feat(docs): add relase checklist

Reviewed-on: vikunja/api#1301
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>

.dockerignore

@@ -0,0 +1,6 @@
+files/
+Dockerfile
+docker-manifest.tmpl
+docker-manifest-unstable.tmpl
+*.db
+*.zip

.drone.yml

@@ -1,3 +1,4 @@
+---
 kind: pipeline
 name: testing
 
@@ -5,37 +6,91 @@ workspace:
   base: /go
   path: src/code.vikunja.io/api
 
+volumes:
+  - name: tmp-sqlite-unit
+    temp:
+      medium: memory
+  - name: tmp-sqlite-integration
+    temp:
+      medium: memory
+  - name: tmp-sqlite-migration
+    temp:
+      medium: memory
+  - name: tmp-mysql-unit
+    temp:
+      medium: memory
+  - name: tmp-mysql-integration
+    temp:
+      medium: memory
+  - name: tmp-mysql-migration
+    temp:
+      medium: memory
+  - name: tmp-postgres-unit
+    temp:
+      medium: memory
+  - name: tmp-postgres-integration
+    temp:
+      medium: memory
+  - name: tmp-postgres-migration
+    temp:
+      medium: memory
+      
+
 services:
   - name: test-mysql-unit
     image: mariadb:10
     environment:
       MYSQL_ROOT_PASSWORD: vikunjatest
       MYSQL_DATABASE: vikunjatest
+    volumes:
+      - name: tmp-mysql-unit
+        path: /var/lib/mysql
   - name: test-mysql-integration
     image: mariadb:10
     environment:
       MYSQL_ROOT_PASSWORD: vikunjatest
       MYSQL_DATABASE: vikunjatest
+    volumes:
+      - name: tmp-mysql-integration
+        path: /var/lib/mysql
   - name: test-mysql-migration
     image: mariadb:10
     environment:
       MYSQL_ROOT_PASSWORD: vikunjatest
       MYSQL_DATABASE: vikunjatest
+    volumes:
+      - name: tmp-mysql-migration
+        path: /var/lib/mysql
   - name: test-postgres-unit
-    image: postgres:12
+    image: postgres:14
     environment:
       POSTGRES_PASSWORD: vikunjatest
       POSTGRES_DB: vikunjatest
+    volumes:
+      - name: tmp-postgres-unit
+        path: /var/lib/postgresql/data
+    commands:
+      - docker-entrypoint.sh -c fsync=off -c full_page_writes=off # turns of wal
   - name: test-postgres-integration
-    image: postgres:12
+    image: postgres:14
     environment:
       POSTGRES_PASSWORD: vikunjatest
       POSTGRES_DB: vikunjatest
+    volumes:
+      - name: tmp-postgres-integration
+        path: /var/lib/postgresql/data
+    commands:
+      - docker-entrypoint.sh -c fsync=off -c full_page_writes=off # turns of wal
   - name: test-postgres-migration
-    image: postgres:12
+    image: postgres:14
     environment:
       POSTGRES_PASSWORD: vikunjatest
       POSTGRES_DB: vikunjatest
+    volumes:
+      - name: tmp-postgres-migration
+        path: /var/lib/postgresql/data
+    commands:
+      - docker-entrypoint.sh -c fsync=off -c full_page_writes=off # turns of wal
 
 trigger:
   branch:
@@ -77,13 +132,15 @@ steps:
       event: [ push, tag, pull_request ]
 
   - name: lint
-    image: vikunja/golang-build:latest
+    image: golang:1.19-alpine
     pull: true
     environment:
       GOPROXY: 'https://goproxy.kolaente.de'
     depends_on: [ build ]
     commands:
-      - wget -O - -q https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.31.0
+      - export "GOROOT=$(go env GOROOT)"
+      - apk --no-cache add build-base git
+      - wget -O - -q https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.49.0
       - ./mage-static check:all
     when:
       event: [ push, tag, pull_request ]
@@ -97,14 +154,17 @@ steps:
       - unzip vikunja-latest.zip vikunja-unstable-linux-amd64
 
   - name: test-migration-sqlite
-    image: kolaente/toolbox:latest
+    image: vikunja/golang-build:latest
     pull: true
     depends_on: [ test-migration-prepare, build ]
     environment:
       VIKUNJA_DATABASE_TYPE: sqlite
-      VIKUNJA_DATABASE_PATH: ./vikunja-migration-test.db
+      VIKUNJA_DATABASE_PATH: /db/vikunja-migration-test.db
       VIKUNJA_LOG_DATABASE: stdout
       VIKUNJA_LOG_DATABASELEVEL: debug
+    volumes:
+      - name: tmp-sqlite-migration
+        path: /db
     commands:
       - ./vikunja-unstable-linux-amd64 migrate
       # Run the migrations from the binary build in the step before
@@ -113,7 +173,7 @@ steps:
       event: [ push, tag, pull_request ]
 
   - name: test-migration-mysql
-    image: kolaente/toolbox:latest
+    image: vikunja/golang-build:latest
     pull: true
     depends_on: [ test-migration-prepare, build ]
     environment:
@@ -132,7 +192,7 @@ steps:
       event: [ push, tag, pull_request ]
 
   - name: test-migration-psql
-    image: kolaente/toolbox:latest
+    image: vikunja/golang-build:latest
     pull: true
     depends_on: [ test-migration-prepare, build ]
     environment:
@@ -169,6 +229,10 @@ steps:
       GOPROXY: 'https://goproxy.kolaente.de'
       VIKUNJA_TESTS_USE_CONFIG: 1
       VIKUNJA_DATABASE_TYPE: sqlite
+      VIKUNJA_DATABASE_PATH: /db/vikunja-test.db
+    volumes:
+      - name: tmp-sqlite-unit
+        path: /db
     commands:
       - ./mage-static test:unit
     depends_on: [ fetch-tags, mage ]
@@ -228,6 +292,10 @@ steps:
       GOPROXY: 'https://goproxy.kolaente.de'
       VIKUNJA_TESTS_USE_CONFIG: 1
       VIKUNJA_DATABASE_TYPE: sqlite
+      VIKUNJA_DATABASE_PATH: /db/vikunja-test.db
+    volumes:
+      - name: tmp-sqlite-integration
+        path: /db
     commands:
       - ./mage-static test:integration
     depends_on: [ fetch-tags, mage ]
@@ -393,7 +461,7 @@ steps:
 
   # Push the releases to our pseudo-s3-bucket
   - name: release-latest
-    image: plugins/s3:1
+    image: plugins/s3
     pull: true
     settings:
       bucket: vikunja-releases
@@ -415,7 +483,7 @@ steps:
     depends_on: [ sign-release ]
 
   - name: release-version
-    image: plugins/s3:1
+    image: plugins/s3
     pull: true
     settings:
       bucket: vikunja-releases
@@ -435,7 +503,7 @@ steps:
     depends_on: [ sign-release ]
 
   # Build os packages and push it to our bucket
-  - name: build-os-packages
+  - name: build-os-packages-unstable
     image: goreleaser/nfpm
     pull: true
     commands:
@@ -444,11 +512,30 @@ steps:
       - mv dist/os-packages/vikunja*.x86_64.rpm dist/os-packages/vikunja-unstable-x86_64.rpm
       - mv dist/os-packages/vikunja*_amd64.deb dist/os-packages/vikunja-unstable-amd64.deb
       - mv dist/os-packages/vikunja*_x86_64.apk dist/os-packages/vikunja-unstable-x86_64.apk
+    when:
+      branch:
+        - main
+      event:
+        - push
+    depends_on: [ static-build-linux ]
+
+  - name: build-os-packages-version
+    image: goreleaser/nfpm
+    pull: true
+    commands:
+      - apk add git go
+      - ./mage-static release:packages
+      - mv dist/os-packages/vikunja*.x86_64.rpm dist/os-packages/vikunja-${DRONE_TAG##v}-x86_64.rpm
+      - mv dist/os-packages/vikunja*_amd64.deb dist/os-packages/vikunja-${DRONE_TAG##v}-amd64.deb
+      - mv dist/os-packages/vikunja*_x86_64.apk dist/os-packages/vikunja-${DRONE_TAG##v}-x86_64.apk
+    when:
+      event:
+        - tag
     depends_on: [ static-build-linux ]
 
   # Push the os releases to our pseudo-s3-bucket
   - name: release-os-latest
-    image: plugins/s3:1
+    image: plugins/s3
     pull: true
     settings:
       bucket: vikunja-releases
@@ -467,10 +554,10 @@ steps:
         - main
       event:
         - push
-    depends_on: [ build-os-packages ]
+    depends_on: [ build-os-packages-unstable ]
 
   - name: release-os-version
-    image: plugins/s3:1
+    image: plugins/s3
     pull: true
     settings:
       bucket: vikunja-releases
@@ -487,44 +574,7 @@ steps:
     when:
       event:
         - tag
-    depends_on: [ build-os-packages ]
-
-  ### Broken, disabled until we figure out how to fix it
-  #  - name: deb-structure
-  #    image: kolaente/reprepro
-  #    pull: true
-  #    environment:
-  #      GPG_PRIVATE_KEY:
-  #        from_secret: gpg_privatekey
-  #    commands:
-  #      - export GPG_TTY=$(tty)
-  #      - gpg -qk
-  #      - echo "use-agent" >>  ~/.gnupg/gpg.conf
-  #      - gpgconf --kill gpg-agent
-  #      - echo $GPG_PRIVATE_KEY > ~/frederik.gpg
-  #      - gpg --import ~/frederik.gpg
-  #      - mkdir debian/conf -p
-  #      - cp build/reprepro-dist-conf debian/conf/distributions
-  #      - ./mage-static release:reprepro
-  #    depends_on: [ build-os-packages ]
-
-  # Push the releases to our pseudo-s3-bucket
-  - name: release-deb
-    image: plugins/s3:1
-    pull: true
-    settings:
-      bucket: vikunja-releases
-      access_key:
-        from_secret: aws_access_key_id
-      secret_key:
-        from_secret: aws_secret_access_key
-      endpoint: https://s3.fr-par.scw.cloud
-      region: fr-par
-      path_style: true
-      strip_prefix: debian
-      source: debian/*/*/*/*/*
-      target: /deb/
-#    depends_on: [ deb-structure ]
+    depends_on: [ build-os-packages-version ]
 
 ---
 kind: pipeline
@@ -555,7 +605,7 @@ steps:
       - tar -xzf vikunja-theme.tar.gz
 
   - name: build
-    image: monachus/hugo:v0.54.0
+    image: klakegg/hugo:0.104.2
     pull: true
     commands:
       - cd docs
@@ -596,7 +646,8 @@ steps:
     image: docker:git
     commands:
       - git fetch --tags
-  - name: docker-arm-latest
+
+  - name: docker-arm-unstable
     image: plugins/docker:linux-arm
     pull: true
     settings:
@@ -605,7 +656,8 @@ steps:
       password:
         from_secret: docker_password
       repo: vikunja/api
-      tags: latest-linux-arm
+      tags: unstable-linux-arm
+      dockerfile: Dockerfile.arm32
     depends_on: [ fetch-tags ]
     when:
       ref:
@@ -622,12 +674,13 @@ steps:
       repo: vikunja/api
       auto_tag: true
       auto_tag_suffix: linux-arm
+      dockerfile: Dockerfile.arm32
     depends_on: [ fetch-tags ]
     when:
       ref:
         - "refs/tags/**"
 
-  - name: docker-arm64-latest
+  - name: docker-arm64-unstable
     image: plugins/docker:linux-arm64
     pull: true
     settings:
@@ -636,7 +689,7 @@ steps:
       password:
         from_secret: docker_password
       repo: vikunja/api
-      tags: latest-linux-arm64
+      tags: unstable-linux-arm64
     depends_on: [ fetch-tags ]
     when:
       ref:
@@ -680,7 +733,8 @@ steps:
     image: docker:git
     commands:
       - git fetch --tags
-  - name: docker-latest
+
+  - name: docker-unstable
     image: plugins/docker:linux-amd64
     pull: true
     settings:
@@ -689,7 +743,7 @@ steps:
       password:
         from_secret: docker_password
       repo: vikunja/api
-      tags: latest-linux-amd64
+      tags: unstable-linux-amd64
     depends_on: [ fetch-tags ]
     when:
       ref:
@@ -726,13 +780,13 @@ depends_on:
   - docker-arm-release
 
 steps:
-  - name: manifest-latest
+  - name: manifest-unstable
     pull: always
     image: plugins/manifest
     settings:
-      tags: latest
+      tags: unstable
       ignore_missing: true
-      spec: docker-manifest-latest.tmpl
+      spec: docker-manifest-unstable.tmpl
       password:
         from_secret: docker_password
       username:
@@ -741,7 +795,7 @@ steps:
       ref:
         - refs/heads/main
 
-  - name: manifest
+  - name: manifest-release
     pull: always
     image: plugins/manifest
     settings:
@@ -756,6 +810,23 @@ steps:
       ref:
         - "refs/tags/**"
 
+  - name: manifest-release-latest
+    pull: always
+    image: plugins/manifest
+    depends_on:
+      - clone
+    settings:
+      tags: latest
+      ignore_missing: true
+      spec: docker-manifest.tmpl
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    when:
+      ref:
+        - "refs/tags/**"
+
 ---
 kind: pipeline
 type: docker
@@ -788,3 +859,8 @@ steps:
       status:
         - success
         - failure
+---
+kind: signature
+hmac: 5500acb776acae4975592637767035c45af277f1f56c8d10ffd99f38761cd5c8
+
+...

.editorconfig

@@ -0,0 +1,22 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = tab
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = false
+
+[*.go]
+indent_style = tab
+
+[*.{yaml,yml}]
+indent_style = space
+indent_size = 2
+
+[*.json]
+indent_style = space
+indent_size = 4

.gitea/issue_template/bug-report.yml

@@ -0,0 +1,58 @@
+name: Bug Report
+description: Found something you weren't expecting? Report it here!
+labels: kind/bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        NOTE: If your issue is a security concern, please send an email to security@vikunja.io instead of opening a public issue.
+  - type: markdown
+    attributes:
+      value: |
+        Please fill out this issue template to report a bug.
+        
+        1. If you want to propose a new feature, please open a discussion thread in the forum: https://community.vikunja.io
+        2. Please ask questions or configuration/deploy problems on our [Matrix Room](https://matrix.to/#/#vikunja:matrix.org) or forum (https://community.vikunja.io).
+        3. Make sure you are using the latest release and
+           take a moment to check that your issue hasn't been reported before.
+        4. Please give all relevant information below for bug reports, because
+           incomplete details will be handled as an invalid report and closed.
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: |
+        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below).
+  - type: input
+    id: frontend-version
+    attributes:
+      label: Vikunja Frontend Version
+      description: Vikunja frontend version (or commit reference) of your instance
+    validations:
+      required: true
+  - type: input
+    id: api-version
+    attributes:
+      label: Vikunja API Version
+      description: Vikunja API version (or commit reference) of your instance
+    validations:
+      required: true
+  - type: input
+    id: browser-version
+    attributes:
+      label: Browser and version
+      description: If your issue is related to a frontend problem, please provide the browser and version you used to reproduce it.
+  - type: dropdown
+    id: can-reproduce
+    attributes:
+      label: Can you reproduce the bug on the Vikunja demo site?
+      options:
+        - "Yes"
+        - "No"
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: If this issue involves the Web Interface, please provide one or more screenshots

.gitea/pull_request_template.md

@@ -1,11 +0,0 @@
-# Description
-
-
-
-# Checklist
-
-* [ ] I added or improved tests
-* [ ] I added or improved docs for my feature
-  * [ ] Swagger (including `mage do-the-swag`)
-  * [ ] Error codes
-  * [ ] New config options (including adding them to `config.yml.saml` and running `mage generate-docs`)

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -0,0 +1,58 @@
+name: Bug Report
+description: Found something you weren't expecting? Report it here!
+labels: kind/bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        NOTE: If your issue is a security concern, please send an email to security@vikunja.io instead of opening a public issue.
+  - type: markdown
+    attributes:
+      value: |
+        Please fill out this issue template to report a bug.
+        
+        1. If you want to propose a new feature, please open a discussion thread in the forum: https://community.vikunja.io
+        2. Please ask questions or configuration/deploy problems on our [Matrix Room](https://matrix.to/#/#vikunja:matrix.org) or forum (https://community.vikunja.io).
+        3. Make sure you are using the latest release and
+           take a moment to check that your issue hasn't been reported before.
+        4. Please give all relevant information below for bug reports, because
+           incomplete details will be handled as an invalid report and closed.
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: |
+        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below).
+  - type: input
+    id: frontend-version
+    attributes:
+      label: Vikunja Frontend Version
+      description: Vikunja frontend version (or commit reference) of your instance
+    validations:
+      required: true
+  - type: input
+    id: api-version
+    attributes:
+      label: Vikunja API Version
+      description: Vikunja API version (or commit reference) of your instance
+    validations:
+      required: true
+  - type: input
+    id: browser-version
+    attributes:
+      label: Browser and version
+      description: If your issue is related to a frontend problem, please provide the browser and version you used to reproduce it.
+  - type: dropdown
+    id: can-reproduce
+    attributes:
+      label: Can you reproduce the bug on the Vikunja demo site?
+      options:
+        - "Yes"
+        - "No"
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: If this issue involves the Web Interface, please provide one or more screenshots

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,17 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Frontend issues
+    url: https://code.vikunja.io/frontend/issues
+    about: This is the API repo. Please open frontend-related bug reports and discussions in the frontend repo. Not sure if you issue is frontend or api? Ask in Matrix or the forum first.
+  - name: Forum
+    url: https://community.vikunja.io/
+    about: Feature Requests, Questions, configuration or deployment problems should be discussed in the forum.
+  - name: Security-related issues
+    url: https://vikunja.io/contact/#security
+    about: For security concerns, please send a mail to security@vikunja.io instead of opening a public issue.
+  - name: Chat on Matrix
+    url: https://matrix.to/#/#vikunja:matrix.org
+    about: Please ask any quick questions here.
+  - name: Translations
+    url: https://crowdin.com/project/vikunja
+    about: Any problems or requests for new languages about translations should be handled in crowdin.

.gitignore

@@ -4,6 +4,8 @@
 config.yml
 config.yaml
 !docs/config.yml
+!.github/ISSUE_TEMPLATE/config.yml
+!.gitea/ISSUE_TEMPLATE/config.yml
 docs/themes/
 *.db
 Run

.golangci.yml

@@ -13,10 +13,11 @@ linters:
     - goheader
     - gofmt
     - goimports
-    - golint
+    - revive
     - misspell
   disable:
     - scopelint # Obsolete, using exportloopref instead
+    - durationcheck
   presets:
     - bugs
     - unused
@@ -35,6 +36,7 @@ issues:
       linters:
         - gocyclo
         - deadcode
+        - errorlint
     - path: pkg/integrations/*
       linters:
         - gocyclo
@@ -80,3 +82,9 @@ issues:
     - text: "Missed string"
       linters:
         - goheader
+    - path: pkg/.*/error.go
+      linters:
+        - errorlint
+    - path: pkg/models/favorites\.go
+      linters:
+        - nilerr

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "go.testEnvVars": {
+        "VIKUNJA_SERVICE_ROOTPATH": "${workspaceRoot}"
+    }
+}

CHANGELOG.md

@@ -2,11 +2,675 @@
 
 All notable changes to this project will be documented in this file.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
+to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 All releases can be found on https://code.vikunja.io/api/releases.
 
