UpdateUser must not hand frontend_settings to xorm as a Go value. The
column is declared interface{} with `xorm:"json null"`, and xorm
mishandles both forms a caller might leave there:
- a map[string]any is passed straight to the driver, which rejects it
("unsupported type map[string]interface {}, a map") -- a 500 on every
settings save;
- a []byte (what the old code produced via json.Marshal) is base64
encoded, so the column ended up holding e.g. "bnVsbA==" (base64 of
"null"). Clients that expect an object (the Flutter app) then crash
while decoding a string.
Marshal the value to a JSON string ourselves so xorm stores it verbatim,
and only write the column for forceOverride callers -- the user-settings
endpoints, which are the only callers that set it. Other callers (OIDC
login, avatar upload, ...) leave it out entirely: listing a nil interface
in Cols makes xorm write NULL, which would wipe a user's settings on
every login.
Add migration 20260627101958 to repair rows already double-encoded by the
old code, decoding the base64 back to the original object or to NULL.
Values that do not base64-decode to a JSON null or object are left as-is,
so a legitimate string-valued setting is never rewritten.
|
||
|---|---|---|
| .claude | ||
| .devcontainer | ||
| .github | ||
| .vscode | ||
| .zed | ||
| build | ||
| contrib | ||
| desktop | ||
| examples/plugins/example | ||
| frontend | ||
| pkg | ||
| rest | ||
| veans | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitignore | ||
| .golangci.yml | ||
| .opensourcefinder-verify | ||
| AGENTS.md | ||
| CHANGELOG.md | ||
| CLAUDE.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
| cliff.toml | ||
| code-header-template.txt | ||
| conductor.json | ||
| config-raw.json | ||
| crowdin.yml | ||
| devenv.lock | ||
| devenv.nix | ||
| devenv.yaml | ||
| go.mod | ||
| go.sum | ||
| magefile.go | ||
| main.go | ||
| mise.toml | ||
| nfpm.yaml | ||
| publiccode.yml | ||
| renovate.json | ||
| tsconfig.json | ||
| vikunja.initd | ||
| vikunja.service | ||
README.md
Vikunja
The Todo-app to organize your life.
If Vikunja is useful to you, please consider buying me a coffee, sponsoring me on GitHub or buying a sticker pack. I'm also offering a hosted version of Vikunja if you want a hassle-free solution for yourself or your team.
Table of contents
Security Reports
If you find any security-related issues you don't want to disclose publicly, please use the contact information on our website.
Features
See the features page on our website for a more exhaustive list or try it on try.vikunja.io!
Docs
All docs can be found on the Vikunja home page.
Roadmap
See the roadmap (hosted on Vikunja!) for more!
Contributing
Please check out the contribution guidelines on the website.
License
Most of this repository is licensed under AGPL‑3.0‑or‑later.
The contents of desktop/ are licensed under
GPL‑3.0‑or‑later.
Unsplash Images
Background images from Unsplash are distributed under the Unsplash License. The license requires giving credit to the photographer and Unsplash. See Unsplash’s terms for more information.