vikunja/pkg
kolaente 5f06e1dce5 fix: prevent TOTP passcode reuse within validity window
Store used TOTP passcodes in the keyvalue store after successful
validation. On subsequent validation attempts, check if the passcode
was already used for the same user and reject it with
ErrTOTPPasscodeUsed. This prevents replay attacks where an intercepted
TOTP code could be reused within its 30-second validity window.
2026-03-23 10:34:49 +00:00
..
caldav fix(caldav): parse timestamps in configured timezone 2026-03-03 12:18:48 +01:00
cmd fix(cli): make user deletion confirmation check Windows compatible (#2339) 2026-03-05 15:19:08 +01:00
config style: fix alignment in config key declarations 2026-03-20 11:08:00 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db test: add TOTP fixture and load it in user test bootstrap 2026-03-23 10:34:49 +00:00
doctor refactor: remove typesense support 2026-02-25 12:15:28 +01:00
e2etests test(webhooks): allow non-routable IPs in E2E tests 2026-03-19 15:18:06 +01:00
events feat: add InitEventsForTesting and Unfake for real event dispatch in tests 2026-03-05 12:49:27 +01:00
files refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-03-21 01:09:32 +00:00
initialize refactor: remove typesense support 2026-02-25 12:15:28 +01:00
log fix(log): write each log category to its own file (#2206) 2026-02-08 15:22:58 +00:00
mail fix(mail): disable queue when mailer disabled (#2069) 2026-01-08 15:51:31 +01:00
metrics fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
migration feat: add user_id to webhooks and user-directed event infrastructure 2026-03-08 19:45:53 +01:00
models test: register totp fixture in test setup 2026-03-20 12:22:27 +00:00
modules refactor: rename checkProjectBackgroundWriteRights to checkProjectBackgroundWritePermissions 2026-03-20 11:41:28 +00:00
notifications test: add tests for conversational email system 2026-03-08 16:03:47 +01:00
plugins fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes fix: reject CalDAV basic auth when TOTP is enabled 2026-03-20 12:22:27 +00:00
swagger [skip ci] Updated swagger docs 2026-03-19 09:26:05 +00:00
user fix: prevent TOTP passcode reuse within validity window 2026-03-23 10:34:49 +00:00
utils refactor(utils): extract ContainsPathTraversal to shared utils package 2026-02-25 13:01:00 +01:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web feat(handlers): dispatch pending events after transaction commit 2026-03-03 12:46:34 +01:00
webtests test: verify CalDAV token auth bypasses TOTP check 2026-03-20 12:22:27 +00:00