+## [0.20.0] - 2022-10-28
+
+### Bug Fixes
+
+* *(caldav)* Make sure duration and due date follow rfc5545
+* *(caldav)* No failed login emails for tokens (#1252)
+* *(ci)* Make sure release zip files have a .zip ending
+* *(ci)* Make sure release os packages are properly named
+* *(docs)* Clarify using port 25 as mail port when mail does not work
+* *(docs)* Document pnpm instead of yarn
+* *(docs)* Fix redirect_url example (#50)
+* *(lists)* Return correct max right for lists where the user has created the namespace
+* *(mail)* Pass mail server timeout (#1253)
+* *(migration)* Properly parse duration
+* *(migration)* Expose ticktick migrator to /info
+* *(migration)* Make sure importing works when the csv file has errors and don't try to parse empty values as dates
+* *(namespaces)* Add list subscriptions (#1254)
+* *(todoist)* Properly import all done tasks* Properly log extra message ([c194797](c19479757a20d72484b4e071b45055746ff2b67e))
+* Don't try to compress riscv64 binaries in releases ([d8f387f](d8f387f7967ffb94035de2fcfc4578247ae1023e))
+* Preserve dates for repeating tasks (#47) ([090c671](090c67138a16258480b866b05c6fdc2e02d12c89))
+* Tasks with the same assignee as doer should not appear twice in overdue task mails ([45defeb](45defebcf435cade4b72763236e1e2dfdac770cc))
+* Don't allow setting a list namespace to 0 ([96ed1e3](96ed1e33e38beec1bb1ab0813074b035dd02fade))
+* Make sure pseudo namespaces and lists always have the current user as owner ([878d19b](878d19beb81869392e33a8ffc1ec247d1cf1e4d6))
+* Use connection string for postgres ([fcb205a](fcb205a842a4e828e6e933339b23f5aa8b297125))
+* Make sure user searches are always case-insensitive ([c076f73](c076f73a87bc9b39b17389e25d0186ab71aa24bf))
+* Make cover image id actually updatable ([0e1904d](0e1904d50b8576a2e9ea5812314aa3c8f304edb5))
+* Make cover image id actually updatable ([0eb4709](0eb47096db02ceb5032c7439b3b901fbadd0d1bb))
+* Make sure a user can only be assigned once to a task ([008908e](008908eb49eeb50a554c416422feb3b465efa165))
+* Make sure list subscriptions are set correctly when their namespace has a subscription already ([2fc690a](2fc690a783f5b702fad71da627aa616017727f56))
+
+
+### Dependencies
+
+* *(deps)* Update klakegg/hugo docker tag to v0.101.0
+* *(deps)* Update golang.org/x/sync digest to 8fcdb60
+* *(deps)* Update golang.org/x/oauth2 digest to f213421
+* *(deps)* Update module src.techknowlogick.com/xgo to v1.5.0+1.19
+* *(deps)* Update module github.com/coreos/go-oidc/v3 to v3.4.0
+* *(deps)* Update golang.org/x/image digest to e7cb969
+* *(deps)* Update golang.org/x/term digest to 7a66f97
+* *(deps)* Update module github.com/lib/pq to v1.10.7
+* *(deps)* Update module github.com/spf13/viper to v1.13.0 (#1260)
+* *(deps)* Update dependency golang to v1.19 (#1228)
+* *(deps)* Update module github.com/wneessen/go-mail to v0.2.8 (#1258)
+* *(deps)* Update module github.com/yuin/goldmark to v1.5.2 (#1261)
+* *(deps)* Update module src.techknowlogick.com/xormigrate to v1.5.0 (#1262)
+* *(deps)* Update module github.com/magefile/mage to v1.14.0 (#1259)
+* *(deps)* Update module github.com/swaggo/swag to v1.8.6 (#1243)
+* *(deps)* Update module github.com/wneessen/go-mail to v0.2.9 (#1264)
+* *(deps)* Update dependency klakegg/hugo to v0.102.3 (#1265)
+* *(deps)* Update module github.com/getsentry/sentry-go to v0.14.0 (#1266)
+* *(deps)* Update module github.com/labstack/gommon to v0.4.0 (#1269)
+* *(deps)* Update golang.org/x/crypto digest to 4161e89 (#1268)
+* *(deps)* Update golang.org/x/oauth2 digest to b44042a (#1270)
+* *(deps)* Update golang.org/x/sys digest to 84dc82d (#1271)
+* *(deps)* Update dependency klakegg/hugo to v0.104.2 (#1267)
+* *(deps)* Update golang.org/x/crypto digest to d6f0a8c (#1275)
+* *(deps)* Update golang.org/x/sys digest to 090e330 (#1276)
+* *(deps)* Update module github.com/spf13/cobra to v1.6.0 (#1277)
+* *(deps)* Update module github.com/wneessen/go-mail to v0.3.0 (#1278)
+* *(deps)* Update golang.org/x/crypto digest to 56aed06 (#1280)
+* *(deps)* Update golang.org/x/text to v0.3.8
+* *(deps)* Update module github.com/wneessen/go-mail to v0.3.1 (#1281)
+* *(deps)* Update module github.com/labstack/echo/v4 to v4.9.1 (#1282)
+* *(deps)* Update golang.org/x/sys digest to 95e765b (#1283)
+* *(deps)* Update golang.org/x/oauth2 digest to 6fdb5e3 (#1284)
+* *(deps)* Update golang.org/x/image digest to ffcb3fe (#1288)
+* *(deps)* Update module golang.org/x/sync to v0.1.0 (#1291)
+* *(deps)* Update module github.com/swaggo/swag to v1.8.7 (#1290)
+* *(deps)* Update golang.org/x/term digest to 8365914 (#1289)
+* *(deps)* Update module github.com/coreos/go-systemd/v22 to v22.4.0 (#1287)
+* *(deps)* Update module golang.org/x/oauth2 to v0.1.0 (#1296)
+* *(deps)* Update module golang.org/x/crypto to v0.1.0 (#1295)
+* *(deps)* Update module golang.org/x/image to v0.1.0 (#1293)
+* *(deps)* Update module github.com/wneessen/go-mail to v0.3.2 (#1297)
+* *(deps)* Update module github.com/stretchr/testify to v1.8.1 (#1298)
+* *(deps)* Update module github.com/spf13/cobra to v1.6.1 (#1299)
+* *(deps)* Update module github.com/wneessen/go-mail to v0.3.3 (#1300)
+* *(deps)* Update module github.com/wneessen/go-mail to v0.3.4 (#1302)
+* *(deps)* Update module github.com/mattn/go-sqlite3 to v1.14.16 (#1301)
+
+### Features
+
+* *(docs)* Add docs about how to deploy Vikunja in a subdirectory
+* *(docs)* Document pnpm (#1251)
+* *(migration)* Add TickTick migrator
+* *(migration)* Add routes for TickTick migrator
+* *(migration)* Generate swagger docs
+* *(task)* Add cover image attachment id property
+* *(task)* Add cover image attachment id property (#1263)* Add sponsor to readme (relm) ([f814dd0](f814dd03eb7f1ae08ea67ae0e3e89b8b4e684ce3))
+* Upgrade xorm ([b1fd13b](b1fd13bbcbc551d1bbfe78d91fe6209369709df5))
+* Upgrade xorm ([4323803](4323803fd6801e21121eac0d9f9cd62879f090f7))
+* Upgrade xorm (#1197) ([5341918](53419180be386d675b4513e7ec70aca85b5ac99b))
+* Add github issue templates ([9c4bb5a](9c4bb5a24429dec686e3ccdcd2b920ce5528031c))
+* Remove gitea issue template so that only the form is used ([ce621ee](ce621ee5d6b47a0776628073bbd53312a97d116b))
+* Add gitea issue template ([0612f4d](0612f4d0e03fbe85018f51056c4833557e78cd3f))
+* Provide default user settings for new users via config ([5a40100](5a40100ac5be33d2cbce3c25e355d4036b9b4d3f))
+* Add proper checks and errors to see if an attachment belongs to the task it's being used as cover image in ([631a265](631a265d2de9a6196faf28574023fc3cdcc0bfc7))
+* Allow a user to remove themselves from a team ([b8769c7](b8769c746ceddc9818f91d6a8a404293ea2e837e))
+* TickTick migrator (#1273) ([df2e36c](df2e36c2a378d4bd1b81d959da180b6e9b9a37b9))
+
+
+### Miscellaneous Tasks
+
+* Upgrade echo ([86ee827](86ee8273bce36c7b4767a34e0d878d63b37ea1b4))
+* Go mod tidy ([903b8ff](903b8ff43871234f41f706d571ee2caaba5f4232))
+* Generate swagger docs ([e113fe3](e113fe34d074f698f4b0cb237821f359976daa5c))
+* Remove unused dependencies ([f5fd849](f5fd849a0b93ff3bba53ac4907bb3fb04fa8692b))
+
+## [0.19.2] - 2022-08-17
+
+### Bug Fixes
+
+* Don't fail a migration if there is no filter saved ([10ded56](10ded56f6697ef47910ec68d37f26ed47cbe9180))
+* Don't override saved filters ([beb4d07](beb4d07cf95fc25f7cc5f7471b46bdab49f95fe0))
+
+## [0.19.1] - 2022-08-17
+
+### Bug Fixes
+
+* Prevent moving a list into a pseudo namespace ([3ccc636](3ccc6365a6892f37ee54b0750a34a61e52f6dba1))
+* Make sure generating blur hashes for bmp, tiff and webp images works ([8bf0f8b](8bf0f8bb571ddff69a7142be1acaa2e4e0c38e3b))
+* Add debian-based docker image for arm 32 builds ([c9e044b](c9e044b3ad60d25e9641d22d84571a7db83a26ac))
+* Only list all users when allowed ([9ddd7f4](9ddd7f48895f508539d591aeebde450a86987024))
+* Lint ([0c8bed4](0c8bed4054649de8510e5a636d1a14b65d52c402))
+
+### Dependencies
+
+* *(deps)* Update golang.org/x/sys digest to 6e608f9 (#1229)
+* *(deps)* Update golang.org/x/sync digest to 886fb93 (#1221)
+* *(deps)* Update golang.org/x/sys digest to 8e32c04 (#1230)
+* *(deps)* Update golang.org/x/term digest to a9ba230 (#1222)
+* *(deps)* Update module github.com/prometheus/client_golang to v1.13.0
+* *(deps)* Update module github.com/prometheus/client_golang to v1.13.0 (#1231)
+* *(deps)* Update golang.org/x/sys digest to 1c4a2a7
+* *(deps)* Update golang.org/x/oauth2 digest to 128564f (#1220)
+* *(deps)* Update golang.org/x/image digest to 062f8c9 (#1219)
+* *(deps)* Update golang.org/x/crypto digest to 630584e (#1218)
+* *(deps)* Update module github.com/labstack/echo/v4 to v4.8.0 (#1233)
+* *(deps)* Update golang.org/x/sys digest to fbc7d0a (#1234)
+* *(deps)* Update module github.com/wneessen/go-mail to v0.2.6 (#1235)
+* *(deps)* Update module github.com/mattn/go-sqlite3 to v1.14.15 (#1238)
+
+### Features
+
+* *(docs)* Add k8s docs* Add openid examples ([dbb0f54](dbb0f5473269fb29c4a484cd233a5b76484c4ca7))
+* Search by assignee username instead of id ([7f28865](7f28865903740d6dde15ee005323fbdee3072166))
+* Add migration to change user ids to usernames in saved filters ([3047ccf](3047ccfd4af8fee55d9ebff49138911ab80cb3d2))
+
+## [0.19.0] - 2022-08-03
+
+### Bug Fixes
+
+* *(caldav)* Make sure the caldav tokens of non-local accounts are properly checked
+* *(caldav)* Properly parse durations when returning VTODOs
+* *(caldav)* Make sure description is parsed correctly when multiline
+* *(ci)* Sign drone config
+* *(ci)* Make sure the linter actually runs
+* *(ci)* Install git in lint step
+* *(docker)* Switch to debian base image
+* *(docker)* Use official go image instead of our own to build
+* *(docs)* Update minimum required go version
+* *(docs)* Use up-to-date hugo image for building
+* *(docs)* Don't use cannonify url
+* *(docs)* Image urls in synology setup explanation
+* *(docs)* Clarify frontend requirements to use Vikunja
+* *(dump)* Don't try to save a config file if none was provided and dump vikunja env variables
+* *(mage)* Handle different types of errors
+* *(mail)* Don't set a username by default
+* *(mail)* Don't try to authenticate against the mail server when no credentials are provided
+* *(mail)* Set server name in tls config so that sending mail works with skipTlsVerify set to false
+* *(restore)* Properly decode notifications json data
+* *(restore)* Make sure to reset sequences after importing a dump when using postgres
+* *(restore)* Use the correct initial migration* Generate swagger docs ([4de8ec5](4de8ec56a62caef22c2061376383de1fe53ca4c3))
+* Make sure the full task is available in notifications ([c2b6119](c2b6119434e6e806785d2c259c3ca3d25496ec75))
+* Don't try to load the namespace of a list if it is a shared list ([d7e47a2](d7e47a28d4bb04d4c7c3ed85a263134180da447a))
+* Correctly load and pass the user when deleting it ([50b65a5](50b65a517da6869dc6a48fec40323e254ba4c032))
+* Updating a list might remove its background ([cf05de1](cf05de19b317bd99c30de4c6a149a0d8a4ff4f49))
+* Sorting for saved filters ([57e5d10](57e5d10eee4c45a04e9e1aaeaf41dd44eb8ce788))
+* Importing trello attachments ([c3e0e64](c3e0e6405a634894a30dbf9c0506d1691ae4d443))
+* Lint ([0b77625](0b7762590f6a0a82090ef74e9e7e32b37142d343))
+* Deleting users with no namespaces ([f8a0a7e](f8a0a7e9539a44b2f790a08eb1b03028b56eaac3))
+* Importing tasks from todoist without a due time set ([fd0d462](fd0d462bf4dd8225c67ba34958e5148f6167d264))
+* User deletion never happens ([72d3c54](72d3c54efd3dda6ae846a069415688391cb1c9ae))
+* User deletion reminder emails counting up ([f581885](f581885e65ada15439ec02f1d18d825b03581523))
+* User not actually deleted ([70e005e](70e005e7ce5cf1dd25ec9ddfde3cfbbd258fadb6))
+* User deletion schedule ([5c88dfe](5c88dfe88eab442724f22c3b29741e78939deae2))
+* Friendly name not getting synced on first login from openid ([190a9f2](190a9f2a4c1a59bc68b839c465bb2536532c0e96))
+* Importing archived lists or namespaces ([8bb3f8d](8bb3f8d37c78dc704ff4316c750e143528151b48))
+* Lint ([a31086a](a31086a7a9ca7723f61a826bccbea125243478f1))
+* Microsoft todo migration not importing all tasks ([43f1daf](43f1daf40c388a0aa40f7fd6a8db4c78308d4efd))
+* Clarify which config file is used on startup ([44aaf0a](44aaf0a4eccebb1d1a25f5563e928bd1bb82d351))
+* Disabling logging completely now works ([22e3f24](22e3f242a396aa9cf54e9426077816f97a0da36f))
+* Restoring dumps with no config file saved in them ([8bf2254](8bf2254f4b87446ab0a39080cb0b7d32ccec7c0a))
+* Validate email address when creating a user via cli ([75f74b4](75f74b429eea7ae3a75cb10def1ca658af35086a))
+* Checking for error types ([ac6818a](ac6818a4769a162c458553944509fe64357370f9))
+* Lint ([7fa0865](7fa086518800243385d8cc4696eeea9bf093e5b3))
+* Return BlurHash in unsplash search results ([6b51fae](6b51fae0931308464038f55b25e81e68d014c49c))
+* Go mod tidy ([e19ad11](e19ad1184662dc9ac9aa89a44abdffc091e2a1b8))
+* Decoding images for blurHash generation ([d3bdafb](d3bdafb717b1ad3e2165097ef0b0c2dd47e1502e))
+* Lint ([de97fcb](de97fcbd121b1d56b74175fd79ef594ef34e71c8))
+* Broken link (#27) ([96e519e](96e519ea96c9537222d0b455037e11fbe9660c31))
+* Add more methods to figure out the current binary location ([9845fcc](9845fcc1708431f8f736d36e7e19a1067b0e0e52))
+* Set derived default values only after reading config from file or env ([f5ebada](f5ebada91351faf1e5602f0260908defaaabd810))
+* Sort tasks logically and consistent across dbms (#1177) ([e52c45d](e52c45d5aabb74ea7b472e8d5b44491cdd7e9489))
+* VIKUNJA_SERVICE_JWT_SECRET should be VIKUNJA_SERVICE_JWTSECRET (#1184) ([172a621](172a6214d7c30278017129b950339c78a6ddb7bc))
+* Add missing migration ([d837f8a](d837f8a6248b5ff2700a4bfc300d7f9d466cb918))
+* Revert renaming Attachments to Embeds everywhere ([c62e26b](c62e26b6fe9d9f362fcfb1df2d5664d7f6854c31))
+* Set the correct go version in go.mod ([bc7f6a8](bc7f6a858693b0e61fff7d03b5c2b40b6ae1a55d))
+* Go mod tidy ([7a30294](7a30294407843693f6c3a7414b3b9d7093359194))
+* Tests ([d0e09d6](d0e09d69d048e62ee7c5b666c2f56761b03e68e6))
+* Go mod tidy ([951d74b](951d74b272b1e881faa10095f47b6598bb076273))
+* Prevent logging openid provider errors twice ([25ffa1b](25ffa1bc2e2f1108f20b0336708d2410bb61c9e1))
+* Remove credential escaping for postgres connections to allow for passwords with special characters ([230478a](230478aae947c86f4c6f1f251dcb30aeb1293283))
+* Cycles in tasks array when memory caching was enabled ([f5a4c13](f5a4c136fbca6fc5770476e6de8d81173f007df2))
+* Add missing error check ([5cc4927](5cc4927b9ef97667bf763772beb36225fdbeded8))
+* Properly set tls config for mailer ([5743a4a](5743a4afe51de221beeeabe66552ae4d92eed1a6))
+* Return 9:00 as default time for reminders if none was set ([79b3167](79b31673e2a79eaa124976840e85757d2bebb887))
+* Reset id sequence when importing a dump from postgres ([0f555b7](0f555b7ec74ad493d2f70a4f4040db333943dc1c))
+* Add validation for negative repeat after values ([dd46174](dd461746a655d716ef142d96a2bcef5615de3dd9))
+* Lint ([1feb62c](1feb62cc458e939d46d16d24347557e7959ddfb9))
+* Make sure to use user discoverability settings when searching list users ([382a788](382a7884be1f37da5c8f657c4b17316d8691dd59))
+* Properly decode params in url ([8f27e7e](8f27e7e619ac73716211d838f52c73d7d97aead5))
+* Return all users on a list when no search param was provided ([c51ee94](c51ee94ad1d552d69c71adfc2180c7ad0d23235d))
+* Don't return email addresses from user search results ([3688bbd](3688bbde20e989397353ea4f7e872b00a53099c2))
+* Lint ([77fafd5](77fafd5dc32aee464961be40d5d0ccf82490d02a))
+* Increase test timeout ([26e2d0b](26e2d0bddeaea902dba055baf7a4c866a44ba7f1))
+* Switch to buster for build image ([59796fd](59796fd4905fca74d26c5541878379cda143a30e))
+* Use our own build image as base build image ([b6d7323](b6d7323cdfac958c9740feba1342114ab13a0afd))
+* Use golang build image to test migrations ([84bcdbf](84bcdbf937c3be7823fcf8d5fef52e3cbb1c9bde))
+* Switch back to alpine for everything, disable arm 32 docker builds ([7ffe9b6](7ffe9b625e441202a704db2774dd66fc38244c6d))
+
+
+### Dependencies
+
+* *(deps)* Update golang.org/x/sys commit hash to a851e7d (#972)
+* *(deps)* Update golang.org/x/sys commit hash to aa78b53 (#973)
+* *(deps)* Update golang.org/x/sys commit hash to 528a39c (#974)
+* *(deps)* Update golang.org/x/sys commit hash to 437939a (#975)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.1 (#976)
+* *(deps)* Update module github.com/coreos/go-oidc/v3 to v3.1.0 (#985)
+* *(deps)* Update module github.com/spf13/viper to v1.9.0 (#987)
+* *(deps)* Update golang.org/x/crypto commit hash to 089bfa5 (#979)
+* *(deps)* Update golang.org/x/term commit hash to 140adaa (#983)
+* *(deps)* Update module github.com/labstack/echo/v4 to v4.6.0 (#988)
+* *(deps)* Update golang.org/x/sys commit hash to b8560ed (#989)
+* *(deps)* Update module github.com/golang-jwt/jwt/v4 to v4.1.0 (#991)
+* *(deps)* Update golang.org/x/sys commit hash to 92d5a99 (#992)
+* *(deps)* Update module github.com/swaggo/swag to v1.7.3 (#990)
+* *(deps)* Update module github.com/labstack/echo/v4 to v4.6.1 (#993)
+* *(deps)* Update golang.org/x/sys commit hash to 1cf2251 (#994)
+* *(deps)* Update golang.org/x/sys commit hash to 39ccf1d (#995)
+* *(deps)* Update golang.org/x/term commit hash to 03fcf44 (#996)
+* *(deps)* Update golang.org/x/oauth2 commit hash to 6b3c2da (#1000)
+* *(deps)* Update golang.org/x/sys commit hash to 69063c4 (#1001)
+* *(deps)* Update module github.com/gabriel-vasile/mimetype to v1.4.0 (#1004)
+* *(deps)* Update postgres docker tag to v14 (#1005)
+* *(deps)* Update module github.com/go-redis/redis/v8 to v8.11.4 (#1003)
+* *(deps)* Update module github.com/mattn/go-sqlite3 to v1.14.9 (#1008)
+* *(deps)* Update golang.org/x/sys commit hash to 9d821ac (#1009)
+* *(deps)* Update golang.org/x/sys commit hash to 0ec99a6 (#1010)
+* *(deps)* Update golang.org/x/sys commit hash to 9d61738 (#1011)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.2 (#1012)
+* *(deps)* Update golang.org/x/sys commit hash to 8e51046 (#1016)
+* *(deps)* Update golang.org/x/sys commit hash to d6a326f (#1017)
+* *(deps)* Update module github.com/swaggo/swag to v1.7.4 (#1018)
+* *(deps)* Update golang.org/x/sys commit hash to 711f33c (#1019)
+* *(deps)* Update golang.org/x/sys commit hash to 69cdffd (#1020)
+* *(deps)* Update golang.org/x/oauth2 commit hash to ba495a6 (#1022)
+* *(deps)* Update golang.org/x/image commit hash to 6944b10 (#1023)
+* *(deps)* Update golang.org/x/sys commit hash to 6e78728 (#1024)
+* *(deps)* Update golang.org/x/sys commit hash to b3129d9 (#1025)
+* *(deps)* Update golang.org/x/sys commit hash to 611d5d6 (#1026)
+* *(deps)* Update golang.org/x/sys commit hash to 39c9dd3 (#1027)
+* *(deps)* Update golang.org/x/sys commit hash to a2f17f7 (#1028)
+* *(deps)* Update golang.org/x/sys commit hash to 4dd7244 (#1029)
+* *(deps)* Update golang.org/x/sys commit hash to ae416a5 (#1030)
+* *(deps)* Update golang.org/x/sys commit hash to 7861aae (#1031)
+* *(deps)* Update golang.org/x/oauth2 commit hash to d3ed0bb (#1032)
+* *(deps)* Update module github.com/labstack/gommon to v0.3.1 (#1033)
+* *(deps)* Update golang.org/x/sys commit hash to c75c477 (#1034)
+* *(deps)* Update golang.org/x/sys commit hash to ebca88c (#1035)
+* *(deps)* Update golang.org/x/sys commit hash to e0b2ad0 (#1037)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.3 (#1038)
+* *(deps)* Update golang.org/x/crypto commit hash to ceb1ce7 (#1041)
+* *(deps)* Update module github.com/lib/pq to v1.10.4 (#1040)
+* *(deps)* Update golang.org/x/sys commit hash to 51b60fd (#1042)
+* *(deps)* Update golang.org/x/sys commit hash to 99a5385 (#1043)
+* *(deps)* Update golang.org/x/sys commit hash to f221eed (#1044)
+* *(deps)* Update golang.org/x/sys commit hash to 0c823b9 (#1045)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.4 (#1046)
+* *(deps)* Update golang.org/x/sys commit hash to 0a5406a (#1048)
+* *(deps)* Update golang.org/x/crypto commit hash to b4de73f (#1047)
+* *(deps)* Update module github.com/ulule/limiter/v3 to v3.9.0 (#1049)
+* *(deps)* Update golang.org/x/crypto commit hash to ae814b3 (#1050)
+* *(deps)* Update golang.org/x/sys commit hash to dee7805 (#1051)
+* *(deps)* Update golang.org/x/sys commit hash to ef496fb (#1052)
+* *(deps)* Update golang.org/x/sys commit hash to fe61309 (#1054)
+* *(deps)* Update module github.com/swaggo/swag to v1.7.6 (#1055)
+* *(deps)* Update golang.org/x/crypto commit hash to 5770296 (#1056)
+* *(deps)* Update module github.com/golang-jwt/jwt/v4 to v4.2.0 (#1057)
+* *(deps)* Update golang.org/x/sys commit hash to 94396e4 (#1058)
+* *(deps)* Update golang.org/x/sys commit hash to 97ca703 (#1059)
+* *(deps)* Update golang.org/x/crypto commit hash to 4570a08 (#1062)
+* *(deps)* Update golang.org/x/sys commit hash to 798191b (#1061)
+* *(deps)* Update golang.org/x/sys commit hash to af8b642 (#1063)
+* *(deps)* Update module github.com/spf13/viper to v1.10.0 (#1064)
+* *(deps)* Update golang.org/x/sys commit hash to 03aa0b5 (#1067)
+* *(deps)* Update golang.org/x/sys commit hash to 3b038e5 (#1068)
+* *(deps)* Update module github.com/spf13/cobra to v1.3.0 (#1070)
+* *(deps)* Update golang.org/x/sys commit hash to 4825e8c (#1071)
