Commit Graph

2459 Commits

Author SHA1 Message Date
kolaente 963235c0ce test: add failing tests for RepairOrphanedProjects 2026-02-25 11:56:25 +01:00
kolaente 9e050fe40e test: add orphaned project fixture for repair-projects command 2026-02-25 11:56:25 +01:00
kolaente 107a92f573 fix: commit transaction in session cleanup cron
RegisterSessionCleanupCron opens a transaction via db.NewSession() but
never calls s.Commit(). The deferred s.Close() auto-rolls-back, making
the DELETE a no-op. Add the missing commit.
2026-02-25 11:03:02 +01:00
kolaente 2f680d041c fix: address review comments on session lifecycle
- user_export.go: Remove defer s.Close() from checkExportRequest since
  it returns the session to callers. Callers now own the session
  lifecycle with their own defer s.Close(). Close session on all error
  paths within checkExportRequest.

- user_delete.go: Close the read session immediately after Find() before
  the per-user deletion loop, avoiding a long-lived transaction holding
  locks unnecessarily.

- user/delete.go: Remove double s.Close() in notifyUsersScheduledForDeletion
  by closing immediately after Find() instead of using both defer and
  explicit close.

- caldav_token.go: Return nil token on Commit() error to prevent callers
  from using an unpersisted token.
2026-02-25 11:03:02 +01:00
kolaente b3d8a56364 fix: use caller's session in LDAP syncUserGroups to avoid nested transactions
syncUserGroups created its own db.NewSession() internally while being
called from AuthenticateUserInLDAP which already has an active session
with writes. In SQLite shared-cache mode this causes a lock conflict.

Pass the caller's session through instead, and add s.Commit() before
db.AssertExists calls in LDAP tests.
2026-02-25 11:03:02 +01:00
kolaente 2f718206f9 fix: add TestMain to caldav tests and fix session conflicts
Add a proper main_test.go for the caldav test package that initializes
the logger, config, test database, and event system. Previously, these
were initialized inline in TestSubTask_Create and TestSubTask_Update
relied on running after it (fragile test ordering).

Fix session handling in TestSubTask_Update: close the read session
before calling UpdateResource (which creates its own internal session)
to avoid SQLite lock conflicts from concurrent transactions.
2026-02-25 11:03:02 +01:00
kolaente a7086e5e49 fix: prevent session leaks and visibility issues in model tests
Two categories of fixes:

1. Use defer s.Close() instead of explicit s.Close() to prevent session
   leaks when require.FailNow() triggers runtime.Goexit(), which skips
   explicit close calls but runs deferred functions. Leaked sessions
   hold SQLite write locks that block all subsequent fixture loading.

2. Add s.Commit() before db.AssertExists/db.AssertMissing calls. These
   assertion helpers query via the global engine (not the test session),
   so they cannot see uncommitted data from the session's transaction.

For block-scoped sessions (kanban_task_bucket_test.go), wrap each block
in an anonymous function so defer runs at block boundary rather than
deferring to the enclosing test function.
2026-02-25 11:03:02 +01:00
kolaente 2a10b22c5c fix: use session-aware file creation to avoid nested transactions
files.Create() and files.CreateWithMime() internally create their own
sessions and transactions. When called from within an existing
transaction (now that db.NewSession() auto-begins), this creates nested
transactions that deadlock on SQLite.

Switch to files.CreateWithSession() and files.CreateWithMimeAndSession()
to participate in the caller's existing transaction instead.
2026-02-25 11:03:02 +01:00
kolaente cbfd0e63ed fix: pass pointer to xorm Update to avoid hash panic in transaction mode
In transaction mode, xorm stores the bean argument as a map key in
afterUpdateBeans. Since Task contains slices and maps (unhashable
types), passing a Task value causes "hash of unhashable type" panic.
Passing a pointer (&ot) fixes this since pointers are always hashable.
2026-02-25 11:03:02 +01:00
kolaente 2188c7a79d fix: add missing Commit() to event listeners and cron jobs
With db.NewSession() now starting real transactions, all sessions that
do writes must explicitly commit. These listeners and cron jobs were
previously relying on auto-commit mode where each SQL statement was
committed immediately. Without explicit Commit(), the writes are
silently rolled back on Close(), and the held write locks cause
"database is locked" errors for subsequent requests on SQLite.
2026-02-25 11:03:02 +01:00
kolaente eea59c33c7 fix: isolate deletion notifications into per-user transactions
On Postgres, a failed operation puts the transaction in an error state
where subsequent operations fail. The previous loop with continue would
keep trying to use a broken transaction. Each user now gets its own
transaction so a single notification failure doesn't affect others.
2026-02-25 11:03:02 +01:00
kolaente 312648d7d6 fix: remove transaction control from File.Delete to prevent premature commit/rollback
File.Delete() had s.Commit() and s.Rollback() calls that could
prematurely commit or abort an outer transaction when using a shared
session. The caller is now responsible for transaction management.
2026-02-25 11:03:02 +01:00
kolaente 1167b08e70 fix: handle Begin() error in db.NewSession() instead of ignoring it 2026-02-25 11:03:02 +01:00
kolaente 23176bb8e1 test: add regression test for atomic parent project deletion
Verify that deleting a parent project atomically deletes all child
projects, including archived children and deeply nested hierarchies.
Also add missing defer s.Close() to existing delete test cases.
2026-02-25 11:03:02 +01:00
kolaente 49bba7f830 fix: eliminate nested database sessions to prevent table locks
Refactor functions that created their own sessions when called from
within existing transactions, which caused "database table is locked"
errors in SQLite's shared-cache mode.

Changes:
- Add files.CreateWithSession() to reuse caller's session
- Refactor DeleteBackgroundFileIfExists() to accept session parameter
- Add variadic session parameter to notifications.Notify() and
  Notifiable.ShouldNotify() interface
- Update all Notify callers (~17 sites) to pass their session through
- Use files.CreateWithSession in SaveBackgroundFile and NewAttachment
- Fix test code to commit sessions before assertions
2026-02-25 11:03:02 +01:00
kolaente a6e6f252db refactor: remove redundant Begin() calls after NewSession auto-begins
Since NewSession() now auto-begins a transaction, explicit Begin()
calls are redundant (xorm's Begin() is a no-op when already in a
transaction). Removing them reduces confusion.

Special case: user_delete.go's loop previously called Begin/Commit
per user on a shared session. Restructured to create a new session
per user deletion so each gets its own transaction.
2026-02-25 11:03:02 +01:00
kolaente 764d3569ce fix: close leaked database sessions
Add defer s.Close() to sessions that were never closed:
- auth.GetAuthFromClaims inline session
- models.deleteUsers cron function
- notifications.notify database insert
2026-02-25 11:03:02 +01:00
kolaente c9c250fb1c fix: add missing Commit() to write callers
After NewSession() auto-begins a transaction, callers that perform
writes must explicitly call Commit() for changes to persist. Without
this, writes are silently rolled back when Close() is called.

Affected callers:
- user deletion notification cron
- caldav token generation/deletion
- token cleanup cron
- mark-all-notifications-read endpoint
- saved filter view cron
- project background delete
- typesense reindex
- export cleanup cron
- task last-updated listener
- saved filter view listener
- SSO team cleanup cron
- migration status start/finish
- background set/remove handlers
- orphaned task position cleanup
- file creation
2026-02-25 11:03:02 +01:00
kolaente fd77e041a1 fix: add transaction begin to db.NewSession()
All sessions now start with an active transaction. This makes
multi-statement write operations atomic — if any step fails, all
changes are rolled back instead of leaving the database in an
inconsistent state.

Callers must call s.Commit() for writes to persist. s.Close()
auto-rollbacks uncommitted transactions.
2026-02-25 11:03:02 +01:00
Frederick [Bot] 2cb0b84602 [skip ci] Updated swagger docs 2026-02-25 09:39:04 +00:00
kolaente 2ef693a7cf test: add session lifecycle tests
Integration tests covering session creation on login, refresh token
rotation, session listing, deletion, and session invalidation on
password change.
2026-02-25 10:30:25 +01:00
kolaente 8ee069a2a3 feat: add session-based auth with refresh token rotation
- Login creates a server-side session and sets an HttpOnly refresh
  token cookie alongside the short-lived JWT
- POST /user/token/refresh exchanges the cookie for a new JWT and
  rotates the refresh token atomically
- POST /user/logout destroys the session and clears the cookie
- POST /user/token restricted to link share tokens only
- Session list (GET) and delete (DELETE) routes for /user/sessions
- All user sessions invalidated on password change and reset
- CORS configured to allow credentials for cross-origin cookies
- JWT 401 responses use structured error code 11 for client detection
- Refresh token cookie name constants annotated for gosec G101
2026-02-25 10:30:25 +01:00
kolaente b3d0b2f697 feat: add Session model with CRUD, permissions, and cleanup cron
- Session struct with UUID primary key, hashed refresh token, device
  info, IP address, and last-active tracking
- Token generation via generateHashedToken (SHA-256, 128 random bytes)
- CreateSession, GetSessionByRefreshToken, GetSessionByID
- Atomic RotateRefreshToken with WHERE on old hash to prevent replays
- ReadAll scoped to authenticated user (link shares rejected)
- Delete scoped to owning user (link shares rejected)
- Hourly cleanup cron for expired sessions based on is_long_session
- ErrSessionNotFound error type with HTTP 404 mapping
2026-02-25 10:30:25 +01:00
kolaente a6bdeb67b0 feat: add jwtttlshort config key for session tokens
Adds ServiceJWTTTLShort (default 600s) to control the lifetime of
short-lived JWTs issued during token refresh. The existing jwtttl
and jwtttllong keys remain for session expiry and long sessions.
2026-02-25 10:30:25 +01:00
kolaente 04e60472b7 feat: add sessions table migration
Adds the `sessions` table for storing server-side session records.
Each row tracks a session ID (UUID), user ID, hashed refresh token,
device info, IP address, and timestamps.
2026-02-25 10:30:25 +01:00
kolaente 6de82db7e4 fix: decouple webhook dispatch from email/mailer config
The reminder and overdue crons now always run and dispatch webhook
events. Email notifications are only sent when both
ServiceEnableEmailReminders and MailerEnabled are true. Webhook
dispatch errors are logged but no longer abort the cron run.
2026-02-24 20:24:56 +01:00
kolaente 54aacd3707 feat: dispatch TaskOverdueEvent from overdue cron 2026-02-24 20:24:56 +01:00
kolaente 626e731ae4 feat: dispatch TaskReminderFiredEvent from reminder cron 2026-02-24 20:24:56 +01:00
kolaente 83dc7537c4 feat: register reminder and overdue events for webhooks 2026-02-24 20:24:56 +01:00
kolaente e04c1a3d2e feat: add TaskReminderFiredEvent and TaskOverdueEvent types 2026-02-24 20:24:56 +01:00
kolaente 0c7c07b3b8 fix: preserve teams external_id type when renaming on mysql
Avoid using the generic renameColumn helper for this migration on MySQL because it renames columns as BIGINT. Handle the teams oidc_id -> external_id rename with a MySQL-specific CHANGE statement that keeps VARCHAR(250) and remains idempotent.
2026-02-24 14:29:49 +01:00
kolaente 3d6c527b64 fix: cast bucket_configuration to text in postgres catchup query
The new catchup migration compared the postgres JSON column with string literals using !=, which fails in migration smoke tests. Use a PostgreSQL-specific WHERE clause with ::text and cover it with unit tests.
2026-02-24 14:29:49 +01:00
kolaente 99ac3e65b8 fix: add comprehensive catchup for bucket and filter format migrations
Convert bucket_configuration filters regardless of bucket_configuration_mode and catch remaining view-level filter values still stored in the legacy string format. Includes focused tests for the bucket conversion helper logic.

Fixes #2172

Fixes #2188

Fixes #2202
2026-02-24 14:29:49 +01:00
kolaente 4acad97688 fix: make teams oidc_id rename migration idempotent
Use the shared renameColumn helper for non-SQLite databases and skip the SQLite table rebuild when oidc_id is already absent. This prevents failures after partial upgrades where the column was already renamed.

Refs #2172

Refs #2285
2026-02-24 14:29:49 +01:00
kolaente b1534f1cc8 fix: replace tx.Sync() with explicit ALTER TABLE in webhooks migration
tx.Sync() fails on PostgreSQL because it tries to reconcile primary key constraints/indexes, causing index-drop errors. Use explicit ALTER TABLE ADD COLUMN with existence checks instead.

Fixes #2215
2026-02-24 14:29:49 +01:00
kolaente a13ecbd3cc
fix: prevent browser from caching API responses
Without explicit Cache-Control headers, browsers may heuristically cache
API JSON responses. This causes stale data to be served on normal page
refresh (F5) — for example, projects newly shared with a team not
appearing until the user performs a hard refresh (Ctrl+Shift+R).

Add Cache-Control: no-store to all API responses via middleware and
configure the service worker's NetworkOnly strategy to explicitly bypass
the browser HTTP cache for API requests.

Ref: https://community.vikunja.io/t/team-members-cannot-see-project/1876
2026-02-24 10:37:49 +01:00
kolaente 249b651692
fix: treat archived TickTick tasks as done during import
TickTick uses status "2" (Archived) for completed tasks that were
subsequently archived. The import only checked for status "1"
(Completed), causing archived tasks to be imported as open despite
having a completion timestamp.

Closes go-vikunja/vikunja#2278
2026-02-23 14:52:20 +01:00
kolaente 1ccc8dce3a
fix: load file content before generating attachment preview
LoadFileByID() was called after the preview branch, so GetPreview()
received a nil io.Reader causing a panic in image.Decode.
2026-02-22 09:28:25 +01:00
kolaente d222d4502a fix: escape attachment download filename 2026-02-22 00:00:11 +01:00
kolaente c6370bb739 fix: fall back to application/octet-stream when the file has no mime type stored 2026-02-22 00:00:11 +01:00
kolaente 55c122fb42 feat: add repair-file-mime-types CLI command
Add a CLI command that finds all files in the database with no MIME type
set, detects it from the stored file content, and updates the database.
This is useful for backfilling MIME types on files created before MIME
detection was added on upload.
2026-02-22 00:00:11 +01:00
kolaente 4915f535d0 fix: add Content-Disposition attachment header to task attachment downloads
Set Content-Disposition to "attachment" instead of "inline" so browsers
trigger a file download with the correct filename. Also move shared
response headers (Content-Type, Content-Length, Last-Modified) out of
the S3-specific branch so they apply to both storage backends.
2026-02-22 00:00:11 +01:00
kolaente 519f66a51f fix: detect and store mime type when creating file attachments
Use mimetype.DetectReader in files.Create to automatically detect and
store the MIME type from file content. This fixes task attachment
previews, S3 Content-Type headers, and UI display for newly uploaded
files.
2026-02-22 00:00:11 +01:00
Frederick [Bot] 05ff67b681 chore(i18n): update translations via Crowdin 2026-02-21 01:09:54 +00:00
Frederick [Bot] 3ce8c5bdda [skip ci] Updated swagger docs 2026-02-19 13:35:37 +00:00
kolaente c12bbbe93e feat(comments): support order_by query parameter in comments API
Add an OrderBy field to the TaskComment struct with a query:"order_by"
tag so that the frontend can request ascending or descending comment
order. The value is validated to only accept "asc" or "desc", defaulting
to "asc". Also adds the corresponding swagger @Param annotation.
2026-02-19 14:20:52 +01:00
kolaente 0026c74fb5 fix(tests): properly assert sort order including task47 in web tests
Restore full sort-order assertions that verify task47 appears at the
end of priority-sorted results. The previous fix incorrectly removed
the trailing `]` which meant the tests no longer verified the last
element in the sorted array.
2026-02-19 12:40:29 +01:00
kolaente c3e223887d fix(tests): update web test assertions for new task47 fixture
Remove trailing `]` from JSON substring assertions in priority sort
tests since task47 now appears after the previously-last task in the
sort order.
2026-02-19 12:40:29 +01:00
kolaente 1943d6993c fix: only merge range comparators in sub-table filter grouping
Restrict the AND-joined sub-table filter merging to range comparators
(>, >=, <, <=) only. Equality and negative comparators (=, !=, in,
not in) must remain as separate EXISTS/NOT EXISTS subqueries because
each matching value lives in its own row.

Merging equality filters like `labels = 4 && labels = 5` into a single
EXISTS would produce an unsatisfiable condition (no single row has
label_id=4 AND label_id=5). Merging negative filters like
`labels != 4 && labels != 5` into NOT EXISTS(label_id IN 4 AND
label_id IN 5) would be trivially true.

Also fix the join tracking to use the first filter's join type
(how the group connects to the previous element) instead of the last.
2026-02-19 12:40:29 +01:00
kolaente 302b58dac0 style: fix alignment in test case 2026-02-19 12:40:29 +01:00
kolaente a93f6bf160 test: add OR-joined reminder filter regression test
Verify that OR-joined conditions on the same sub-table still produce
separate EXISTS subqueries and match independently, as expected.
2026-02-19 12:40:29 +01:00
kolaente d1901f46c3 test: update expected task index after adding task #47 fixture
Task #47 in project 1 has index 32, so the next auto-assigned index
is now 33 instead of 18.
2026-02-19 12:40:29 +01:00
kolaente c034e431cb fix: merge AND-joined sub-table filters into single EXISTS subquery
When multiple AND-joined filter conditions target the same sub-table
(e.g., reminders > X && reminders < Y), they are now combined into
a single EXISTS subquery so that all conditions must be satisfied by
the same row. Previously, each condition generated a separate EXISTS
subquery that could match different rows, causing false positives.

