Official Vikunja import
Go to file
Tink bot 964fdb71d1 test(veans): cover OAuth callback handler error paths
The e2e suite bypasses the OAuth flow via --token, so the callback
handler's error branches had zero coverage. Eight tests appended to
oauth_test.go drive the handler directly:

- happy path: code+state arrive on the channel; response is HTML
- authz-server error path: ?error=access_denied&error_description=…
  bubbles up as a non-nil err containing the description (not the code)
- only-code fallback: when error_description is missing, the error
  message falls back to the error code
- empty code: handler captures it; waitForCallback's job to reject
- non-GET method: 405 with Allow: GET, nothing pushed to channel
  (defense against forged POST from a same-origin page)
- wrong path: 404, nothing pushed
- HTML-escaping: an error containing <script>…</script> renders as
  &lt;script&gt; — XSS regression guard
- nil-err success page: 200 with 'veans is authorized'

Plus generateState shape coverage (length, charset, uniqueness)
to match the existing TestGeneratePKCE_*.

Sanity-checked the XSS test by deleting the html.EscapeString call —
it fails with raw <script> in the body. Restored.
2026-05-27 08:21:57 +00:00
.claude feat(agents): add migration skill for DB migration safety 2026-04-23 13:33:00 +02:00
.github feat(veans): warn when Chain.Set falls back past a failed backend 2026-05-27 08:21:57 +00:00
.vscode feat(dev): add frontend and api to launch config 2025-06-19 14:54:08 +02:00
.zed fix(dev): zed frontend task 2025-06-26 12:32:04 +02:00
build fix(ci): sign APT Release files manually instead of via reprepro gpgme 2026-04-12 17:32:11 +02:00
contrib feat: improve clean-translations script (#964) 2025-06-16 19:31:41 +00:00
desktop chore(deps): update dev-dependencies 2026-05-26 18:36:03 +00:00
examples/plugins/example feat(plugins): add example plugin 2026-03-30 20:44:46 +00:00
frontend chore(i18n): update translations via Crowdin 2026-05-27 02:31:52 +00:00
pkg chore(i18n): update translations via Crowdin 2026-05-27 02:31:52 +00:00
rest chore: add missing eof newlines (#969) 2025-06-17 09:11:32 +00:00
veans test(veans): cover OAuth callback handler error paths 2026-05-27 08:21:57 +00:00
.devcontainer.json chore(dev): use latest devenv docker container for devcontainer 2025-07-02 20:17:29 +02:00
.dockerignore Revert "feat: improve docker layers (#803)" 2025-05-21 10:18:57 +02:00
.editorconfig chore(dev): insert final newline 2025-05-23 11:56:50 +02:00
.envrc chore: add missing eof newlines (#969) 2025-06-17 09:11:32 +00:00
.gitignore chore: add plans/ directory to .gitignore 2026-03-30 20:12:25 +00:00
.golangci.yml feat(plugins): extract third-party symbols for yaegi 2026-03-30 20:44:46 +00:00
.opensourcefinder-verify chore: add opensourcefinder verification 2026-02-26 17:12:26 +01:00
AGENTS.md docs(agents): add something about duplication [skip ci] 2026-04-23 17:28:38 +02:00
CHANGELOG.md chore: v2.3.0 release preparations 2026-04-09 20:43:40 +02:00
CLAUDE.md docs: add AGENTS.md file with instructions for AI coding agents 2025-06-10 14:23:55 +02:00
CONTRIBUTING.md docs: rewrite CONTRIBUTING.md with setup, workflow, and style guides 2026-03-24 21:33:55 +01:00
CRUSH.md docs: add link for crus coding agent instructions 2025-08-01 16:52:30 +02:00
Dockerfile fix: ensure /tmp is writable by container user in Docker image 2026-03-10 23:20:58 +01:00
LICENSE fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
README.md chore: v2.3.0 release preparations 2026-04-09 20:43:40 +02:00
cliff.toml fix: add \n between scoped and unscoped commits in git cliff config 2024-11-08 11:19:50 +01:00
code-header-template.txt fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
conductor.json chore(dev): add conductor config 2025-12-07 23:02:19 +01:00
config-raw.json feat: always enable bot users 2026-05-04 10:38:53 +00:00
crowdin.yml chore: add missing eof newlines (#969) 2025-06-17 09:11:32 +00:00
devenv.lock chore(dev): update devenv 2026-03-09 00:27:51 +01:00
devenv.nix feat: migrate cypress e2e tests to playwright (#1739) 2025-11-27 16:34:48 +01:00
devenv.yaml feat: switch from nix flakes to devenv 2024-08-12 12:17:31 +02:00
go.mod feat: add Atom feed for user notifications with API token auth (#2758) 2026-05-15 17:25:09 +02:00
go.sum feat: add Atom feed for user notifications with API token auth (#2758) 2026-05-15 17:25:09 +02:00
magefile.go feat(magefile): detect indirect api translation key references 2026-04-23 13:30:51 +02:00
main.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
mise.toml chore: add mise.toml to pin tool versions 2026-05-15 10:56:52 +00:00
nfpm.yaml feat(ci): sign RPM packages with GPG via nfpm 2026-04-14 15:47:31 +02:00
publiccode.yml chore: v2.3.0 release preparations 2026-04-09 20:43:40 +02:00
renovate.json chore(deps): group node and pnpm updates across mise and version files 2026-05-15 10:56:52 +00:00
tsconfig.json fix: correct trailing comma in tsconfig (#970) 2025-06-26 12:30:24 +00:00
vikunja.initd fix(release): use openrc for alpine (#1016) 2025-06-25 10:40:11 +00:00
vikunja.service chore: add missing eof newlines (#969) 2025-06-17 09:11:32 +00:00

README.md

Build Status License: AGPL-3.0-or-later Install Docker Pulls Swagger Docs Go Report Card

Vikunja

The Todo-app to organize your life.

If Vikunja is useful to you, please consider buying me a coffee, sponsoring me on GitHub or buying a sticker pack. I'm also offering a hosted version of Vikunja if you want a hassle-free solution for yourself or your team.

Table of contents

Security Reports

If you find any security-related issues you don't want to disclose publicly, please use the contact information on our website.

Features

See the features page on our website for a more exhaustive list or try it on try.vikunja.io!

Docs

All docs can be found on the Vikunja home page.

Roadmap

See the roadmap (hosted on Vikunja!) for more!

Contributing

Please check out the contribution guidelines on the website.

License

Most of this repository is licensed under AGPL3.0orlater. The contents of desktop/ are licensed under GPL3.0orlater.

Unsplash Images

Background images from Unsplash are distributed under the Unsplash License. The license requires giving credit to the photographer and Unsplash. See Unsplashs terms for more information.