+* *(deps)* Update module github.com/spf13/viper to v1.10.1 (#1072)
+* *(deps)* Update golang.org/x/crypto commit hash to e495a2d (#1073)
+* *(deps)* Update golang.org/x/sys commit hash to 4abf325 (#1074)
+* *(deps)* Update golang.org/x/sys commit hash to 1d35b9e (#1075)
+* *(deps)* Update module github.com/magefile/mage to v1.12.0 (#1076)
+* *(deps)* Update module github.com/magefile/mage to v1.12.1 (#1077)
+* *(deps)* Update module github.com/getsentry/sentry-go to v0.12.0 (#1079)
+* *(deps)* Update module github.com/swaggo/swag to v1.7.8 (#1080)
+* *(deps)* Update module github.com/spf13/afero to v1.7.0 (#1078)
+* *(deps)* Update module github.com/spf13/afero to v1.7.1 (#1081)
+* *(deps)* Update module github.com/mattn/go-sqlite3 to v1.14.10 (#1082)
+* *(deps)* Update module github.com/spf13/afero to v1.8.0 (#1083)
+* *(deps)* Update module github.com/labstack/echo/v4 to v4.6.2 (#1084)
+* *(deps)* Update module github.com/labstack/echo/v4 to v4.6.3 (#1089)
+* *(deps)* Update golang.org/x/sys commit hash to a018aaa (#1088)
+* *(deps)* Update golang.org/x/sys commit hash to 5a964db (#1090)
+* *(deps)* Update golang.org/x/crypto commit hash to 5e0467b (#1091)
+* *(deps)* Update golang.org/x/sys commit hash to da31bd3 (#1093)
+* *(deps)* Update module github.com/prometheus/client_golang to v1.12.0 (#1094)
+* *(deps)* Update golang.org/x/crypto commit hash to e04a857 (#1097)
+* *(deps)* Update golang.org/x/crypto commit hash to aa10faf (#1098)
+* *(deps)* Update module github.com/mattn/go-sqlite3 to v1.14.11 (#1099)
+* *(deps)* Update golang.org/x/crypto commit hash to 198e437 (#1100)
+* *(deps)* Update golang.org/x/sys commit hash to 99c3d69 (#1101)
+* *(deps)* Update module github.com/prometheus/client_golang to v1.12.1 (#1102)
+* *(deps)* Update klakegg/hugo docker tag to v0.92.0 (#1103)
+* *(deps)* Update klakegg/hugo docker tag to v0.92.1 (#1104)
+* *(deps)* Update golang.org/x/crypto commit hash to 30dcbda (#1105)
+* *(deps)* Update module github.com/swaggo/swag to v1.7.9 (#1106)
+* *(deps)* Update golang.org/x/sys commit hash to 1c1b9b1 (#1107)
+* *(deps)* Update module github.com/spf13/afero to v1.8.1 (#1108)
+* *(deps)* Update golang.org/x/sys commit hash to 5739886 (#1110)
+* *(deps)* Update golang.org/x/crypto commit hash to 20e1d8d (#1111)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.5 (#1112)
+* *(deps)* Update golang.org/x/crypto commit hash to bba287d (#1113)
+* *(deps)* Update golang.org/x/crypto commit hash to dad3315 (#1114)
+* *(deps)* Update module github.com/golang-jwt/jwt/v4 to v4.3.0 (#1117)
+* *(deps)* Update golang.org/x/sys commit hash to 3681064 (#1116)
+* *(deps)* Update golang.org/x/crypto commit hash to db63837 (#1115)
+* *(deps)* Update golang.org/x/crypto commit hash to f4118a5 (#1118)
+* *(deps)* Update golang.org/x/crypto commit hash to 8634188 (#1121)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.6 (#1122)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.7 (#1123)
+* *(deps)* Update module github.com/swaggo/swag to v1.8.0 (#1124)
+* *(deps)* Update golang.org/x/sys commit hash to 0005352 (#1125)
+* *(deps)* Update golang.org/x/sys commit hash to f242548 (#1126)
+* *(deps)* Update klakegg/hugo docker tag to v0.92.2 (#1127)
+* *(deps)* Update golang.org/x/sys commit hash to dbe011f (#1129)
+* *(deps)* Update golang.org/x/sys commit hash to 95c6836 (#1130)
+* *(deps)* Update golang.org/x/oauth2 commit hash to ee48083 (#1128)
+* *(deps)* Update module github.com/mattn/go-sqlite3 to v1.14.12 (#1132)
+* *(deps)* Update golang.org/x/sys commit hash to 4e6760a (#1131)
+* *(deps)* Update golang.org/x/image commit hash to 723b81c (#1133)
+* *(deps)* Update module github.com/labstack/echo/v4 to v4.7.0 (#1134)
+* *(deps)* Update klakegg/hugo docker tag to v0.93.0 (#1135)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.8 (#1136)
+* *(deps)* Update klakegg/hugo docker tag to v0.93.2 (#1137)
+* *(deps)* Update golang.org/x/sys commit hash to 22a9840 (#1138)
+* *(deps)* Update golang.org/x/crypto commit hash to efcb850 (#1139)
+* *(deps)* Update golang.org/x/oauth2 commit hash to 6242fa9 (#1140)
+* *(deps)* Update golang.org/x/sys commit hash to b874c99 (#1141)
+* *(deps)* Update klakegg/hugo docker tag to v0.93.3 (#1142)
+* *(deps)* Update module github.com/labstack/echo/v4 to v4.7.1 (#1146)
+* *(deps)* Update module github.com/stretchr/testify to v1.7.1 (#1148)
+* *(deps)* Update module github.com/swaggo/swag to v1.8.1 (#1156)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.11 (#1143)
+* *(deps)* Update module github.com/spf13/cobra to v1.4.0 (#1145)
+* *(deps)* Update module github.com/lib/pq to v1.10.5 (#1157)
+* *(deps)* Update module github.com/spf13/viper to v1.11.0 (#1159)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.12 (#1162)
+* *(deps)* Update module github.com/prometheus/client_golang to v1.12.2 (#1166)
+* *(deps)* Update module github.com/mattn/go-sqlite3 to v1.14.13 (#1165)
+* *(deps)* Update module github.com/coreos/go-oidc/v3 to v3.2.0 (#1164)
+* *(deps)* Update module github.com/swaggo/swag to v1.8.2 (#1167)
+* *(deps)* Update module github.com/lib/pq to v1.10.6 (#1169)
+* *(deps)* Update module gopkg.in/yaml.v3 to v3.0.1 (#1179)
+* *(deps)* Update module github.com/imdario/mergo to v0.3.13 (#1178)
+* *(deps)* Update module github.com/stretchr/testify to v1.7.2 (#1182)
+* *(deps)* Update module github.com/swaggo/swag to v1.8.3 (#1185)
+* *(deps)* Update module github.com/spf13/cobra to v1.5.0 (#1192)
+* *(deps)* Update module github.com/golang-jwt/jwt/v4 to v4.4.2 (#1193)
+* *(deps)* Update module github.com/stretchr/testify to v1.8.0 (#1191)
+* *(deps)* Update module github.com/go-testfixtures/testfixtures/v3 to v3.8.0 (#1168)
+* *(deps)* Update module github.com/mattn/go-sqlite3 to v1.14.14 (#1194)
+* *(deps)* Update golang.org/x/term digest to 065cf7b (#1207)
+* *(deps)* Update golang.org/x/image digest to 41969df (#1203)
+* *(deps)* Update module github.com/yuin/goldmark to v1.4.13 (#1209)
+* *(deps)* Update golang.org/x/crypto digest to 0559593 (#1202)
+* *(deps)* Update module github.com/spf13/afero to v1.9.0 (#1210)
+* *(deps)* Update module github.com/gabriel-vasile/mimetype to v1.4.1 (#1208)
+* *(deps)* Update golang.org/x/sync digest to 0de741c (#1205)
+* *(deps)* Update github.com/c2h5oh/datasize digest to 859f65c (#1201)
+* *(deps)* Update golang.org/x/oauth2 digest to 2104d58 (#1204)
+* *(deps)* Update golang.org/x/sys digest to c0bba94 (#1206)
+* *(deps)* Update golang.org/x/oauth2 digest to c8730f7 (#1214)
+* *(deps)* Update module github.com/spf13/afero to v1.9.2 (#1215)
+* *(deps)* Update module github.com/swaggo/swag to v1.8.4 (#1216)
+* *(deps)* Update module github.com/spf13/viper to v1.12.0 (#1180)
+* *(deps)* Update golang.org/x/sys digest to 1609e55 (#1217)
+* *(deps)* Update module github.com/go-testfixtures/testfixtures/v3 to v3.8.1 (#1226)
+* *(deps)* Update module go to 1.18 (#1225)
+
+### Documentation
+* Add docker-compose example with no proxy ([4255bc3](4255bc3a945b6fe4314e3cd3f62908dd1be1ff4a))
+* Add another youtube tutorial ([dbd6f36](dbd6f36da6e56355993cc1411379997e26c88b36))
+* Fix api url in docker examples without a proxy ([68998e9](68998e90a446569869fb150bd5fc0739f496b066))
+* Make sure all links to vikunja pages are https ([cc612d5](cc612d505f22e5d895b6ebda61fe62498634cec5))
+* Update backup instructions ([4829c89](4829c899400544ad27cacfb7d19b40988302a413))
+* Add postgres to docker-compose examples ([2aea169](2aea1691cf33b7d9e03fbe2c711af7d8f76d9724))
+* Improve development docs ([9bf32aa](9bf32aae99a7e69cce0cd4477e8fc8ddcaea25ea))
+* Add another tutorial link ([1fa74cb](1fa74cba6407c2b694b14f8439f1492476433d62))
+* Improve wording for systemd ([13561f2](13561f211493903b17c856b3010345ea9df725d4))
+* Update testing ([da318e3](da318e3db15121ba864db8450a76ba9ed18b9fd5))
+* Add guide for Synology NAS ([049ae39](049ae39c62079f77921b7a9fad5023b2c1c0c1c5))
+
+
+### Features
+
+* *(docs)* Add details of using NGINX Proxy Manager to the Reverse Proxy docs (#13)
+* *(docs)* Add versions explanation
+* *(mail)* Don't try to authenticate when no username and password was provided* Add better error logs for mage commands ([bb086eb](bb086eb9f87669f844c283d42ea9ca9f3f5a7877))
+* Expose if task comments are enabled or not in /info ([ae8db17](ae8db176db57fa6176e00b87924f70352332ca66))
+* Improve account deletion email grammar (#1006) ([dcb52c0](dcb52c00f1c6b3217e2b508d7799fc83adb3b055))
+* Add more debug logging when deleting users ([8f55af0](8f55af07c936218487ec94e65c6673fbddd0cdb5))
+* Don't require a password for data export from users authenticated with third-party auth ([9eca971](9eca971c938699d481915fb6e14c765aea1fa3b5))
+* Expose if a user is a local user through its jwt token ([516c812](516c812043e77be7f834ae1326d13d39e156ef77))
+* Expose if a user is a local user through the /user endpoint ([2683ef2](2683ef23d538eb846d5d799798fa82cca70dc017))
+* Enable rate limit for unauthenticated routes ([093d0c6](093d0c65ca6338358dbd1df904daadd7808f2817))
+* Use wallpaper topic for default unsplash background list ([88a2ced](88a2cede19f1844814530af948c3cc5a0b026419))
+* Gravatar - Lowercase emails before MD5 hash (#10) ([36bf3d2](36bf3d216a7be28e917e2816a9e5da43439f2c20))
+* Add marble avatar (#1060) ([73ee696](73ee696fc3cf941af2d2c2cf81224aa01f93234e))
+* Save user language in the settings ([a98119f](a98119f2d670a11efab6008129b767f9208f8113))
+* Add time zone setting for reminders (#1092) ([61d49c3](61d49c3a56a59e52ce407b858ddd4aa573dbee9d))
+* Add long-lived api tokens (#1085) ([1322cb1](1322cb16d76a40ad90631e3e091da0f0d44957a9))
+* Upgrade golangci-lint to 1.45.2 ([5cf263a](5cf263a86f954a38cbfafb6b0857bf591f82a811))
+* Add date math for filters (#1086) ([0a1d8c9](0a1d8c940410b03a78016ac6110883ca05484816))
+* Add migration to create BlurHash strings for all list backgrounds ([362706b](362706b38d52720b5a1615e185a985b7708168f7))
+* Generate a BlurHash when uploading a new image ([f83b09a](f83b09af59ed25425a16824ccf48d903c81e861a))
+* Save BlurHash from unsplash when selecting a photo from unsplash ([2ec7d7a](2ec7d7a8a85cc12c07d20cfab9b90a78a7857eb6))
+* Return BlurHash for unsplash search results ([6df8658](6df865876df961f2bec476126bf6e7fbe5d43e0e))
+* Add caldav tokens (#1065) ([e4b50e8](e4b50e84a44f809cc829c2fdb6f52b03b40a367b))
+* Ability to serve static files (#1174) ([acaa850](acaa85083f2bebbc67608ae0f454ed5e9a3ef8a0))
+* Restrict max avatar size ([2f25b48](2f25b48869f59256bf7d692c4486c64c30b85e5e))
+* Send overdue tasks email notification at 9:00 in the user's time zone ([7eb3b96](7eb3b96a4465ca6648572b07c506c06f2c28c375))
+* Add setting to change overdue tasks reminder email time ([8869adf](8869adfc276f674b686bf68f949d7efbb417e55b))
+* Allow only the authors of task comments to edit them ([01271c4](01271c4c0111b3b040dcb9a0d502d31078ad6d4b))
+* Migrate away from gomail ([30e0e98](30e0e98f7738e36698990523377f47edcbf6806c))
+* Embed the vikunja logo as inline attachment ([f4f8450](f4f8450d166f1a836eea202dd0340d2156d3dfe9))
+* Use embed fs directly to embed the logo in mails ([73c4c39](73c4c399e5d610bb713f1e9feab543e0425ee959))
+* Use actual uuids for tasks ([62325de](62325de9cd5da5b70987081956a28e7baa907081))
+* Add issue template ([117f6b3](117f6b38e1d35c09f2657975ea75dcfedcd8425d))
+
+
+### Miscellaneous Tasks
+
+* *(ci)* Use latest version of s3 plugin
+* *(ci)* Sign drone config
+* *(docs)* Update docs about compiling from source
+* *(docs)* Redirect properly from /docs/docs
+* *(docs)* Add new mailer option to docs
+* *(docs)* Clarify openid setup with environment variables
+* *(docs)* Add frontendurl to all example configs
+* *(mage)* Don't set api packages when they are not used* Sign drone config ([1d8d0f1](1d8d0f140e4f2a59947167bd597e5f12b84b009d))
+* Cleanup namespace creation ([b60c69c](b60c69c5a8c004a780b989cf0bb8ab6455086b0f))
+* Generate swagger docs ([ba2bdff](ba2bdff39109db9ecc4b525e39e2642b41ac03b8))
+* Go mod tidy ([726a517](726a517bec731f1af8e3186e280718fef02cadf7))
+* Upgrade trello api wrapper and remove fork ([7e99618](7e99618319547c7e7dfa2cc063f654300f7074fb))
+* Use our custom build image to build docker image ([251b877](251b877015761fdd2b8dbd18cd8ec696dc374103))
+* Update golangci-lint ([430057a](430057a404b04e75c62a15693f479c6fc8e63189))
+
+
+### Other
+
+* *(other)* Healthcheck endpoint (#998)
+* *(other)* Added the ability to configure the JWT expiry date using a new server.jwtttl config parameter. (#999)
+* *(other)* Enable a list to be moved across namespaces (#1096)
+* *(other)* A bunch of dependency updates at once (#1155)
+* *(other)* Add client-cert parameters of the Go pq driver to the Vikunja config (#1161)
+* *(other)* Add exec to run script to run app as PID 1 (#1200)
+
+## [0.18.1] - 2021-09-08
+
+### Fixed
+
+* Docs: Add another third-party tutorial link
+* Don't try to export items which do not have a parent
+* fix(deps): update golang.org/x/sys commit hash to 6f6e228 (#970)
+* fix(deps): update golang.org/x/sys commit hash to c212e73 (#971)
+* Fix exporting tasks from archived lists
+* Fix lint
+* Fix tasks not exported
+* Fix tmp export file created in the wrong path
+
+## [0.18.0] - 2021-09-05
+
+### Added
+
+* Add default list setting (#875)
+* Add menu link to Vikunja Cloud in docs
+* Add more logging and better error messages for openid authentication + clarify docs
+* Add more logging for test data api endpoint
+* Add searching for tasks by index
+* Add setting for first day of the week
+* Add support of Unix socket (#912)
+* Add truncate parameter to test fixtures setup
+* Notify the user after three failed login attempts
+* Reorder tasks, lists and kanban buckets (#923)
+* Send a notification on failed TOTP
+* Task mentions (#926)
+* Try to get more information about the user when authenticating with openid
+* User account deletion (#937)
+* User Data Export and import (#967)
+
+### Changed
+
+* Allow running migration 20210711173657 multiple times to fix issues when it didn't completely run through previously
+* Better logging for errors while importing a bunch of tasks
+* Change task title to TEXT instead of varchar(250) to allow for longer task titles
+* Disable the user account after 10 failed password attempts
+* Docs: Add a note about default password
+* Docs: Add another youtube tutorial
+* Docs: Add ios to the list of not working caldav clients
+* Docs: Add k8s-at-home Helm Chart for Vikunja
+* Docs: Add other installation resources
+* Docs: Add translation docs
+* Docs: Fix rewrite rules in apache example configs
+* Docs: Translation now happening at crowdin
+* Docs: Update translation guidelines
+* Don't fail when removing the last bucket in migration from other services
+* Don't notify the user who created the team
+* Don't use the mariadb root user in docker-compose examples
+* Ensure case insensitive search on postgres (#927)
+* Increase test timeout
+* Only filter out failing openid providers if multiple are configured and one of them failed
+* Only send an email about failed totp after three failed attempts
+* Rearrange setting frontend url in config
+* Refactor user email confirmation + password reset handling (#919)
+* Rename and sign drone config
+* Replace jwt-go with github.com/golang-jwt/jwt
+* Reset failed totp attempts when logging in successfully
+* Save user tokens as text and not varchar
+* Save user tokens as varchar(450) and not text to fix mysql indexing issues
+* Set todoist migration redirect url to the frontend url by default
+* Show config full paths and env variables with config options
+* Switch the :latest docker image tag to contain the latest release instead of the latest unstable
+* Tune test db server settings to speed up tests (#939)
+
+### Fixed
+
+* Fix authentication callback
+* Fix duplicating empty lists
+* Fix error handling when deleting an attachment file
+* Fix error when searching for a namespace returned no results
+* Fix error when searching for a namespace with subscribers
+* Fix goimports
+* Fix importing archived projects and done items from todoist
+* Fix jwt middleware
+* Fix lint
+* Fix mapping task priorities from Vikunja to calDAV
+* Fix moving the done bucket around
+* Fix old references to master in docs
+* Fix panic on invalid smtp config
+* Fix parsing openid config when using a json config file
+* Fix saving pointer values to memory keyvalue
+* Fix saving reminders of repeating tasks
+* Fix setting a saved filter as favorite
+* Fix setting task favorite status of related tasks
+* Fix setting up keyvalue storage in tests
+* Fix swagger docs for create requests
+* Fix task relations not getting properly cleaned up when deleting them
+* Fix tests & lint
+* Make sure a bucket exists or use the default bucket when importing tasks
+* Make sure all associated entities of a task are deleted when the task is deleted
+* Make sure list / task favorites are set per user, not per entity (#915)
+* Make sure the configured frontend url always has a / at the end
+* Refactor & fix storing struct-values in redis keyvalue
+* Todoist migration: don't panic if no reminder was found for task
+
+### Dependency updates
+
+* fix(deps): update golang.org/x/sys commit hash to 63515b4 (#959)
+* fix(deps): update golang.org/x/sys commit hash to 97244b9 (#965)
+* fix(deps): update golang.org/x/sys commit hash to f475640 (#962)
+* fix(deps): update golang.org/x/sys commit hash to f4d4317 (#961)
+* fix(deps): update module github.com/lib/pq to v1.10.3 (#963)
+* Update alpine Docker tag to v3.13 (#884)
+* Update alpine Docker tag to v3.14 (#889)
+* Update golang.org/x/crypto commit hash to 0a44fdf (#944)
+* Update golang.org/x/crypto commit hash to 0ba0e8f (#943)
+* Update golang.org/x/crypto commit hash to 32db794 (#949)
+* Update golang.org/x/crypto commit hash to 5ff15b2 (#891)
+* Update golang.org/x/crypto commit hash to a769d52 (#916)
+* Update golang.org/x/image commit hash to 775e3b0 (#880)
+* Update golang.org/x/image commit hash to a66eb64 (#900)
+* Update golang.org/x/image commit hash to e6eecd4 (#893)
+* Update golang.org/x/net commit hash to 37e1c6af
+* Update golang.org/x/oauth2 commit hash to 14747e6 (#894)
+* Update golang.org/x/oauth2 commit hash to 2bc19b1 (#955)
+* Update golang.org/x/oauth2 commit hash to 6f1e639 (#931)
+* Update golang.org/x/oauth2 commit hash to 7df4dd6 (#952)
+* Update golang.org/x/oauth2 commit hash to a41e5a7 (#902)
+* Update golang.org/x/oauth2 commit hash to a8dc77f (#896)
+* Update golang.org/x/oauth2 commit hash to bce0382 (#895)
+* Update golang.org/x/oauth2 commit hash to d040287 (#888)
+* Update golang.org/x/oauth2 commit hash to f6687ab (#862)
+* Update golang.org/x/oauth2 commit hash to faf39c7 (#935)
+* Update golang.org/x/sys commit hash to 00dd8d7 (#953)
+* Update golang.org/x/sys commit hash to 15123e1 (#946)
+* Update golang.org/x/sys commit hash to 1e6c022 (#947)
+* Update golang.org/x/sys commit hash to 30e4713 (#945)
+* Update golang.org/x/sys commit hash to 41cdb87 (#956)
+* Update golang.org/x/sys commit hash to 7d9622a (#948)
+* Update golang.org/x/sys commit hash to bfb29a6 (#951)
+* Update golang.org/x/sys commit hash to d867a43 (#934)
+* Update golang.org/x/sys commit hash to e5e7981 (#933)
+* Update golang.org/x/sys commit hash to f52c844 (#954)
+* Update golang.org/x/term commit hash to 6886f2d (#887)
+* Update module getsentry/sentry-go to v0.11.0 (#869)
+* Update module github.com/coreos/go-oidc to v3 (#885)
+* Update module github.com/gabriel-vasile/mimetype to v1.3.1 (#904)
+* Update module github.com/golang-jwt/jwt to v3.2.2 (#928)
+* Update module github.com/golang-jwt/jwt to v4 (#930)
+* Update module github.com/go-redis/redis/v8 to v8.11.0 (#903)
+* Update module github.com/go-redis/redis/v8 to v8.11.1 (#925)
+* Update module github.com/go-redis/redis/v8 to v8.11.2 (#932)
+* Update module github.com/go-redis/redis/v8 to v8.11.3 (#942)
+* Update module github.com/iancoleman/strcase to v0.2.0 (#918)
+* Update module github.com/labstack/echo/v4 to v4.4.0 (#917)
+* Update module github.com/labstack/echo/v4 to v4.5.0 (#929)
+* Update module github.com/mattn/go-sqlite3 to v1.14.8 (#921)
+* Update module github.com/spf13/cobra to v1.2.0 (#905)
+* Update module github.com/spf13/cobra to v1.2.1 (#906)
+* Update module github.com/spf13/viper to v1.8.0 (#890)
+* Update module github.com/spf13/viper to v1.8.1 (#899)
+* Update module github.com/swaggo/swag to v1.7.1 (#936)
+* Update module github.com/yuin/goldmark to v1.3.8 (#892)
+* Update module github.com/yuin/goldmark to v1.3.9 (#901)
+* Update module github.com/yuin/goldmark to v1.4.0 (#908)
+* Update module go-redis/redis/v8 to v8.10.0 (#882)
+* Update module go-redis/redis/v8 to v8.7.1 (#807)
+* Update module go-testfixtures/testfixtures/v3 to v3.6.1 (#868)
+* Update module lib/pq to v1.10.2 (#865)
+* Update module prometheus/client_golang to v1.11.0 (#879)
+* Update module yuin/goldmark to v1.3.6 (#863)
+* Update module yuin/goldmark to v1.3.7 (#867)
+* Update monachus/hugo Docker tag to v0.75.1 (#940)
+
+## [0.17.1] - 2021-06-09
+
+### Fixed
+
+* Fix parsing openid config when using a json config file
+
 ## [0.17.0] - 2021-05-14
 