Fixes #2245
2026-02-19 12:40:29 +01:00
kolaente cd72231502 test: add failing test for sub-table filter multi-row matching bug #2245
Add task47 variable (with reminders straddling the test window) and new
test cases that verify AND-joined sub-table filters match the same row.
The test "filtered reminder dates should not match task with reminders
outside window" will fail until the fix is applied.
2026-02-19 12:40:29 +01:00
kolaente 6733ac4e22 test: add task #47 with reminders outside window for bug #2245
Add a second reminder to task 2 (in 2019, outside the test window)
and create task #47 with two reminders that straddle the test window
(2018-08-01 and 2019-03-01) but neither falls inside it. This exposes
the multi-row matching bug where separate EXISTS subqueries can match
different rows in the same sub-table.
2026-02-19 12:40:29 +01:00
Mattia Maglie 8779a28d1d
fix: prevent duplicated sql condition in filters (#1546)
Proposing the fix as in #1545

Co-authored-by: mattia.maglie <mattia.maglie@alispa.com>
Co-authored-by: kolaente <k@knt.li>
2026-02-18 17:02:25 +01:00
Quiwy 6dbc108be8
feat(auth): allow LDAP authentication with anonymous bind (#2226)
As discussed on Matrix, Vikunja currently prevents users from using LDAP
authentication if the server allows anonymous binds (common in local
environments like YunoHost). The application would previously trigger a
`log.Fatal` if `AuthLdapBindDN` or `AuthLdapBindPassword` were left
empty in the configuration.

#### **How this fixes the problem:**

* **Validation:** Removed the strict requirement for Bind credentials in
`InitializeLDAPConnection`.
* **Connection Logic:** Updated `ConnectAndBindToLDAPDirectory` to
attempt an `UnauthenticatedBind` from the `go-ldap` library when no
credentials are provided.
* **Safety:** If a Bind DN is provided, the behavior remains unchanged
(authenticated bind).

#### **Testing:**

* Tested manually on a **YunoHost** instance by replacing the binary.
* Confirmed that Vikunja now successfully starts and authenticates users
via the local LDAP (localhost) without requiring a service account.
* Added a basic unit test in `pkg/modules/auth/ldap/ldap_test.go` to
ensure the initialization logic doesn't crash with empty credentials.

*Note: This is my first contribution to a Go project (assisted by an LLM
for syntax). Feedback on code style is more than welcome!*
2026-02-17 22:24:35 +01:00
John Starich b2715bb56d refactor: use Go idioms for running tests 2026-02-17 18:01:05 +01:00
John Starich 591a646f84 refactor: remove environment variable requirements for go test 2026-02-17 18:01:05 +01:00
Micah 31da3c4533
fix(migration): make migration from Microsoft Todo work for those with previously migrated wunderlist accounts (#2126) 2026-02-17 16:54:03 +01:00
Martin Lindvik e3695c17c6
feat: add Swedish for language selection (#2248)
The Swedish translations were finished on crowdin recently but I noticed
that the language selection was still missing so I went ahead and added
it.
2026-02-17 14:32:01 +00:00
kolaente 79d0942780 fix: use DelPrefix in upload avatar FlushCache to clear all cached sizes
FlushCache was using keyvalue.Del with the base key
(avatar_upload_{userID}) but the actual cache entries are stored with
size suffixes (avatar_upload_{userID}_{size}). The Del call targeted a
key that never existed, so cached avatars were never invalidated.

Switch to keyvalue.DelPrefix to delete all size variants at once,
matching the pattern the gravatar provider already uses correctly.
2026-02-13 09:31:28 +01:00
kolaente c93fa1b4ae test: add failing test for upload avatar FlushCache
The test populates the cache with multiple size-suffixed keys
and verifies that FlushCache removes all of them. Currently fails
because FlushCache uses Del with the base key which doesn't match
the actual size-suffixed cache keys.
2026-02-13 09:31:28 +01:00
Frederick [Bot] be4fb77981 chore(i18n): update translations via Crowdin 2026-02-10 01:25:29 +00:00
kolaente e90cb2631d fix(auth): remove unnecessary fields from JWT token payloads
Remove email, name, emailRemindersEnabled, and isLocalUser from user JWT
claims, and isLocalUser from link share JWT claims. These fields are never
used from the token - the backend always fetches the full user from the
database by ID, and the frontend fetches user data from the /user API
endpoint immediately after login.

Also simplify GetUserFromClaims to only extract id and username, and
remove the now-unnecessary email override in the frontend's
refreshUserInfo.
2026-02-08 21:30:07 +01:00
kolaente 0e05d1cc9d
fix(log): write each log category to its own file (#2206)
Previously, `makeLogHandler()` hardcoded "standard" as the logfile name
passed to `getLogWriter()`, causing all log categories (`database`,
`http`, `events`, `mail`) to write to `standard.log` instead of their
own files.

Add a logfile parameter to `makeLogHandler()` so each caller specifies
its category name, producing `database.log`, `http.log`, `echo.log`,
`events.log`, and `mail.log` as expected.

Fixes https://github.com/go-vikunja/vikunja/issues/2177
2026-02-08 15:22:58 +00:00
kolaente b6974ffcfd
feat: add UNSIGNED-PAYLOAD config option for S3-compatible stores (#2205)
Adds `files.s3.disablesigning` config option that sends
`UNSIGNED-PAYLOAD` instead of computing SHA256 hashes for S3 request
signing which fixes `XAmzContentSHA256Mismatch` errors with
S3-compatible providers like Ceph RadosGW and Clever Cloud Cellar

Resolves https://github.com/go-vikunja/vikunja/issues/2181
2026-02-08 15:03:19 +00:00
kolaente bcfde14b14 fix(backgrounds): stream unsplash download to temp file instead of memory
Use a temp file instead of io.ReadAll to avoid buffering the entire
Unsplash image in RAM, which could cause OOM with large images or
high maxsize configuration.
2026-02-08 15:31:25 +01:00
kolaente 0d395a9e5d refactor(files): remove redundant seek operations in writeToStorage
Move the seek-to-start into the local file branch only and simplify
contentLengthFromReadSeeker to seek to end then back to 0 instead of
saving/restoring the original position. This reduces the S3 upload
path from 5 seek operations to 2.
2026-02-08 15:31:25 +01:00
kolaente 56a0ea44cf fix(backgrounds): avoid integer overflow in max size calculation
Keep maxSize as uint64 and cast safely when comparing with
resp.ContentLength to avoid potential integer overflow.
2026-02-08 15:31:25 +01:00
kolaente ea78e87147 fix(dump): limit copy size to prevent decompression bombs
Use io.CopyN with a max size limit when extracting files from zip
archives during restore to prevent potential DoS via decompression bombs.
2026-02-08 15:31:25 +01:00
kolaente 19f6e4b7c9 fix(backgrounds): enforce max file size for unsplash downloads
Check Content-Length and use io.LimitReader to prevent OOM from
unexpectedly large unsplash responses before buffering into memory.
2026-02-08 15:31:25 +01:00
kolaente 41b511b322 fix(files): seek to start before writing for consistent behavior
Both local and S3 backends now seek to position 0 before writing,
ensuring consistent behavior regardless of the reader's current offset.
2026-02-08 15:31:25 +01:00
kolaente ab705d7d21 fix(dump): stream files during restore to avoid memory pressure
Use a temporary file instead of io.ReadAll when restoring attachments
from a dump. This prevents loading entire files into memory, which could
cause OOM errors for large attachments during restore.
2026-02-08 15:31:25 +01:00
kolaente 82933a0836 test(files): update tests for io.ReadSeeker API
- Replace custom testfile structs with bytes.NewReader
- Remove readerOnly wrapper and non-seekable reader tests (no longer
  possible at the type level)
- Update S3 unit tests to remove temp file assertions
2026-02-08 15:31:25 +01:00
kolaente dbd74491c4 fix(files): update all callers to provide seekable readers for S3 uploads
Update all code paths that pass file content to the storage layer to
provide io.ReadSeeker instead of io.Reader:

- Avatar upload: use bytes.NewReader instead of bytes.Buffer
- Background upload handler: use bytes.NewReader instead of bytes.Buffer
- Unsplash background: buffer response body into bytes.NewReader
- Dump restore: buffer zip entry into bytes.NewReader
- Migration structure: pass bytes.NewReader directly instead of wrapping
  in io.NopCloser
- Task attachment: change NewAttachment parameter from io.ReadCloser to
  io.ReadSeeker
2026-02-08 15:31:25 +01:00
kolaente 728a3e4f7b fix(files): require io.ReadSeeker for S3 uploads, remove temp file fallback
The S3 upload path used temp files (vikunja-s3-upload-*) to buffer
non-seekable readers. In Docker containers with restrictive permissions,
these temp files could not be created, causing "permission denied"
errors for avatar and background image uploads.

By changing the file storage API (Create, CreateWithMime,
CreateWithMimeAndSession, Save) to require io.ReadSeeker instead of
io.Reader, the temp file fallback is no longer needed and is removed.
This enforces at the type level that all callers provide seekable
readers, preventing this class of bug from recurring.

Closes go-vikunja/vikunja#2185
2026-02-08 15:31:25 +01:00
kolaente 7fce4694fa
refactor(db): extract testable ResolveDatabasePath function (#2193)
Add DatabasePathConfig struct and ResolveDatabasePath function that
takes all dependencies as parameters, making it easier to test path
resolution logic in isolation. Should also fix the reported cases.

Resolves #2189
2026-02-08 10:47:57 +00:00
kolaente acbf751ba0
feat(doctor): add user namespace detection and improved storage diagnostics (#2180)
This PR adds support for detecting and handling Linux user namespaces (commonly used in rootless Docker containers) and improves error diagnostics when file storage validation fails.

Docs PR: https://github.com/go-vikunja/website/pull/289

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-02-01 11:57:35 +01:00
Frederick [Bot] e6e7b26a6e [skip ci] Updated swagger docs 2026-01-30 14:14:52 +00:00
rhclayto cf029cef0c
feat: add option to send Basic Auth header with webhook requests (#2137)
Resolves https://github.com/go-vikunja/vikunja/issues/2136
Docs PR: https://github.com/go-vikunja/website/pull/284
2026-01-30 15:07:31 +01:00
kolaente a89b1bed85
feat(doctor): add detailed file diagnostics for local storage (#2179)
When using local file storage, the doctor command now reports:
- Whether the files directory exists
- Directory permissions (octal mode)
- Directory owner and group with uid/gid (Unix)
- Ownership mismatch warning if Vikunja runs as a different user
- Total number of stored files and their combined size

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-01-30 10:23:39 +00:00
XiangCany d238385199
fix(files): make sure base directory exists when using local file system (#2166)
Resolves  #2162
2026-01-27 13:11:44 +01:00
kolaente 3aa1e90d7f
feat: add vikunja doctor command for diagnostic checks (#2165)
Add a new `vikunja doctor` CLI command that performs diagnostic checks.

Checks performed:

- **System**: Version, Go version, OS/arch, running user, working
directory
- **Configuration**: Config file path, public URL, JWT secret, CORS
origins
- **Database**: Connection test, server version
(SQLite/MySQL/PostgreSQL)
- **Files**: Storage path, writability, disk space (Unix only)
- **Optional services** (when enabled):
  - Redis: Connection ping
  - Typesense: Health endpoint
  - Mailer: SMTP connection
  - LDAP: Bind authentication test
  - OpenID Connect: Discovery endpoint for each configured provider
2026-01-27 09:12:31 +00:00
kolaente 28593e6460
fix: use dark shadows for email template in dark mode (#2155) 2026-01-26 15:46:44 +01:00
kolaente b21c9acb0d fix(routes): restore SPA routing after Echo v5 upgrade
In Echo v5, the 404 error for unmatched routes implements the
HTTPStatusCoder interface but is not a *HTTPError. This caused
the static middleware to fail to catch 404s and serve index.html
for SPA routes, leading to reloading SPA routes returning 404.

Caused by regression introduced in 9a61453e8.

Fixes #2149
Fixes #2152
2026-01-25 11:07:48 +01:00
renovate[bot] 9a61453e86
fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131)
Closes https://github.com/go-vikunja/vikunja/pull/2133

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2026-01-24 20:38:32 +01:00
kolaente 4df8da549e fix(auth): scope query binding
Resolves https://github.com/go-vikunja/vikunja/issues/2146
2026-01-24 17:51:35 +01:00
kolaente 731b7c3001
fix: avoid mutating global http.DefaultClient in webhook proxy (#2145)
Fixes a bug where the webhook HTTP client was mutating `http.DefaultClient` (the global singleton), causing ALL HTTP requests in the application to use the webhook proxy. This broke OIDC authentication and other external HTTP calls when webhook proxy was configured.

Fixes #2144
2026-01-24 13:58:47 +01:00
kolaente 0cd25f47e5
fix: populate complete entity data in deletion event webhooks (#2135)
Fixes webhook payloads for deletion events that were previously
containing incomplete or empty entity data. This occurred because
entities were being deleted from the database before the webhook event
was dispatched.

## Changes

This PR implements four targeted fixes to ensure complete entity data in
deletion event webhooks:

### 1. TaskAssignee Deletion (`pkg/models/listeners.go`)
- Extended `reloadEventData()` to fetch full assignee user data by ID
- Webhook payload now includes complete user object (username, email,
timestamps, etc.)

### 2. TaskComment Deletion (`pkg/models/task_comments.go`)
- Modified `Delete()` to call `ReadOne()` before deletion
- Ensures comment text, author, and timestamps are included in webhook
payload
- Follows the same pattern used by `Task.Delete()` and
`TaskAttachment.Delete()`

### 3. TaskAttachment Deletion (`pkg/models/task_attachment.go`)
- Extended `ReadOne()` to fetch the `CreatedBy` user
- Webhook payload now includes file creator information

### 4. TaskRelation Deletion (`pkg/models/task_relation.go`)
- Modified `Delete()` to fetch complete relation including `CreatedBy`
user before deletion
- Webhook payload now includes relation timestamps and creator
information

Fixes #2125
2026-01-24 12:50:18 +01:00
renovate[bot] 843ef7218a
fix(deps): update module github.com/fclairamb/afero-s3 to v0.4.0 (#2087) 2026-01-15 16:21:16 +01:00
rhclayto c5969d9898
feat: add configurable gravatar-compatible base URL (#2083)
This adds the ability to set a base URL for a Gravatar-compatible avatar
service (Gravatar itself, or Libravatar, for instance). The default will
be www.gravatar.com, so nothing will change from current behaviour unless
the user explicitly configures another URL.

Resolves #2082
2026-01-13 14:58:08 +01:00
kolaente 534483f237 fix(filter): ensure year is always within mysql allowed range
Fixes https://github.com/go-vikunja/vikunja/issues/2077
2026-01-09 23:11:22 +01:00
kolaente e085fcaef2
feat(migration/todoist): migrate from Sync API v9 to API v1 (#2072)
Migrates the Todoist migration module from the deprecated Sync API v9 to the new unified Todoist API v1.
2026-01-09 22:50:27 +01:00
kolaente 8987f0890a
fix(mail): disable queue when mailer disabled (#2069)
- Don't create the mail queue when the mailer is disabled to prevent
`SendMail()` from blocking indefinitely
- Add guard clause in `SendMail()` to return early when mailer is
disabled or queue is nil
- Add test to verify notifications don't block when mailer is disabled

This implements the changes from #1080 with the review feedback
addressed (using `package notifications` instead of `package
notifications_test`).


Closes #1080
2026-01-08 15:51:31 +01:00
kolaente 6c7a800bf4
fix: set log path before creating log handler (#2064)
Resolves #2020
2026-01-08 13:53:08 +00:00
kolaente 39b4568bc5
refactor: centralize HTTP error handling (#2062)
This changes the error handling to a centralized HTTP error handler in `pkg/routes/error_handler.go` that converts all error types to proper HTTP responses. This simplifies the overall error handling because http handler now only need to return the error instead of calling HandleHTTPError as previously.
It also removes the duplication between handling errors with and without Sentry.

🐰 Hop along, dear errors, no more wrapping today!
We've centralized handlers in a shiny new way,
From scattered to unified, the code flows so clean,
ValidationHTTPError marshals JSON supreme!
Direct propagation hops forward with glee,
A refactor so grand—what a sight to see! 🎉
2026-01-08 10:02:59 +00:00
kolaente 4f31300915 fix(export): use os-level temp file to create user data export 2026-01-08 10:37:51 +01:00
kolaente 49af08d3f6
feat(filters): add UI for marking saved filters as favorites (#2055)
This PR adds UI support for marking saved filters as favorites. The backend already supports the `is_favorite` field for saved filters, but the frontend didn't expose this functionality. Users can now favorite/unfavorite saved filters just like regular projects.
2026-01-07 16:21:41 +00:00
kolaente 7365de257d
feat(files): validate file storage is writable on startup (#2053)
Adds startup validation that checks if the configured file storage is writable. To do this, Vikunja now tries to create a temporary file and clean it up afterwards.
2026-01-06 16:29:56 +01:00
Samuel Rodda 3a47c062da
fix(filters): preserve IsFavorite for saved filters in ReadOne (#2031)
- Saved filters' `IsFavorite` field was not being properly returned when
fetched as pseudo-projects via `/projects/{id}`
- This caused favorited filters to appear in both the Favorites and
Filters sections initially, but then disappear from Favorites after
clicking on them (navigating to the filter)

Fixes #1989

Co-authored-by: iamsamuelrodda <iamsamuelrodda@users.noreply.github.com>
2026-01-06 15:17:17 +00:00
kolaente 6f0b685e38
fix: handle mixed-format bucket configurations in migration (#2033)
This change modifies the migration `20251001113831` to flexibly parse bucket configuration filters. 

