vikunja/pkg
kolaente 7c11c2dc29 feat(api/v2): port refresh-token endpoint to /api/v2
POST /api/v2/user/token/refresh reads the HttpOnly refresh cookie, rotates
the session, mints a new JWT, and sets the new cookie — reusing the shared
auth.RefreshSession core (no v1 change) and the #2912 cookie helpers /
authTokenBody response shape. The cookie is set via the unwrapped echo ctx,
not the OpenAPI spec.

translateDomainError now maps *echo.HTTPError (which RefreshSession returns
for missing/invalid/expired/replayed tokens) so those land as the right
status instead of a 500. Completes the v1→v2 REST migration.
2026-06-17 20:34:38 +00:00
..
audit refactor(events): use a concrete doer on project and team events 2026-06-12 08:56:08 +00:00
caldav fix(caldav): escape user-controlled strings per RFC 5545 in VCALENDAR output 2026-04-09 15:44:04 +00:00
caldavtests fix(caldav): skip tests for known CalDAV bugs and fix timing issues 2026-04-02 11:34:55 +00:00
cmd fix(cli): guard last admin on scheduled CLI deletion path 2026-04-20 18:55:06 +00:00
config feat(config): add audit logging config keys 2026-06-12 08:56:08 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db fix(db): interpolate table identifiers in truncate instead of binding them 2026-06-17 12:13:50 +00:00
doctor feat(auth): enforce OpenID Connect issuer uniqueness across providers 2026-03-30 22:41:50 +00:00
e2etests test(webhook): assert bad webhook is retried in no-duplicate test 2026-04-09 09:26:04 +00:00
events refactor(events): pass context to DispatchPending directly 2026-06-12 08:56:08 +00:00
files docs(api/v2): tag task attachment fields for the v2 schema 2026-06-10 10:22:39 +00:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-05-27 02:31:52 +00:00
initialize feat(audit): wire request-meta middleware and writer initialization 2026-06-12 08:56:08 +00:00
license fix(license): degrade to free when servers unreachable or key rejected 2026-04-20 18:55:06 +00:00
log fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests 2026-04-03 18:30:39 +00:00
mail feat: add Atom feed for user notifications with API token auth (#2758) 2026-05-15 17:25:09 +02:00
metrics refactor(metrics): count entities on demand with a TTL cache 2026-05-30 13:48:01 +00:00
migration feat(time-tracking): add the time_entries table migration 2026-06-08 13:54:09 +00:00
models fix(export): treat a missing export meta row as no export in the status 2026-06-17 18:39:38 +00:00
modules refactor(auth): extract transport-agnostic login, logout and OIDC cores 2026-06-17 19:43:41 +00:00
notifications fix(notifications): strip remote images from notification emails 2026-06-11 06:53:37 +00:00
plugins test(plugins): add yaegi plugin integration tests 2026-03-30 20:44:46 +00:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes feat(api/v2): port refresh-token endpoint to /api/v2 2026-06-17 20:34:38 +00:00
swagger [skip ci] Updated swagger docs 2026-06-17 19:43:01 +00:00
user feat(api/v2): add totp qr code endpoint 2026-06-17 18:39:38 +00:00
utils fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web fix(files): never cache file downloads in v1 or v2 2026-06-17 18:39:38 +00:00
websocket feat(time-tracking): let clients subscribe to timer events 2026-06-08 13:54:09 +00:00
webtests feat(api/v2): port refresh-token endpoint to /api/v2 2026-06-17 20:34:38 +00:00
yaegi_symbols refactor(user): remove the now-empty listeners file 2026-05-30 13:48:01 +00:00