 ### Added
@@ -446,7 +1110,7 @@ All releases can be found on https://code.vikunja.io/api/releases.
 
 ## [0.14.0] - 2020-07-01
 
-### Added 
+### Added
 
 * Add ability to run the docker container with configurable user and group ids
 * Add better errors if the sqlite db file is not writable
@@ -660,7 +1324,7 @@ All releases can be found on https://code.vikunja.io/api/releases.
 
 ## [0.12] - 2020-04-04
 
-#### Added 
+#### Added
 
 * Add support for archiving lists and namespaces (#152)
 * Colors for lists and namespaces (#155)
@@ -684,7 +1348,7 @@ All releases can be found on https://code.vikunja.io/api/releases.
 
 ## [0.11] - 2020-03-01
 
-### Added 
+### Added
 
 * Add config options for cors handling (#124)
 * Add config options for task attachments (#125)
@@ -752,7 +1416,7 @@ All releases can be found on https://code.vikunja.io/api/releases.
 
 ## [0.9] - 2019-11-24
 
-### Added 
+### Added
 
 * Task Attachments (#104)
 * Task Relations (#103)
@@ -765,7 +1429,8 @@ All releases can be found on https://code.vikunja.io/api/releases.
 ### Fixed
 
 * Fix default logging settings (#107)
-* Fixed a bug where adding assignees or reminders via an update would re-create them and not respect already inserted ones, leaving a lot of garbage
+* Fixed a bug where adding assignees or reminders via an update would re-create them and not respect already inserted
+  ones, leaving a lot of garbage
 * Fixed a bug where deleting an attachment would cause a nil panic
 * Fixed building docs theme
 * Fixed error when setting max file size on 32-Bit systems
@@ -778,7 +1443,7 @@ All releases can be found on https://code.vikunja.io/api/releases.
 * Fixed removing reminders
 * Small link share fixes (#96)
 
-### Changed 
+### Changed
 
 * Improve pagination (#105)
 * Moved `teams_{namespace|list}_*` to `{namespace|list}_teams_*` for better consistency (#101)
@@ -899,7 +1564,8 @@ All releases can be found on https://code.vikunja.io/api/releases.
 
 * Updated libraries
 * Updated drone to version 1
-* Releases are now signed with our pgp key (more info about this on [the download page](https://vikunja.io/en/download/)).
+* Releases are now signed with our pgp key (more info about this
+  on [the download page](https://vikunja.io/en/download/)).
 
 ## [0.5] - 2018-12-02
 
@@ -929,7 +1595,7 @@ All releases can be found on https://code.vikunja.io/api/releases.
 
 ## [0.3] - 2018-11-02
 
-### Added 
+### Added
 
 * Password reset
 * Email verification when registering

Dockerfile

@@ -1,29 +1,27 @@
 
 ##############
 # Build stage
-FROM golang:1-alpine3.12 AS build-env
+FROM golang:1.19-alpine AS build-env
+
+RUN apk --no-cache add build-base git && \
+  go install github.com/magefile/mage@latest && \
+  mv /go/bin/mage /usr/local/go/bin
 
 ARG VIKUNJA_VERSION
-ENV TAGS "sqlite"
-ENV GO111MODULE=on
-
-# Build deps
-RUN apk --no-cache add build-base git
 
 # Setup repo
-COPY . ${GOPATH}/src/code.vikunja.io/api
-WORKDIR ${GOPATH}/src/code.vikunja.io/api
+COPY . /go/src/code.vikunja.io/api
+WORKDIR /go/src/code.vikunja.io/api
 
 # Checkout version if set
 RUN if [ -n "${VIKUNJA_VERSION}" ]; then git checkout "${VIKUNJA_VERSION}"; fi \
- && go install github.com/magefile/mage \
  && mage build:clean build
 
 ###################
 # The actual image
 # Note: I wanted to use the scratch image here, but unfortunatly the go-sqlite bindings require cgo and
 # because of this, the container would not start when I compiled the image without cgo.
-FROM alpine:3.12
+FROM alpine:3.16
 LABEL maintainer="maintainers@vikunja.io"
 
 WORKDIR /app/vikunja/
@@ -39,7 +37,7 @@ RUN apk --no-cache add shadow && \
   chown vikunja -R /app/vikunja
 COPY run.sh /run.sh
 
-# Fix time zone settings not working
+# Add time zone data
 RUN apk --no-cache add tzdata
 
 # Files permissions

Dockerfile.arm32

@@ -0,0 +1,48 @@
+
+##############
+# Build stage
+FROM golang:1.19-buster AS build-env
+
+RUN go install github.com/magefile/mage@latest && \
+  mv /go/bin/mage /usr/local/go/bin
+
+ARG VIKUNJA_VERSION
+
+# Setup repo
+COPY . /go/src/code.vikunja.io/api
+WORKDIR /go/src/code.vikunja.io/api
+
+# Checkout version if set
+RUN if [ -n "${VIKUNJA_VERSION}" ]; then git checkout "${VIKUNJA_VERSION}"; fi \
+ && mage build:clean build
+
+###################
+# The actual image
+# Note: I wanted to use the scratch image here, but unfortunatly the go-sqlite bindings require cgo and
+# because of this, the container would not start when I compiled the image without cgo.
+# We're using debian as a base image here because the latest alpine image does not work with arm.
+FROM debian:buster-slim
+LABEL maintainer="maintainers@vikunja.io"
+
+WORKDIR /app/vikunja/
+COPY --from=build-env /go/src/code.vikunja.io/api/vikunja .
+ENV VIKUNJA_SERVICE_ROOTPATH=/app/vikunja/
+
+# Dynamic permission changing stuff
+ENV PUID 1000
+ENV PGID 1000
+RUN addgroup --gid ${PGID} vikunja && \
+  chown ${PUID} -R /app/vikunja && \
+  useradd --shell /bin/sh --gid vikunja --uid ${PUID} --home-dir /app/vikunja vikunja
+COPY run.sh /run.sh
+
+# Fix time zone settings not working
+RUN apt-get update && apt-get install -y tzdata && apt-get clean
+
+# Files permissions
+RUN mkdir /app/vikunja/files && \
+  chown -R vikunja /app/vikunja/files
+VOLUME /app/vikunja/files
+
+CMD ["/run.sh"]
+EXPOSE 3456

README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://drone.kolaente.de/api/badges/vikunja/api/status.svg)](https://drone.kolaente.de/vikunja/api)
 [![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](LICENSE)
-[![Download](https://img.shields.io/badge/download-v0.17.0-brightgreen.svg)](https://dl.vikunja.io)
+[![Download](https://img.shields.io/badge/download-v0.20.0-brightgreen.svg)](https://dl.vikunja.io)
 [![Docker Pulls](https://img.shields.io/docker/pulls/vikunja/api.svg)](https://hub.docker.com/r/vikunja/api/)
 [![Swagger Docs](https://img.shields.io/badge/swagger-docs-brightgreen.svg)](https://try.vikunja.io/api/v1/docs)
 [![Go Report Card](https://goreportcard.com/badge/kolaente.dev/vikunja/api)](https://goreportcard.com/report/kolaente.dev/vikunja/api)
@@ -56,6 +56,10 @@ See [the roadmap](https://my.vikunja.cloud/share/QFyzYEmEYfSyQfTOmIRSwLUpkFjboaB
 
 Fork -> Push -> Pull-Request. Also see the [dev docs](https://vikunja.io/docs/development/) for more info.
 
+## Sponsors
+
+[![Relm](https://vikunja.io/images/sponsors/relm.png)](https://relm.us)
+
 ## License
 
 This project is licensed under the AGPLv3 License. See the [LICENSE](LICENSE) file for the full license text.

cliff.toml

@@ -0,0 +1,59 @@
+[changelog]
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+
+
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | upper_first }}
+    {% for commit in commits
+    | filter(attribute="scope")
+    | sort(attribute="scope") %}
+        * *({{commit.scope}})* {{ commit.message | upper_first }}
+        {%- if commit.breaking %}
+        {% raw %}  {% endraw %}- **BREAKING**: {{commit.breaking_description}}
+        {%- endif -%}
+    {%- endfor -%}
+    {%- for commit in commits %}
+        {%- if commit.scope -%}
+        {% else -%}
+            * {{ commit.message | upper_first }} ([{{ commit.id | truncate(length=7, end="") }}]({{ commit.id }}))
+            {% if commit.breaking -%}
+            {% raw %}  {% endraw %}- **BREAKING**: {{commit.breaking_description}}
+            {% endif -%}
+        {% endif -%}
+    {% endfor -%}
+    {% raw %}\n{% endraw %}\
+{% endfor %}\n
+
+"""
+#{% for group, commits in commits | group_by(attribute="group") %}
+#    ### {{ group | upper_first }}
+#    {% for commit in commits %}\
+#        - {% if commit.breaking %}[**breaking**] {% endif %}{{ commit.message | upper_first }} ([{{ commit.id | truncate(length=7, end="") }}]({{ commit.id }}))
+#    {% endfor %}\
+#{% endfor %}\n
+# remove the leading and trailing whitespace from the template
+trim = true
+
+[git]
+conventional_commits = true
+filter_unconventional = false
+commit_parsers = [
+    { message = ".*(deps).*", group = "Dependencies"},
+    { message = "^feat", group = "Features"},
+    { message = "^fix", group = "Bug Fixes"},
+    { message = "^doc", group = "Documentation"},
+    { message = "^perf", group = "Performance"},
+    { message = "^refactor", group = "Refactor"},
+    { message = "^style", group = "Styling"},
+    { message = "^test", group = "Testing"},
+    { message = "^chore\\(release\\): prepare for", skip = true},
+    { message = "^chore", group = "Miscellaneous Tasks"},
+    { body = ".*security", group = "Security"},
+    { message = ".*", group = "Other", default_scope = "other"}, # Everything that's not a conventional commit goes into the "Other" category
+]
+

config.yml.sample

@@ -3,14 +3,27 @@ service:
   # Default is a random token which will be generated at each startup of vikunja.
   # (This means all already issued tokens will be invalid once you restart vikunja)
   JWTSecret: "<jwt-secret>"
+  # The duration of the issed JWT tokens in seconds.
+  # The default is 259200 seconds (3 Days).
+  jwtttl: 259200
+  # The duration of the "remember me" time in seconds. When the login request is made with 
+  # the long param set, the token returned will be valid for this period.
+  # The default is 2592000 seconds (30 Days).
+  jwtttllong: 2592000
   # The interface on which to run the webserver
   interface: ":3456"
+  # Path to Unix socket. If set, it will be created and used instead of tcp
+  unixsocket:
+  # Permission bits for the Unix socket. Note that octal values must be prefixed by "0o", e.g. 0o660
+  unixsocketmode:
   # The URL of the frontend, used to send password reset emails.
   frontendurl: ""
   # The base path on the file system where the binary and assets are.
   # Vikunja will also look in this path for a config file, so you could provide only this variable to point to a folder
   # with a config file which will then be used.
   rootpath: <rootpath>
+  # Path on the file system to serve static files from. Set to the path of the frontend files to host frontend alongside the api.
+  staticpath: ""
   # The max number of items which can be returned per page
   maxitemsperpage: 50
   # Enable the caldav endpoint, see the docs for more details
@@ -39,17 +52,24 @@ service:
   # If enabled, vikunja will send an email to everyone who is either assigned to a task or created it when a task reminder
   # is due.
   enableemailreminders: true
+  # If true, will allow users to request the complete deletion of their account. When using external authentication methods 
+  # it may be required to coordinate with them in order to delete the account. This setting will not affect the cli commands
+  # for user deletion.
+  enableuserdeletion: true
+  # The maximum size clients will be able to request for user avatars.
+  # If clients request a size bigger than this, it will be changed on the fly.
+  maxavatarsize: 1024
 
 database:
   # Database type to use. Supported types are mysql, postgres and sqlite.
   type: "sqlite"
   # Database user which is used to connect to the database.
   user: "vikunja"
-  # Databse password
+  # Database password
   password: ""
-  # Databse host
+  # Database host
   host: "localhost"
-  # Databse to use
+  # Database to use
   database: "vikunja"
   # When using sqlite, this is the path where to store the data
   path: "./vikunja.db"
@@ -62,6 +82,12 @@ database:
   # Secure connection mode. Only used with postgres.
   # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
   sslmode: disable
+  # The path to the client cert. Only used with postgres.
+  sslcert: ""
+  # The path to the client key. Only used with postgres.
+  sslkey: ""
+  # The path to the ca cert. Only used with postgres.
+  sslrootcert: ""
   # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
   tls: false
 
@@ -101,8 +127,11 @@ mailer:
   enabled: false
   # SMTP Host
   host: ""
-  # SMTP Host port
+  # SMTP Host port.
+  # **NOTE:** If you're unable to send mail and the only error you see in the logs is an `EOF`, try setting the port to `25`.
   port: 587
+  # SMTP Auth Type. Can be either `plain`, `login` or `cram-md5`.
+  authtype: "plain"
   # SMTP username
   username: "user"
   # SMTP password
@@ -190,7 +219,7 @@ migration:
     # This is usually the frontend url where the frontend then makes a request to /migration/todoist/migrate
     # with the code obtained from the todoist api.
     # Note that the vikunja frontend expects this to be /migrate/todoist
-    redirecturl:
+    redirecturl: <frontend url>/migrate/todoist
   trello:
     # Wheter to enable the trello migrator or not
     enable: false
@@ -262,15 +291,19 @@ auth:
     enabled: true
   # OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
   # The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
-  # **Note:** The frontend expects to be redirected after authentication by the third party
+  # **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
+  # If the email is not public in those cases, authenticating will fail.
+  # **Note 2:** The frontend expects to be redirected after authentication by the third party
   # to <frontend-url>/auth/openid/<auth key>. Please make sure to configure the redirect url with your third party
   # auth service accordingy if you're using the default vikunja frontend.
-  # Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/master/config.yml.sample) for more information about how to configure openid authentication.
+  # Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
   openid:
     # Enable or disable OpenID Connect authentication
     enabled: false
     # The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
     # frontend, you don't need to change this value.
+    # **Note:** The redirect url must exactly match the configured redirect url with the third party provider.
+    # This includes all slashes at the end or protocols.
     redirecturl: <frontend url>
     # A list of enabled providers
     providers:
@@ -291,3 +324,28 @@ metrics:
   username:
   # If set to a non-empty value the /metrics endpoint will require this as a password via basic auth in combination with the username below.
   password:
+
+# Provide default settings for new users. When a new user is created, these settings will automatically be set for the user. If you change them in the config file afterwards they will not be changed back for existing users.
+defaultsettings:
+  # The avatar source for the user. Can be `gravatar`, `initials`, `upload` or `marble`. If you set this to `upload` you'll also need to specify `defaultsettings.avatar_file_id`.
+  avatar_provider: initials
+  # The id of the file used as avatar.
+  avatar_file_id: 0
+  # If set to true users will get task reminders via email.
+  email_reminders_enabled: false
+  # If set to true will allow other users to find this user when searching for parts of their name.
+  discoverable_by_name: false
+  # If set to true will allow other users to find this user when searching for their exact email.
+  discoverable_by_email: false
+  # If set to true will send an email every day with all overdue tasks at a configured time.
+  overdue_tasks_reminders_enabled: true
+  # When to send the overdue task reminder email.
+  overdue_tasks_reminders_time: 9:00
+  # The id of the default list. Make sure users actually have access to this list when setting this value.
+  default_list_id: 0
+  # Start of the week for the user. `0` is sunday, `1` is monday and so on.
+  week_start: 0
+  # The language of the user interface. Must be an ISO 639-1 language code. Will default to the browser language the user uses when signing up.
+  language: <unset>
+  # The time zone of each individual user. This will affect when users get reminders and overdue task emails.
+  timezone: <time zone set at service.timezone>

docker-manifest-unstable.tmpl

@@ -1,17 +1,17 @@
-image: vikunja/api:latest
+image: vikunja/api:unstable
 manifests:
   -
-    image: vikunja/api:latest-linux-amd64
+    image: vikunja/api:unstable-linux-amd64
     platform:
       architecture: amd64
       os: linux
   -
-    image: vikunja/api:latest-linux-arm64
+    image: vikunja/api:unstable-linux-arm64
     platform:
       architecture: arm64
       os: linux
   -
-    image: vikunja/api:latest-linux-arm
+    image: vikunja/api:unstable-linux-arm
     platform:
       architecture: arm
       os: linux

docs/config.yml

@@ -2,7 +2,7 @@ baseurl: https://vikunja.io/docs/
 title: Vikunja
 theme: vikunja
 enableRobotsTXT: true
-canonifyURLs: true
+canonifyURLs: false
 
 pygmentsUseClasses: true
 
@@ -31,10 +31,10 @@ menu:
       url: https://vikunja.io/en/
       weight: 10
     - name: Features
-      url: https://vikunja.io/en/features
+      url: https://vikunja.io/features
       weight: 20
     - name: Download
-      url: https://vikunja.io/en/download
+      url: https://vikunja.io/download
       weight: 30
     - name: Docs
       url: https://vikunja.io/docs
@@ -45,3 +45,6 @@ menu:
     - name: Community
       url: https://community.vikunja.io/
       weight: 60
+    - name: Get it Hosted
+      url: https://vikunja.cloud/?utm_source=io&utm_medium=io&utm_campaign=menu
+      weight: 70

docs/content/doc/development/cli.md

@@ -1,6 +1,6 @@
 ---
 date: "2019-03-31:00:00+01:00"
-title: "Adding new cli commands"
+title: "Cli Commands"
 draft: false
 type: "doc"
 menu:

docs/content/doc/development/config.md

@@ -0,0 +1,41 @@
+---
+date: "2019-02-12:00:00+02:00"
+title: "Configuration Options"
+draft: false
+type: "doc"
+menu:
+  sidebar:
+    parent: "development"
+---
+
+# Configuration options
+
+All configuration variables are declared in the `config` package.
+It uses [viper](https://github.com/spf13/viper) under the hood to handle setting defaults and parsing config files.
+Viper handles parsing all different configuration sources.
+
+## Adding new config options
+
+To make handling configuration parameters a bit easier, we introduced a `Key` string type in the `config` package which 
+you can call directly to get a config value.
+
+To add a new config option, you should add a new key const to `pkg/config/config.go` and possibly a default value.
+Default values should always enable the feature to work or turn it off completely if it always needs
+additional configuration.
+
+Make sure to also add the new config option to the default config file (`config.yml.sample` at the root of the repository) 
+with an explanatory comment to make sure it is well documented.
+Then run `mage generate-docs` to generate the configuration docs from the sample file.
+
+## Getting Configuration Values
+
+To retreive a configured value call the key with a getter for the type you need.
+For example:
+
+{{< highlight golang >}}
+if config.CacheEnabled.GetBool() {
+	// Do something with enabled caches
+}
+{{< /highlight >}}
+
+Take a look at the methods declared on the type to see what's available.

docs/content/doc/development/cron.md

@@ -0,0 +1,35 @@
+---
+title: "Cron Tasks"
+date: 2021-07-13T23:21:52+02:00
+draft: false
+menu:
+  sidebar:
+    parent: "development"
+---
+
+# How to add a cron job task
+
+Cron jobs are tasks which run on a predefined schedule.
+Vikunja uses these through a light wrapper package around the excellent [github.com/robfig/cron](https://github.com/robfig/cron) package.
+
+The package exposes a `cron.Schedule` method with two arguments: The first one to define the schedule when the cron task 
+should run, and the second one with the actual function to run at the schedule.
+You would then create a new function to register your the actual cron task in your package.
+
+A basic function to register a cron task looks like this:
+
+{{< highlight golang >}}
+func RegisterSomeCronTask() {
+	err := cron.Schedule("0 * * * *", func() {
+		// Do something every hour
+	}
+}
+{{< /highlight >}}
+
+Call the register method in the `FullInit()` method of the `init` package to actually register it.
+
+## Schedule Syntax
+
+The cron syntax uses the same on you may know from unix systems.
+
+It is described in detail [here](https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format).

docs/content/doc/development/database.md

@@ -0,0 +1,40 @@
+---
+date: "2019-02-12:00:00+02:00"
+title: "Database"
+draft: false
+type: "doc"
+menu:
+  sidebar:
+    parent: "development"
+---
+
+# Database
+
+Vikunja uses [xorm](https://xorm.io/) as an abstraction layer to handle the database connection.
+Please refer to [their](https://xorm.io/docs/) documentation on how to exactly use it.
+
+{{< table_of_contents >}}
+
+## Using the database
+
+When using the common web handlers, you get an `xorm.Session` to do database manipulations.
+In other packages, use the `db.NewSession()` method to get a new database session.
+
+## Adding new database tables
+
+To add a new table to the database, create the struct and [add a migration for it]({{< ref "db-migrations.md" >}}).
+
+To learn more about how to configure your struct to create "good" tables, refer to [the xorm documentaion](https://xorm.io/docs/).
+
+In most cases you will also need to implement the `TableName() string` method on the new struct to make sure the table 
+name matches the rest of the tables - plural.
+
+## Adding data to test fixtures
+
+Adding data for test fixtures can be done via `yaml` files in `pkg/models/fixtures`.
+
+The name of the yaml file should match the table name in the database.
+Adding values to it is done via array definition inside it.
+
+**Note**: Table and column names need to be in snake_case as that's what is used internally in the database 
+and for mapping values from the database to xorm so your structs can use it.

docs/content/doc/development/db-migrations.md

@@ -1,6 +1,6 @@
 ---
 date: "2019-03-29:00:00+02:00"
-title: "Database migrations"
+title: "Database Migrations"
 draft: false
 type: "doc"
 menu:
@@ -37,6 +37,11 @@ All migrations are sorted before being executed, since `init()` does not guarant
 When you're adding a new struct, you also need to add it to the `models.GetTables()` function
 to ensure it will be created on new installations.
 
+### Generating a new migration stub
+
+You can easily generate a pre-filled migration stub by running `mage dev:make-migration`.
+It will ask you for a table name and generate an empty migration similar to the example shown below.
+
 ### Example
 
 {{< highlight golang >}}

docs/content/doc/development/development.md

@@ -1,5 +1,5 @@
 ---
-date: "2019-02-12:00:00+02:00"
+date: "2022-09-21:00:00+02:00"
 title: "Development"
 toc: true
 draft: false
@@ -12,56 +12,44 @@ menu:
 
 # Development
 
-We use go modules to vendor libraries for Vikunja, so you'll need at least go `1.11` to use these.
-If you don't intend to add new dependencies, go `1.9` and above should be fine.
+{{< table_of_contents >}}
 
-To contribute to Vikunja, fork the project and work on the master branch.
+## General
+
+To contribute to Vikunja, fork the project and work on the main branch.
+Once you feel like your changes are ready, open a PR in the respective repo.
+A maintainer will take a look and give you feedback. Once everyone is happy, the PR gets merged and released.
+
+If you plan to do a bigger change, it is better to open an issue for discussion first.
+
+## API
+
+The code for the api is located at [code.vikunja.io/api](https://code.vikunja.io/api).
+
+We use go modules to manage third-party libraries for Vikunja, so you'll need at least go `1.17` to use these.
 
 A lot of developing tasks are automated using a Magefile, so make sure to [take a look at it]({{< ref "mage.md">}}).
 
-{{< table_of_contents >}}
+Make sure to check the other doc articles for specific development tasks like [testing]({{< ref "test.md">}}),
+[database migrations]({{< ref "db-migrations.md" >}}) and the [project structure]({{< ref "structure.md" >}}).
 
-## Libraries
+## Frontend requirements
 
-We keep all libraries used for Vikunja around in the `vendor/` folder to still be able to build the project even if
-some maintainers take their libraries down like [it happened in the past](https://github.com/jteeuwen/go-bindata/issues/5).
+The code for the frontend is located at [code.vikunja.io/frontend](https://code.vikunja.io/frontend).
+More instructions can be found in the repo's README.
 
-## Tests
+You need to have [pnpm](https://pnpm.io/) and nodejs in version 16 or 18 installed.
 
-See [testing]({{< ref "test.md">}}).
+## Git flow
 
-#### Development using go modules
+The `main` branch is the latest and bleeding edge branch with all changes. Unstable releases are automatically created from this branch.
 
-If you're able to use go modules, you can clone the project wherever you want to and work from there.
+A release gets tagged from the main branch with the version name as tag name.
 
-#### Development-setup without go modules
+Backports and point-releases should go to a `release/version` branch, based on the tag they are building on top of.
 
-Some internal packages are referenced using their respective package URL. This can become problematic. 
-To “trick” the Go tool into thinking this is a clone from the official repository, download the source code 
-into `$GOPATH/code.vikunja.io/api`. Fork the Vikunja repository, it should then be possible to switch the source directory on the command line.
+## Conventional commits
 
-{{< highlight bash >}}
-cd $GOPATH/src/code.vikunja.io/api
-{{< /highlight >}}
+We're using [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) because they greatly simplify generating release notes.
 
