vikunja/pkg/routes
kolaente 3bc0093686 fix: invalidate all sessions when enabling TOTP
When a user enables two factor authentication, all existing sessions are
now invalidated, requiring re-authentication. This prevents pre-existing
sessions from bypassing 2FA. The frontend now shows a notice explaining
the logout before the user confirms, and properly logs out after enabling.

Ref: GHSA-pgc7-cmvg-mvp4
2026-03-19 12:27:44 +01:00
..
api/v1 fix: invalidate all sessions when enabling TOTP 2026-03-19 12:27:44 +01:00
caldav fix: preserve CalDAV inverse relations when parent has no RELATED-TO (#2389) 2026-03-11 09:40:09 +01:00
api_tokens.go feat: add session-based auth with refresh token rotation 2026-02-25 10:30:25 +01:00
error_handler.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
healthcheck.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
metrics.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
rate_limit.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
routes.go feat: add API routes for user-level webhooks 2026-03-08 19:45:53 +01:00
sentry_middleware.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
static.go fix(routes): restore SPA routing after Echo v5 upgrade 2026-01-25 11:07:48 +01:00
validation.go fix(attachments): extend upload file size to form data (#1577) 2025-09-30 22:23:07 +00:00