This fixes this migration issue:

```
json: cannot unmarshal object into Go struct field bucketConfigurationCatchup.filter of type string
```

This occurred when a single `bucket_configuration` JSON array contained
mixed formats - some buckets with old string filters and some with
already-converted object filters.
2026-01-05 22:30:10 +01:00
kolaente c6fe4c1a6e fix(auth): retry up to three times when an auth provider cannot be reached
Resolves https://github.com/go-vikunja/vikunja/issues/2050
2026-01-05 21:50:40 +01:00
kolaente a9adc3490d
fix(positions): detect and repair duplicate task positions automatically (#1998)
Relates to:
https://community.vikunja.io/t/reordering-not-possible-position-value-the-same-for-different-tasks/4078

Duplicate positions can occur due to race conditions or historical bugs, causing tasks to appear in the wrong order or jump around when the page is refreshed.

This change adds a `repair-task-positions` CLI command to detect and resolve task position conflicts, with dry-run preview option.
Also implemented automatic conflict detection and resolution to ensure
unique task positions.

🐰 Positions once conflicted, clustered tight,
But now we nudge them back into the light!
MinSpacing guards precision from decay,
While conflicts heal and duplicates give way. 
2025-12-20 19:38:28 +01:00
kolaente 82558dba87
fix(filters): ensure saved filter views never have position=0 (#1996)
Fixes #724 - Tasks in saved filter views get `position: 0` when they first appear in the filter, causing drag-and-drop sorting to not persist correctly.

**Changes:**
- Remove harmful `Position: 0` inserts from cron job and
`SavedFilter.Update` - `RecalculateTaskPositions` already creates
positions with proper values, so the intermediate inserts created a race
window
- Add on-demand position creation when fetching tasks for saved filter
views - safety net for newly matching tasks before the cron runs
- Add 5 new tests covering the fix and regression scenarios

🐰 Positions once zero, now bloom with care,
Sorted with grace, no more despair,
When filters call and tasks appear,
Numbers spring up, crystal clear!
Issue 724 hops away—
Sorting's fixed to stay, hooray! 🎉
2025-12-16 22:13:40 +00:00
kolaente 4afd223cd3
fix(files): upload should work with vhost style (#1994)
resolves https://github.com/go-vikunja/vikunja/issues/1905
2025-12-16 20:32:15 +00:00
Frederick [Bot] 3f48837b8c [skip ci] Updated swagger docs 2025-12-15 15:44:47 +00:00
kolaente 0b3decd869
fix: ensure API consistency for /tasks and empty array responses (#1988)
- Renames the `/tasks/all` endpoint to `/tasks` for consistency with
other collection endpoints like `/projects` and `/labels`
- Returns `[]` instead of `null` for empty pagination results across all
list endpoints
- Updates the frontend service to use the new endpoint path
- Updates API token tests to use the new endpoint path

Fixes #1984
2025-12-15 15:34:13 +00:00
kolaente 62799c129b fix(caldav): do not assume the first element is the VTODO component
Cherry-Picked from https://github.com/go-vikunja/vikunja/pull/748#issuecomment-3649092134
2025-12-13 15:30:22 +01:00
Frederick [Bot] 803effbb8f chore(i18n): update translations via Crowdin 2025-12-12 00:59:39 +00:00
kolaente fb7764d9f1
feat: format user mentions with display names in email notifications (#1930)
Email notifications now display user mentions with inline avatar images for improved visual recognition and easier identification. Mentions gracefully fall back to display names if avatars are unavailable.
2025-12-10 12:39:05 +01:00
kolaente d4eccccbfe fix(reminders): only send reminders to active users 2025-12-10 10:56:19 +01:00
Frederick [Bot] 34c560eca8 chore(i18n): update translations via Crowdin 2025-12-10 00:59:00 +00:00
kolaente 542626fa7f
fix: deduplicate gravatar fetches to respect rate limits (#1955)
- avoid redundant concurrent Gravatar requests by coordinating fetches
per avatar cache key
- reuse cache lookups when requests are already cached and simplify
expiration checks
2025-12-08 22:42:58 +01:00
kolaente 0a78f7608a
feat: add --preserve-config flag to restore command (#1939)
Add a new `--preserve-config` flag to the restore command that allows
users to restore database and files from a dump while keeping their
existing configuration file untouched.
2025-12-07 21:44:45 +00:00
kolaente 112df4a752 fix(caldav): init logger in tests 2025-12-04 11:10:19 +01:00
kolaente da0822c3f4 feat(caldav): add more error logging 2025-12-04 10:54:31 +01:00
Copilot 7cf2a6886e
fix: clear error when duplicating project with uploaded background (#1926)
Resolves https://github.com/go-vikunja/vikunja/issues/1745

- [x] Understand the issue from GitHub issue #1745
- [x] Analyze the codebase to locate the bug in
`duplicateProjectBackground` function
- [x] Fix the bug: return nil explicitly at the end of
duplicateProjectBackground
- [x] Add test for duplicating a project with an uploaded background (as
subtest)
- [x] Run tests and verify the fix
- [x] Run code review and address any feedback
- [x] Run CodeQL security scan

## Summary of Changes

### Problem
When duplicating a project with an uploaded (non-Unsplash) background
image, users encounter an internal server error (HTTP 500). The backend
logs show: `file was not downloaded from unsplash [FileID: X]`

### Root Cause
The `duplicateProjectBackground` function in
`pkg/models/project_duplicate.go` uses named returns. When
`GetUnsplashPhotoByFileID` returns `ErrFileIsNotUnsplashFile` for an
uploaded background, the error was intentionally ignored (to proceed
with copying the file) but not cleared from the named return variable.
This caused the error to be returned at the end of the function via the
bare `return` statement, triggering a 500 response.

### Solution
Changed the bare `return` at the end of `duplicateProjectBackground` to
`return nil` explicitly.

### Changes
1. **`pkg/models/project_duplicate.go`**: Changed bare `return` to
`return nil` at the end of `duplicateProjectBackground`
2. **`pkg/models/project_duplicate_test.go`**: Added subtest "duplicate
project with uploaded background" to `TestProjectDuplicate`

### Testing
- All existing tests pass
- Added subtest to `TestProjectDuplicate` for uploaded background
scenario (project 35 with non-Unsplash background)

### Security Summary
- No security vulnerabilities found by CodeQL
- Code review passed

<!-- START COPILOT CODING AGENT SUFFIX -->



<details>

<summary>Original prompt</summary>

> # Duplicate project with uploaded background - Implementation Plan
> 
> ## Overview
> Users encounter an internal server error when duplicating a project
that uses an uploaded background image (non-Unsplash). The b
> ackend attempt to copy the background leaves a non-Unsplash error
(`ErrFileIsNotUnsplashFile`) in a named return value, causing
> the duplication API call to fail even though the error should be
ignored. We need to adjust the duplication flow to allow upload
> ed backgrounds and add regression tests.
> 
> ## Current State Analysis
> - Project duplication calls `duplicateProjectBackground` to copy the
background file. The helper tries to copy a downloaded Unsp
> lash image and returns `ErrFileIsNotUnsplashFile` for uploaded files.
> - In the duplication code, the error variable is not cleared after
intentionally ignoring this specific error, so the function s
> till returns the error and triggers a 500 response.
> - There are no automated regression tests covering project duplication
with uploaded backgrounds.
> 
> ### Key Discoveries
> - The duplication logic treats Unsplash and uploaded backgrounds
differently and only clears the Unsplash download error, leavin
> g the non-Unsplash error set.
> - The API currently works for Unsplash backgrounds but fails for
uploaded backgrounds due to the lingering error value.
> 
> ## Desired End State
> - Duplicating a project succeeds for both Unsplash and uploaded
backgrounds.
> - Uploaded background files (and their metadata) are copied correctly
to the new project when possible, or gracefully skipped wi
> thout failing duplication.
> - Regression tests cover duplication with both background types to
prevent future regressions.
> 
> ## What We're NOT Doing
> - No changes to the background upload endpoints or UI selection
workflow.
> - No changes to Unsplash download behavior or quota handling.
> - No new migration or database schema changes.
> 
> ## Implementation Approach
> 1. Fix backend duplication error handling so uploaded backgrounds do
not cause a fatal error.
> 2. Add backend tests to cover duplication with uploaded backgrounds
and Unsplash backgrounds (success paths) and verify duplicat
> ion works without returning 500 errors.
> 3. Ensure tests document the expected behavior and guard against
regressions.
> 
> ## Phase 1: Fix duplication error handling
> ### Overview
> Make project duplication tolerate uploaded backgrounds by clearing or
not propagating `ErrFileIsNotUnsplashFile` once it has bee
> n intentionally ignored.
> 
> ### Changes Required
> - **File:** `pkg/models/projects.go` (or relevant duplication helper)
> - Adjust `duplicateProjectBackground` (or the calling logic) to reset
the named return error after handling `ErrFileIsNotUnspl
> ashFile`, ensuring the function returns `nil` when no real error
occurs.
> - Keep existing behavior for other errors and for Unsplash downloads.
> 
> ### Success Criteria
> - Uploaded background duplication no longer returns an internal server
error.
> - Unsplash background duplication remains functional and still
surfaces real errors.
> 
> ## Phase 2: Add regression tests
> ### Overview
> Add automated tests verifying project duplication works for both
uploaded and Unsplash backgrounds.
> 
> ### Changes Required
> - **File:** `pkg/models/projects_test.go` (or closest existing test
file for project duplication)
> - Add a test that sets up a project with an uploaded background file,
duplicates the project, and asserts duplication succeeds
>  and the duplicated project has an appropriate background reference.
> - Add/adjust test coverage for Unsplash background duplication to
confirm unchanged behavior.
> - Use existing fixtures or temporary files as needed for uploaded
background setup.
> 
> ### Success Criteria
> - Tests fail on current main branch but pass after the fix.
> - Tests validate that duplication completes without 500 errors for
both background types.
> 
> ## Testing Strategy
> - Automated Go tests via `mage test:filter` targeting the new
duplication tests.
> - Optionally run the broader suite (`mage test:feature`) if time
permits to ensure no regressions.
> 
> ## Manual Verification
> 1. Create a project and upload a background via the UI; duplicate it;
observe duplication succeeds and background is present or
> gracefully handled.
> 2. Create a project with an Unsplash background; duplicate it; verify
duplication succeeds.
> 3. Check API responses for duplication calls to ensure no internal
server errors.


</details>



<!-- START COPILOT CODING AGENT TIPS -->
---

💬 We'd love your input! Share your thoughts on Copilot coding agent in
our [2 minute survey](https://gh.io/copilot-coding-agent-survey).

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-12-04 10:16:16 +01:00
Frederick [Bot] cec8daba59 chore(i18n): update translations via Crowdin 2025-12-04 00:57:27 +00:00
Copilot 166da9763d
fix: handle MySQL 8 CREATE INDEX without IF NOT EXISTS support (#1903) 2025-11-28 15:57:54 +00:00
kolaente 7f5a08b316
fix(tasks): make sure all users get overdue reminder mails (#1901)
Fixes a regression introduced in 2a43f9b076

Resolves https://github.com/go-vikunja/vikunja/issues/1581
2025-11-28 11:06:47 +01:00
Frederick [Bot] f7e91f4b19 chore(i18n): update translations via Crowdin 2025-11-28 00:54:33 +00:00
kolaente 869a8b0ab9
fix(sharing): use the highest team sharing permission when sharing the same project with multiple teams (#1894) 2025-11-27 22:25:06 +01:00
kolaente 51512c1cb4
feat: migrate cypress e2e tests to playwright (#1739) 2025-11-27 16:34:48 +01:00
Frederick [Bot] 23a6ae19ea [skip ci] Updated swagger docs 2025-11-27 14:22:39 +00:00
Mithilesh Gupta 7dddc5dfa2
feat: task unread tracking (#1857)
---------

Co-authored-by: Mithilesh Gupta <guptamithilesh@protonmail.com>
Co-authored-by: kolaente <k@knt.li>
2025-11-27 15:14:42 +01:00
kolaente a4aad79f53
fix: TickTick import (#1871)
This change fixes a few issues with the TickTick import:

1. BOM (Byte Order Mark) Handling: Added stripBOM() function to properly handle UTF-8 BOM at the beginning of CSV files
2. Multi-line Status Section: Updated header detection to handle the multi-line status description in real TickTick exports
3. CSV Parser Configuration: Made the CSV parser more lenient with variable field counts and quote handling
4. Test Infrastructure: Added missing logger initialization for tests
5. Field Mapping: Fixed the core issue where CSV fields weren't being mapped to struct fields correctly

The main problem was in the newLineSkipDecoder function where:
- Header detection calculated line skip count on BOM-stripped content
- CSV decoder was also stripping BOM and applying the same skip count
- This caused inconsistent positioning and empty field mapping

Rewrote the decoder to use a scanner-based approach with consistent BOM handling.

Resolves https://github.com/go-vikunja/vikunja/issues/1870
2025-11-25 22:32:39 +00:00
Frederick [Bot] fd9693cb6a chore(i18n): update translations via Crowdin 2025-11-24 00:59:57 +00:00
Weijie Zhao cfab3ff922
fix: update mention format to use custom HTML element with usernames (#1843) 2025-11-21 15:29:15 +01:00
rudd6617 b6dcde7f6c
chore(i18n): add Traditional Chinese locale and translations (#1839) 2025-11-20 13:42:31 +01:00
Copilot 9d0633268a
fix: prevent panic in webhook listener when fetching project (#1848)
This fixes a panic that occurred when handling webhooks. The code was
incorrectly using webhook.CreatedByID (user ID) to fetch a project,
when it should use webhook.ProjectID. This could cause GetProjectSimpleByID
to return nil if no project exists with that ID.

Additionally, added a nil check before calling project.ReadOne() to prevent
a nil pointer dereference panic when accessing p.ID.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-11-19 14:43:08 +00:00
Frederick [Bot] 79aaa2a906 chore(i18n): update translations via Crowdin 2025-11-19 00:56:08 +00:00
Copilot 5f795bb531
fix: self-assignment notification to use "themselves" instead of repeating username (#1836)
When a user assigns a task to themselves, notifications to other users now
correctly say "User A assigned Task #123 to themselves" instead of
"User A assigned Task #123 to User A"

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-11-17 23:07:48 +00:00
kolaente 9b78584734
fix(events): only trigger task.updated once when marking task done
Resolves https://github.com/go-vikunja/vikunja/issues/1724
2025-11-16 11:01:15 +01:00
kolaente f96601bf18
fix(webhook): make sure the payload always contains a fully loaded project 2025-11-16 10:48:53 +01:00
Copilot 7729a3dcad
fix: HTML entity double-escaping in email notifications (#1829)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-11-15 21:37:09 +01:00
Copilot f2a1348c51
feat: add thread IDs to task notification emails for client-side threading (#1826)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-11-15 18:58:32 +01:00
Biagio00 5b42724205
fix(kanban): repeating tasks dates won't update when moved in done bucket (#1638) 2025-11-14 16:57:53 +00:00
Frederick [Bot] 7a0b55307b chore(i18n): update translations via Crowdin 2025-11-13 00:56:40 +00:00
Copilot 9c81afb7b2
feat: replace PNG-based initials avatar with SVG generation (#1802)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-11-12 22:26:52 +00:00
kolaente dcfd096588
feat: allow setting dark custom logo
Resolves https://github.com/go-vikunja/vikunja/issues/1799
2025-11-12 21:07:01 +01:00
kolaente 8862b6f69d
fix(migration): return proper error message when request fails
Related to https://github.com/go-vikunja/vikunja/issues/1788
2025-11-12 20:25:17 +01:00
kolaente 9efc0baf50
fix(migration): add retry to migration request helper
Resolves https://github.com/go-vikunja/vikunja/issues/1788
2025-11-12 20:10:32 +01:00
Frederick [Bot] a153fc8c25 [skip ci] Updated swagger docs 2025-11-11 22:08:06 +00:00
Mithilesh Gupta 01a84dd2d5
feat: add comment count to tasks (#1771) 2025-11-11 23:00:05 +01:00
kolaente 22fc19cd24
fix: ignore filter_include_nulls from views
The filter_include_nulls property from the filter in a view would override the property set through the query string. Because we don't have a way in the UI to set this for filters in views, this makes the setting pretty opaque and unpredictable. Since we want to remove the nulls option anyways, we can just ignore it here.

Resolves https://github.com/go-vikunja/vikunja/issues/1781
2025-11-11 11:04:33 +01:00
Weijie Zhao 43a5ae1309
feat: enable user mentions in task description & comments (#1754) 2025-11-09 19:42:38 +01:00
Weijie Zhao 4fe0763010
fix: properly quote email sender names containing @ symbols (#1768)
When user names contain @ symbols, the email library fails to parse
the sender address format "Name @ Symbol via Vikunja <email@domain.com>".
This fix uses Go's net/mail.Address to properly format the sender
address according to RFC 5322, which automatically quotes names
containing special characters.

