Commit Graph

13779 Commits

Author SHA1 Message Date
kolaente b90e67d7ca test(e2e): await DELETE in caldav token revoke test to avoid race 2026-04-21 10:50:09 +00:00
kolaente be28ec70d8 test(e2e): await DELETE in session revoke test to avoid race 2026-04-21 10:50:09 +00:00
kolaente c0101afb59 test(e2e): widen recurrence due-date tolerance to 5s
CI shard 4 hit a ~996ms skew between the JS-constructed originalDue and
the backend's advanced due date, enough to bust the <500ms precision
bound. Bump precision to -4 (<5s) — still tight enough to confirm the
regeneration advanced by ~1 day, loose enough to absorb sub-second
round-tripping through Date → ISO → Go time.Time → JSON.
2026-04-21 10:50:09 +00:00
kolaente c3b86b2102 test(e2e): cover link share permission tiers 2026-04-21 10:50:09 +00:00
kolaente 17e0dde7d3 test(e2e): cover link share password protection 2026-04-21 10:50:09 +00:00
kolaente 19d3b9c4bb test(e2e): cover team share revocation 2026-04-21 10:50:09 +00:00
kolaente f20267164f test(e2e): cover team READ_WRITE permission 2026-04-21 10:50:09 +00:00
kolaente be225fd4d3 test(e2e): cover team READ permission boundary 2026-04-21 10:50:09 +00:00
kolaente 01b71577d7 test(e2e): add TeamProjectFactory 2026-04-21 10:50:09 +00:00
kolaente 268c5daf8b test(e2e): drop unused authenticatedPage from recurrence beforeEach 2026-04-21 10:50:09 +00:00
kolaente 37d7f90acf test(e2e): cover monthly repeat mode UI 2026-04-21 10:50:09 +00:00
kolaente 637d810ff7 test(e2e): assert recurring task regenerates on complete 2026-04-21 10:50:09 +00:00
kolaente c93f644363 test(e2e): cover recurrence preset buttons 2026-04-21 10:50:09 +00:00
kolaente f2eee5d8a1 test(e2e): assert readers cannot delete attachments 2026-04-21 10:50:09 +00:00
kolaente 05432d3993 test(e2e): cover attachment deletion 2026-04-21 10:50:09 +00:00
kolaente db634093e0 test(e2e): drop unused authenticatedPage from webhooks beforeEach 2026-04-21 10:50:09 +00:00
kolaente 425889b879 test(e2e): create and delete a webhook 2026-04-21 10:50:09 +00:00
kolaente 5a93149849 test(e2e): require at least one webhook event 2026-04-21 10:50:09 +00:00
kolaente 2f2aafadfd test(e2e): validate webhook target url 2026-04-21 10:50:09 +00:00
kolaente 8bcdc314b1 test(e2e): cover data export request flow 2026-04-21 10:50:09 +00:00
kolaente a9f8fbaba8 test(e2e): cover scheduled deletion cancel flow 2026-04-21 10:50:09 +00:00
kolaente 2a5e4f2b84 test(e2e): cover account deletion request flow 2026-04-21 10:50:09 +00:00
kolaente 0902c009f6 test(e2e): assert current session has no delete control 2026-04-21 10:50:09 +00:00
kolaente 76055b622b test(e2e): assert session delete breaks refresh 2026-04-21 10:50:09 +00:00
kolaente cf9d0a26ab test(e2e): cover sessions list with current marker 2026-04-21 10:50:09 +00:00
kolaente 7145440fe6 test(e2e): assert wrong password blocks email change 2026-04-21 10:50:09 +00:00
kolaente 3dfbcae4d5 test(e2e): cover caldav token deletion 2026-04-21 10:50:09 +00:00
kolaente cd9d2a2245 test(e2e): cover caldav token creation end-to-end 2026-04-21 10:50:09 +00:00
kolaente 912d6a134f test(e2e): assert wrong TOTP passcode is rejected 2026-04-21 10:50:09 +00:00
kolaente 96685fdc5b test(e2e): cover TOTP disable flow 2026-04-21 10:50:09 +00:00
kolaente 5266392bb7 test(e2e): cover TOTP enrollment flow 2026-04-21 10:50:09 +00:00
kolaente 3b7c098c84 test(e2e): add otplib dev dep for TOTP tests 2026-04-21 10:50:09 +00:00
kolaente 3816349258 test(e2e): add TotpFactory with fixed seed 2026-04-21 10:50:09 +00:00
kolaente 3271c8600a test(e2e): add WebhookFactory 2026-04-21 10:50:09 +00:00
kolaente fff7f80994 test(e2e): add SessionFactory with sha256 token hashing 2026-04-21 10:50:09 +00:00
kolaente 726a4df539 test(e2e): add user settings nav helper 2026-04-21 10:50:09 +00:00
kolaente 2fc6f033f2 refactor(handler): return domain error for forbidden instead of echo.HTTPError
Keeps the Do* helpers framework-neutral so non-Echo callers (upcoming
Huma /v2 handlers) don't need a translation shim.

