vikunja/pkg
kolaente 75629158cb test(user): cover TOTP lockout persistence and password-reset unlock
Verifies that HandleFailedTOTPAuth locks the account after 10 rolled-back
caller sessions (the regression from GHSA-fgfv-pv97-6cmj), and that the
persisted password reset token can unlock the account via ResetPassword.
2026-04-09 16:08:26 +00:00
..
caldav fix(caldav): escape user-controlled strings per RFC 5545 in VCALENDAR output 2026-04-09 15:44:04 +00:00
caldavtests fix(caldav): skip tests for known CalDAV bugs and fix timing issues 2026-04-02 11:34:55 +00:00
cmd refactor(user): export IsErrUserStatusError for use across packages 2026-03-23 12:06:16 +00:00
config fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db fix(labels): derive label max permission from accessible tasks only 2026-04-09 15:43:04 +00:00
doctor feat(auth): enforce OpenID Connect issuer uniqueness across providers 2026-03-30 22:41:50 +00:00
e2etests test(webhook): assert bad webhook is retried in no-duplicate test 2026-04-09 09:26:04 +00:00
events feat: add InitEventsForTesting and Unfake for real event dispatch in tests 2026-03-05 12:49:27 +01:00
files refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-04-08 01:25:14 +00:00
initialize feat(websocket): add HTTP upgrade handler and /api/v1/ws route 2026-04-02 16:30:23 +00:00
log fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests 2026-04-03 18:30:39 +00:00
mail fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests 2026-04-03 18:30:39 +00:00
metrics fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
migration feat: add OAuth 2.0 authorization code model and migration 2026-03-27 23:05:04 +00:00
models feat(tasks): cap repeat_after at 10 years to harden repeating-task handler 2026-04-09 16:07:48 +00:00
modules fix(notifications): escape markdown in user-controlled strings in email lines 2026-04-09 15:44:04 +00:00
notifications fix(notifications): escape markdown in user-controlled strings in email lines 2026-04-09 15:44:04 +00:00
plugins test(plugins): add yaegi plugin integration tests 2026-03-30 20:44:46 +00:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes fix(security): persist TOTP lockout across login rollback 2026-04-09 16:08:26 +00:00
swagger [skip ci] Updated swagger docs 2026-04-07 15:45:50 +00:00
user test(user): cover TOTP lockout persistence and password-reset unlock 2026-04-09 16:08:26 +00:00
utils fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web feat(handlers): dispatch pending events after transaction commit 2026-03-03 12:46:34 +01:00
websocket feat(websocket): add notification event with XORM AfterInsert dispatch 2026-04-02 16:30:23 +00:00
webtests fix(caldav): enforce URL project match in GetResourcesByList 2026-04-09 16:07:32 +00:00
yaegi_symbols test(plugins): add yaegi plugin integration tests 2026-03-30 20:44:46 +00:00