Fixes the error: "getting sender address: no FROM address set"
2025-11-07 11:44:24 +01:00
Panagiotis Papadopoulos f83bd60915
fix: 403 http error code on failed login (#1756) 2025-11-06 08:40:46 +01:00
Weijie Zhao bc1368abcc
feat: add S3 file storage support (#1688) 2025-11-06 08:37:04 +01:00
kolaente 541a38456e
chore(deps): update golangci-lint to 2.6.0 (#1737) 2025-10-31 17:28:52 +00:00
kolaente c8837aeaeb
fix(filters): support project filter in parentheses (#1647)
The filter regex pattern was not matching values inside parentheses correctly.
The lookahead pattern only allowed `&&`, `||`, or end-of-string after filter
values, but when filters are wrapped in parentheses like `( project = Filtertest )`,
the closing `)` appears after the value.

Fixed by adding `\)` to the lookahead pattern so it correctly handles closing
parentheses. This allows the project filter (and other filters) to work
properly when nested in parentheses.

- Added tests for project filters in parentheses (both frontend and backend)
- Backend tests confirm the backend already handled this correctly
- Frontend regex pattern now matches the backend behavior

Fixes #1645
2025-10-13 11:10:22 +02:00
kolaente 2a43f9b076 fix(reminders): refactor and check permissions when fetching task users 2025-10-09 13:33:27 +02:00
kolaente 9358954c90 fix: cleanup team memberships, assignments and subscriptions when users lose access to a project 2025-10-09 13:33:27 +02:00
kolaente 2dd36ad0a9
fix(sharing): make editing link share comments work
Resolves https://github.com/go-vikunja/vikunja/issues/1510
2025-10-09 10:53:18 +02:00
kolaente 7da2942ca6
fix: correctly set database path on windows (#1616) 2025-10-09 08:38:01 +00:00
kolaente db6b82a002
fix: task.comment.deleted triggers panic in event listener which sends webhook (#1621)
Co-authored-by: Gabriel <fossecruor@gmail.com>
2025-10-08 21:46:57 +00:00
kolaente d33e742961
chore: make condition simpler 2025-10-07 10:56:03 +02:00
kolaente 1b02f78eee
fix(filter): check date boundary after timezone conversion
Resolves https://github.com/go-vikunja/vikunja/issues/1605
2025-10-07 10:55:22 +02:00
kolaente 67ebd876d3
fix(views): migrate filter bucket configuration
Resolves https://github.com/go-vikunja/vikunja/issues/1580
2025-10-01 11:54:24 +02:00
kolaente ec89b08fd5
fix(attachments): extend upload file size to form data (#1577)
Resolves https://github.com/go-vikunja/vikunja/issues/1494
2025-09-30 22:23:07 +00:00
kolaente 31c1f98270
fix(caldav): remove METHOD:PUBLISH from caldav exports (#1576) 2025-09-30 18:16:07 +00:00
kolaente ff8e98e6e2
fix: process multiple reminders in the same time window (#1564)
Resolves https://github.com/go-vikunja/vikunja/issues/1550
2025-09-29 10:43:12 +02:00
Frederick [Bot] 48d202f3ce chore(i18n): update translations via Crowdin 2025-09-26 00:51:58 +00:00
Frederick [Bot] faa4231523 chore(i18n): update translations via Crowdin 2025-09-21 00:57:00 +00:00
Frederick [Bot] d53f4079ae chore(i18n): update translations via Crowdin 2025-09-19 00:53:14 +00:00
Frederick [Bot] 3397d88f0e chore(i18n): update translations via Crowdin 2025-09-18 00:51:01 +00:00
kolaente fb426a6e22
fix(webhook): actually fetch project before enriching details
This fixes a bug where the project is fetched before adding more details
through ReadOne since ReadOne does not fetch the project. In the normal
project reading flow through the api, this is done in the permission
check.

Resolves https://github.com/go-vikunja/vikunja/issues/1498
2025-09-17 17:04:39 +02:00
Frederick [Bot] 57b4e27278 chore(i18n): update translations via Crowdin 2025-09-17 00:51:22 +00:00
kolaente 0506b9215a
fix(filters): initialize task positions for saved filters (#1477) 2025-09-11 17:39:56 +02:00
kolaente f0cb752f2c
fix(task): preserve done timestamp when moving tasks between projects (#1470) 2025-09-11 17:07:43 +02:00
Frederick [Bot] f1de3a9c19 [skip ci] Updated swagger docs 2025-09-11 07:53:45 +00:00
kolaente e5e0413b70
fix(task): ensure done_at can never be set by user (#1461) 2025-09-11 07:45:42 +00:00
Frederick [Bot] 801ddf19e4 [skip ci] Updated swagger docs 2025-09-10 16:49:05 +00:00
kolaente db123674a7
feat: share logic for bulk update (#1456)
This change refactors the bulk task update logic so that it updates all fields a single task update would update as well.

Could be improved in the future so that it is more efficient, instead of calling the update function repeatedly. Right now, this reduces the complexity by a lot and it should be fast enough for most cases using this.

Resolves #1452
2025-09-10 16:40:59 +00:00
Frederick [Bot] 70175c31c2 [skip ci] Updated swagger docs 2025-09-04 16:33:42 +00:00
kolaente 1b5a9dbdea refactor: use helper function to check user local 2025-09-04 18:09:21 +02:00
kolaente b8afdcf62d fix(user): do not reject 2fa for local users
https://github.com/go-vikunja/vikunja/issues/1402
2025-09-04 18:09:21 +02:00
kolaente bd74733632
fix: show pagination controls for task comments (#1413)
Resolves https://community.vikunja.io/t/task-comment-pagination-in-1-0-0-rc1/3988
2025-09-04 16:04:05 +00:00
renovate[bot] a519312d55
fix(deps): update module github.com/threedotslabs/watermill to v1.5.1 (#1391) 2025-09-02 18:11:45 +00:00
Copilot 70ff047588
fix(avatar): recover gracefully from broken avatar cache (#1379) 2025-09-02 14:03:58 +00:00
kolaente 15ea38183c
fix: bypass Typesense in user export (#1385) 2025-09-02 15:49:17 +02:00
Frederick [Bot] 4b47f0c3cd chore(i18n): update translations via Crowdin 2025-09-02 00:54:00 +00:00
kolaente bd310f50ad
fix: show error when user list filter is empty (#1372) 2025-09-01 21:08:13 +00:00
kolaente ed04638726
fix(task): only load first comments page when loading comments with task
Resolves
https://community.vikunja.io/t/task-comment-pagination-in-1-0-0-rc1/3988
2025-08-31 21:58:46 +02:00
andreymal 1047e62978
feat(i18n): add pluralization rules for Russian (#1334) 2025-08-31 17:40:41 +00:00
Copilot c7a26d81fe
fix(auth): do not panic with invalid openid provider configuration (#1354) 2025-08-31 07:17:50 +00:00
Copilot 5ca637a7e6
feat(auth): add oauth require availability configuration on startup (#1358) 2025-08-30 22:15:20 +00:00
kolaente e29561e49c
fix: require publicurl when cors enabled (#1351) 2025-08-29 20:51:31 +00:00
kolaente fd8a36c9bb
fix: use correct filepath
Resolves https://github.com/go-vikunja/vikunja/issues/1345
2025-08-29 17:20:43 +02:00
Frederick [Bot] f5c6295f42 chore(i18n): update translations via Crowdin 2025-08-19 00:56:39 +00:00
kolaente e2e9b28d4e
feat(config): validate publicurl 2025-08-18 11:37:44 +02:00
Frederick [Bot] a5407e3f99 chore(i18n): update translations via Crowdin 2025-08-18 01:01:59 +00:00
kolaente 0039ec045e
fix(auth): fail when link share token is not parsable 2025-08-14 17:11:57 +02:00
kolaente 31611e13a4
chore(deps): update golangci-lint to 2.4.0 (#1291) 2025-08-14 10:50:49 +00:00
Frederick [Bot] 6a91862384 [skip ci] Updated swagger docs 2025-08-13 09:23:47 +00:00
kolaente a81a3ee0e5
feat!: rename right to permission (#1277) 2025-08-13 11:05:05 +02:00
Frederick [Bot] a81b546f99 chore(i18n): update translations via Crowdin 2025-08-07 01:02:44 +00:00
Dominik Pschenitschni feb17792e4
fix(user): persist status on email updates (#1084) 2025-08-04 14:07:00 +00:00
kolaente 0a44f53759
feat(caldav): return proper caldav intervals instead of FREQ=SECONDLY (#1230) 2025-08-04 13:41:28 +02:00
Frederick [Bot] 544960af65 [skip ci] Updated swagger docs 2025-08-03 20:46:06 +00:00
Copilot 7762d7746e
fix: make user data export download return 404 for nonexistent files (#1227) 2025-08-03 20:36:15 +00:00
Frederick [Bot] 5e65f223bc [skip ci] Updated swagger docs 2025-08-03 11:35:15 +00:00
kolaente ebaf4a0aa0 feat(settings): show extra settings links on user settings page 2025-08-03 13:25:32 +02:00
kolaente da0f6fb366 feat(auth): allow passing custom settings links to user account via openid claims 2025-08-03 13:25:32 +02:00
kolaente 9acba7a245 refactor: schedule user deletion 2025-08-01 17:06:02 +02:00
kolaente e5c860afec feat(plugins): allow plugins to register routes 2025-08-01 17:06:02 +02:00
kolaente b08b43953b feat(plugins): add rudimentary plugin system 2025-08-01 17:06:02 +02:00
Frederick [Bot] 78bbadbd25 chore(i18n): update translations via Crowdin 2025-07-31 01:01:45 +00:00
Frederick [Bot] ec7446684e [skip ci] Updated swagger docs 2025-07-30 16:00:27 +00:00
kolaente 4042f66efa
feat: show user export status in settings (#1200) 2025-07-30 15:50:26 +00:00
kolaente 388af80ece
fix: log correct response status 2025-07-28 13:27:12 +02:00
kolaente de917467cb
fix(openid): manually fetch providers
Partially reverts fcdcdcf46a
Resolves https://github.com/go-vikunja/vikunja/issues/1165
2025-07-28 11:40:09 +02:00
Frederick [Bot] 84a9428b4e [skip ci] Updated swagger docs 2025-07-28 09:06:26 +00:00
kolaente 2fd3046acc chore: rename user_id field to username
The field is actually the username, but it was called user_id for some reason. This change makes this more clear
2025-07-28 10:56:36 +02:00
kolaente e10837476a
fix: subscription should only be visible for the user who subscribed (#1183) 2025-07-28 10:32:59 +02:00
kolaente bbd3567e43
chore: add debug logging around provider failure
https://github.com/go-vikunja/vikunja/issues/1165
2025-07-24 16:00:03 +02:00
kolaente 7243a10fb2
fix(openid): check different provider types
Related to https://github.com/go-vikunja/vikunja/issues/1165
2025-07-23 15:40:51 +02:00
kolaente 4faf50a91f
fix(user): ensure deletion tokens can only be used by the user who created them 2025-07-23 11:18:37 +02:00
kolaente 2b497e6265
fix: pass pointer when fetching provider
Resolves https://github.com/go-vikunja/vikunja/issues/1165
2025-07-23 11:09:09 +02:00
Tobias a31255707e
fix "null" in project views (#1158)
Co-authored-by: kolaente <k@knt.li>
2025-07-22 17:43:04 +00:00
Copilot 9712dbe2ab
fix: MySQL constraint violations returning HTTP 500 instead of 400 for task bucket duplicates (#1154)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-07-22 08:59:12 +00:00
kolaente ad0cf7a13c
fix: improve ldap sanitization (#1155) 2025-07-21 21:06:38 +00:00
kolaente 62200f6e0f feat!: remove echo log options - unify with general http logging 2025-07-21 18:15:39 +02:00
kolaente ca83ad1f98 feat: move to slog for logging 2025-07-21 18:15:39 +02:00
kolaente 7985a6500a fix: use assertions which are more specific 2025-07-18 23:18:04 +02:00
kolaente 07d83e67d7 feat(projects): add support for ParadeDB when searching for project 2025-07-18 23:18:04 +02:00
kolaente 1e3a68210a chore(db): simplify MultiFieldSearch 2025-07-18 23:18:04 +02:00
kolaente 22579dffae chore: cleanup unused helper 2025-07-18 23:18:04 +02:00
kolaente a571d42f46 chore: refactor searching for link shares 2025-07-18 23:18:04 +02:00
kolaente 3db1ddcee4 feat(tasks): add support for ParadeDB when searching tasks 2025-07-18 23:18:04 +02:00
kolaente e7f5142e3d fix: adjust benchmark so that it only checks the task fetching 2025-07-18 23:18:04 +02:00
kolaente a5591c1603 fix: correctly cache unsplash background
Resolves
https://vikunja.sentry.io/issues/6753151793/events/3d8773d79b9c4da0bf65140e4b7617b4/
2025-07-18 18:38:12 +02:00
kolaente c3fd659851 fix: correctly return cached intitals avatar
Resolves https://vikunja.sentry.io/issues/6752872121/events/92ff6a64c4b64aa3aecc6973611bd449/
2025-07-18 18:38:12 +02:00
kolaente 566657c54a fix: correctly return cached provider 2025-07-18 18:38:12 +02:00
kolaente 45e7f6e316 fix: upload avatar caching 2025-07-18 18:38:12 +02:00
kolaente fcdcdcf46a feat: use keyvalue.Remember where it makes sense 2025-07-17 16:19:13 +02:00
kolaente c7a98386c2 feat: add keyvalue.Remember function 2025-07-17 16:19:13 +02:00
Quiwy 5ee3077f5d
docs: fix typo (#1122) 2025-07-16 11:01:49 +00:00
kolaente 42534cdd79
fix: don't panic when using api token when not correctly put into context (#1119) 2025-07-15 21:26:28 +00:00
Tobias ecc95e9139
fix: panic on restoring with numeric position fields (#1089)
Co-authored-by: kolaente <k@knt.li>
2025-07-15 15:44:21 +00:00
kolaente 4da4bf69ca
fix(background): validate unsupported formats and show error message (#1123) 2025-07-15 13:21:48 +02:00
Vlad Yarotsky d4347f00f6
fix(caldav): make CalDAV REPORT request properly respond with VTODO objects (#1116) 2025-07-14 21:57:55 +00:00
Dominik Pschenitschni efff6955c5
fix: remove fmt output in token check 2025-07-03 17:09:41 +02:00
Dominik Pschenitschni 20bd961c20
fix(config): log fatal when timezone parse fails (#1077) 2025-07-03 17:06:54 +02:00
Dominik Pschenitschni 9efdde8f1a
docs: delete caldav token uses DELETE instead of GET 2025-07-03 17:06:20 +02:00
kolaente 510b1f246a refactor: move test 2025-07-02 23:16:05 +02:00
kolaente 9b579d282c fix(tasks): do not return subtasks multiple times when they are related
to multiple tasks

Resolves https://community.vikunja.io/t/tasks-with-parent-tasks-appear-duplicated-in-list-views/3676
2025-07-02 23:16:05 +02:00
kolaente 4d36771362
feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
Dominik Pschenitschni ef80fa77b4 docs: fix comments in web package 2025-07-02 17:46:21 +02:00
Dominik Pschenitschni d48d88d442 fix: comment typo and misspellings 2025-07-02 17:46:21 +02:00
Dominik Pschenitschni 342bbd6192 fix: correct comments 2025-07-02 17:46:21 +02:00
kolaente 3b05f7859f
fix(users): refresh initials avatar refresh after name change (#1047) 2025-06-30 16:20:54 +00:00
kolaente 59130766e8
fix(avatar): fallback to username when no name is set 2025-06-27 14:30:33 +02:00
kolaente 99bc065272
feat(user): use name for initals avatar, not username
For external auth providers, the username might be randomly generated,
which results in a random initial - this is unexpected and confusing for
users.
2025-06-27 14:13:49 +02:00
kolaente 4f8a2b0d38
chore(user): refactor invalidating upload avatar cache 2025-06-27 14:07:22 +02:00
kolaente 0ecbd9e1a3
feat(user): add avatar cache flushing (#1041) 2025-06-27 14:01:43 +02:00
kolaente ae92822ee0
feat: add prefix key support to keyvalue store (#1038)
feat: add prefix key operations to keyvalue store
2025-06-27 11:05:37 +00:00
kolaente a8025a9e36
fix: guard invalid user lookups (#1034) 2025-06-26 21:58:47 +00:00
kolaente c6c18d1ca1
fix(task): ambiguous description search (#1032)
test: relocate search regression
2025-06-26 20:05:04 +00:00
kolaente 17b8d20e7b
fix(migration): reset buckets before creating related tasks so that they are actually created (#1015) 2025-06-25 14:03:44 +02:00
kolaente 53264d350e
fix(kanban): make bucket query fixed per-view (#1007) 2025-06-25 11:38:24 +00:00
kolaente 159961b5e0
fix: add migration for non-unique task buckets 2025-06-25 11:12:24 +02:00
kolaente f9b31ab4bf
fix: ambiguous title column in task search (#1012) 2025-06-24 20:38:35 +00:00
kolaente 4f99bdb50c
fix(tasks): ambiguous done column in task sorting (#1011)
fix: prefix task fields in sorting
2025-06-24 20:37:25 +00:00
Frederick [Bot] 1621d25392 [skip ci] Updated swagger docs 2025-06-24 11:01:56 +00:00
kolaente 842a71019d
fix(view): add unique index for task buckets (#1005) 2025-06-24 10:45:17 +00:00
kolaente 57dfdc5168
chore: adjust comment about bucketless tasks (#1004)
docs: clarify bucketless task behavior
2025-06-24 09:56:58 +00:00
kolaente 49963d88a6
fix(task): add tasks table prefix for sort order (#1003)
fix: qualify task index for mysql order
2025-06-24 09:55:00 +00:00
kolaente 048e09ee12
fix(tasks): subtasks missing in list view (#1000) 2025-06-24 11:08:01 +02:00
Frederick [Bot] adc1ecaef1 chore(i18n): update translations via Crowdin 2025-06-23 01:01:09 +00:00
Frederick [Bot] 6bdb990de5 chore(i18n): update translations via Crowdin 2025-06-18 00:57:29 +00:00
kolaente 34a5196a05
feat: add email filter to user list command (#973) 2025-06-17 12:38:04 +00:00
Frederick [Bot] 7f8006e3f1 [skip ci] Updated swagger docs 2025-06-17 09:38:12 +00:00
Dominik Pschenitschni 5b9d4fcc72
chore: add missing eof newlines (#969) 2025-06-17 09:11:32 +00:00
kolaente 663339a294
feat(test): add benchmark for task search (#963) 2025-06-16 21:41:14 +02:00
Frederick [Bot] 719cb11d44 [skip ci] Updated swagger docs 2025-06-16 14:10:07 +00:00
Weijie Zhao a214d68a44
feat(auth): sync avatar from OpenID providers (#821) 2025-06-16 15:59:31 +02:00
kolaente 916c0212b5
feat(link share): add feature test for link share avatar access (#944) 2025-06-14 18:22:45 +02:00
kolaente 59a0b9c40d
feat(auth): require auth to fetch avatars (#930) 2025-06-14 13:12:41 +00:00
kolaente 6671ce38a8
chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
kolaente da95463bb2
fix(migration): detect header lines in csv file when importing from TickTick (#937) 2025-06-13 07:45:54 +00:00
kolaente 0145a8ba50
feat!(config): store sqlite file relative to rootpath (#934)
Moderately breaking change since in most cases the root path was already set next to the binary.
2025-06-13 09:16:25 +02:00
Frederick [Bot] 15a1919d22 chore(i18n): update translations via Crowdin 2025-06-12 00:56:35 +00:00
kolaente 842e7f524b
fix: always add public url to allowed cors origins
This fixes a bug where it was not possible to do anything because the public url was not allowed by default for CORS requests.