Addresses review feedback on #2670.
2026-04-21 09:23:13 +00:00
kolaente 939381fb12 refactor(handler): extract DoDelete from DeleteWeb 2026-04-21 09:23:13 +00:00
kolaente 1f4471c38f refactor(handler): extract DoUpdate from UpdateWeb 2026-04-21 09:23:13 +00:00
kolaente 0e800b4936 refactor(handler): extract DoReadAll from ReadAllWeb 2026-04-21 09:23:13 +00:00
kolaente 9ec5c2672f refactor(handler): extract DoReadOne from ReadOneWeb 2026-04-21 09:23:13 +00:00
kolaente 11c9137080 refactor(handler): extract DoCreate from CreateWeb 2026-04-21 09:23:13 +00:00
renovate[bot] 73a597345a chore(deps): update dev-dependencies to v4.2.3 2026-04-21 07:41:56 +00:00
kolaente f7dc50faf7 refactor(frontend): port checkbox-radio rules into FormCheckbox and drop Bulma import
The Bulma form/checkbox-radio partial only defined two selectors: .checkbox
(consumed exclusively by FormCheckbox.vue) and .radio (consumed by
ViewEditForm.vue and user/settings/Avatar.vue). Ports the %checkbox-radio
placeholder rules (cursor, line-height, position, hover/disabled states,
and the input cursor override) into FormCheckbox's scoped style for the
.checkbox side, and into scoped style blocks on the two remaining .radio
call-sites for the .radio side (including the 0.5em sibling margin via
margin-inline-start). Drops the now-unused @import. Pixel-perfect verified
on /login, /user/settings/general, and /user/settings/avatar: every
measured label/input getBoundingClientRect and computed style matches the
baseline exactly (0px deltas across all 5 sampled checkboxes and all 5
avatar radios).
2026-04-20 19:55:14 +00:00
renovate[bot] 5a1db90103 chore(deps): update dev-dependencies to v8.59.0 2026-04-20 19:28:55 +00:00
Frederick [Bot] 5d3e34e870 [skip ci] Updated swagger docs 2026-04-20 19:16:29 +00:00
kolaente af8beb5758 fix(user): skip last-admin guard when target is already unreachable
GuardLastAdmin counted only active, non-deletion-scheduled admins, but gated only on target.IsAdmin. Demoting or deleting an already-disabled or deletion-scheduled admin would then be blocked whenever exactly one active admin remained, even though removing a user who isn't in the reachable set can't reduce the count. Return early when the target isn't part of the counted set.
2026-04-20 18:55:06 +00:00
kolaente 73a0f691ec fix(license): degrade to free when servers unreachable or key rejected
On startup, if the license server was unreachable with no usable cached status, or the server rejected the key, we only logged a warning without clearing persisted license.state. On Redis/keyvalue deployments a previous run's Licensed=true could remain active even though pro features were advertised as unavailable. Route both paths through degradeToFree so the persisted state is cleared.
2026-04-20 18:55:06 +00:00
kolaente c8893f4533 fix(cli): guard last admin on scheduled CLI deletion path
The last-admin guard was only enforced in the --now branch of 'user delete'. The default scheduled path called user.RequestDeletion without the guard, letting an operator schedule deletion of the last reachable admin via the CLI; the cron flow would then confirm and execute it, violating the invariant the HTTP admin API already enforces.
2026-04-20 18:55:06 +00:00
kolaente d64ca0c777 fix(admin): reload created user before returning in admin create handler
The admin create-user handler returned the in-memory newUser struct directly. On mail-enabled instances with skip_email_confirm=false, user.CreateUser persists the account as email-confirmation-required, but the returned struct still reflects the pre-persist status, so the admin API reported a misleading active status immediately after creation.
2026-04-20 18:55:06 +00:00