-To be able to create pull requests, the forked repository should be added as a remote to the Vikunja sources, otherwise changes can’t be pushed.
-
-{{< highlight bash >}}
-git remote rename origin upstream
-git remote add origin git@git.kolaente.de:<USERNAME>/api.git
-git fetch --all --prune
-{{< /highlight >}}
-
-This should provide a working development environment for Vikunja. Take a look at the Magefile to get an overview about 
-the available tasks. The most common tasks should be `mage test:unit` which will start our test environment and `mage build:build` 
-which will build a vikunja binary into the working directory. Writing test cases is not mandatory to contribute, but it 
-is highly encouraged and helps developers sleep at night.
-
-That’s it! You are ready to hack on Vikunja. Test changes, push them to the repository, and open a pull request.
-
-## Static assets
-
-Each Vikunja release contains all static assets directly compiled into the binary.
-To prevent this during development, use the `dev` tag when developing.
-
-See the [mage docs](mage.md#statically-compile-all-templates-into-the-binary) about how to compile with static assets for a release.
+It is not required to use them when creating a PR, but appreciated.

docs/content/doc/development/errors.md

@@ -5,7 +5,7 @@ draft: false
 type: "doc"
 menu:
   sidebar:
-    parent: "practical instructions"
+    parent: "development"
 ---
 
 # Custom Errors

docs/content/doc/development/events-and-listeners.md

@@ -28,11 +28,11 @@ This document explains how events and listeners work in Vikunja, how to use them
 
 Each event has to implement this interface:
 
-```golang
+{{< highlight golang >}}
 type Event interface {
     Name() string
 }
-```
+{{< /highlight >}}
 
 An event can contain whatever data you need.
 
@@ -75,7 +75,7 @@ To dispatch an event, simply call the `events.Dispatch` method and pass in the e
 
 The `TaskCreatedEvent` is declared in the `pkg/models/events.go` file as follows:
 
-```golang
+{{< highlight golang >}}
 // TaskCreatedEvent represents an event where a task has been created
 type TaskCreatedEvent struct {
     Task *Task
@@ -86,11 +86,11 @@ type TaskCreatedEvent struct {
 func (t *TaskCreatedEvent) Name() string {
     return "task.created"
 }
-```
+{{< /highlight >}}
 
 It is dispatched in the `createTask` function of the `models` package:
 
-```golang
+{{< highlight golang >}}
 func createTask(s *xorm.Session, t *Task, a web.Auth, updateAssignees bool) (err error) {
 
     // ...
@@ -102,7 +102,7 @@ func createTask(s *xorm.Session, t *Task, a web.Auth, updateAssignees bool) (err
     
     // ...
 }
-```
+{{< /highlight >}}
 
 As you can see, the curent task and doer are injected into it.
 
@@ -122,13 +122,13 @@ A single event can have multiple listeners who are independent of each other.
 
 All listeners must implement this interface:
 
-```golang
+{{< highlight golang >}}
 // Listener represents something that listens to events
 type Listener interface {
     Handle(msg *message.Message) error
     Name() string
 }
-```
+{{< /highlight >}}
 
 The `Handle` method is executed when the event this listener listens on is dispatched. 
 * As the single parameter, it gets the payload of the event, which is the event struct when it was dispatched decoded as json object and passed as a slice of bytes.
@@ -165,7 +165,7 @@ See the example below.
 
 ### Example
 
-```golang
+{{< highlight golang >}}
 // RegisterListeners registers all event listeners
 func RegisterListeners() {
     events.RegisterListener((&ListCreatedEvent{}).Name(), &IncreaseListCounter{})
@@ -183,13 +183,29 @@ func (s *IncreaseTaskCounter) Name() string {
 func (s *IncreaseTaskCounter) Handle(payload message.Payload) (err error) {
     return keyvalue.IncrBy(metrics.TaskCountKey, 1)
 }
-```
+{{< /highlight >}}
 
 ## Testing
 
 When testing, you should call the `events.Fake()` method in the `TestMain` function of the package you want to test.
 This prevents any events from being fired and lets you assert an event has been dispatched like so:
 
-```golang
+{{< highlight golang >}}
 events.AssertDispatched(t, &TaskCreatedEvent{})
-```
+{{< /highlight >}}
+
+### Testing a listener
+
+You can call an event listener manually with the `events.TestListener` method like so:
+
+{{< highlight golang >}}
+ev := &TaskCommentCreatedEvent{
+	Task:    &task,
+	Doer:    u,
+	Comment: tc,
+}
+
+events.TestListener(t, ev, &SendTaskCommentNotification{})
+{{< /highlight >}}
+
+This will call the listener's `Handle` method and assert it did not return an error when calling.

docs/content/doc/development/feature.md

@@ -1,11 +1,11 @@
 ---
 date: "2019-02-12:00:00+02:00"
-title: "Add a new api endpoint"
+title: "New API Endpoints"
 draft: false
 type: "doc"
 menu:
   sidebar:
-    parent: "practical instructions"
+    parent: "development"
 ---
 
 # Add a new api endpoint/feature

docs/content/doc/development/mage.md

@@ -11,9 +11,9 @@ menu:
 # Mage
 
 Vikunja uses [Mage](https://magefile.org/) to script common development tasks and even releasing.
-Mage is a pure go solution which allows for greater flexibility and things like better paralelization.
+Mage is a pure go solution which allows for greater flexibility and things like better parallelization.
 
-This document explains what taks are available and what they do.
+This document explains what tasks are available and what they do.
 
 {{< table_of_contents >}}
 
@@ -39,7 +39,7 @@ There are multiple categories of subcommands in the magefile:
 
 ## CI
 
-These tasks are automatically run in our CI every time someone pushes to master or you update a pull request:
+These tasks are automatically run in our CI every time someone pushes to main or you update a pull request:
 
 * `mage check:lint`
 * `mage check:fmt`
@@ -57,15 +57,13 @@ These tasks are automatically run in our CI every time someone pushes to master
 mage build:build
 {{< /highlight >}}
 
-Builds a `vikunja`-binary in the root directory of the repo for the platform it is run on.
-
-### Statically compile all templates into the binary
+or
 
 {{< highlight bash >}}
-mage build:generate
+mage build
 {{< /highlight >}}
 
-This generates static code with all templates, meaning no template need to be referenced at runtime.
+Builds a `vikunja`-binary in the root directory of the repo for the platform it is run on.
 
 ### clean
 
@@ -73,7 +71,7 @@ This generates static code with all templates, meaning no template need to be re
 mage build:clean
 {{< /highlight >}}
 
-Cleans all build, executable and bindata files
+Cleans all build and executable files
 
 ## Check
 
@@ -173,6 +171,8 @@ mage dev:create-migration
 Creates a new migration with the current date. 
 Will ask for the name of the struct you want to create a migration for.
 
+See also [migration docs]({{< ref "mage.md" >}}).
+
 ## Misc
 
 ### Format the code

docs/content/doc/development/metrics.md

@@ -5,7 +5,7 @@ draft: false
 type: "doc"
 menu:
   sidebar:
-    parent: "practical instructions"
+    parent: "development"
 ---
 
 # Metrics
@@ -17,7 +17,7 @@ The `metrics` package provides several functions to create and update metrics.
 
 {{< table_of_contents >}}
 
-## New metrics
+## Exposing New Metrics
 
 First, define a `const` with the metric key in redis. This is done in `pkg/metrics/metrics.go`.
 

docs/content/doc/development/migration.md

@@ -14,7 +14,17 @@ It is possible to migrate data from other to-do services to Vikunja.
 To make this easier, we have put together a few helpers which are documented on this page.
 
 In general, each migrator implements a migrator interface which is then called from a client.
-The interface makes it possible to use helper methods which handle http an focus only on the implementation of the migrator itself.
+The interface makes it possible to use helper methods which handle http and focus only on the implementation of the migrator itself.
+
+There are two ways of migrating data from another service:
+1. Through the auth-based flow where the user gives you access to their data at the third-party service through an 
+   oauth flow. You can then call the service's api on behalf of your user to get all the data.
+   The Todoist, Trello and Microsoft To-Do Migrators use this pattern.
+2. A file migration where the user uploads a file obtained from some third-party service. In your migrator, you need 
+   to parse the file and create the lists, tasks etc.
+   The Vikunja File Import uses this pattern.
+
+To differentiate the two, there are two different interfaces you must implement.
 
 {{< table_of_contents >}}
 
@@ -23,13 +33,16 @@ The interface makes it possible to use helper methods which handle http an focus
 All migrator implementations live in their own package in `pkg/modules/migration/<name-of-the-service>`.
 When creating a new migrator, you should place all related code inside that module.
 
-## Migrator interface
+## Migrator Interface
 
 The migrator interface is defined as follows:
 
 ```go
 // Migrator is the basic migrator interface which is shared among all migrators
 type Migrator interface {
+	// Name holds the name of the migration.
+	// This is used to show the name to users and to keep track of users who already migrated.
+	Name() string
 	// Migrate is the interface used to migrate a user's tasks from another platform to vikunja.
 	// The user object is the user who's tasks will be migrated.
 	Migrate(user *models.User) error
@@ -37,9 +50,20 @@ type Migrator interface {
 	// The use case for this are Oauth flows, where the server token should remain hidden and not
 	// known to the frontend.
 	AuthURL() string
+}
+```
+
+## File Migrator Interface
+
+```go
+// FileMigrator handles importing Vikunja data from a file. The implementation of it determines the format.
+type FileMigrator interface {
 	// Name holds the name of the migration.
 	// This is used to show the name to users and to keep track of users who already migrated.
 	Name() string
+	// Migrate is the interface used to migrate a user's tasks, list and other things from a file to vikunja.
+	// The user object is the user who's tasks will be migrated.
+	Migrate(user *user.User, file io.ReaderAt, size int64) error
 }
 ```
 
@@ -54,23 +78,35 @@ authUrl, Status and Migrate methods.
 ```go
 // This is an example for the Wunderlist migrator
 if config.MigrationWunderlistEnable.GetBool() {
-    wunderlistMigrationHandler := &migrationHandler.MigrationWeb{
+	wunderlistMigrationHandler := &migrationHandler.MigrationWeb{
 		MigrationStruct: func() migration.Migrator {
 			return &wunderlist.Migration{}
 		},
 	}
-    wunderlistMigrationHandler.RegisterRoutes(m)
+	wunderlistMigrationHandler.RegisterRoutes(m)
 }
 ```
 
-You should also document the routes with [swagger annotations]({{< ref "../practical-instructions/swagger-docs.md" >}}).
+And for the file migrator:
+
+```go
+vikunjaFileMigrationHandler := &migrationHandler.FileMigratorWeb{
+	MigrationStruct: func() migration.FileMigrator {
+		return &vikunja_file.FileMigrator{}
+	},
+}
+vikunjaFileMigrationHandler.RegisterRoutes(m)
+```
+
+You should also document the routes with [swagger annotations]({{< ref "swagger-docs.md" >}}).
 
 ## Insertion helper method
 
 There is a method available in the `migration` package which takes a fully nested Vikunja structure and creates it with all relations. 
 This means you start by adding a namespace, then add lists inside of that namespace, then tasks in the lists and so on.
 
-The root structure must be present as `[]*models.NamespaceWithLists`.
+The root structure must be present as `[]*models.NamespaceWithListsAndTasks`. It allows to represent all of Vikunja's 
+hierachie as a single data structure.
 
 Then call the method like so:
 
@@ -85,14 +121,16 @@ err = migration.InsertFromStructure(fullVikunjaHierachie, user)
 
 ## Configuration
 
-You should add at least an option to enable or disable the migration.
+If your migrator is an oauth-based one, you should add at least an option to enable or disable it.
 Chances are, you'll need some more options for things like client ID and secret 
 (if the other service uses oAuth as an authentication flow).
 
 The easiest way to implement an on/off switch is to check whether your migration service is enabled or not when 
-registering the routes, and then simply don't registering the routes in the case it is disabled.
+registering the routes, and then simply don't registering the routes in case it is disabled.
+
+File based migrators can always be enabled.
 
 ### Making the migrator public in `/info` 
 
 You should make your migrator available in the `/info` endpoint so that frontends can display options to enable them or not.
-To do this, add an entry to `pkg/routes/api/v1/info.go`.
+To do this, add an entry to the `AvailableMigrators` field in `pkg/routes/api/v1/info.go`.

docs/content/doc/development/notifications.md

@@ -18,13 +18,13 @@ Vikunjs provides a simple abstraction to send notifications per mail and in the
 
 Each notification has to implement this interface:
 
-```golang
+{{< highlight golang >}}
 type Notification interface {
     ToMail() *Mail
     ToDB() interface{}
     Name() string
 }
-```
+{{< /highlight >}}
 
 Both functions return the formatted messages for mail and database.
 
@@ -35,7 +35,7 @@ For example, if your notification should not be recorded in the database but onl
 
 A list of chainable functions is available to compose a mail:
 
-```golang
+{{< highlight golang >}}
 mail := NewMail(). 
     // The optional sender of the mail message.
     From("test@example.com").
@@ -54,7 +54,7 @@ mail := NewMail().
     Action("The Action", "https://example.com").
 	// Another line of text.
     Line("This should be an outro line").
-```
+{{< /highlight >}}
 
 If not provided, the `from` field of the mail contains the value configured in [`mailer.fromemail`](https://vikunja.io/docs/config-options/#fromemail).
 
@@ -75,14 +75,14 @@ It takes the name of the notification and the package where the notification wil
 Notifiables can receive a notification.
 A notifiable is defined with this interface:
 
-```golang
+{{< highlight golang >}}
 type Notifiable interface {
     // Should return the email address this notifiable has.
     RouteForMail() string
     // Should return the id of the notifiable entity
     RouteForDB() int64
 }
-```
+{{< /highlight >}}
 
 The `User` type from the `user` package implements this interface.
 
@@ -93,7 +93,7 @@ It takes a notifiable and a notification as input.
 
 For example, the email confirm notification when a new user registers is sent like this:
 
-```golang
+{{< highlight golang >}}
 n := &EmailConfirmNotification{
     User:  update.User,
     IsNew: false,
@@ -101,13 +101,20 @@ n := &EmailConfirmNotification{
 
 err = notifications.Notify(update.User, n)
 return
-```
+{{< /highlight >}}
 
 ## Testing
 
 The `mail` package provides a `Fake()` method which you should call in the `MainTest` functions of your package.
 If it was called, no mails are being sent and you can instead assert they have been sent with the `AssertSent` method.
 
+When testing, you should call the `notifications.Fake()` method in the `TestMain` function of the package you want to test.
+This prevents any notifications from being sent and lets you assert a notifications has been sent like this:
+
+{{< highlight golang >}}
+notifications.AssertSent(t, &ReminderDueNotification{})
+{{< /highlight >}}
+
 ## Example
 
-Take a look at the [pkg/user/notifications.go](https://code.vikunja.io/api/src/branch/master/pkg/user/notifications.go) file for a good example.
+Take a look at the [pkg/user/notifications.go](https://code.vikunja.io/api/src/branch/main/pkg/user/notifications.go) file for a good example.

docs/content/doc/development/releasing.md

@@ -0,0 +1,39 @@
+---
+title: "Releasing a new Vikunja version"
+date: 2022-10-28T13:06:05+02:00
+draft: false
+menu:
+  sidebar:
+    parent: "development"
+---
+
+# Releasing a new Vikunja version
+
+This checklist is a collection of all steps usually involved when releasing a new version of Vikunja.
+Not all steps are nessecary for every release.
+
+* Website update :
+	* New Features: If there are new features worth mentioning the feature page should be updated.
+	* New Screenshots: If an overhaul of an existing feature happend so that it now looks different from the existing screenshot, a new one is required.
+* Generate changelogs: (with git-cliff)
+	* Frontend
+	* API
+	* Desktop
+* Tag a new version: Include the changelog for that version as the tag message
+	* Frontend
+	* API
+	* Desktop
+	* Once built: Prune the cloudflare cache so that the new versions show up at dl.vikunja.io
+* Release Highlights Blogpost:
+	* Include a section about Vikunja in general (totally fine to copy one from the earlier blog posts)
+	* New Features & Improvements: Mention bigger features, potentially with screenshots. Things like refactoring are sometimes also worth mentioneing.
+* Publish:
+	* Reddit
+	* Twitter
+	* Mastodon
+	* Chat
+	* Newsletter
+	* Forum
+	* If features in the release were sponsored, send an email to relevant stakeholders
+* Update Vikunja Cloud version and other instances
+

docs/content/doc/development/structure.md

@@ -1,6 +1,6 @@
 ---
 date: "2019-02-12:00:00+02:00"
-title: "Project structure"
+title: "Project Structure"
 draft: false
 type: "doc"
 menu:
@@ -10,40 +10,7 @@ menu:
 
 # Project structure
 
-In general, this api repo has the following structure:
-
-* `docker`
-* `docs`
-* `pkg`
-  * `caldav`
-  * `cmd`
-  * `config`
-  * `db`
-    * `fixtures`
-  * `files`
-  * `integration`
-  * `log`
-  * `mail`
-  * `metrics`
-  * `migration`
-  * `models`
-  * `modules`
-    * `migration`
-      * `handler`
-      * `wunderlist`
-  * `red`
-  * `routes`
-    * `api/v1`
-  * `static`
-  * `swagger`
-  * `user`
-  * `utils`
-  * `version`
-* `REST-Tests`
-* `templates`
-* `vendor`
-
-This document will explain what these mean and what you can find where.
+This document explains what each package does.
 
 {{< table_of_contents >}}
 
@@ -52,18 +19,13 @@ This document will explain what these mean and what you can find where.
 The root directory is where [the config file]({{< ref "../setup/config.md">}}), [Magefile]({{< ref "mage.md">}}), license, drone config, 
 application entry point (`main.go`) and so on are located.
 
-## docker
-
-This directory holds additonal files needed to build and run the docker container, mainly service configuration to properly run Vikunja inside a docker 
-container.
-
 ## pkg
 
 This is where most of the magic happens. Most packages with actual code are located in this folder.
 
 ### caldav
 
-This folder holds a simple caldav implementation which is responsible for returning the caldav feature.
+This folder holds a simple caldav implementation which is responsible for the caldav feature.
 
 ### cmd
 
@@ -75,10 +37,15 @@ To learn more about how to use this cli, see [the cli usage docs]({{< ref "../us
 
 ### config
 
-This package configures the config. It sets default values and sets up viper and tells it where to look for config files, 
-how to interpret which env variables for config etc.
+This package configures handling of Vikunja's runtime configuration.
+It sets default values and sets up viper and tells it where to look for config files, how to interpret which env variables 
+for config etc.
 
-If you want to add a new config parameter, you should add default value in this package.
+See also the [docs about adding a new configuration parameter]({{< ref "config.md" >}}).
+
+### cron
+
+See [how to add a cron task]({{< ref "cron.md" >}}).
 
 ### db
 
@@ -102,17 +69,17 @@ This init is called in `main.go` after the config init is done.
 
 ### mail
 
-This package handles all mail sending. To learn how to send a mail, see [sending emails]({{< ref "../practical-instructions/mail.md">}}).
+This package handles all mail sending. To learn how to send a mail, see [notifications]({{< ref "notifications.md" >}}).
 
 ### metrics
 
 This package handles all metrics which are exposed to the prometheus endpoint.
-To learn how it works and how to add new metrics, take a look at [how metrics work]({{< ref "../practical-instructions/metrics.md">}}).
+To learn how it works and how to add new metrics, take a look at [how metrics work]({{< ref "metrics.md">}}).
 
 ### migration
 
 This package handles all migrations.
-All migrations are stored and executed here.
+All migrations are stored and executed in this package.
 
 To learn more, take a look at the [migrations docs]({{< ref "../development/db-migrations.md">}}).
 
@@ -123,11 +90,35 @@ When adding new features or upgrading existing ones, that most likely happens he
 
 Because this package is pretty huge, there are several documents and how-to's about it:
 
-* [Adding a feature]({{< ref "../practical-instructions/feature.md">}})
-* [Making calls to the database]({{< ref "../practical-instructions/database.md">}})
+* [Adding a feature]({{< ref "feature.md">}})
+* [Making calls to the database]({{< ref "database.md">}})
 
 ### modules
 
+Everything that can have multiple implementations (like a task migrator from a third-party task provider) lives in a 
+respective sub package in this package.
+
+#### auth
+
+Contains openid related authentication.
+
+#### avatar
+
+Contains all possible avatar providers a user can choose to set their avatar.
+
+#### background
+
+All list background providers are in sub-packages of this package.
+
+#### dump
+
+Handles everything related to the `dump` and `restore` commands of Vikunja.
+
+#### keyvalue
+
+A simple key-value store with an implementation for memory and redis. 
+Can be used to cache values.
+
 #### migration
 
 See [writing a migrator]({{< ref "migration.md" >}}).
@@ -142,20 +133,19 @@ to talk to redis.
 
 It uses the [go-redis](https://github.com/go-redis/redis) library, please see their configuration on how to use it.
 
+**Note**: Only use this package directly if you have to use a direct redis connection.
+In most cases, using the `keyvalue` package is a better fit.
+
 ### routes
 
 This package defines all routes which are available for vikunja clients to use.
-To add a new route, see [adding a new route]({{< ref "../practical-instructions/feature.md">}}).
+To add a new route, see [adding a new route]({{< ref "feature.md">}}).
 
 #### api/v1
 
 This is where all http-handler functions for the api are stored. 
 Every handler function which does not use the standard web handler should live here.
 
-### static
-
-All static files generated by `mage generate` live here.
-
 ### swagger
 
 This is where the [generated]({{< ref "mage.md#generate-swagger-definitions-from-code-comments">}} [api docs]({{< ref "../usage/api.md">}}) live. 
@@ -179,23 +169,3 @@ See their function definitions for instructions on how to use them.
 The single purpouse of this package is to hold the current vikunja version which gets overridden through build flags 
 each time `mage release` or `mage build` is run.
 It is a seperate package to avoid import cycles with other packages.
-
-## REST-Tests
-
-Holds all kinds of test files to directly test the api from inside of [jetbrains ide's](https://www.jetbrains.com/help/idea/http-client-in-product-code-editor.html).
-
-These files are currently more an experiment, maybe we will drop them in the future to use something we could integrate in the testing process with drone.
-Therefore, this has no claim to be complete yet even working, you're free to change whatever is needed to get it working for you.
-
-## templates
-
-Holds the email templates used to send plain text and html emails for new user registration and password changes.
-
-## vendor
-
-All libraries needed to build Vikunja. 
-
-We keep all libraries used for Vikunja around in the `vendor/` folder to still be able to build the project even if
-some maintainers take their libraries down like [it happened in the past](https://github.com/jteeuwen/go-bindata/issues/5).
-
-When adding a new  dependency, make sure to run `go mod vendor` to put it inside this directory.

docs/content/doc/development/swagger-docs.md

@@ -1,17 +1,19 @@
 ---
 date: "2019-02-12:00:00+02:00"
-title: "Modifying swagger api docs"
+title: "Modifying Swagger API Docs"
 draft: false
 type: "doc"
 menu:
   sidebar:
-    parent: "practical instructions"
+    parent: "development"
 ---
 
-# Adding/editing swagger api docs
+# Modifying swagger api docs
 
 The api documentation is generated using [swaggo](https://github.com/swaggo/swag) from comments.
 