Regression from 433b8b9115

Resolves https://github.com/go-vikunja/vikunja/issues/916
2025-06-11 14:29:38 +02:00
kolaente 433b8b9115
feat: enable cors by default for desktop app (#904) 2025-06-10 20:43:13 +02:00
Frederick [Bot] 191125e122 [skip ci] Updated swagger docs 2025-06-10 11:21:02 +00:00
kolaente f070268c30
feat: check configured default timezone on startup (#903) 2025-06-10 11:03:58 +00:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
Dominik Pschenitschni 62f048767c
fix: correct unknown subscription entity typo (#883) 2025-06-10 12:18:07 +02:00
Dominik Pschenitschni 488b15c128 docs(web): fix typos 2025-06-10 12:10:42 +02:00
Dominik Pschenitschni 4146e91616
docs: mention AGPL-3.0-or-later in CLI help (#893) 2025-06-10 12:07:52 +02:00
Dominik Pschenitschni 508cdf027c
fix: param type (#895) 2025-06-10 12:06:41 +02:00
Dominik Pschenitschni 8632bd2063
fix: TOTP account lock notification typo (#858) 2025-06-05 16:24:41 +02:00
kolaente 44b3e46325
fix: return correct mimetype for openapi docs.json
Resolves https://github.com/go-vikunja/vikunja/issues/864
2025-06-04 16:12:46 +02:00
kolaente 5c17d5b90c
fix(config): set value when env variable contains string value 2025-05-23 12:47:56 +02:00
renovate[bot] bbf7679dd4
fix(deps): update module github.com/olekukonko/tablewriter to v1 (#750)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-05-23 10:00:58 +00:00
Frederick [Bot] 76bba1fb92 chore(i18n): update translations via Crowdin 2025-05-23 00:55:39 +00:00
kolaente d7d277f9b6
fix(config): do not attempt to parse config values from env when they contain an invalid data type
Related https://github.com/go-vikunja/vikunja/issues/719
2025-05-22 17:06:20 +02:00
Frederick [Bot] b96a1701d8 chore(i18n): update translations via Crowdin 2025-05-22 00:55:50 +00:00
kolaente ca98b7da73
feat: add /token/test route
This new route returns 200 if a valid bearer token was presented. It does not return any information about the user.
2025-05-21 22:27:34 +02:00
kolaente c4566fdb53
chore(i18n): improve overdue task emails translation 2025-05-21 10:28:50 +02:00
Frederick [Bot] 1648b71634 [skip ci] Updated swagger docs 2025-05-20 08:12:41 +00:00
Weijie Zhao 00c4148f05
feat(auth): add ForceUserInfo option to OpenID provider (#797)
Problem:

When using Casdoor as an OpenID provider, there's an inconsistency between the user information in the JWT token and the UserInfo endpoint. The token contains the user's unique ID in the `name` field, while the UserInfo endpoint correctly returns the user's display name.

Solution:

This PR adds a new `ForceUserInfo` option to the OpenID provider configuration. When enabled, it forces the use of the UserInfo endpoint to retrieve user information instead of relying on claims from the ID token.

Impact:

- Default behavior remains unchanged (backward compatible)
- New option allows administrators to force using UserInfo endpoint data
- Particularly useful for providers like Casdoor that don't fully comply with OIDC standards

Related:

I've opened an issue in the Casdoor repository (https://github.com/casdoor/casdoor/issues/3806) to discuss the root cause. However, changing Casdoor's token structure might cause significant compatibility issues for existing integrations, so it's unclear if this can be fixed at the provider level. This PR provides a workaround in Vikunja that doesn't affect existing functionality.
2025-05-20 08:06:34 +00:00
Frederick [Bot] adf54f97ab chore(i18n): update translations via Crowdin 2025-05-20 00:56:51 +00:00
kolaente 5acca8144b
fix(projects): do not try to fetch project permissions when no projects exist
Resolves https://vikunja.sentry.io/issues/6572520737/events/2a747d0e53e7431fafca89429c552eae/
2025-05-19 18:21:05 +02:00
Frederick [Bot] 5df5030c68 chore(i18n): update translations via Crowdin 2025-05-18 00:59:45 +00:00
Frederick [Bot] fad3e05ba8 chore(i18n): update translations via Crowdin 2025-05-17 00:54:35 +00:00
kolaente d16d13d730 feat(i18n): use plural translations in humanize duration 2025-05-16 21:57:07 +02:00
kolaente 96369f3b1c feat(i18n): add params replacement to translation functions 2025-05-16 21:57:07 +02:00
kolaente 43f9fb61a7 feat(i18n): add pluralization function for translation strings 2025-05-16 21:57:07 +02:00
Frederick [Bot] 53f201bdfc chore(i18n): update translations via Crowdin 2025-05-16 00:55:58 +00:00
kolaente 9f30a099ee
fix(projects): (un-)archive child projects when archiving parent (#775) 2025-05-15 14:31:56 +00:00
kolaente 3e46457c03
fix: remove unused import 2025-05-15 09:54:15 +02:00
kolaente 13dfe78121
fix(project): correctly handle invalid project id error 2025-05-15 09:50:33 +02:00
kolaente cb0e68f625
fix(i18n): make notification settings link translatable 2025-05-15 09:18:27 +02:00
Frederick [Bot] ee0c68b1a2 chore(i18n): update translations via Crowdin 2025-05-15 00:54:18 +00:00
Frederick [Bot] c19a8cfcc4 [skip ci] Updated swagger docs 2025-05-13 11:27:04 +00:00
kolaente 4d8c17f577
feat(i18n): make overdue reminder translations more explicit (#761) 2025-05-13 11:12:56 +00:00
Piotr Sarna 1d38306e7d
fix(docs): improve swagger output by setting swaggertype and enums (#705)
Co-authored-by: Piotr Sarna <piotr@piksar.eu>
2025-05-13 11:02:12 +00:00
kolaente f7229ba647
fix(i18n): translate all parts of reminder notifications 2025-05-12 16:24:20 +02:00
Frederick [Bot] aaf6de11a5 [skip ci] Updated swagger docs 2025-05-12 10:24:22 +00:00
Vladimir c3fffefcf4
fix(db): refactor filtering with subqueries (#701)
Resolves #285
2025-05-12 10:52:48 +02:00
Frederick [Bot] 3e02604317 chore(i18n): update translations via Crowdin 2025-05-12 00:57:57 +00:00
Frederick [Bot] 48814867b4 chore(i18n): update translations via Crowdin 2025-05-11 00:58:59 +00:00
Frederick [Bot] 7b693f055f chore(i18n): update translations via Crowdin 2025-04-28 00:56:09 +00:00
Frederick [Bot] ad8a17571c chore(i18n): update translations via Crowdin 2025-04-12 00:52:09 +00:00
Frederick [Bot] 8e6b059634 chore(i18n): update translations via Crowdin 2025-04-11 00:52:53 +00:00
Frederick [Bot] 9fe2caa251 chore(i18n): update translations via Crowdin 2025-04-10 00:52:35 +00:00
renovate[bot] 4a75f7d4da
chore(deps): update golangci/golangci-lint-action action to v7 (#462)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-04-02 09:28:56 +02:00
Frederick [Bot] c381e47720 chore(i18n): update translations via Crowdin 2025-03-31 00:55:09 +00:00
kolaente 7803fe8aef
fix(avatar): use keyvalue store to cache gravatar instead of map
Resolves https://community.vikunja.io/t/docker-crash-concurrent-map-writes-google-login/3454
2025-03-30 16:24:34 +02:00
kolaente 6847f44058
chore(openid): add more debug logging when retrieving token 2025-03-29 19:24:07 +01:00
kolaente 4ea3c01b5f
chore: add more debug logging when returning error 2025-03-29 18:21:34 +01:00
kolaente 303dbec78a
feat(i18n): add Hebrew translation for selection 2025-03-27 11:58:23 +01:00
kolaente cfc7f17352
feat(i18n): add Finnish translation for selection 2025-03-27 11:54:17 +01:00
Frederick [Bot] 03ca85aaf1 chore(i18n): update translations via Crowdin 2025-03-26 00:21:22 +00:00
kolaente 25f3c5d9d7
fix(migration): cast to text 2025-03-25 21:47:52 +01:00
kolaente 26eeb07829
fix(i18n): adjust task strings 2025-03-25 09:18:13 +01:00
Frederick [Bot] 04a7cabbcb chore(i18n): update translations via Crowdin 2025-03-25 00:23:17 +00:00
kolaente 2e11c55e9e
fix(test): use correct assertion
Resolves a regression introduced in 1bdb01712e
2025-03-24 17:41:39 +01:00
kolaente 1bdb01712e
fix(filter): correctly use user time zone when filtering for date fields
Resolves https://community.vikunja.io/t/upcoming-list-doesnt-display-repeating-tasks/3539
2025-03-24 17:22:33 +01:00
kolaente 3509f1beb3
chore!: remove deprecated config settings 2025-03-24 16:52:46 +01:00
kolaente 13d4e0e00d
chore(utils): remove deprecated MakeRandomString function 2025-03-24 16:52:46 +01:00
Frederick [Bot] f188762b86 chore(i18n): update translations via Crowdin 2025-03-24 00:22:33 +00:00
kolaente 62b2c6771a
fix(project): correctly migrate old project view filters
This fixes a bug where old filters where not converted to the new json format correctly, leading to issues when trying to decode the raw filter string as json.
It is unclear whether that old migration had a bug or was not executed at all.

This change adds a new migration to fix all filters in views still stuck in the old filter string format.

Resolves https://github.com/go-vikunja/vikunja/issues/420
2025-03-23 21:34:49 +01:00
kolaente 063753a543
fix(filter): do not try to set timezone when doer does not exist
Resolves https://vikunja.sentry.io/issues/6025547266/events/e0d0a5fdf01c46a2ac9101d94ab4f304/
2025-03-23 19:08:11 +01:00
kolaente 8489cf57f6
fix(typesense): use upsert instead of emplace when updating tasks in typesense
Resolves https://github.com/go-vikunja/vikunja/issues/376
2025-03-23 18:46:49 +01:00
kolaente bbd9d0d0b3
fix(comment): add validation check for the max comment length
Resolves https://vikunja.sentry.io/issues/6441922105/events/245b8f1de3e64951a108e2f6cb654c58/
2025-03-23 18:03:29 +01:00
kolaente 4e504c288e
fix(auth): hide two factor authentication when using non-local user
Resolves https://github.com/go-vikunja/vikunja/issues/431
2025-03-23 17:43:36 +01:00
Frederick [Bot] 2e2f82bc44 chore(i18n): update translations via Crowdin 2025-03-22 00:21:30 +00:00
kolaente 4d41a1bd9b
feat(kanban): create To-Do, Doing, Done buckets when creating a new kanban view 2025-03-21 19:16:52 +01:00
kolaente d522d40773
fix(migration): do not fail when an attachment is too large
Resolves https://vikunja.sentry.io/issues/6389417364/events/d79bdea146b54a9dace8c81e3f787975/
2025-03-21 18:03:27 +01:00
kolaente 23d2814b94
fix(migration): check if the provided file is a valid csv before importing 2025-03-21 17:53:05 +01:00
kolaente d19a93dece
fix(migration): check if uploaded csv is empty 2025-03-21 17:48:08 +01:00
kolaente 0585045260
fix(kanban): Mark tasks done when creating them in the done bucket
Resolves https://community.vikunja.io/t/bugs-around-project-duplication-with-kanban-buckets/3433/6
2025-03-21 17:32:50 +01:00
kolaente 096de3382f
fix(kanban): load full task when moving task between buckets 2025-03-21 16:59:20 +01:00
Frederick [Bot] c4ef566a42 chore(i18n): update translations via Crowdin 2025-03-21 00:21:23 +00:00
kolaente e3f006c527
fix(i18n): add missing translations 2025-03-20 17:41:45 +01:00
kolaente 5a93379d81
fix(ldap): update user name and email during login 2025-03-20 17:24:00 +01:00
kolaente d585de77a4
fix(ldap): crop avatar when syncing 2025-03-20 17:19:58 +01:00
kolaente e287364b78
fix(team): do not allow leaving exernal teams 2025-03-20 17:13:51 +01:00
kolaente b010e3851c
fix(project): add position in test fixtures 2025-03-20 14:00:18 +01:00
kolaente 6e9886c6b8
fix(project): make order stable in duplicate test 2025-03-20 13:46:32 +01:00
Frederick [Bot] 8e475e77be chore(i18n): update translations via Crowdin 2025-03-20 00:21:23 +00:00
kolaente 164f2eab9d
feat(ldap): also look for username only when checking group membership 2025-03-19 22:16:12 +01:00
kolaente f4b9a9cccd
feat(ldap): make member id attribute configurable 2025-03-19 22:15:50 +01:00
kolaente 84cbd25e67
chore(project): do not use fmt.Sprintf directly 2025-03-19 19:47:38 +01:00
kolaente 7e1aba7606
fix(kanban): correctly set default bucket id when duplicating project
Partially resolves https://community.vikunja.io/t/bugs-around-project-duplication-with-kanban-buckets/3433
2025-03-19 17:28:59 +01:00
kolaente 4887f7fe60
fix(webhook): do not fail to send webhook when loading the project fails
https://community.vikunja.io/t/webhook-project-error/3305/7
2025-03-19 16:27:04 +01:00
Frederick [Bot] 4998926f55 [skip ci] Updated swagger docs 2025-03-19 15:21:25 +00:00
kolaente 617070f9f7
fix(kanban): use full updated kanban bucket when moving task 2025-03-19 16:06:20 +01:00
kolaente 134c2a1a80
fix(kanban): do not allow creating tasks in full bucket 2025-03-19 15:18:55 +01:00
kolaente ea42fef2da
feat: don't log all headers when debug log is enabled
This reverts commit 9fc6cdd076.
2025-03-19 15:15:04 +01:00
kolaente ffd5a962f5
feat(i18n): add Turkish as language for selection 2025-03-19 14:56:35 +01:00
kolaente e12ebfebed
feat(ldap): sync avatar from ldap 2025-03-18 18:28:54 +01:00
kolaente 26c7ceaed4
chore(avatar): decouple upload from web handler 2025-03-18 18:28:54 +01:00
kolaente 77480814fd
fix(i18n): translations json 2025-03-18 18:28:29 +01:00
kolaente 732431773d
fix(i18n): remove duplicate api strings 2025-03-18 18:23:47 +01:00
Frederick [Bot] 02f9f92232 [skip ci] Updated swagger docs 2025-03-18 16:58:29 +00:00
kolaente 99213c66ee chore(openid): use general external team sync 2025-03-18 16:36:00 +00:00
kolaente 216df5bedc feat(ldap): make group sync configurable 2025-03-18 16:36:00 +00:00
kolaente a3b19a7b3c feat(auth): refactor group sync 2025-03-18 16:36:00 +00:00
kolaente c2f286437c feat(auth): ldap group sync 2025-03-18 16:36:00 +00:00
kolaente 9f5c761fd9 chore(auth): rename error 2025-03-18 16:36:00 +00:00
kolaente 06851ca639 chore(auth): rename external team id find methods 2025-03-18 16:36:00 +00:00
kolaente 62beb3db2d feat(auth): rename oidc_id to external_id 2025-03-18 16:36:00 +00:00
Frederick [Bot] 55a078b171 chore(i18n): update translations via Crowdin 2025-03-18 00:21:21 +00:00
kolaente 12aba8e9b1
chore(openid): move openid team struct to openid package 2025-03-17 17:34:49 +01:00
Frederick [Bot] e5160bf1fe chore(i18n): update translations via Crowdin 2025-03-17 00:21:14 +00:00
kolaente 87cfe89441
feat(ldap): add tests 2025-03-16 18:23:55 +01:00
kolaente 91f9fe5b96
fix(ldap): return meaningful error when providing wrong credentials 2025-03-16 18:23:55 +01:00
Frederick [Bot] 754e1541ae [skip ci] Updated swagger docs 2025-03-16 17:17:37 +00:00
kolaente dbb4652fad
fix(docs): clarify team member username instead of id 2025-03-16 18:02:17 +01:00
Frederick [Bot] 3dc63986b2 [skip ci] Updated swagger docs 2025-03-16 16:35:04 +00:00
kolaente 5c6be117fe
fix(kanban): increase dates when moving a task into the done bucket
Resolves https://community.vikunja.io/t/unable-to-drag-a-repeating-task-to-done-bucket/3321/2
Resolves https://github.com/go-vikunja/vikunja/issues/402
2025-03-16 17:19:51 +01:00
Frederick [Bot] ddf5fab364 chore(i18n): update translations via Crowdin 2025-03-16 00:21:45 +00:00
Frederick [Bot] c0de2e03b7 chore(i18n): update translations via Crowdin 2025-03-14 00:21:16 +00:00
kolaente e94c744477
fix(auth): return ldap as auth provider name when using it 2025-03-09 09:23:40 +01:00
Frederick [Bot] 0f81e18d85 chore(i18n): update translations via Crowdin 2025-03-09 08:05:39 +00:00
kolaente 9fc6cdd076
feat: log request headers when debug logs are enabled
Related to https://github.com/go-vikunja/vikunja/issues/415
2025-03-08 14:47:21 +01:00
Frederick [Bot] de403c365a [skip ci] Updated swagger docs 2025-03-02 19:00:53 +00:00
kolaente 61333c9b7f
fix: lint 2025-03-02 19:43:41 +01:00
Marc f4a0c0ef31 feat(auth): sso fallback mapping (#3068)
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3068
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Marc <marc88@free.fr>
Co-committed-by: Marc <marc88@free.fr>
2025-03-02 15:21:09 +00:00
Frederick [Bot] b489703d6f [skip ci] Updated swagger docs 2025-03-02 15:09:28 +00:00
kolaente 4e93806a44
fix(auth): load oidc provider before trying to use it
Resolves https://kolaente.dev/vikunja/vikunja/issues/3067
2025-03-02 14:09:02 +01:00
kolaente bbbfbb36bb
fix(filters): ignore invalid task fields when recomputing task positions
Resolves https://vikunja.sentry.io/issues/6025547266/
2025-03-02 14:00:31 +01:00
kolaente 734033c843
fix(avatars): always return correct mime type for cached avatar 2025-03-02 13:33:40 +01:00
kolaente 2ead48c1e9
fix(migration): do not crash when relating a task to itself
Resolves https://community.vikunja.io/t/vikunja-import-error-tried-to-relate-a-task-with-itself/1105
2025-03-02 13:24:55 +01:00
kolaente c6cade3aeb
feat(i18n): automatically set language during registration 2025-03-02 13:21:24 +01:00
kolaente 4e90c6bb78
chore(deps): update golangci-lint 2025-03-02 13:00:18 +01:00
kolaente 1d1295e065
feat(i18n): add translations for migration notifications 2025-03-02 12:33:30 +01:00
kolaente 250bb8ec99
fix(i18n): pass language to notification mail function 2025-03-02 12:29:31 +01:00
kolaente f662b79abb
fix(i18n): use only one function to get translations 2025-03-02 12:27:10 +01:00
kolaente c00768499f
fix(notifications): test assertion 2025-03-02 12:05:17 +01:00
kolaente e11a3026b9
feat: translate notifications 2025-03-02 11:41:38 +01:00
kolaente b230bb94a4
chore(webhook): refactor reloading event data 2025-02-24 18:18:38 +01:00
kolaente 70e1fdae91
feat: always add project to webhook payload
Resolves https://github.com/go-vikunja/vikunja/issues/410
2025-02-21 19:45:07 +01:00
kolaente 398d0c7ab5
fix: add missing error messages to translations 2025-02-21 17:27:52 +01:00
kolaente 65df9e5ef9
fix: return meaningful error message when selecting an invalid timezone 2025-02-21 17:20:51 +01:00
das_j 989a40ad42 fix(caldav): return other status codes than 500 when projects are not found (#3065)
This allows CalDav clients to behave properly. In particular, DavX5 will error out on syncing the collections list rather than removing deleted projects from its local cache.

