
project with default views so the empty-state hint is visible.
2026-04-05 09:48:09 +00:00
kolaente adcc74b056 fix: make apiContext auto-fixture and fix remaining view ID conflicts 2026-04-05 09:48:09 +00:00
kolaente 4888b1d8ca fix: move truncateAll to apiContext fixture and fix view ID conflicts 2026-04-05 09:48:09 +00:00
kolaente aa1202fea8 chore: remove redundant truncate calls now that all tables are wiped before each test 2026-04-05 09:48:09 +00:00
kolaente 2ee8ad4109 feat: truncate all tables before each e2e test for clean isolation 2026-04-05 09:48:09 +00:00
kolaente f477da48ec feat: add Factory.truncateAll() helper for e2e tests 2026-04-05 09:48:09 +00:00
kolaente e9a26b9088 feat: add DELETE /test/all endpoint to truncate all tables 2026-04-05 09:48:09 +00:00
kolaente 6a3dd8b281 feat: add TruncateAllTables function for e2e test isolation 2026-04-05 09:48:09 +00:00
kolaente 0834d19f9c
feat: remove flexsearch dependency and replace with simple string filtering (#2542) 2026-04-04 21:41:25 +02:00
kolaente f5752b97e9
feat: add inline PDF viewer for task attachments (#2541) 2026-04-04 21:25:54 +02:00
renovate[bot] 33d607714d chore(deps): update dependency caniuse-lite to v1.0.30001785 2026-04-04 18:38:07 +00:00
kolaente 841b458a5f fix: pass saved filter context to subtask visibility check
When viewing tasks through a saved filter, pass isFilteredView=true
to shouldShowTaskInListView so subtasks are not incorrectly hidden.

Ref: #2494
2026-04-03 19:25:46 +00:00
kolaente d895053d2e fix: show subtasks in saved filter views regardless of parent presence
Add isFilteredView parameter to shouldShowTaskInListView() that skips
the parent-hiding logic when viewing tasks through a saved filter.
This ensures all filter-matching tasks are shown.

Ref: #2494
2026-04-03 19:25:46 +00:00
kolaente 616ac8b95f test: add failing tests for subtask visibility in filtered views
Add test cases to verify that subtasks are shown in saved filter views
regardless of whether their parent task is also in the results.

Ref: #2494
2026-04-03 19:25:46 +00:00
kolaente 174c67cfd8 fix(gantt): isolate chart stacking context so date picker renders above it
Sets position: relative and z-index: 0 on .gantt-chart-container to
create a new stacking context. This ensures z-index values inside the
Gantt chart (e.g. the sticky timeline header) cannot compete with the
Flatpickr popup that renders at the body level.

Ref #2337
2026-04-03 19:07:49 +00:00
kolaente f25147d09c fix(gantt): ensure chart container fills viewport width for narrow date ranges
Adds min-inline-size: 100% to .gantt-container so the scrollable area
never appears narrower than the card width, even with short date ranges.

Ref #2337
2026-04-03 19:07:49 +00:00
kolaente 48a91ce32c fix(frontend): prevent drag handle from overlapping project color in sidebar
Moves the drag handle inside the color-bubble-wrapper so both elements
share the same positioned container, eliminating the absolute positioning
mismatch that caused the overlap. Fixes #2493.
2026-04-03 19:05:10 +00:00
kolaente a57cbd3e51 feat: add tooltip to readonly checkbox explaining why it's not clickable 2026-04-03 19:01:45 +00:00
kolaente c5bce07a25 test(e2e): add test for read-only checkbox on overview page
Verifies that tasks from read-only shared projects have disabled
checkboxes on the overview page, while tasks from owned projects
remain interactive.

Refs #2399
2026-04-03 19:01:45 +00:00
kolaente 063155a46b fix(overview): disable checkbox for read-only tasks on overview page
The Overview's ShowTasks component was not passing the canMarkAsDone prop
to SingleTaskInProject, which defaults to true. This caused read-only tasks
to show an interactive checkbox even though the user doesn't have write
permission.

Use the project's maxPermission from the project store to determine if the
user can mark the task as done. Also fix the disabled condition to use OR
logic so the checkbox is disabled when ANY condition applies: archived,
disabled, or when the user lacks write permission.

Fixes #2399
2026-04-03 19:01:45 +00:00
kolaente 4f232957c4 fix(auth): add retry and logging for token refresh failures
Add a single retry with a 1-second delay in the 401 interceptor's
doRefresh() before giving up on token renewal. This handles transient
failures like brief network blips or server restarts without immediately
logging the user out.

Also log refresh failures via console.warn so the reason is visible
in browser DevTools for easier diagnosis.

Ref: #2391
2026-04-03 18:45:59 +00:00
kolaente fd8a8ecba2 fix(auth): normalize API base URL to prevent refresh cookie path mismatch
When window.API_URL lacks a trailing slash, axios resolves relative URLs
by stripping path segments, causing the refresh request to hit a different
path than the cookie's Path attribute. The browser then omits the HttpOnly
refresh cookie, silently breaking token renewal and logging users out
after the short JWT TTL expires.

Extract a getApiBaseUrl() helper that ensures baseURL always ends with
'/' so relative URL resolution preserves the full path, matching the
cookie scope.

Ref: #2391
2026-04-03 18:45:59 +00:00
kolaente 6299bea794 fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests
GetMailDomain called log.Warningf which panics when the logger is not
initialized (e.g. in unit tests). Add log.IsInitialized() guard.

Also fix TestGetThreadID tests that hardcoded "vikunja" as the expected
fallback domain - on CI the os.Hostname() fallback produces a different
value. Tests now dynamically compute the expected domain.
2026-04-03 18:30:39 +00:00
kolaente 85a350749b refactor(mail): use CryptoRandomString for Message-ID generation
Replace manual rand.Read + hex.EncodeToString with the existing
utils.CryptoRandomString helper for generating the random part
of the Message-ID header.
2026-04-03 18:30:39 +00:00
kolaente 07aa3c1b04 fix(mail): fall back to os.Hostname() before hardcoded domain
When the public URL is not configured, GetMailDomain() now tries
os.Hostname() before falling back to the hardcoded "vikunja" string,
and logs a warning in both fallback cases.
2026-04-03 18:30:39 +00:00
kolaente 5249366aa3 refactor(models): use shared GetMailDomain in getThreadID 2026-04-03 18:30:39 +00:00