+{{< table_of_contents >}}
+
 ## Documenting structs
 
 You should always comment every field which will be exposed as a json in the api.
@@ -45,3 +47,27 @@ type List struct {
 	web.Rights   `xorm:"-" json:"-"`
 }
 {{< /highlight >}}
+
+## Documenting api Endpoints
+
+All api routes should be documented with a comment above the handler function.
+When generating the api docs with mage, the swagger cli will pick these up and put them in a neat document.
+
+A comment looks like this:
+
+{{< highlight golang >}}
+// @Summary Login
+// @Description Logs a user in. Returns a JWT-Token to authenticate further requests.
+// @tags user
+// @Accept json
+// @Produce json
+// @Param credentials body user.Login true "The login credentials"
+// @Success 200 {object} auth.Token
+// @Failure 400 {object} models.Message "Invalid user password model."
+// @Failure 412 {object} models.Message "Invalid totp passcode."
+// @Failure 403 {object} models.Message "Invalid username or password."
+// @Router /login [post]
+func Login(c echo.Context) error {
+	// Handler logic
+}
+{{< /highlight >}}

docs/content/doc/development/test.md

@@ -10,32 +10,31 @@ menu:
 
 # Testing
 
-You can run unit tests with [our `Magefile`]({{< ref "mage.md">}}) with
+{{< table_of_contents >}}
+
+## API Tests
+
+The following parts are about the kinds of tests in the API package and how to run them.
+
+### Prerequesites
+
+To run any kind of test, you need to specify Vikunja's [root path](https://vikunja.io/docs/config-options/#rootpath).
+This is required to make sure all test fixtures are correctly loaded.
+
+The easies way to do that is to set the environment variable `VIKUNJA_SERVICE_ROOTPATH` to the path where you cloned the working directory.
+
+### Unit tests
+
+To run unit tests with [mage]({{< ref "mage.md">}}), execute
 
 {{< highlight bash >}}
 mage test:unit
 {{< /highlight >}}
 
-{{< table_of_contents >}}
+In Vikunja, everything that is not an integration test counts as unit test - even if it accesses the db.
+This definition is a bit blurry, but we haven't found a better one yet.
 
-## Running tests with config
-
-You can run tests with all available config variables if you want, enabeling you to run tests for a lot of scenarios.
-
-To use the normal config set the enviroment variable `VIKUNJA_TESTS_USE_CONFIG=1`.
-
-## Show sql queries
-
-When `UNIT_TESTS_VERBOSE=1` is set, all sql queries will be shown when tests are run.
-
-## Fixtures
-
-All tests are run against a set of db fixtures.
-These fixtures are defined in `pkg/models/fixtures` in YAML-Files which represent the database structure.
-
-When you add a new test case which requires new database entries to test against, update these files.
-
-## Integration tests
+### Integration tests
 
 All integration tests live in `pkg/integrations`.
 You can run them by executing `mage test:integration`.
@@ -45,7 +44,25 @@ see at the beginning of this document.
 
 To run integration tests, use `mage test:integration`.
 
-## Initializing db fixtures when writing tests
+### Running tests with config
+
+You can run tests with all available config variables if you want, enabeling you to run tests for a lot of scenarios.
+We use this in CI to run all tests with different databases.
+
+To use the normal config set the enviroment variable `VIKUNJA_TESTS_USE_CONFIG=1`.
+
+### Showing sql queries
+
+When the environment variable `UNIT_TESTS_VERBOSE=1` is set, all sql queries will be shown during the test run.
+
+### Fixtures
+
+All tests are run against a set of db fixtures.
+These fixtures are defined in `pkg/models/fixtures` in YAML-Files which represent the database structure.
+
+When you add a new test case which requires new database entries to test against, update these files.
+
+#### Initializing db fixtures when writing tests
 
 All db fixtures for all tests live in the `pkg/db/fixtures/` folder as yaml files.
 Each file has the same name as the table the fixtures are for.
@@ -54,19 +71,39 @@ You should put new fixtures in this folder.
 When initializing db fixtures, you are responsible for defining which tables your package needs in your test init function.
 Usually, this is done as follows (this code snippet is taken from the `user` package):
 
-```go
+{{< highlight go >}}
 err = db.InitTestFixtures("users")
 if err != nil {
 	log.Fatal(err)
 }
-```
+{{< /highlight >}}
 
 In your actual tests, you then load the fixtures into the in-memory db like so:
 
-```go
+{{< highlight go >}}
 db.LoadAndAssertFixtures(t)
-```
+{{< /highlight >}}
 
 This will load all fixtures you defined in your test init method.
 You should always use this method to load fixtures, the only exception is when your package tests require extra test 
 fixtures other than db fixtures (like files).
+
+## Frontend tests
+
+The frontend has end to end tests with Cypress that use a Vikunja instance and drive a browser against it.
+Check out the docs [in the frontend repo](https://kolaente.dev/vikunja/frontend/src/branch/main/cypress/README.md) about how they work and how to get them running.
+
+### Unit Tests
+
+To run the frontend unit tests, run
+
+{{< highlight bash >}}
+pnpm run test:unit
+{{< /highlight >}}
+
+The frontend also has a watcher available that re-runs all unit tests every time you change something.
+To use it, simply run
+
+{{< highlight bash >}}
+pnpm run test:unit-watch
+{{< /highlight >}}

docs/content/doc/development/translation-instructions-german.md

@@ -0,0 +1,76 @@
+---
+title: "German Translation Instructions"
+date: 2021-06-23T23:47:34+02:00
+draft: false
+---
+
+# German Translation Instructions
+
+<div class="notification is-warning">
+<b>NOTE:</b> This document contains translation instructions specific to the german translation of Vikunja.
+For instructions applicable to all languages, check out the <a href="{{< ref "./translations.md">}}">general translation instructions</a>.
+</div>
+
+{{< table_of_contents >}}
+
+## Allgemein
+
+Anrede: Wenig förmlich:
+
+* “Du”-Form
+* Keine “Amtsdeusch“-Umschreibungen, einfach so als ob man den Nutzer direkt persönlich ansprechen würde
+
+Genauer definiert:
+
+* “falsch” anstatt “nicht korrekt/inkorrekt”
+* “Wende dich an …” anstatt “kontaktiere …”
+* In derselben Zeit übersetzen (sonst wird aus dem englischen “is“ das deutsche “war”)
+* Richtige Anführungszeichen verwenden. Also `„“` statt `''` oder `'` oder ` oder ´
+	* `„` für beginnende Anführungszeichen, `“` für schließende Anführungszeichen
+
+Es gelten Artikel und Worttrennungen aus dem [Duden](https://duden.de).
+
+## Formulierungen
+
+* `Account` statt `Konto`.
+* `TOTP` immer als ein Wort und Groß.
+* `CalDAV` immer so.
+* `löschen` oder `entfernen` je nach Kontext. Wenn etwas *gelöscht* wird, existiert das gelöschte Objekt und danach
+  nicht mehr und hat evtl. andere Objekte mitgelöscht (z.B. eine Aufgabe). Wird etwas *entfernt*, bezieht sich das
+  meistens auf die Beziehung zu einem anderen Objekt. Das entfernte Objekt existiert danach immernoch, z.B. beim
+  Entfernen eine:r Nutzer:in aus einem Team.
+* Analog zu `löschen` oder `entfernen` gilt ähnliches für `hinzufügen` oder `erstellen`. Eine Aufgabe wird *erstellt*,
+  aber ein:e Nutzer:in nur zu einem Team *hinzugefügt*.
+* `Anmeldename` anstatt `Benutzer:innenname`
+
+## Formulierungen in Modals und Buttons
+
+Es sollten die gleichen Formulierungen auf Buttons und Modals verwendet werden.
+
+Beispiel: Wenn der Button mit `löschen` beschriftet ist, sollte im Modal die Frage
+lauten `Willst du das wirklich löschen?` und nicht `Willst du das wirklich entfernen?`. Gleiches gilt für
+Erfolgs/Fehlermeldungen nach der Aktion.
+
+## Gendern
+
+Wo möglich, sollte eine geschlechtsneutrale Anrede verwendet werden. Falls diese sehr umständlich würden (siehe oben
+„Amtsdeutsch-Umschreibungen“), soll mit *Doppelpunkt* gegendert werden.
+
+Beispiel: „Benutzer:in“
+
+## Trennungen
+
+* E-Mail-Adresse (siehe Duden)
+
+## Wörter und Ausdrücke
+
+| Englisches Original | Verwendung in deutscher Übersetzung |
+| ------------------- | -------------------- |
+| Bucket | Spalte |
+| Namespace | Namespace |
+| Link Share | Linkfreigabe |
+| Username | Anmeldename |
+
+## Weiterführende Links
+
+* https://docs.translatehouse.org/projects/localization-guide/en/latest/guide/translation_guidelines_german.html

docs/content/doc/development/translations.md

@@ -0,0 +1,54 @@
+---
+title: "Translations"
+date: 2021-06-23T22:52:06+02:00
+draft: false
+menu:
+  sidebar:
+    parent: "development"
+---
+
+# Translations
+
+This document provides documentation about how to translate Vikunja.
+
+{{< table_of_contents >}}
+
+## Where to translate
+
+Translation happens at [crowdin](https://crowdin.com/project/vikunja).
+
+Currently, only the frontend (and by extension, the desktop app) is translatable.
+
+## Translation Instructions
+
+> These are the instructions for translating Vikunja in another language. 
+> For information about how to add new translation strings, see below.
+
+For all languages these translation guidelines should be applied when translating:
+
+* Use a less-formal style, as if you were talking to a friend.
+* If the source string contains characters like `&` or `…`, the translated string should contain them as well.
+
+More specific instructions for some languages can be found below.
+
+### Wrong translation strings
+
+If you encounter a wrong original translation string while translating, please don't correct it in the translation.
+Instead, translate it to reflect the original meaning in the translated string but add a comment under the source string to discuss potential changes.
+
+### Language-specific instructions
+
+* [German]({{< ref "./translation-instructions-german.md">}})
+
+## How to add new translation strings
+
+All translation strings are stored in `src/i18n/lang/`.
+New strings should be added only in the `en.json` file.
+Strings in other languages will be synced through weblate and should not be added directly as a PR/commit in the frontend repo.
+
+## Requesting a new language
+
+If you want to start translating Vikunja in a language not yet available in Vikunja, please request the language through the crowdin interface.
+If you have issues with this or need a discussion before doing so, please [contact us](https://vikunja.io/contact/) or [start a discussion in the forum](https://community.vikunja.io).
+
+Once at least 50% of all translation strings are translated and approved, they will be added and distributed with the Vikunja frontend for users to select and use Vikunja with them.

docs/content/doc/practical-instructions/database.md

@@ -1,40 +0,0 @@
----
-date: "2019-02-12:00:00+02:00"
-title: "Database"
-draft: false
-type: "doc"
-menu:
-  sidebar:
-    parent: "practical instructions"
----
-
-# Database
-
-Vikunja uses [xorm](http://xorm.io/) as an abstraction layer to handle the database connection.
-Please refer to [their](http://xorm.io/docs/) documentation on how to exactly use it.
-
-Inside the `models` package, a variable `x` is available which contains a pointer to an instance of `xorm.Engine`.
-This is used whenever you make a call to the database to get or update data.
-
-This xorm instance is set up and initialized every time vikunja is started.
-
-{{< table_of_contents >}}
-
-## Adding new database tables
-
-To add a new table to the database, add a an instance of your struct to the `tables` variable in the 
-init function in `pkg/models/models.go`. Xorm will sync them automatically.
-
-You also need to add a pointer to the `tablesWithPointer` slice to enable caching for all instances of this struct.
-
-To learn more about how to configure your struct to create "good" tables, refer to [the xorm documentaion](http://xorm.io/docs/).
-
-## Adding data to test fixtures
-
-Adding data for test fixtures is done in via `yaml` files insinde of `pkg/models/fixtures`.
-
-The name of the yaml file should equal the table name in the database.
-Adding values to it is done via array definition inside of the yaml file.
-
-**Note**: Table and column names need to be in snake_case as that's what is used internally in the database 
-and for mapping values from the database to xorm so your structs can use it.

docs/content/doc/practical-instructions/mail.md

@@ -1,86 +0,0 @@
----
-date: "2019-02-12:00:00+02:00"
-title: "Mailer"
-draft: false
-type: "doc"
-menu:
-  sidebar:
-    parent: "practical instructions"
----
-
-# Mailer
-
-This document explains how to use the mailer to send emails and what to do to create a new kind of email to be sent.
-
-{{< table_of_contents >}}
-
-## Sending emails
-
-**Note:** You should use mail templates whenever possible (see below).
-
-To send an email, use the function `mail.SendMail(options)`. The options are defined as follows:
-
-{{< highlight golang >}}
-type Opts struct {
-	To          string // The email address of the recipent
-	Subject     string // The subject of the mail
-	Message     string // The plaintext message in the mail
-	HTMLMessage string // The html message 
-	ContentType ContentType // The content type of the mail. Can be either mail.ContentTypePlain, mail.ContentTypeHTML, mail.ContentTypeMultipart. You should set this according to the kind of mail you want to send.
-	Boundary    string
-	Headers     []*header // Other headers to set in the mail.
-}
-{{< /highlight >}}
-
-### Sending emails based on a template
-
-For each mail with a template, there are two email templates: One for plaintext emails, one for html emails.
-
-These are located in the `templates/mail` folder and follow the conventions of `template-name.{plain|hmtl}.tmpl`,
-both the plaintext and html templates are in the same folder.
-
-To send a mail based on a template, use the function `mail.SendMailWithTemplate(to, subject, tpl string, data map[string]interface{})`.
-`to` and `subject` are pretty much self-explanatory, `tpl` is the name of the template, without `.html.tmpl` or `.plain.tmpl`. 
-`data` is a map you can pass additional data to your template.
-
-### Sending a mail with a template
-
-A basic html email template would look like this:
-
-{{< highlight go-html-template >}}
-{{template "mail-header.tmpl" .}}
-<p>
-    Hey there!<br/>
-    This is a minimal html email example.<br/>
-    {{.Something}}
-</p>
-{{template "mail-footer.tmpl"}}
-{{< /highlight >}}
-
-And the corresponding plaintext template:
-
-{{< highlight go-text-template >}}
-Hey there!
-
-This is a minimal html email example.
-
-{{.Something}}
-{{< /highlight >}}
-You would then call this like so:
-
-{{< highlight golang >}}
-data := make(map[string]interface{})
-data["Something"] = "I am some computed value"
-to := "test@example.com"
-subject := "A simple test mail"
-tpl := "demo" // Assuming you saved the templates as demo.plain.tmpl and demo.html.tmpl
-mail.SendMailWithTemplate(to, subject, tpl, data)
-{{< /highlight >}}
-
-The function does not return an error. If an error occures when sending a mail, it is logged but not returned because sending the mail happens asinchrounly.
-
-Notice the `mail-header.tmpl` and `mail-footer.tmpl` in the template. These populate some basic css, a box for your content and the vikunja logo.
-All that's left for you is to put the content in, which then will appear in a beautifully-styled box.
-
-Remeber, these are email templates. This is different from normal html/css, you cannot use whatever you want (because most of the clients are wayyy to outdated).
-

docs/content/doc/practical-instructions/new-config-options.md

@@ -1,31 +0,0 @@
----
-date: "2019-02-12:00:00+02:00"
-title: "Adding new   config options"
-draft: false
-type: "doc"
-menu:
-  sidebar:
-    parent: "practical instructions"
----
-
-# Adding new config options
-
-Vikunja uses [viper](https://github.com/spf13/viper) to handle configuration options.
-It handles parsing all different configuration sources.
-
-The configuration is done in sections. These are represented with a `.` in viper.
-Take a look at `pkg/config/config.go` to understand how these are set.
-
-To add a new config option, you should add a default value to `pkg/config/config.go`.
-Default values should always enable the feature to work somehow, or turn it off completely if it always needs
-additional configuration.
-
-Make sure to add the new config option to [the config document]({{< ref "../setup/config.md">}}) and the default config file
-(`config.yml.sample` at the root of the repository) to make sure it is well documented.
-
-If you're using a computed value as a default, make sure to update the sample config file and debian
-post-install scripts to reflect that.
-
-To get a configured option, use `viper.Get("config.option")`.
-Take a look at [viper's documentation](https://github.com/spf13/viper#getting-values-from-viper) to learn of the 
-different ways available to get config options.

docs/content/doc/setup/backups.md

@@ -10,12 +10,17 @@ menu:
 
 # What to backup
 
-Vikunja does not store any data outside of the database.
-So, all you need to backup are the contents of that database and maybe the config file.
+There are two parts you need to back up: The database and attachment files.
 
 {{< table_of_contents >}}
 
-## MySQL
+## Files
+
+To back up attachments and other files, it is enough to copy them [from the attachments folder]({{< ref "config.md" >}}#basepath) to some other place.
+
+## Database
+
+### MySQL
 
 To create a backup from mysql use the `mysqldump` command:
 
@@ -31,7 +36,7 @@ To restore it, simply pipe it back into the `mysql` command:
 mysql -u <user> -p -h <db-host> <database> < vkunja-backup.sql
 {{< /highlight >}}
 
-## PostgreSQL
+### PostgreSQL
 
 To create a backup from PostgreSQL use the `pg_dump` command:
 
@@ -49,6 +54,6 @@ psql -U <user> -h <db-host> <database> < vikunja-backup.sql
 
 For more information, please visit the [relevant PostgreSQL documentation](https://www.postgresql.org/docs/12/backup-dump.html).
 
-## SQLite
+### SQLite
 
-To backup sqllite databases, it is enough to copy the database elsewhere.
+To back up sqllite databases, it is enough to copy the [database file]({{< ref "config.md" >}}#path) to somwhere else.

docs/content/doc/setup/build-from-source.md

@@ -1,5 +1,5 @@
 ---
-date: "2019-02-12:00:00+02:00"
+date: "2022-09-21:00:00+02:00"
 title: "Build from sources"
 draft: false
 type: "doc"
@@ -10,20 +10,35 @@ menu:
 
 # Build Vikunja from source
 
-Vikunja being a go application, has no other dependencies than go itself. 
-All libraries are bundeled inside the repo in the `vendor/` folder, so all it boils down to are these steps:
+To completely build Vikunja from source, you need to build the api and frontend.
 
-1. Make sure [Go](https://golang.org/doc/install) is properly installed on your system. You'll need at least Go `1.9`.
-2. Make sure [Mage](https://magefile) is properly installed on your system.
-3. Clone the repo with `git clone https://code.vikunja.io/api`
-3. Run `mage build:build` in the source of this repo. This will build a binary in the root of the repo which will be able to run on your system.
+{{< table_of_contents >}}
+
+## API
+
+The Vikunja API has no other dependencies than go itself.
+That means compiling it boils down to these steps:
+
+1. Make sure [Go](https://golang.org/doc/install) is properly installed on your system. You'll need at least Go `1.17`.
+2. Make sure [Mage](https://magefile.org) is properly installed on your system.
+3. Clone the repo with `git clone https://code.vikunja.io/api` and switch into the directory.
+4. Run `mage build:build` in the source of this repo. This will build a binary in the root of the repo which will be able to run on your system.
 
 *Note:* Static ressources such as email templates are built into the binary.
 For these to work, you may need to run `mage build:generate` before building the vikunja binary.
 When builing entirely with `mage`, you dont need to do this, `mage build:generate` will be run automatically when running `mage build:build`.
 
-# Build for different architectures
+### Build for different architectures
 
 To build for other platforms and architectures than the one you're currently on, simply run `mage release:release` or `mage release:{linux|windows|darwin}`.
 
-More options are available, please refer to the [magefile docs]({{< ref "../development/mage.md">}}) for more details.
+More options are available, please refer to the [magefile docs]({{< ref "../development/mage.md">}}) for more details.
+
+## Frontend
+
+The code for the frontend is located at [code.vikunja.io/frontend](https://code.vikunja.io/frontend).
+
+1. Make sure you have [pnpm](https://pnpm.io/installation) properly installed on your system.
+2. Clone the repo with `git clone https://code.vikunja.io/frontend` and switch into the directory.
+3. Install all dependencies with `pnpm install`
+4. Build the frontend with `pnpm run build`. This will result in a static js bundle in the `dist/` folder which you can deploy.

docs/content/doc/setup/docker-start-to-finish.md

@@ -36,6 +36,8 @@ services:
     command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
     environment:
       MYSQL_ROOT_PASSWORD: supersecret
+      MYSQL_USER: vikunja
+      MYSQL_PASSWORD: secret
       MYSQL_DATABASE: vikunja
     volumes:
       - ./db:/var/lib/mysql
@@ -44,10 +46,12 @@ services:
     image: vikunja/api
     environment:
       VIKUNJA_DATABASE_HOST: db
-      VIKUNJA_DATABASE_PASSWORD: supersecret
+      VIKUNJA_DATABASE_PASSWORD: secret
       VIKUNJA_DATABASE_TYPE: mysql
-      VIKUNJA_DATABASE_USER: root
+      VIKUNJA_DATABASE_USER: vikunja
       VIKUNJA_DATABASE_DATABASE: vikunja
+      VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
+      VIKUNJA_SERVICE_FRONTENDURL: https://<your public frontend url with slash>/
     volumes: 
       - ./files:/app/vikunja/files
     depends_on:

docs/content/doc/setup/full-docker-example.md

@@ -25,6 +25,9 @@ All examples on this page already reflect this and do not require additional wor
 
 ## Redis
 
+While Vikunja has support to use redis as a caching backend, you'll probably not need it unless you're using Vikunja 
+with more than a handful of users.
+
 To use redis, you'll need to add this to the config examples below:
 
 {{< highlight yaml >}}
@@ -44,6 +47,80 @@ services:
     image: redis
 {{< /highlight >}}
 
+## PostgreSQL
+
+Vikunja supports postgres, mysql and sqlite as a database backend. The examples on this page use mysql with a mariadb container.
+To use postgres as a database backend, change the `db` section of the examples to this:
+
+{{< highlight yaml >}}
+db:
+  image: postgres:13
+  environment:
+    POSTGRES_PASSWORD: secret
+    POSTGRES_USER: vikunja
+  volumes:
+    - ./db:/var/lib/postgresql/data
+  restart: unless-stopped
+{{< /highlight >}}
+
+You'll also need to change the `VIKUNJA_DATABASE_TYPE` to `postgres` on the api container declaration.
+
+<div class="notification is-warning">
+<b>NOTE:</b> The mariadb container can sometimes take a while to initialize, especially on the first run. 
+During this time, the api container will fail to start at all. It will automatically restart every few seconds.
+</div>
+
+## Example without any proxy
+
+This example lets you host Vikunja without any reverse proxy in front of it. This is the absolute minimum configuration 
+you need to get something up and running. If you want to host Vikunja on one single port instead of two different ones 
+or need tls termination, check out one of the other examples.
+
+Not that you need to change the `VIKUNJA_API_URL` environment variable to the ip (the docker host you're running this on) 
+is reachable at. Because the browser you'll use to access the Vikunja frontend uses that url to make the requests, it 
+has to be able to reach that ip + port from the outside. Putting everything in a private network won't work.
+
+{{< highlight yaml >}}
+version: '3'
+
+services:
+  db:
+    image: mariadb:10
+    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    environment:
+      MYSQL_ROOT_PASSWORD: supersecret
+      MYSQL_USER: vikunja
+      MYSQL_PASSWORD: secret
+      MYSQL_DATABASE: vikunja
+    volumes:
+      - ./db:/var/lib/mysql
+    restart: unless-stopped
+  api:
+    image: vikunja/api
+    environment:
+      VIKUNJA_DATABASE_HOST: db
+      VIKUNJA_DATABASE_PASSWORD: secret
+      VIKUNJA_DATABASE_TYPE: mysql
+      VIKUNJA_DATABASE_USER: vikunja
+      VIKUNJA_DATABASE_DATABASE: vikunja
+      VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
+      VIKUNJA_SERVICE_FRONTENDURL: http://<your public frontend url with slash>/
+    ports:
+      - 3456:3456
+    volumes:
+      - ./files:/app/vikunja/files
+    depends_on:
+      - db
+    restart: unless-stopped
+  frontend:
+    image: vikunja/frontend
+    ports:
+      - 80:80
+    environment:
+      VIKUNJA_API_URL: http://<your-ip-here>:3456/api/v1
+    restart: unless-stopped
+{{< /highlight >}}
+
 ## Example with traefik 2
 