Resolves: https://community.vikunja.io/t/deleting-a-project-breaks-caldav/3315/3
Co-authored-by: Janne Heß <janne@hess.ooo>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3065
Reviewed-by: konrad <k@knt.li>
Co-authored-by: das_j <das_j@noreply.kolaente.dev>
Co-committed-by: das_j <das_j@noreply.kolaente.dev>
2025-02-06 12:38:27 +00:00
kolaente e9d9f04763
chore: improve debug logging 2025-02-03 17:42:17 +01:00
jyte e9444159c5 Add Issuer and Subject to user list command (#3063)
I believe that it is possible to endup in the following situation :

- A user logs in using an authorized OIDC provider
- A vikunja user is created with the issuer & subject from the OIDC provider
- The same user logs in using another OIDC provider
- A 2nd vikunja user is created with a different issuer (possibly all other fields beside `created`, `updated` and `id` are equals)

I think it is important to be able to distinguish them in the `user list` command.

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3063
Co-authored-by: jyte <marc88@free.fr>
Co-committed-by: jyte <marc88@free.fr>
2025-01-30 17:22:02 +00:00
Frederick [Bot] 60aa9485b1 [skip ci] Updated swagger docs 2025-01-28 10:18:36 +00:00
kolaente 90bf5ba81b chore(auth): refactor registration enabled setting in /info 2025-01-28 09:59:08 +00:00
kolaente 9dc351f5a4 feat(auth): show login form when only ldap is enabled 2025-01-28 09:59:08 +00:00
kolaente f898bdaf2d feat(auth): use config variable to check if we should verify tls 2025-01-28 09:59:08 +00:00
kolaente 03412dd358 feat(auth): verify ldap config before trying to connect 2025-01-28 09:59:08 +00:00
kolaente d22c3fb19e feat(auth): make ldap user filter configurable 2025-01-28 09:59:08 +00:00
kolaente f01dd2ff52 feat(auth): make sure local auth and ldap can both work when configured at the same time 2025-01-28 09:59:08 +00:00
kolaente 71cad7aa13 chore(auth): refactor creating users in openid and ldap 2025-01-28 09:59:08 +00:00
kolaente 38bb8de4f1 feat(auth): authenticate users via ldap 2025-01-28 09:59:08 +00:00
kolaente ef01c2217b
fix(task): correctly validate all task fields 2025-01-25 14:38:25 +01:00
kolaente acf1ce862a
fix(filter): validate fields before using them
Resolves https://vikunja.sentry.io/share/issue/0e99ec2d0ee64e7aa40ea78098d5a316/
2025-01-24 19:06:59 +01:00
Frederick [Bot] 878b443ce6 [skip ci] Updated swagger docs 2025-01-24 14:04:14 +00:00
kolaente 5c02527d2d
fix!(config): read all env variables into config store explicitly
This changes the way environment variables are read into Vikunja's config.
With this change, Vikunja loads the config from all env variables into the config store explicitly, after all config files have been processed. The breaking change here is that values from env variables now may override values from a config file when both are specified.
This allows specifying openid providers using only environment values. Previously this still required a config file to work, because viper wouldn't know about these values otherwise.

Resolves https://community.vikunja.io/t/configure-openid-via-environment/628/16
2025-01-24 14:42:27 +01:00
kolaente 9aa197b196
fix: swagger docs 2025-01-24 14:20:07 +01:00
kolaente 6b7c3ffef3
feat(tasks): add parameter to expand comments on a task 2025-01-24 13:00:06 +01:00
kolaente 75bd569a93
fix(projects): return list of projects when accessing as link share 2025-01-24 11:46:45 +01:00
kolaente e887cdeb5e
feat(task): expand reactions via parameter 2025-01-24 11:39:51 +01:00
kolaente 68d07a8c0f
feat(webhooks): expand buckets in webhooks
Resolves https://community.vikunja.io/t/bucket-id-is-0-in-webhook-payload-after-moving-task-between-columns/2993/2
2025-01-24 11:21:53 +01:00
kolaente 333e35e648
feat: add expand property to read one task 2025-01-24 11:20:23 +01:00
kolaente 7f6cb1e06e
feat: expand buckets 2025-01-24 11:03:40 +01:00
kolaente bc0c0b103f
feat: validate expand api parameter 2025-01-24 10:09:36 +01:00
kolaente 88761db2b1
fix(auth): check for existence of field before casting
Resolves https://vikunja.sentry.io/share/issue/6a21a679011a40b290ac531dd96c2adc/
2025-01-22 09:45:14 +01:00
Frederick [Bot] 94da5c1c4e [skip ci] Updated swagger docs 2025-01-21 15:46:37 +00:00
kolaente 090dd4b2f6
fix(user): do not allow changing name in settings when the user originates from an external auth provider
This improves the UX because it does not allow external users to change their name in Vikunja, since that change would be overridden once they log in again.

Resolves https://github.com/go-vikunja/vikunja/issues/357
2025-01-21 16:27:06 +01:00
kolaente 760f6d6800
fix(projects): adjust test assumptions
This adjusts the test for the changes made in f6bfe2f13c
2025-01-21 12:43:01 +01:00
kolaente f6bfe2f13c
fix(quick actions): show saved filters in search results
This fixes a bug where saved filters would not show up in quick actions search results. It was caused by explicitely only searching for projects.
During the debugging of this, I've discovered the search parameter is ignored when searching for filters.

Resolves https://community.vikunja.io/t/virtual-projects-a-k-a-saved-filters-do-not-show-up-in-search-bar-results/3180/4
2025-01-21 11:07:28 +01:00
kolaente b85befb86a
fix: start server when listening on socket
This fixes a regression introduced in daa7ad053c where the http server was not started when listening on a unix socket instead of a http interface.

Resolves https://github.com/go-vikunja/vikunja/issues/396
2025-01-21 10:18:14 +01:00
Frederick [Bot] 20cd15fb98 [skip ci] Updated swagger docs 2025-01-21 07:27:59 +00:00
kolaente f25f983417
feat(notifications): include link to settings in notifications 2025-01-20 17:38:18 +01:00
kolaente debdcd4dd3
docs: clarify return value of /tasks 2025-01-20 16:23:26 +01:00
kolaente a7be41ef04
fix(filter): do not override filter include nulls query
This fixes a bug where the "include nulls" query parameter would get overridden when the current view had a filter set, even if that filter didn't specify the parameter.
2025-01-20 14:23:35 +01:00
kolaente 6673adf0b5
fix(filter): do not show tasks in filter results when they are filtered out by labels
This fixes a bug where tasks which were filtered out by their label would still be shown. That was caused by the way the filter query was translated to sql under the hood.

Resolves https://github.com/go-vikunja/vikunja/issues/394
2025-01-20 14:05:42 +01:00
kolaente 4858f7c82f
fix(project): transfer ownership after deleting a user
This fixes a bug where the ownership of a project was not transferred when the user was deleted, leading to errors when viewing the project, as the owner user could not be found.

Resolves https://kolaente.dev/vikunja/vikunja/issues/2827
2025-01-20 12:25:38 +01:00
kolaente 0e37049343
fix(migration): add more debug logging 2025-01-20 12:08:10 +01:00
Dominik Pschenitschni 47538ca810 fix: method name 2025-01-17 13:59:12 +01:00
kolaente abae6f05e0
fix(auth): move read all notifications to notification group
Resolves
https://kolaente.dev/vikunja/vikunja/issues/2977
2025-01-17 12:52:42 +01:00
kolaente 45ec1a4c47
fix(auth): make sure routes from the "other" group work as intended
Resolves
https://kolaente.dev/vikunja/vikunja/issues/2977
2025-01-17 11:06:00 +01:00
kolaente 2522cffa61
fix(auth): return proper error when a jwt claim contains wrong data
Resolves https://vikunja.sentry.io/share/issue/69b578ccc3794de58cecfc7b8291ae64/
2025-01-14 16:38:49 +01:00
kolaente 33b9917c7d
fix(auth): return correct error when trying to do a user action as a link share
Resolves https://vikunja.sentry.io/share/issue/77f7aa4cda9442439deba3cfe2cb32c6/
2025-01-14 15:01:13 +01:00
kolaente 1db99dba47
fix(kanban): correctly check bucket limit for saved filters or view filters
Resolves https://github.com/go-vikunja/vikunja/issues/355
2025-01-09 16:21:28 +01:00
kolaente 017fa1b5af
fix(restore): restore encoded float values properly
Resolves https://kolaente.dev/vikunja/vikunja/issues/2934
2025-01-09 15:42:12 +01:00
kolaente 7e66f3ec6b
fix(restore): make sure all json columns are properly restored 2025-01-09 15:40:22 +01:00
kolaente 3d5d17336e
fix(migration): return proper error when uploaded file is not a zip file
Resolves https://vikunja.sentry.io/share/issue/73a7b6f60b3e446e949d072016f31c22/
2025-01-09 14:32:24 +01:00
Frederick [Bot] 0826d72e38 [skip ci] Updated swagger docs 2024-12-22 23:39:06 +00:00
kolaente 70f1b4f28b
fix(export): update only current user export file id 2024-12-22 19:48:47 +01:00
kolaente 703a88e99f
fix: lint 2024-12-17 10:53:18 +01:00
kolaente 4359819faf
fix(auth): do not allow commas in usernames 2024-12-16 23:09:35 +01:00
kolaente 47ff7d8ad3
fix(migration): fetch members when they do not exist
Resolves https://github.com/go-vikunja/vikunja/issues/378
2024-12-15 13:11:29 +01:00
kolaente 28a58303f0
fix(auth): convert to int when failed password value is not int
Resolves https://github.com/go-vikunja/vikunja/issues/377
2024-12-13 20:46:36 +01:00
kolaente b3c93ae811
fix(task): do not update all project_view ids
Might fix https://community.vikunja.io/t/not-able-to-move-task-between-buckets-within-a-kanban-view-for-saved-filter/2882/6
2024-12-11 18:50:01 +01:00
kolaente c9a68d3a63
fix(openid): lint 2024-12-11 17:10:41 +01:00
kolaente 7ac2c42e4d
fix(caldav): fetch saved filter
This fixes a bug which caused fetching saved filter and favorite projects to crash, because the respective project ID is not a valid project id without special handling.
2024-12-11 17:05:51 +01:00
kolaente 5abca0927b
fix(caldav): do not crash with error 400 when fetching the list of all projects
Because the "all projects" handler is the same as the one to fetch a single project, the handler would fail because no project was specified. However, it should return an empty project instead so that it later fetches all projects.

Resolves https://community.vikunja.io/t/http-400-when-trying-to-connect-via-caldav/3054
2024-12-11 16:51:30 +01:00
kolaente 4512045cbf
fix: check if all required keys are available when parsing openid configuration
Related to https://github.com/go-vikunja/vikunja/issues/371
2024-12-11 16:25:41 +01:00
kolaente 25fd0f6108
fix(filter): correctly create task positions during filter creation
This fixes a bug where a saved filter would contain many "dead" entries for tasks which are not part of that filter. These entries were "dead" because the filter would not match for them and thus they were not shown.
The problem was caused by a routine during the creation of the filter where all projects from all matching tasks would be used as input for fetching the tasks to add to task_positions.

https://community.vikunja.io/t/not-able-to-move-task-between-buckets-within-a-kanban-view-for-saved-filter/2882/3
2024-12-09 19:21:13 +01:00
kolaente 942c2e4af6
fix: specify cols when upgrading
Resolves https://github.com/go-vikunja/vikunja/issues/367
2024-12-09 17:42:31 +01:00
graves501 ed5474a28a fix(typo): Simpl -> Simple -> GetProjectsMapSimpleByTaskIDs (#2906)
Fix typo -> GetProjectSimplByTaskID -> GetProjectSimpleByTaskID

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2906
Co-authored-by: graves501 <graves501@protonmail.com>
Co-committed-by: graves501 <graves501@protonmail.com>
2024-12-09 13:55:16 +00:00
kolaente 8d8406df05
fix: task overdue at the same time as the notification
If a task is overdue at the same time the notification is sent, it would contain a message like "overdue since" without a time. This now shows "overdue now" instead.
2024-12-03 08:33:16 +01:00
kolaente 8732837596
chore: simplify sentry code 2024-11-22 12:05:02 +01:00
kolaente 3659b7b58d
fix(attachments): check permissions when accessing all attachments 2024-11-21 15:42:53 +01:00
kolaente bbbd936868
fix(saved filters): check permissions when accessing tasks of a filter 2024-11-21 15:42:26 +01:00
ScribblerCoder a5cc5e3783 Add healthcheck command (#2856)
Currently vikunja has a `/health` endpoint that was added in https://kolaente.dev/vikunja/vikunja/pulls/998. Docker/compose cannot utilize this feature since vikunja's docker image doesn't have curl/wget as it is pruned which is great for the image size. This PR adds a `healthcheck` command that send an http request to `/health` and exits with 0 or non-zero depending on the result.
It also adds a `HEALTHCHECK` to the docker image which calls this automatically.

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2856
Reviewed-by: konrad <k@knt.li>
Co-authored-by: ScribblerCoder <omar2001.oh@gmail.com>
Co-committed-by: ScribblerCoder <omar2001.oh@gmail.com>
2024-11-20 18:04:55 +00:00
kolaente f2eac4623d
fix(filters): do not crash when paginating bucket with empty filter
Resolves https://community.vikunja.io/t/error-in-kanban-view-of-virtual-project-saved-filter/2876/7
2024-11-19 19:32:09 +01:00
kolaente 0b9fd2c485
fix(project): correctly set done bucket after duplicating project
Resolves https://community.vikunja.io/t/duplicating-projects-with-a-kanband-done-bucket-is-broken/2979
2024-11-19 19:23:08 +01:00
Frederick [Bot] 940b450a56 [skip ci] Updated swagger docs 2024-11-19 16:44:45 +00:00
kolaente d616bab76d fix(views): enable search in bucket filters 2024-11-19 16:27:22 +00:00
kolaente 624907ad6a fix: make search in saved filter work 2024-11-19 16:27:22 +00:00
Maximilian Bosch 3bafaa7101 fix(tasks): also delete corresponding task positions (#2840)
Closes [#348](https://github.com/go-vikunja/vikunja/issues/348)

When moving a project, the old task bucket entries (project, saved
filters) will be removed, but not the corresponding position. This has
the effect that the saved_filter event hook UpdateTaskInSavedFilterViews
wrongly assumes that the task doesn't need to be re-added to the saved
filter since the position part still exists.

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2840
Co-authored-by: Maximilian Bosch <maximilian@mbosch.me>
Co-committed-by: Maximilian Bosch <maximilian@mbosch.me>
2024-11-18 16:02:05 +00:00
kolaente b8c4e0a91e
fix(openid): log error when config is still using array value 2024-11-18 12:16:38 +01:00
kolaente feb6b708e3
fix(tasks): prefix created and updated columns when sorting by them
Resolves https://github.com/go-vikunja/vikunja/issues/350
2024-11-18 12:07:29 +01:00
kolaente bd3eab8c34
fix(filters): validate filter expression when creating or updating filter
Resolves https://github.com/go-vikunja/vikunja/issues/354
2024-11-18 11:02:21 +01:00
kolaente 1db1333d8a
chore(config): append .file to config values when reading 2024-11-18 10:35:02 +01:00
kolaente 05349ddb5c
feat!: config for auth providers now use a map instead of an array
The config values for openid providers now use a map with the provider as key instead of an array. For example before:

auth:
  openid:
    providers:
      - name: foo
        clientid: ...

now becomes:

auth:
  openid:
    providers:
      foo:
        clientid: ...

This allows us to read values for openid providers from files using the same syntax as everywhere and makes the configuration more predictable. It also allows configuring providers through env variables, though it is still required to set at least one value via the config file because Vikunja won't discover the provider otherwise.
2024-11-18 10:34:30 +01:00
kolaente 3479fa1228
feat(config): only read file sub-keys from files
This removes reading config values from _file and instead only reads from file sub keys. This should make it easier to not accidentally specify the same value twice.
The syntax via env does not change, but via a config file this:

database:
  password_file: foo

becomes

database:
  password:
    file: foo
2024-11-18 08:52:21 +01:00
kolaente c7914bc245
feat: load any config value from file
This change allows to read any config value from a file, when the path to that file is specified in the config with the target config value suffixed with _file. This works with environment variables as well.
For example, setting database.password_file=/path/to/password will load the value from /path/to/password and set it as the config value of database.password.

Resolves https://kolaente.dev/vikunja/vikunja/issues/704
Resolves https://kolaente.dev/vikunja/vikunja/pulls/1621
2024-11-04 16:47:39 +01:00
kolaente 4556cfb057
fix(attachments): return error message when attachment upload is not multipart form request
Resolves https://vikunja.sentry.io/issues/6041469388/
2024-11-04 12:26:53 +01:00
kolaente 3f62c013ba
fix(typesense): fetch task comments without permission check
Fetching the task comments during indexing would always check the permissions - in the specific case of indexing comments into Typesense, this will always return true, because we're checking with the owner of the project. Because this is a rather expensive operation, it is even more unnecessary.
2024-11-02 18:42:12 +01:00
kolaente e393cfdfd7
fix(views): delete task buckets and task positions as well when deleting a view 2024-10-31 19:22:51 +01:00
kolaente 1fac81c8de
feat(cli): add cli command to delete orphan task positions 2024-10-31 19:19:56 +01:00
kolaente d03f9c7b73
fix(positions): directly look in the database to fetch tasks when recalculating their position 2024-10-31 19:02:15 +01:00
kolaente d7eff8e43b
feat(positions): add more debug logs 2024-10-31 18:46:09 +01:00
kolaente 7f5f5a4b8d
fix(events): do not crash filter event handler when triggered by a link share user
Resolves https://vikunja.sentry.io/issues/6030883119/events/4013802889b64b6b9d868e7c83ba4eb5/
2024-10-30 14:49:33 +01:00
kolaente d081cf80fc
chore(caldav): refactor fetching projects 2024-10-30 08:37:27 +01:00
kolaente b9366ca9e3
fix(filter): use correct syntax for not in query in typesense
Related to https://github.com/typesense/typesense/issues/2038
2024-10-29 17:23:16 +01:00
kolaente 57c6f2cd10
feat(filters): add "not in" operator for filters
Resolves https://community.vikunja.io/t/feature-requests-regarding-view-ordering-project-reference-in-kanban-and-a-notin-operator/2728
2024-10-29 12:03:16 +01:00
kolaente 412a8ef654
chore(projects): only pass users to checks 2024-10-29 09:11:06 +01:00
kolaente 816da6bc50
fix(projects): check with the current user if they have access to the project 2024-10-29 08:40:14 +01:00
kolaente dace07efda
fix(projects): return 0 if no parent project exists 2024-10-29 08:25:20 +01:00
kolaente fa032a889f
fix(filters): do not crash when a filter is invalid
Resolves https://vikunja.sentry.io/issues/6025547266/events/a62beaa09caf482ba238b18f363956df
2024-10-28 16:16:48 +01:00
kolaente e30374a28c
fix(projects): only add conditions to query when they are non-empty 2024-10-28 16:09:31 +01:00
kolaente b013b294e2
fix(projects): remove unnecessary join
The removal of the unnecessary join condition speeds up the query 10x. Before, it would take ~700ms on Vikunja Cloud. With this removal, the otherwise same query now takes ~70ms (which still leaves plenty of room for improvements, but it's already a great step forwards).
2024-10-28 15:58:07 +01:00
kolaente acdb45a92c
fix: lint 2024-10-28 14:04:54 +01:00
kolaente 29107e9865
fix: error message check on mysql 2024-10-28 13:50:12 +01:00
kolaente a70c472aa3
fix: create missing indexes on postgres 2024-10-28 13:25:38 +01:00
kolaente e1893ff573
chore: cleanup 2024-10-28 12:44:54 +01:00
kolaente 106a1c7864
fix(events): report async errors via Sentry 2024-10-28 12:44:26 +01:00
kolaente 7055d7341c
feat(sharing): add config so that users only find members of their teams
This adds a feature where you can enable users to only find members of teams they're part of. This makes the user search when sharing projects less confusing, because users only see other users they already know.
It is still possible to add users to teams with their email address, if they have that enabled in the user settings.
2024-10-28 11:08:06 +01:00
John Doe 28d5cd7b28 feat: allow setting schema for connection in postgres (#2777)
This PR introduce a new config for database, `database.schema`, allowing user to specify a specific schema to use for their postgres database connection. As the default value is set, it will be backward compatible.

Related discussion: https://community.vikunja.io/t/postgres-database-has-error-pq-relation-tasks-does-not-exist/1333

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2777
Co-authored-by: John Doe <hugosum.dev@protonmail.com>
Co-committed-by: John Doe <hugosum.dev@protonmail.com>
2024-10-26 16:06:47 +00:00
kolaente b5cbe99b0a
fix(cmd): report error when the connection to the mail server failed
When running the testmail command, Vikunja would not stop if it wasn't able to connect to the mail server. This was a regression from 950de7c954.
This change fixes that problem.

Resolves https://kolaente.dev/vikunja/vikunja/issues/2767
2024-10-25 19:23:39 +02:00
Sterad d784e98f8c feat(cmd): Allow to specify custom filename for dump command (#2775)
This simplifies automated postprocessing of the backup file.

Co-authored-by: Maarten <mail@mgrothus.de>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2775
Co-authored-by: Sterad <hgasuser@gmail.com>
Co-committed-by: Sterad <hgasuser@gmail.com>
2024-10-25 12:37:17 +00:00
Sterad 1f76a8bb64 feat: preferably award admin access to project users with write access on user deletion (#2772)
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2772
Co-authored-by: Sterad <hgasuser@gmail.com>
Co-committed-by: Sterad <hgasuser@gmail.com>
2024-10-24 20:42:38 +00:00
kolaente 3ad5797307
fix: do not prefix tasks all the time
Fixes a regression from 29b9001078
2024-10-21 10:32:14 +02:00
kolaente 29b9001078
feat(filters): allow filtering by created and updated task fields
Resolves https://kolaente.dev/vikunja/vikunja/issues/2768
2024-10-18 15:15:19 +02:00
Frederick [Bot] 5eebfb3371 [skip ci] Updated swagger docs 2024-10-15 10:42:30 +00:00
kolaente d50572c544
fix(project): permission query on mysql 2024-10-15 12:16:22 +02:00
kolaente 302424b047
fix: lint 2024-10-15 11:57:49 +02:00
kolaente cda8155de4
fix(projects): correctly check inherited permissions 2024-10-15 11:56:51 +02:00
kolaente 92b90013ab
feat(projects): optionally return max right when querying all projects
This change introduces an expand query parameter which, when provided, allows to return all projects with the max right the current user has on that project. This allows to show and hide appropriate buttons in the frontend.

Resolves https://github.com/go-vikunja/vikunja/issues/334
2024-10-13 19:22:09 +02:00
kolaente 3e9c41cfc6
fix(api): allow api tokens to retrieve the user who created the token
Resolves https://kolaente.dev/vikunja/vikunja/issues/2644
2024-10-13 16:02:53 +02:00
kolaente a88124cfce
feat: make used bcrypt rounds configurable
This allows to configure the used bcrypt rounds and set it to 4 in tests, greatly speeding up the tests. It's not really required to set this to another value but it might be in the future as computers get faster.
2024-10-13 15:38:04 +02:00
kolaente 9219f7032e
fix: error reporting 2024-10-11 08:54:50 +02:00
kolaente 35a463c984
fix(filters): prevent position and bucket ID overriding position of existing tasks
This fixes a bug where the task position in a task was updated and immediately overridden by the update event handler.

Resolves https://community.vikunja.io/t/not-able-to-move-task-between-buckets-within-a-kanban-view-for-saved-filter/2882
2024-10-10 16:05:31 +02:00
kolaente 8ab387396d
fix: do not try to reindex tasks into typesense when it is not set up 2024-10-10 16:01:17 +02:00
kolaente d81f2db6ef
chore: replace all uses of bucket_id with the const 2024-10-02 10:43:51 +02:00
kolaente 425f6378c6
fix(kanban): make loading tasks for a bucket work
This fixes two closely-related bugs:
1. When loading tasks from a bucket of a saved filter, the saved filter query would override the user-supplied filter, which would cause to only tasks matching the saved filter query to be returned.
2. When a filter query for a bucket was specified, the function would only check if one of the top level filters was a filter for tasks in a specific bucket. That means a filter like "bucket_id = 42 && labels = foo" would return the expected result, while a filter like "labels = foo && (bucket_id = 42 && priority = 1)" would fail with an error 500 because the task_buckets table was not joined to the sql query. The fix from the first bug caused such filter queries.
2024-10-02 10:41:38 +02:00
kolaente 80d22d5060
fix(colors): truncate longer hex color values
Resolves https://vikunja.sentry.io/share/issue/6f1e37d4b8b248188e20650234a45cde/
2024-09-30 20:06:10 +02:00
kolaente 1eaeb8d003
fix(filters): change assertion based on the environment 2024-09-30 19:54:00 +02:00
kolaente 8d05b5cb01
fix(filters): return more details when the provided filter time zone is invalid 2024-09-30 08:42:16 +02:00
kolaente 754d56ca82
fix(filters): increase year value when using mysql and year < 1
Mysql cannot handle year values < 1. That means filtering for a date value like 0000-01-01 won't work with mysql. Additionally, dates like 0001-01-01 could under some circumstances not work either when the date in combination with the time zone would resolve to something like 0000-12-31 - for example when the server is located (and configured) in UTC, but the user running the query is in New York. This could be observed by setting the time zone manually using the filter_timezone query parameter.

Resolves https://vikunja.sentry.io/share/issue/42bce92c15354c109eb1e6488b6a542b/
Resolves https://vikunja.sentry.io/share/issue/ef81451b0c7b43f1bff2d3a86ba393bb/
2024-09-30 08:41:24 +02:00
kolaente d22bc79d3c
chore(tasks): add more details to error message
Trying to debug https://vikunja.sentry.io/share/issue/ef81451b0c7b43f1bff2d3a86ba393bb/
2024-09-29 21:44:28 +02:00
kolaente 1fe5e9cc55
chore(tasks): add more details to error message
Trying to debug https://vikunja.sentry.io/share/issue/ef81451b0c7b43f1bff2d3a86ba393bb/
2024-09-29 21:05:55 +02:00
kolaente 5478acfc09
fix(files): configure the files path in files init instead of globally
This fixes a regression introduced in daa7ad053c where the root path would be included twice in the file path, leading to retrieval issues.
2024-09-29 19:04:25 +02:00
kolaente 287d4f7de2
fix(filters): make sure year is always at least 1
Resolves https://vikunja.sentry.io/share/issue/ef81451b0c7b43f1bff2d3a86ba393bb/
Resolves https://github.com/go-vikunja/app/issues/94#issuecomment-2351818484
2024-09-29 18:56:46 +02:00
kolaente daa7ad053c
feat: auto tls
This commit introduces the automatic retrieval of TLS certificates from Let's Encrypt. If the feature is enabled, Vikunja will automagically request a certificate from Let's Encrypt and configure it to server content via TLS.
2024-09-29 18:20:30 +02:00
kolaente ca967782e8
fix(filters): explicitly search in json when using postgres
Resolves https://github.com/go-vikunja/vikunja/issues/330
Resolves https://community.vikunja.io/t/add-task-to-filter-view-cron-error-fetching-filters-pq-operator-does-not-exist-json-unknown/2831
2024-09-29 11:39:44 +02:00
jd 84dbc5fd84 fix: partial fix to allow list tasks in ios reminders app (#2717)
This PR introduces a partial fix for the CalDAV task listing bug (#753) when handling PROPFIND requests with `Depth: 1`, improving task visibility in the iOS Reminders app.

Notes:
* This might make Thunderbird somewhat usable when interacting with tasks using the `/dav/projects/{id} url`.
* This does not fully resolve the issue where the Reminders app will only display the last project after some time when adding the URL.

This is my first time working with Golang and CalDAV, so I’d really appreciate any feedback or suggestions on the code structure, style, or any improvements I could make.

Co-authored-by: JD <43763092+jdw1023@users.noreply.github.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2717
Reviewed-by: konrad <k@knt.li>
Co-authored-by: jd <jd@noreply.kolaente.dev>
Co-committed-by: jd <jd@noreply.kolaente.dev>
2024-09-28 09:06:32 +00:00
kolaente 261c6e6c9e
fix(files): only use service rootpath for files when the files path is not absolute
Resolves https://community.vikunja.io/t/images-failing-to-load-500-internal-server-error/2835
2024-09-23 14:41:00 +02:00
kolaente 207b88a286
fix(typesense): use typesense bulk insert, log all errors 2024-09-20 10:20:18 +02:00
kolaente 50a0674835
fix(typesense): force position to always be float instead of auto-inferring
This fixes an issue where it would be impossible to update a task in Typesense when the position for a view of it was previously saved as int64. This happened because the field is created per view on demand and its type is automatically inferred from the data saved. Now, when the first value for a particular position field is a float which could as well be an int (for example, 42.0), that field gets created as an int64 instead of float. Subsequent tries to save a float into that field will then fail.

Additionally, errors about this are silently discarded when using bulk insert. That's why the problem was not really debuggable at first.
2024-09-20 10:13:05 +02:00
kolaente 8181829c9e
fix(typesense): index tasks one by one 2024-09-20 09:18:57 +02:00
kolaente 83aeb90376
chore(logging): simplify log template string 2024-09-20 08:42:22 +02:00
kolaente e4584109df
chore(typesense): add more debug logging 2024-09-20 08:42:21 +02:00
kolaente 3f1d0f390b
fix(typesense): use emplace instead of upsert to update documents 2024-09-20 07:54:23 +02:00
kolaente edf206aba6
fix(typesense): make sure task positions are recreated properly when updating them
Related https://community.vikunja.io/t/version-0-24-0-internal-server-error-breaking-change/2558
Related https://github.com/go-vikunja/vikunja/issues/317
2024-09-19 15:57:18 +02:00
kolaente 9e39ef9397
fix(typesense): add new tasks to typesense properly
Maybe related to https://github.com/go-vikunja/vikunja/issues/317
2024-09-19 15:30:14 +02:00
kolaente c54181eeda
fix(deps): update module github.com/typesense/typesense-go to v2 2024-09-19 15:30:13 +02:00
kolaente b3bf92b7ce
fix(typesense): only fail silently when a project was not found during indexing 2024-09-19 15:30:13 +02:00
kolaente cd0ab54d57
fix(views): add migration for filtered kanban buckets 2024-09-19 13:23:23 +02:00
kolaente 4b2b8e3b83
chore: rearrange cron registers 2024-09-19 11:24:43 +02:00
kolaente bc52da4029
fix(filter): make sure tasks are in a correct bucket and position when they are part of a date filter
Whenever a task is part of a date filter, it might fall in or out of a filter bucket without anything changing, other than the current time. For example, a filter condition like due_date > now may include different tasks depending on the current time.
For these kinds of tasks to properly show up in the kanban view of a filter, there has to be an entry in the task_buckets table. These entries only got updated when either a task was updated or the filter itself was updated. To account for th changing of time, we also need to check periodically if tasks are now part or not anymore part of that filter.
This change adds a cron task to do precisely that.
We'll have to see if this works resource-wise, but the cron is not the only one doing a bunch of sql queries so it might be fine after all.