 This example assumes [traefik](https://traefik.io) version 2 installed and configured to [use docker as a configuration provider](https://docs.traefik.io/providers/docker/).
@@ -66,6 +143,8 @@ services:
       VIKUNJA_DATABASE_TYPE: mysql
       VIKUNJA_DATABASE_USER: vikunja
       VIKUNJA_DATABASE_DATABASE: vikunja
+      VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
+      VIKUNJA_SERVICE_FRONTENDURL: https://<your public frontend url with slash>/
     volumes: 
       - ./files:/app/vikunja/files
     networks:
@@ -124,6 +203,8 @@ services:
       VIKUNJA_DATABASE_TYPE: mysql
       VIKUNJA_DATABASE_USER: vikunja
       VIKUNJA_DATABASE_DATABASE: vikunja
+      VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
+      VIKUNJA_SERVICE_FRONTENDURL: https://<your public frontend url with slash>/
     volumes: 
       - ./files:/app/vikunja/files
     networks:
@@ -203,6 +284,8 @@ services:
     command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
     environment:
       MYSQL_ROOT_PASSWORD: supersecret
+      MYSQL_USER: vikunja
+      MYSQL_PASSWORD: secret
       MYSQL_DATABASE: vikunja
     volumes:
       - ./db:/var/lib/mysql
@@ -211,10 +294,12 @@ services:
     image: vikunja/api
     environment:
       VIKUNJA_DATABASE_HOST: db
-      VIKUNJA_DATABASE_PASSWORD: supersecret
+      VIKUNJA_DATABASE_PASSWORD: secret
       VIKUNJA_DATABASE_TYPE: mysql
-      VIKUNJA_DATABASE_USER: root
+      VIKUNJA_DATABASE_USER: vikunja
       VIKUNJA_DATABASE_DATABASE: vikunja
+      VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
+      VIKUNJA_SERVICE_FRONTENDURL: https://<your public frontend url with slash>/
     volumes: 
       - ./files:/app/vikunja/files
     depends_on:
@@ -258,7 +343,9 @@ services:
     image: mariadb:10
     command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
     environment:
-      MYSQL_ROOT_PASSWORD: supersecret
+      MYSQL_ROOT_PASSWORD: supersecret 
+      MYSQL_USER: vikunja
+      MYSQL_PASSWORD: secret
       MYSQL_DATABASE: vikunja
     volumes:
       - ./db:/var/lib/mysql
@@ -267,10 +354,12 @@ services:
     image: vikunja/api
     environment:
       VIKUNJA_DATABASE_HOST: db
-      VIKUNJA_DATABASE_PASSWORD: supersecret
+      VIKUNJA_DATABASE_PASSWORD: secret
       VIKUNJA_DATABASE_TYPE: mysql
-      VIKUNJA_DATABASE_USER: root
+      VIKUNJA_DATABASE_USER: vikunja
       VIKUNJA_DATABASE_DATABASE: vikunja
+      VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
+      VIKUNJA_SERVICE_FRONTENDURL: https://<your public frontend url with slash>/
     volumes: 
       - ./files:/app/vikunja/files
     depends_on:
@@ -291,3 +380,83 @@ services:
     volumes:
         - ./Caddyfile:/etc/caddy/Caddyfile:ro
 {{< /highlight >}}
+
+## Setup on a Synology NAS
+
+There is a proxy preinstalled in DSM, so if you want to access vikunja from outside,
+you can prepare 2 proxy rules:
+
+* a redirection rule for vikunja's api (see example screenshot using port 3456)
+* a similar redirection rule for vikunja's frontend (using port 4321)
+
+![Synology Proxy Settings](/docs/synology-proxy-1.png)
+
+You should also add 2 empty folders for mariadb and vikunja inside Synology's
+docker main folders:
+
+* Docker
+  * vikunja
+  * mariadb
+
+Synology has it's own GUI for managing Docker containers... But it's easier via docker compose.
+
+To do that, you can
+
+* either activate SSH and paste the adapted compose file in a terminal (using Putty or similar)
+* without activating SSH as a "custom script" (go to Control Panel / Task Scheduler / Create / Scheduled Task / User-defined script)
+* without activating SSH, by using Portainer (you have to install first, check out [this tutorial](https://www.portainer.io/blog/how-to-install-portainer-on-a-synology-nas) for exmple):
+  1. Go to **Dashboard / Stacks** click the button **"Add Stack"**
+  2. Give it the name Vikunja and paste the adapted docker compose file 
+  3. Deploy the Stack with the "Delpoy Stack" button: 
+
+![Portainer Stack deploy](/docs/synology-proxy-2.png)
+
+The docker-compose file we're going to use is very similar to the [example without any proxy](#example-without-any-proxy) above:
+
+{{< highlight yaml >}}
+version: '3'
+
+services:
+  db:
+    image: mariadb:10
+    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    environment:
+      MYSQL_ROOT_PASSWORD: supersecret
+      MYSQL_USER: vikunja
+      MYSQL_PASSWORD: secret
+      MYSQL_DATABASE: vikunja
+    volumes:
+      - ./db:/var/lib/mysql
+    restart: unless-stopped
+  api:
+    image: vikunja/api
+    environment:
+      VIKUNJA_DATABASE_HOST: db
+      VIKUNJA_DATABASE_PASSWORD: secret
+      VIKUNJA_DATABASE_TYPE: mysql
+      VIKUNJA_DATABASE_USER: vikunja
+      VIKUNJA_DATABASE_DATABASE: vikunja
+      VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
+      VIKUNJA_SERVICE_FRONTENDURL: https://<your public frontend url with slash>/
+    ports:
+      - 3456:3456
+    volumes:
+      - ./files:/app/vikunja/files
+    depends_on:
+      - db
+    restart: unless-stopped
+  frontend:
+    image: vikunja/frontend
+    ports:
+      - 4321:80
+    environment:
+      VIKUNJA_API_URL: http://vikunja-api-domain.tld/api/v1
+    restart: unless-stopped
+{{< /highlight >}}
+
+You may want to change the volumes to match the rest of your setup.
+
+Once deployed, you might want to change the [`PUID` and `GUID` settings]({{< ref "install-backend.md">}}#setting-user-and-group-id-of-the-user-running-vikunja) or [set the time zone]({{< ref "config.md">}}#timezone).
+
+After registering all your users, you might also want to [disable the user registration]({{<ref "config.md">}}#enableregistration).
+

docs/content/doc/setup/install-backend.md

@@ -28,7 +28,7 @@ wget <download-url>
 ### Verify the GPG signature
 
 Starting with version `0.7`, all releases are signed using pgp.
-Releases from `master` will always be signed.
+Releases from `main` will always be signed.
 
 To validate the downloaded zip file use the signiture file `.asc` and the key `FF054DACD908493A`:
 
@@ -52,7 +52,7 @@ ln -s /opt/vikunja/vikunja /usr/bin/vikunja
 
 ### Systemd service
 
-Take the following `service` file and adapt it to your needs:
+Save the following service file to `/etc/systemd/system/vikunja.service` and adapt it to your needs:
 
 {{< highlight service >}}
 [Unit]
@@ -83,8 +83,6 @@ WantedBy=multi-user.target
 
 If you've installed Vikunja to a directory other than `/opt/vikunja`, you need to adapt `WorkingDirectory` accordingly.
 
-Save the file to `/etc/systemd/system/vikunja.service`
-
 After you made all nessecary modifications, it's time to start the service:
 
 {{< highlight bash >}}
@@ -147,10 +145,11 @@ services:
     image: vikunja/api:latest
     environment:
       VIKUNJA_DATABASE_HOST: db
-      VIKUNJA_DATABASE_PASSWORD: supersecret
+      VIKUNJA_DATABASE_PASSWORD: secret
       VIKUNJA_DATABASE_TYPE: mysql
-      VIKUNJA_DATABASE_USER: root
+      VIKUNJA_DATABASE_USER: vikunja
       VIKUNJA_SERVICE_JWTSECRET: <generated secret>
+      VIKUNJA_SERVICE_FRONTENDURL: https://<your public frontend url with slash>/
     volumes:
       - ./files:/app/vikunja/files
   db:
@@ -158,6 +157,8 @@ services:
     command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
     environment:
       MYSQL_ROOT_PASSWORD: supersecret
+      MYSQL_USER: vikunja
+      MYSQL_PASSWORD: secret
       MYSQL_DATABASE: vikunja
     volumes:
       - ./db:/var/lib/mysql
@@ -275,3 +276,8 @@ The API is now available through IP:
 ## Configuration
 
 See [available configuration options]({{< ref "config.md">}}).
+
+## Default Password
+
+After successfully installing Vikunja, there is no default user or password.
+You only need to register a new account and set all the details when creating it.

docs/content/doc/setup/install-frontend.md

@@ -122,7 +122,7 @@ Put the following config in `cat /etc/apache2/sites-available/vikunja.conf`:
     ServerName localhost
     DocumentRoot /path/to/vikunja/static/frontend/files
     RewriteEngine On
-    RewriteRule ^\/?(config\.json|favicon\.ico|css|fonts|images|img|js) - [L]
+ 	RewriteRule ^\/?(favicon\.ico|assets|audio|fonts|images|manifest\.webmanifest|robots\.txt|sw\.js|workbox-.*|api|dav|\.well-known) - [L]
     RewriteRule ^(.*)$ /index.html [QSA,L]
 </VirtualHost>
 {{< /highlight >}}

docs/content/doc/setup/install.md

@@ -11,16 +11,20 @@ menu:
 
 # Installing
 
-Vikunja consists of two parts: [Backend](https://code.vikunja.io/api) and [frontend](https://code.vikunja.io/frontend).
-While the backend is required, the frontend is not.
-You don't neccesarily need to have a web-frontend, using Vikunja via the [mobile app](https://code.vikunja.io/app) is totally fine.
+Vikunja consists of two parts: [API](https://code.vikunja.io/api) and [frontend](https://code.vikunja.io/frontend).
 
-However, using the web frontend is highly reccommended.
+You will always need to install at least the API.
+To actually use Vikunja you'll also need to somehow install a frontend to use it.
+You can either:
 
-Vikunja can be installed in various forms. 
+* [Install the web frontend]({{< ref "install-frontend.md">}})
+* Use the desktop app, which is essentially a web frontend packaged for easy installation on desktop devices
+* Use the mobile app only, but as of right now it only supports the very basic features of Vikunja
+
+Vikunja can be installed in various ways. 
 This document provides an overview and instructions for the different methods.
 
-* [Backend]({{< ref "install-backend.md">}})
+* [API]({{< ref "install-backend.md">}})
   * [Installing from binary]({{< ref "install-backend.md#install-from-binary">}})
     * [Verify the GPG signature]({{< ref "install-backend.md#verify-the-gpg-signature">}})
     * [Set it up]({{< ref "install-backend.md#set-it-up">}})
@@ -39,3 +43,16 @@ This document provides an overview and instructions for the different methods.
 * [Reverse proxies]({{< ref "reverse-proxies.md">}})
 * [Full docker example]({{< ref "full-docker-example.md">}})
 * [Backups]({{< ref "backups.md">}})
+
+## Installation on kubernetes
+
+A third-party Helm Chart is available from the k8s-at-home project [here](https://github.com/k8s-at-home/charts/tree/master/charts/stable/vikunja).
+
+## Other installation resources
+
+* [Docker Compose is MUCH Easier Than you Think - Let's Install Vikunja](https://www.youtube.com/watch?v=fGlz2PkXjuo) (Youtube)
+* [Setup Vikunja using Docker Compose - Homelab Wiki](https://thehomelab.wiki/books/docker/page/setup-vikunja-using-docker-compose)
+* [A Closer look at Vikunja - Email Notifications - Enable or Disable Registrations - Allow Attachments](https://www.youtube.com/watch?v=47wj9pRT6Gw) (Youtube)
+* [Install Vikunja in Docker for self-hosted Task Tracking](https://smarthomepursuits.com/install-vikunja-in-docker-for-self-hosted-task-tracking/)
+* [Self-Hosted To-Do List with Vikunja in Docker](https://www.youtube.com/watch?v=DqyqDWpEvKI) (Youtube)
+* [Vikunja self-hosted (step by step)](https://nguyenminhhung.com/vikunja-self-hosted-step-by-step/)

docs/content/doc/setup/k8s.md

@@ -0,0 +1,15 @@
+---
+title: "Hosting Vikunja with k8s"
+date: 2022-08-12T13:41:48+02:00
+draft: false
+type: "doc"
+menu:
+  sidebar:
+    parent: "setup"
+---
+
+There are two third-party Helm-Charts which can be used to host Vikunja with k8s:
+
+* [Truecharts](https://truecharts.org/docs/charts/stable/vikunja/)
+* [k8s at Home](https://github.com/k8s-at-home/charts)
+

docs/content/doc/setup/openid-examples.md

@@ -0,0 +1,45 @@
+---
+date: "2022-08-09:00:00+02:00"
+title: "OpenID example configurations"
+draft: false
+type: "doc"
+menu:
+  sidebar:
+    parent: "setup"
+---
+
+# OpenID example configurations
+
+On this page you will find examples about how to set up Vikunja with a third-party OpenID provider.
+To add another example, please [edit this document](https://kolaente.dev/vikunja/api/src/branch/main/docs/content/doc/setup/openid-examples.md) and send a PR.
+
+{{< table_of_contents >}}
+
+## Authelia
+
+Vikunja Config:
+
+```yaml
+openid:
+    enabled: true
+    redirecturl: https://vikunja.mydomain.com/auth/openid/  <---- slash at the end is important
+    providers:
+      - name: Authelia
+        authurl: https://login.mydomain.com
+        clientid: <vikunja-id>
+        clientsecret: <vikunja secret>
+```
+
+Authelia config:
+
+```yaml
+- id: <vikunja-id>
+description: Vikunja
+secret: <vikunja secret>
+redirect_uris:
+  - https://vikunja.mydomain.com/auth/openid/authelia
+scopes:
+  - openid
+  - email
+  - profile
+```

docs/content/doc/setup/reverse-proxies.md

@@ -80,6 +80,22 @@ server {
 <b>NOTE:</b> If you change the max upload size in Vikunja's settings, you'll need to also change the <code>client_max_body_size</code> in the nginx proxy config.
 </div>
 
+## NGINX Proxy Manager (NPM)
+
+1. Create a standard Proxy Host for the Vikunja Frontend within NPM and point it to the URL you plan to use. The next several steps will enable the Proxy Host to successfully navigate to the API (on port 3456).
+2. Verify that the page will pull up in your browser. (Do not bother trying to log in. It won't work. Trust me.)
+3. Now, we'll work with the NPM container, so you need to identify the container name for your NPM installation. e.g. NGINX-PM
+4. From the command line, enter `sudo docker exec -it [NGINX-PM container name] /bin/bash` and navigate to the proxy hosts folder where the `.conf` files are stashed. Probably `/data/nginx/proxy_host`. (This folder is a persistent folder created in the NPM container and mounted by NPM.)
+5. Locate the `.conf` file where the server_name inside the file matches your Vikunja Proxy Host. Once found, add the following code, unchanged, just above the existing location block in that file. (They are listed by number, not name.)  
+```
+location ~* ^/(api|dav|\.well-known)/ {
+        proxy_pass http://api:3456;
+        client_max_body_size 20M;
+    }
+```
+6. After saving the edited file, return to NPM's UI browser window and refresh the page to verify your Proxy Host for Vikunja is still online. 
+7. Now, switch over to your Vikunja browswer window and hit refresh. If you configured your URL correctly in original Vikunja container, you should be all set and the browser will correctly show Vikunja. If not, you'll need to adjust the address in the top of the login subscreen to match your proxy address.
+
 ## Apache
 
 Put the following config in `cat /etc/apache2/sites-available/vikunja.conf`:
@@ -101,11 +117,11 @@ Put the following config in `cat /etc/apache2/sites-available/vikunja.conf`:
 
     DocumentRoot /var/www/html
     RewriteEngine On
-    RewriteRule ^\/?(config\.json|favicon\.ico|css|fonts|images|img|js|api|dav|\.well-known) - [L]
+ 	RewriteRule ^\/?(favicon\.ico|assets|audio|fonts|images|manifest\.webmanifest|robots\.txt|sw\.js|workbox-.*|api|dav|\.well-known) - [L]
     RewriteRule ^(.*)$ /index.html [QSA,L]
 </VirtualHost>
 {{< /highlight >}}
 
 **Note:** The apache modules `proxy`, `proxy_http` and `rewrite` must be enabled for this.
 
-For more details see the [frontend apache configuration]({{< ref "install-frontend.md#apache">}}).
+For more details see the [frontend apache configuration]({{< ref "install-frontend.md#apache">}}).

docs/content/doc/setup/subdirectory.md

@@ -0,0 +1,39 @@
+---
+title: "Running Vikunja in a subdirectory"
+date: 2022-09-23T12:15:04+02:00
+draft: false
+menu:
+  sidebar:
+    parent: "setup"
+---
+
+# Running Vikunja in a subdirectory
+
+Running Vikunja in a subdirectory is not supported out of the box.
+However, you can still run it in a subdirectory but need to build the frontend yourself.
+
+## Frontend
+
+First, make sure you're able to build the frontend from source.
+Check [the guide about building from source]({{< ref "build-from-source.md">}}#frontend) about that.
+
+Then, run 
+
+```
+pnpm vite build --base=/SUBPATH
+pnpm workbox copyLibraries dist/
+```
+
+Where `SUBPATH` is the subdirectory you want to run Vikunja on.
+
+Once you have the build files you can deploy them as usual.
+Note that when deploying in docker you'll need to put the files in a web container yourself, you 
+can't use the `Dockerfile` in the repo without modifications.
+
+## API
+
+If you're not using a reverse proxy you're good to go.
+Simply configure the api url in the frontend as you normally would.
+
+If you're using a reverse proxy you'll need to adjust the paths so that the api is available at `/SUBPATH/api/v1`.
+You can check if everything is working correctly by opening `/SUBPATH/api/v1/info` in a browser.

docs/content/doc/setup/versions.md

@@ -0,0 +1,45 @@
+---
+date: "2022-07-07:00:00+02:00"
+title: "Versions"
+draft: false
+type: "doc"
+menu:
+  sidebar:
+    parent: "setup"
+---
+
+# Vikunja Versions
+
+The Vikunja api and frontend are available in two different release flavors.
+
+{{< table_of_contents >}}
+
+## Stable
+
+Stable releases have a fixed version number like `0.18.2` and are published at irregular intervals whenever a new version is ready.
+They receive few bugfixes and security patches.
+
+We use [Semantic Versioning](#) for these releases.
+
+## Unstable
+
+Unstable versions are build every time a PR is merged or a commit to the main development branch is made.
+As such, they contain the current development code and are more likely to have bugs.
+There might be multiple new such builds a day.
+
+Versions contain the last stable version, the number of commits since then and the commit the currently running binary was built from.
+They look like this: `v0.18.1+269-5cc4927b9e`
+
+The demo instance at [try.vikunja.io](https://try.vikunja.io) automatically updates and always runs the last unstable build.
+
+## Switching between versions
+
+First you should create a backup of your current setup!
+
+Switching between versions is the same process as [upgrading]({{< ref install-backend.md >}}#updating).
+Simply replace the stable binary with an unstable one or vice-versa.
+
+For installations using docker, it is as simple as using the `unstable` or `latest` tag to switch between versions.
+
+**Note:** While switching from stable to unstable should work without any problem, switching back might work but is not recommended and might break your instance.
+To switch from unstable back to stable the best way is to wait for the next stable release after the used unstable build and then upgrade to that.

docs/content/doc/usage/api.md

@@ -11,7 +11,7 @@ menu:
 # API Documentation
 
 You can find the api docs under `http://vikunja.tld/api/v1/docs` of your instance. 
-A public instance is available on [try.vikunja.io](http://try.vikunja.io/api/v1/docs).
+A public instance is available on [try.vikunja.io](https://try.vikunja.io/api/v1/docs).
 
 These docs are autgenerated from annotations in the code with swagger.
 

docs/content/doc/usage/caldav.md

@@ -75,6 +75,7 @@ Vikunja **currently does not** support these properties:
 ### Not working
 
 * [Thunderbird (68)](https://www.thunderbird.net/)
+* iOS calDAV Sync (See [#753](https://kolaente.dev/vikunja/api/issues/753))
 
 ## Dev logs
 

docs/content/doc/usage/errors.md

@@ -4,8 +4,8 @@ title: "Errors"
 draft: false
 type: "doc"
 menu:
-  sidebar:
-    parent: "usage"
+sidebar:
+parent: "usage"
 ---
 
 # Errors
@@ -40,6 +40,8 @@ This document describes the different errors Vikunja can return.
 | 1016 | 412 | Totp is not enabled for this user. |
 | 1017 | 412 | The provided Totp passcode is invalid. |
 | 1018 | 412 | The provided user avatar provider type setting is invalid. |
+| 1019 | 412 | No openid email address was provided. |
+| 1020 | 412 | This user account is disabled. |
 
 ## Validation
 
@@ -50,14 +52,16 @@ This document describes the different errors Vikunja can return.
 