Resolves https://community.vikunja.io/t/tasks-in-saved-filter-appear-in-list-view-but-are-not-visible-in-kanban-view/2800
2024-09-19 11:19:48 +02:00
kolaente 2123da49a3
fix(task): cleanup old task positions and task buckets when adding an updated or created task to filter 2024-09-19 09:30:21 +02:00
kolaente c53a761396
fix(task): add task to filter view after it was updated
Maybe resolves https://community.vikunja.io/t/tasks-in-saved-filter-appear-in-list-view-but-are-not-visible-in-kanban-view/2800
2024-09-19 09:30:20 +02:00
kolaente c84b50b3ee
fix(labels): trigger task updated for bulk label task update 2024-09-19 08:59:34 +02:00
kolaente c252c8f0cd
fix: reset id before creating 2024-09-17 10:46:14 +02:00
kolaente 6f27e1401a
fix(user): do not create user with existing id
Resolves https://vikunja.sentry.io/share/issue/6f1e37d4b8b248188e20650234a45cde/
2024-09-14 12:16:05 +02:00
kolaente 1451f6e46f
fix(kanban): correctly paginate filtered kanban buckets
Resolves https://github.com/go-vikunja/vikunja/issues/314
2024-09-14 09:37:21 +02:00
kolaente 45ff5907e6
fix(view): correctly resolve bucket filter when paginating 2024-09-13 19:45:48 +02:00
kolaente 1a8f12ac13
fix(kanban): do not mark first bucked as done bucket in filter bucket mode
Resolves https://github.com/go-vikunja/vikunja/issues/313
2024-09-13 11:52:44 +02:00
Frederick [Bot] 9dd95101f9 [skip ci] Updated swagger docs 2024-09-12 08:42:38 +00:00
kolaente 20724f6fb5
fix(task): cyclomatic complexity 2024-09-12 10:24:16 +02:00
kolaente 8d730543c3
fix(project): reset id before creating
Resolves https://vikunja.sentry.io/share/issue/6f1e37d4b8b248188e20650234a45cde/
2024-09-11 23:46:13 +02:00
kolaente 55dd7d2981
fix(task): specify task index when creating multiple tasks at once
This change allows to specify the task index when creating a task, which will then be checked to avoid duplicates and used. This allows us to calculate the indexes for all tasks beforehand when creating them at once using quick add magic.
The method is not bulletproof, but already fixes a problem where multiple tasks would have the same index when created that way.

Resolves https://community.vikunja.io/t/add-multiple-tasks-at-once/333/16
2024-09-11 17:58:42 +02:00
kolaente 44a43b9f86
fix(auth): restrict max password length to 72 bytes
Bcrypt allows a maximum of 72 bytes. This is part of the algorithm and not something we could change in Vikunja. The solution here was to restrict the password during registration to a max length of 72 bytes. In the future, this should be changed to hash passwords with sha512 or similar before hashing them with bcrypt. Because they should also be salted in that case and the added complexity during the migration phase, this was not implemented yet.
The change in this commit only improves the error handling to return an input error instead of a server error when the user enters a password > 72 bytes.

Resolves https://vikunja.sentry.io/share/issue/e8e0b64612d84504942feee002ac498a/
2024-09-10 18:23:06 +02:00
kolaente 1085a6583b
fix(caldav): reject invalid project id with error 400
Resolves https://vikunja.sentry.io/share/issue/6fc18edefa0e4db3b2e10efe36deeaa4/
2024-09-10 17:32:35 +02:00
kolaente e698ac5a34
fix(label): ignore existing ID during creation 2024-09-10 16:45:40 +02:00
Frederick [Bot] 2539f15dfb [skip ci] Updated swagger docs 2024-09-07 11:48:49 +00:00
kolaente 5c1b2846a1
docs(api): use correct return type for the /user endpoint 2024-09-07 13:27:06 +02:00
Frederick [Bot] 2b8515b91d [skip ci] Updated swagger docs 2024-09-06 11:18:51 +00:00
kolaente 68636f27da
fix(files): use absolute path everywhere 2024-09-06 12:59:48 +02:00
kolaente cf94cc8cab
chore(docs): clarify usage of related model creation
Resolves https://github.com/go-vikunja/vikunja/issues/323
2024-09-06 12:06:12 +02:00
kolaente 02c1de55c4
chore(attachments): refactor building image preview 2024-09-06 09:43:59 +02:00
kolaente 9d7b6d3d9a
feat(dump): add flag to allow specifying dump path
Resolves https://community.vikunja.io/t/vikunja-0-24-docker-bin-sh/2621/3
2024-09-05 15:14:03 +02:00
kolaente c2b116de70
chore(files): use absolute file path to retrieve and save files 2024-09-05 15:03:32 +02:00
kolaente ffcc48ec87
fix(caldav): make sure colors are correctly saved and returned
Resolves https://community.vikunja.io/t/caldav-sync-tasks-org-strips-colour-and-end-date-values/2753/2
2024-09-04 23:08:29 +02:00
Frederick [Bot] 5aa0b6a0cf [skip ci] Updated swagger docs 2024-09-04 20:43:53 +00:00
kolaente b60efbd259
chore(subscription): return subscription entity type using json Marshaler 2024-09-04 22:25:03 +02:00
kolaente 34ac29fcce
fix(reminders): notify subscribed users as well
Resolves https://community.vikunja.io/t/no-reminder-notification-by-e-mail-from-my-colleague/2779
2024-09-04 22:11:07 +02:00
kolaente 75f3e930cd
fix(subscriptions): do not panic when a task does not have a subscription 2024-09-04 21:55:14 +02:00
kolaente 4ff8815fe1
fix(subscriptions): cleanup and simplify fetching subscribers for tasks and projects logic
Vikunja now uses one recursive CTE and a few optimizations to fetch all subscribers for a task or project. This makes the relevant code easier to maintain and more performant.
2024-09-04 19:55:17 +02:00
kolaente 115d1c3618
fix(subscription): always return task subscription when subscribed to task and project 2024-09-03 22:37:53 +02:00
kolaente 06305eb6b3
fix(subscriptions): correctly inherit subscriptions
Resolves https://community.vikunja.io/t/e-mail-notification-twice/2740/20
2024-09-03 22:04:11 +02:00
kolaente 2c9becec10
fix(notifications): only add project subscription as task subscription when the user is not already subscribed to the task
Before this fix, a project subscription object was added twice to the list of subscriptions for a task when the user did not subscribe to the task directly. This caused the user to receive a comment notification twice for a given task.
This was probably a regression from efde364224.

Resolves https://community.vikunja.io/t/e-mail-notification-twice/2740/18
2024-09-02 23:36:58 +02:00
kolaente 5c56d07215
chore(web): always set internal error 2024-09-01 19:37:27 +02:00
kolaente 6fb314b326
chore(web): use logger directly 2024-09-01 19:37:27 +02:00
kolaente 9b01666ec6
chore(web): use web auth factory directly 2024-09-01 19:37:27 +02:00
kolaente bcfd72c645
chore(web): use config directly 2024-08-29 18:41:20 +02:00
kolaente 499f66b7ae
chore(web): directly use new db session 2024-08-29 16:31:46 +02:00
kolaente 8e37d5cb76
chore(web): remove redundant use of fmt.Sprintf 2024-08-29 16:28:37 +02:00
kolaente 57ba073874
chore(web): use errors.As instead of type assertion 2024-08-29 16:28:16 +02:00
kolaente 329de3aab3
chore(web): remove unused echo context 2024-08-29 16:20:39 +02:00
kolaente 74a74b7ec7
fix(labels): test error assertion 2024-08-29 16:16:41 +02:00
kolaente 2063da9eec
chore(web): move web handler package to Vikunja 2024-08-29 16:15:28 +02:00
kolaente 7a7e97770c
chore(errors): always add internal error to echo error 2024-08-29 15:39:34 +02:00
kolaente bea131cfd9
fix(labels): trigger task.updated event when removing a label from a task 2024-08-29 15:19:06 +02:00
kolaente 5a0d1f1dc6
feat(event): simplify dispatching task updated event from only a task id 2024-08-29 15:18:03 +02:00
kolaente efde364224
fix(subscriptions): ignore task subscription when the user is subscribed to the project
Resolves https://community.vikunja.io/t/e-mail-notification-twice/2740/12
Resolves https://github.com/go-vikunja/vikunja/issues/316
2024-08-29 10:35:05 +02:00
kolaente fde1763eef
fix(api): return 404 response when using a token and the route does not exist 2024-08-29 10:12:20 +02:00
kolaente 429c7ca2c1
feat(task): always insert new tasks at the top
Resolves https://community.vikunja.io/t/kanban-cards-in-wrong-order/2731
2024-08-28 15:30:40 +02:00
kolaente bf56311faa
fix(task): set done at date when moving a task to the done bucket
Resolves https://github.com/go-vikunja/vikunja/issues/320
2024-08-28 14:21:31 +02:00
kolaente 8bfd0493b2 fix(deps): update golangci 2024-08-25 14:30:46 +00:00
kolaente ebfd5f54d2
fix(migration): ensure project background gets exported and imported 2024-08-12 17:18:07 +02:00
kolaente 28b4eaee31
fix(migration): make sure tasks are associated to the correct view and bucket for data imported from Vikunja dump
This change fixes a bug where imported projects would contain the default views additionally to the ones included in the export. This also caused the tasks to not show up in the views and buckets where they should show up, the newly imported ones.

Resolves https://community.vikunja.io/t/migration-from-vikunja-export-duplicated-boards-local-to-oidc/2690
2024-08-12 17:00:16 +02:00
kolaente b83448b7a6
fix(views): do not create task bucket and task position entries when duplicating a project
Resolves https://github.com/go-vikunja/vikunja/issues/297
Resolves https://community.vikunja.io/t/duplicating-a-board-puts-the-buckets-in-the-original-board/2579
2024-08-12 15:53:51 +02:00
kolaente eed783e42f
fix(task): move task into new kanban bucket when moving between projects
Resolves https://github.com/go-vikunja/vikunja/issues/290
Resolves https://community.vikunja.io/t/tasks-moved-from-one-project-to-another-do-not-show-up-in-kanban/2689
2024-08-12 15:35:37 +02:00
kolaente 40bb86bee5
fix(mail): do not fail testmail command when the connection could not be closed.
Resolves https://github.com/go-vikunja/vikunja/issues/300
2024-08-12 11:08:16 +02:00
Dominik Pschenitschni bc5fd380e5 chore: improve error message 2024-07-21 11:03:20 +00:00
Frederick [Bot] 0984821b41 [skip ci] Updated swagger docs 2024-07-19 10:01:46 +00:00
Elscrux 75ce261f74 feat: downscaled image previews for task attachments (#2541)
As discussed in [https://community.vikunja.io/t/add-scaled-down-images-for-image-previews](https://community.vikunja.io/t/add-scaled-down-images-for-image-previews) this adds a query parameter in the task attachment request which returns a scaled down image for preview purposes to reduce network load and improve responsiveness.

Co-authored-by: Elscrux <nickposer2102@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2541
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Elscrux <elscrux@gmail.com>
Co-committed-by: Elscrux <elscrux@gmail.com>
2024-07-19 09:30:06 +00:00
kolaente ef0bf3156e
fix(project): do not use project id of nil project in error 2024-07-18 16:39:30 +02:00
kolaente bea81f83f7
fix(filters): only insert task buckets and positions when there are any 2024-07-18 15:38:29 +02:00
kolaente 12474e5be6
fix(kanban): make sure tasks which changed their done status are moved around in buckets
This fixes a bug where tasks which had their done status changed were not moved in the correct bucket. This affected both frontend and api. The move of the task between buckets is now correctly done in the api and frontend - with a bit of duplicated logic between the two. This could be optimized further in the future.

Resolves https://kolaente.dev/vikunja/vikunja/issues/2610
2024-07-18 12:39:29 +02:00
kolaente f8fb9d7407
fix(filters): add tasks to filter buckets when updating the filter 2024-07-17 12:57:52 +02:00
kolaente 5cc420b289
fix(filters): add task to buckets of saved filters when creating the task 2024-07-17 12:57:51 +02:00
kolaente 744b40e7f7
fix: missing error handling 2024-07-17 11:43:38 +02:00
kolaente 1e42e54db1
fix(projects): do not create buckets in the original project when duplicating a project 2024-07-17 10:24:47 +02:00
kolaente 8a6689f4fa
fix(projects): do not create backlog bucket when duplicating views 2024-07-17 10:24:03 +02:00
kolaente 092a65b025
feat(project): add " - duplicate" suffix to duplicated projects title 2024-07-17 10:23:33 +02:00
kolaente 5e04abaa06
chore(project): rename receiver 2024-07-17 10:23:01 +02:00
kolaente ecdb03aca8
fix(migration): correctly set bucket for related tasks
When creating a related task during the import, migrating would fail because the migration would try to add the task to a bucket before the task was created. This fix changes the order in which that happens to prevent the error.
2024-07-17 10:05:59 +02:00
kolaente 58e492872a
fix(kanban): put task into correct bucket when creating via kanban board 2024-07-17 09:36:33 +02:00
kolaente 8439c9cc1e
fix(migration): failed migration typo 2024-07-15 12:10:29 +02:00
kolaente bb25a3397b
fix(kanban): use correct assertion in the test 2024-07-12 14:21:46 +02:00
kolaente 918c2224d8
fix(kanban): move task to done bucket in all views when moved to done bucket in one view 2024-07-12 13:59:59 +02:00
kolaente 323ecdaab6
fix(kanban): move repeating task back to old bucket when moved to the done bucket 2024-07-12 13:44:45 +02:00
kolaente 51040cf1af
fix(kanban): dispatch task updated event when task position is updated
This fixes a bug where a task would not be indexed in Typesense when its position changed.
2024-07-12 13:31:27 +02:00
kolaente e5e0db1f6a
fix(kanban): dispatch task updated event when task is moved between buckets
This fixes a bug where a task would not be indexed in Typesense when its bucket changed.
2024-07-12 13:29:15 +02:00
kolaente 62412ce29b
fix(kanban): do not move repeating task into a different bucket 2024-07-12 13:19:50 +02:00
kolaente 7c42fb5d75
fix: lint 2024-07-12 11:49:03 +02:00
kolaente 8711f7a935
fix(typesense): do not use modified opts for db fallback search 2024-07-11 12:52:09 +02:00
kolaente 7f27cee6a3
fix(tasks): do not use typesense modified options to search with database 2024-07-11 12:41:40 +02:00
kolaente 5644130f01
fix(filters): do not create a default filter for list view when creating a saved filter
Because a default filter in a filter is highly unexpected, it can lead to these filters cancelling each other out, resulting in confusing behaviour. See https://kolaente.dev/vikunja/vikunja/issues/2547#issuecomment-65180
2024-07-11 12:29:09 +02:00
kolaente 38c30d1eee
fix(filters): trim spaces when parsing filter values
This fixes a bug where values would not be trimmed before parsing them. That resulted in a value like " 2" being invalid, even though it's a perfectly fine number.
Because the frontend sends the filters for projects and other values with comma-separated spaces like "1, 2, 3", this essentially broke filtering by these values.

Resolves https://kolaente.dev/vikunja/vikunja/issues/2547
2024-07-11 12:20:32 +02:00
kolaente 471d0fcd4a
fix(typesense): reindex tasks when their position changed 2024-07-11 12:07:48 +02:00
kolaente 0b424fe95e
fix(typesense): do not crash after creating a project when tasks are not yet indexed
Before this fix, creating a project with Typesense enabled would fail with an error because the tasks it fetches as part of that process do not have the task position property in their index. We now fall back to using the db for searching in that case.

In the long run, we should use typesense joins for the task position to make this more efficient.
2024-07-11 12:07:22 +02:00
kolaente 70615d6843
fix(filter): make sure filter values are properly escaped before executing them
Resolves https://community.vikunja.io/t/filtering-unexpected-character-relative-dates/2544
Resolves https://github.com/go-vikunja/vikunja/issues/286
2024-07-11 11:27:19 +02:00
kolaente 2982acc0ec
fix(tasks): limit to max 250 entries when using typesense
Resolves https://community.vikunja.io/t/typesense-250-hits-limit/2536/8
2024-07-11 10:06:39 +02:00
kolaente 2c6bc7742f
fix(tasks): explicitly add task position to select statement when looking up tasks with Typesense
Resolves https://kolaente.dev/vikunja/vikunja/issues/2546
Resolves https://community.vikunja.io/t/version-0-24-0-internal-server-error-breaking-change/2558/5
2024-07-11 09:28:22 +02:00