 ## List
 
-| ErrorCode | HTTP Status Code | Description |
-|-----------|------------------|-------------|
-| 3001 | 404 | The list does not exist. |
-| 3004 | 403 | The user needs to have read permissions on that list to perform that action. |
-| 3005 | 400 | The list title cannot be empty. |
-| 3006 | 404 | The list share does not exist. |
-| 3007 | 400 | A list with this identifier already exists. |
-| 3008 | 412 | The list is archived and can therefore only be accessed read only. This is also true for all tasks associated with this list. |
+| ErrorCode | HTTP Status Code | Description                                                                                                                   |
+|-----------|------------------|-------------------------------------------------------------------------------------------------------------------------------|
+| 3001      | 404 | The list does not exist.                                                                                                      |
+| 3004      | 403 | The user needs to have read permissions on that list to perform that action.                                                  |
+| 3005      | 400 | The list title cannot be empty.                                                                                               |
+| 3006      | 404 | The list share does not exist.                                                                                                |
+| 3007      | 400 | A list with this identifier already exists.                                                                                   |
+| 3008      | 412 | The list is archived and can therefore only be accessed read only. This is also true for all tasks associated with this list. |
+| 3009      | 412 | The list cannot belong to a dynamically generated namespace like "Favorites".                                                 |
+| 3010      | 412 | The list must belong to a namespace.                                                                                          |
 
 ## Task
 
@@ -78,10 +82,12 @@ This document describes the different errors Vikunja can return.
 | 4013 | 400 | The task sort param is invalid. |
 | 4014 | 400 | The task sort order is invalid. |
 | 4015 | 404 | The task comment does not exist. |
-| 4016 | 403 | Invalid task field. |
-| 4017 | 403 | Invalid task filter comparator. |
-| 4018 | 403 | Invalid task filter concatinator. |
-| 4019 | 403 | Invalid task filter value. |
+| 4016 | 400 | Invalid task field. |
+| 4017 | 400 | Invalid task filter comparator. |
+| 4018 | 400 | Invalid task filter concatinator. |
+| 4019 | 400 | Invalid task filter value. |
+| 4020 | 400 | The provided attachment does not belong to that task. |
+| 4021 | 400 | This user is already assigned to that task. |
 
 ## Namespace
 

docs/nginx.conf

@@ -18,4 +18,8 @@ server {
     location /docs/contact {
         return 301 $scheme://vikunja.io/en/contact;
     }
+    
+    location /docs/docs {
+        return 301 $scheme://vikunja.io/docs;
+    }
 }

go.mod

@@ -17,85 +17,138 @@
 module code.vikunja.io/api
 
 require (
-	code.vikunja.io/web v0.0.0-20210131201003-26386be9a9ae
+	code.vikunja.io/web v0.0.0-20210706160506-d85def955bd3
 	gitea.com/xorm/xorm-redis-cache v0.2.0
 	github.com/ThreeDotsLabs/watermill v1.1.1
-	github.com/adlio/trello v1.9.0
-	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751
+	github.com/adlio/trello v1.10.0
+	github.com/arran4/golang-ical v0.0.0-20220517104411-fd89fefb0182
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef
-	github.com/beevik/etree v1.1.0 // indirect
-	github.com/c2h5oh/datasize v0.0.0-20200825124411-48ed595a09d2
-	github.com/coreos/go-oidc v2.2.1+incompatible
+	github.com/bbrks/go-blurhash v1.1.1
+	github.com/c2h5oh/datasize v0.0.0-20220606134207-859f65c6625b
+	github.com/coreos/go-oidc/v3 v3.4.0
 	github.com/cweill/gotests v1.6.0
 	github.com/d4l3k/messagediff v1.2.1
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/disintegration/imaging v1.6.2
 	github.com/dustinkirkland/golang-petname v0.0.0-20191129215211-8e5a1ed0cff0
-	github.com/gabriel-vasile/mimetype v1.3.0
-	github.com/getsentry/sentry-go v0.10.0
-	github.com/go-errors/errors v1.1.1 // indirect
-	github.com/go-redis/redis/v8 v8.6.0
+	github.com/gabriel-vasile/mimetype v1.4.1
+	github.com/getsentry/sentry-go v0.14.0
+	github.com/go-redis/redis/v8 v8.11.5
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-testfixtures/testfixtures/v3 v3.6.0
+	github.com/go-testfixtures/testfixtures/v3 v3.8.1
+	github.com/golang-jwt/jwt/v4 v4.4.2
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
-	github.com/golang/snappy v0.0.2 // indirect
-	github.com/iancoleman/strcase v0.1.3
-	github.com/imdario/mergo v0.3.12
-	github.com/kr/text v0.2.0 // indirect
-	github.com/labstack/echo/v4 v4.3.0
-	github.com/labstack/gommon v0.3.0
-	github.com/laurent22/ical-go v0.1.1-0.20181107184520-7e5d6ade8eef
-	github.com/lib/pq v1.10.1
-	github.com/magefile/mage v1.11.0
-	github.com/mailru/easyjson v0.7.6 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
-	github.com/mattn/go-sqlite3 v1.14.7
-	github.com/mitchellh/mapstructure v1.3.2 // indirect
-	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
+	github.com/google/uuid v1.3.0
+	github.com/iancoleman/strcase v0.2.0
+	github.com/imdario/mergo v0.3.13
+	github.com/jinzhu/copier v0.3.5
+	github.com/labstack/echo/v4 v4.9.1
+	github.com/labstack/gommon v0.4.0
+	github.com/lib/pq v1.10.7
+	github.com/magefile/mage v1.14.0
+	github.com/mattn/go-sqlite3 v1.14.16
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
-	github.com/pelletier/go-toml v1.8.0 // indirect
-	github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e // indirect
 	github.com/pquerna/otp v1.3.0
-	github.com/prometheus/client_golang v1.10.0
+	github.com/prometheus/client_golang v1.13.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/samedi/caldav-go v3.0.0+incompatible
-	github.com/spf13/afero v1.6.0
-	github.com/spf13/cast v1.3.1 // indirect
-	github.com/spf13/cobra v1.1.3
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/viper v1.7.1
-	github.com/stretchr/testify v1.7.0
-	github.com/swaggo/swag v1.7.0
-	github.com/ulule/limiter/v3 v3.8.0
-	github.com/yuin/goldmark v1.3.5
-	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
-	golang.org/x/image v0.0.0-20210504121937-7319ad40d33e
-	golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/term v0.0.0-20210503060354-a79de5458b56
-	golang.org/x/tools v0.1.0 // indirect
-	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
+	github.com/spf13/afero v1.9.2
+	github.com/spf13/cobra v1.6.1
+	github.com/spf13/viper v1.13.0
+	github.com/stretchr/testify v1.8.1
+	github.com/swaggo/swag v1.8.7
+	github.com/tkuchiki/go-timezone v0.2.2
+	github.com/ulule/limiter/v3 v3.10.0
+	github.com/vectordotdev/go-datemath v0.1.1-0.20211214182920-0a4ac8742b93
+	github.com/wneessen/go-mail v0.3.4
+	github.com/yuin/goldmark v1.5.2
+	golang.org/x/crypto v0.1.0
+	golang.org/x/image v0.1.0
+	golang.org/x/oauth2 v0.1.0
+	golang.org/x/sync v0.1.0
+	golang.org/x/sys v0.1.0
+	golang.org/x/term v0.1.0
 	gopkg.in/d4l3k/messagediff.v1 v1.2.1
-	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
-	gopkg.in/ini.v1 v1.57.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c
-	src.techknowlogick.com/xgo v1.4.1-0.20210311222705-d25c33fcd864
-	src.techknowlogick.com/xormigrate v1.4.0
-	xorm.io/builder v0.3.8
-	xorm.io/core v0.7.3
-	xorm.io/xorm v1.0.7
+	gopkg.in/yaml.v3 v3.0.1
+	src.techknowlogick.com/xgo v1.5.1-0.20220906164532-735bfdfb90d9
+	src.techknowlogick.com/xormigrate v1.5.0
+	xorm.io/builder v0.3.12
+	xorm.io/xorm v1.3.2
+)
+
+require (
+	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/beevik/etree v1.1.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/garyburd/redigo v1.6.0 // indirect
+	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/go-chi/chi v4.0.2+incompatible // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.6 // indirect
+	github.com/go-openapi/spec v0.20.4 // indirect
+	github.com/go-openapi/swag v0.19.15 // indirect
+	github.com/goccy/go-json v0.9.11 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/laurent22/ical-go v0.1.1-0.20181107184520-7e5d6ade8eef // indirect
+	github.com/lithammer/shortuuid/v3 v3.0.4 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/subosito/gotenv v1.4.1 // indirect
+	github.com/syndtr/goleveldb v1.0.0 // indirect
+	github.com/urfave/cli/v2 v2.3.0 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasttemplate v1.2.1 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/net v0.1.0 // indirect
+	golang.org/x/text v0.4.0 // indirect
+	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
+	golang.org/x/tools v0.1.12 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
 replace (
-	github.com/adlio/trello => github.com/kolaente/trello v1.7.1-0.20201216234312-5c4ef79b531e
-	github.com/coreos/bbolt => go.etcd.io/bbolt v1.3.4
-	github.com/coreos/go-systemd => github.com/coreos/go-systemd/v22 v22.0.0
-	github.com/hpcloud/tail => github.com/jeffbean/tail v1.0.1 // See https://github.com/hpcloud/tail/pull/159
 	github.com/samedi/caldav-go => github.com/kolaente/caldav-go v3.0.1-0.20190524174923-9e5cd1688227+incompatible // Branch: feature/dynamic-supported-components, PR: https://github.com/samedi/caldav-go/pull/6 and https://github.com/samedi/caldav-go/pull/7
 	gopkg.in/fsnotify.v1 => github.com/kolaente/fsnotify v1.4.10-0.20200411160148-1bc3c8ff4048 // See https://github.com/fsnotify/fsnotify/issues/328 and https://github.com/golang/go/issues/26904
 )
 
-go 1.15
+go 1.19

magefile.go

@@ -14,6 +14,7 @@
 // You should have received a copy of the GNU Affero General Public Licensee
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
+//go:build mage
 // +build mage
 
 package main
@@ -26,7 +27,6 @@ import (
 	"fmt"
 	"github.com/iancoleman/strcase"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -74,9 +74,21 @@ var (
 	}
 )
 
+func runCmdWithOutput(name string, arg ...string) (output []byte, err error) {
+	cmd := exec.Command(name, arg...)
+	output, err = cmd.Output()
+	if err != nil {
+		if ee, is := err.(*exec.ExitError); is {
+			return nil, fmt.Errorf("error running command: %s, %s", string(ee.Stderr), err)
+		}
+		return nil, fmt.Errorf("error running command: %s", err)
+	}
+
+	return output, nil
+}
+
 func setVersion() {
-	versionCmd := exec.Command("git", "describe", "--tags", "--always", "--abbrev=10")
-	version, err := versionCmd.Output()
+	version, err := runCmdWithOutput("git", "describe", "--tags", "--always", "--abbrev=10")
 	if err != nil {
 		fmt.Printf("Error getting version: %s\n", err)
 		os.Exit(1)
@@ -117,8 +129,7 @@ func setExecutable() {
 }
 
 func setApiPackages() {
-	cmd := exec.Command("go", "list", "all")
-	pkgs, err := cmd.Output()
+	pkgs, err := runCmdWithOutput("go", "list", "all")
 	if err != nil {
 		fmt.Printf("Error getting packages: %s\n", err)
 		os.Exit(1)
@@ -145,8 +156,7 @@ func setRootPath() {
 
 func setGoFiles() {
 	// GOFILES := $(shell find . -name "*.go" -type f ! -path "*/bindata.go")
-	cmd := exec.Command("find", ".", "-name", "*.go", "-type", "f", "!", "-path", "*/bindata.go")
-	files, err := cmd.Output()
+	files, err := runCmdWithOutput("find", ".", "-name", "*.go", "-type", "f", "!", "-path", "*/bindata.go")
 	if err != nil {
 		fmt.Printf("Error getting go files: %s\n", err)
 		os.Exit(1)
@@ -170,7 +180,6 @@ func initVars() {
 	setVersion()
 	setBinLocation()
 	setPkgVersion()
-	setApiPackages()
 	setGoFiles()
 	Ldflags = `-X "` + PACKAGE + `/pkg/version.Version=` + VersionNumber + `" -X "main.Tags=` + Tags + `"`
 }
@@ -340,8 +349,9 @@ type Test mg.Namespace
 // Runs all tests except integration tests
 func (Test) Unit() {
 	mg.Deps(initVars)
+	setApiPackages()
 	// We run everything sequentially and not in parallel to prevent issues with real test databases
-	args := append([]string{"test", Goflags[0], "-p", "1"}, ApiPackages...)
+	args := append([]string{"test", Goflags[0], "-p", "1", "-coverprofile", "cover.out", "-timeout", "45m"}, ApiPackages...)
 	runAndStreamOutput("go", args...)
 }
 
@@ -356,7 +366,7 @@ func (Test) Coverage() {
 func (Test) Integration() {
 	mg.Deps(initVars)
 	// We run everything sequentially and not in parallel to prevent issues with real test databases
-	runAndStreamOutput("go", "test", Goflags[0], "-p", "1", PACKAGE+"/pkg/integrations")
+	runAndStreamOutput("go", "test", Goflags[0], "-p", "1", "-timeout", "45m", PACKAGE+"/pkg/integrations")
 }
 
 type Check mg.Namespace
@@ -395,7 +405,7 @@ func checkGolangCiLintInstalled() {
 	mg.Deps(initVars)
 	if err := exec.Command("golangci-lint").Run(); err != nil && strings.Contains(err.Error(), "executable file not found") {
 		fmt.Println("Please manually install golangci-lint by running")
-		fmt.Println("curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.31.0")
+		fmt.Println("curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.47.3")
 		os.Exit(1)
 	}
 }
@@ -548,7 +558,9 @@ func (Release) Compress(ctx context.Context) error {
 			return nil
 		}
 		// No mips or s390x for you today
-		if strings.Contains(info.Name(), "mips") || strings.Contains(info.Name(), "s390x") {
+		if strings.Contains(info.Name(), "mips") ||
+			strings.Contains(info.Name(), "s390x") ||
+			strings.Contains(info.Name(), "riscv64") { // not supported by upx
 			return nil
 		}
 
@@ -652,7 +664,7 @@ func (Release) Zip() error {
 
 		fmt.Printf("Zipping %s...\n", info.Name())
 
-		c := exec.Command("zip", "-r", RootPath+"/"+DIST+"/zip/"+info.Name(), ".", "-i", "*")
+		c := exec.Command("zip", "-r", RootPath+"/"+DIST+"/zip/"+info.Name()+".zip", ".", "-i", "*")
 		c.Dir = path
 		out, err := c.Output()
 		fmt.Print(string(out))
@@ -688,14 +700,14 @@ func (Release) Packages() error {
 
 	// Because nfpm does not  support templating, we replace the values in the config file and restore it after running
 	nfpmConfigPath := RootPath + "/nfpm.yaml"
-	nfpmconfig, err := ioutil.ReadFile(nfpmConfigPath)
+	nfpmconfig, err := os.ReadFile(nfpmConfigPath)
 	if err != nil {
 		return err
 	}
 
 	fixedConfig := strings.ReplaceAll(string(nfpmconfig), "<version>", VersionNumber)
 	fixedConfig = strings.ReplaceAll(fixedConfig, "<binlocation>", BinLocation)
-	if err := ioutil.WriteFile(nfpmConfigPath, []byte(fixedConfig), 0); err != nil {
+	if err := os.WriteFile(nfpmConfigPath, []byte(fixedConfig), 0); err != nil {
 		return err
 	}
 
@@ -708,7 +720,7 @@ func (Release) Packages() error {
 	runAndStreamOutput(binpath, "pkg", "--packager", "rpm", "--target", releasePath)
 	runAndStreamOutput(binpath, "pkg", "--packager", "apk", "--target", releasePath)
 
-	return ioutil.WriteFile(nfpmConfigPath, nfpmconfig, 0)
+	return os.WriteFile(nfpmConfigPath, nfpmconfig, 0)
 }
 
 type Dev mg.Namespace
@@ -872,7 +884,7 @@ func (s *` + name + `) Handle(msg *message.Message) (err error) {
 	if _, err := f.Seek(idx, 0); err != nil {
 		return err
 	}
-	remainder, err := ioutil.ReadAll(f)
+	remainder, err := io.ReadAll(f)
 	if err != nil {
 		return err
 	}
@@ -995,13 +1007,20 @@ func parseYamlConfigNode(node *yaml.Node) (config *configOption) {
 	return config
 }
 
-func printConfig(config []*configOption, level int) (rendered string) {
+func printConfig(config []*configOption, level int, parent string) (rendered string) {
 
 	// Keep track of what we already printed to prevent printing things twice
 	printed := make(map[string]bool)
 
 	for _, option := range config {
 
+		// FIXME: Not a good solution. Ideally this would work without the level check, but since generating config
+		// for more than two levels is currently broken anyway, I'll fix this after moving the config generation
+		// to a better format than yaml.
+		if level == 0 && option.key != "" {
+			parent = option.key
+		}
+
 		if option.key != "" {
 
 			// Filter out all config objects where the default value == key
@@ -1030,12 +1049,17 @@ func printConfig(config []*configOption, level int) (rendered string) {
 				if option.defaultValue == "" {
 					rendered += "<empty>"
 				}
-				rendered += "`\n"
+				rendered += "`\n\n"
+
+				fullPath := parent + "." + option.key
+
+				rendered += "Full path: `" + fullPath + "`\n\n"
+				rendered += "Environment path: `VIKUNJA_" + strcase.ToScreamingSnake(strings.ToUpper(fullPath)) + "`\n\n"
 			}
 		}
 
 		printed[option.key] = true
-		rendered += "\n" + printConfig(option.children, level+1)
+		rendered += "\n" + printConfig(option.children, level+1, parent)
 	}
 
 	return
@@ -1049,7 +1073,7 @@ const (
 // Generates the config docs from a commented config.yml.sample file in the repo root.
 func GenerateDocs() error {
 
-	config, err := ioutil.ReadFile("config.yml.sample")
+	config, err := os.ReadFile("config.yml.sample")
 	if err != nil {
 		return err
 	}
@@ -1069,7 +1093,7 @@ func GenerateDocs() error {
 		}
 	}
 
-	renderedConfig := printConfig(conf, 0)
+	renderedConfig := printConfig(conf, 0, "")
 
 	// Rebuild the config
 	file, err := os.OpenFile(configDocPath, os.O_RDWR, 0)
@@ -1099,7 +1123,7 @@ func GenerateDocs() error {
 
 	// We write the full file to prevent old content leftovers at the end
 	// I know, there are probably better ways to do this.
-	if err := ioutil.WriteFile(configDocPath, []byte(fullConfig), 0); err != nil {
+	if err := os.WriteFile(configDocPath, []byte(fullConfig), 0); err != nil {
 		return err
 	}
 

pkg/caldav/caldav.go

@@ -17,7 +17,6 @@
 package caldav
 
 import (
-	"fmt"
 	"regexp"
 	"strconv"
 	"strings"
@@ -150,6 +149,15 @@ END:VCALENDAR` // Need a line break
 	return
 }
 
+func formatDuration(duration time.Duration) string {
+	seconds := duration.Seconds() - duration.Minutes()*60
+	minutes := duration.Minutes() - duration.Hours()*60
+
+	return strconv.FormatFloat(duration.Hours(), 'f', 0, 64) + `H` +
+		strconv.FormatFloat(minutes, 'f', 0, 64) + `M` +
+		strconv.FormatFloat(seconds, 'f', 0, 64) + `S`
+}
+
 // ParseTodos returns a caldav vcalendar string with todos
 func ParseTodos(config *Config, todos []*Todo) (caldavtodos string) {
 	caldavtodos = `BEGIN:VCALENDAR
@@ -172,11 +180,15 @@ SUMMARY:` + t.Summary + getCaldavColor(t.Color)
 
 		if t.Start.Unix() > 0 {
 			caldavtodos += `
-DTSTART: ` + makeCalDavTimeFromTimeStamp(t.Start)
+DTSTART:` + makeCalDavTimeFromTimeStamp(t.Start)
+			if t.Duration != 0 && t.DueDate.Unix() == 0 {
+				caldavtodos += `
+DURATION:PT` + formatDuration(t.Duration)
+			}
 		}
 		if t.End.Unix() > 0 {
 			caldavtodos += `
-DTEND: ` + makeCalDavTimeFromTimeStamp(t.End)
+DTEND:` + makeCalDavTimeFromTimeStamp(t.End)
 		}
 		if t.Description != "" {
 			re := regexp.MustCompile(`\r?\n`)
@@ -209,14 +221,9 @@ DUE:` + makeCalDavTimeFromTimeStamp(t.DueDate)
 CREATED:` + makeCalDavTimeFromTimeStamp(t.Created)
 		}
 
-		if t.Duration != 0 {
-			caldavtodos += `
-DURATION:PT` + fmt.Sprintf("%.6f", t.Duration.Hours()) + `H` + fmt.Sprintf("%.6f", t.Duration.Minutes()) + `M` + fmt.Sprintf("%.6f", t.Duration.Seconds()) + `S`
-		}
-
 		if t.Priority != 0 {
 			caldavtodos += `
-PRIORITY:` + strconv.Itoa(int(t.Priority))
+PRIORITY:` + strconv.Itoa(mapPriorityToCaldav(t.Priority))
 		}
 
 		caldavtodos += `

pkg/caldav/caldav_test.go

@@ -375,6 +375,39 @@ COMPLETED:20181201T013024
 STATUS:COMPLETED
 LAST-MODIFIED:00010101T000000
 END:VTODO
+END:VCALENDAR`,
+		},
+		{
+			name: "with priority",
+			args: args{
+				config: &Config{
+					Name:   "test",
+					ProdID: "RandomProdID which is not random",
+				},
+				todos: []*Todo{
+					{
+						Summary:     "Todo #1",
+						Description: "Lorem Ipsum",
+						UID:         "randommduid",
+						Priority:    1,
+						Timestamp:   time.Unix(1543626724, 0).In(config.GetTimeZone()),
+					},
+				},
+			},
+			wantCaldavtasks: `BEGIN:VCALENDAR
+VERSION:2.0
+METHOD:PUBLISH
+X-PUBLISHED-TTL:PT4H
+X-WR-CALNAME:test
+PRODID:-//RandomProdID which is not random//EN
+BEGIN:VTODO
+UID:randommduid
+DTSTAMP:20181201T011204
+SUMMARY:Todo #1
+DESCRIPTION:Lorem Ipsum
+PRIORITY:9
+LAST-MODIFIED:00010101T000000
+END:VTODO
 END:VCALENDAR`,
 		},
 	}

pkg/caldav/parsing.go

@@ -21,21 +21,21 @@ import (
 	"strings"
 	"time"
 
-	"code.vikunja.io/api/pkg/caldav"
 	"code.vikunja.io/api/pkg/log"
 	"code.vikunja.io/api/pkg/models"
-	"github.com/laurent22/ical-go"
+
+	ics "github.com/arran4/golang-ical"
 )
 
-func getCaldavTodosForTasks(list *models.List, listTasks []*models.Task) string {
+func GetCaldavTodosForTasks(list *models.ListWithTasksAndBuckets, listTasks []*models.TaskWithComments) string {
 
 	// Make caldav todos from Vikunja todos
-	var caldavtodos []*caldav.Todo
+	var caldavtodos []*Todo
 	for _, t := range listTasks {
 
 		duration := t.EndDate.Sub(t.StartDate)
 
-		caldavtodos = append(caldavtodos, &caldav.Todo{
+		caldavtodos = append(caldavtodos, &Todo{
 			Timestamp:   t.Updated,
 			UID:         t.UID,
 			Summary:     t.Title,
@@ -52,48 +52,47 @@ func getCaldavTodosForTasks(list *models.List, listTasks []*models.Task) string
 		})
 	}
 
-	caldavConfig := &caldav.Config{
+	caldavConfig := &Config{
 		Name:   list.Title,
 		ProdID: "Vikunja Todo App",
 	}
 
-	return caldav.ParseTodos(caldavConfig, caldavtodos)
+	return ParseTodos(caldavConfig, caldavtodos)
 }
 
-func parseTaskFromVTODO(content string) (vTask *models.Task, err error) {
-	parsed, err := ical.ParseCalendar(content)
+func ParseTaskFromVTODO(content string) (vTask *models.Task, err error) {
+	parsed, err := ics.ParseCalendar(strings.NewReader(content))
 	if err != nil {
 		return nil, err
 	}
 
 	// We put the task details in a map to be able to handle them more easily
 	task := make(map[string]string)
-	for _, c := range parsed.Children {
-		if c.Name == "VTODO" {
-			for _, entry := range c.Children {
-				task[entry.Name] = entry.Value
-			}
-			// Breaking, to only process the first task
-			break
-		}
+	for _, c := range parsed.Components[0].UnknownPropertiesIANAProperties() {
+		task[c.IANAToken] = c.Value
 	}
 
-	// Parse the UID
+	// Parse the priority
 	var priority int64
 	if _, ok := task["PRIORITY"]; ok {
-		priority, err = strconv.ParseInt(task["PRIORITY"], 10, 64)
+		priorityParsed, err := strconv.ParseInt(task["PRIORITY"], 10, 64)
 		if err != nil {
 			return nil, err
 		}
+
+		priority = parseVTODOPriority(priorityParsed)
 	}
 
 	// Parse the enddate
 	duration, _ := time.ParseDuration(task["DURATION"])
 
+	description := strings.ReplaceAll(task["DESCRIPTION"], "\\,", ",")
+	description = strings.ReplaceAll(description, "\\n", "\n")
+
 	vTask = &models.Task{
 		UID:         task["UID"],
 		Title:       task["SUMMARY"],
-		Description: task["DESCRIPTION"],
+		Description: description,
 		Priority:    priority,
 		DueDate:     caldavTimeToTimestamp(task["DUE"]),
 		Updated:     caldavTimeToTimestamp(task["DTSTAMP"]),
@@ -118,12 +117,16 @@ func caldavTimeToTimestamp(tstring string) time.Time {
 		return time.Time{}
 	}
 
-	format := caldav.DateFormat
+	format := DateFormat
 
 	if strings.HasSuffix(tstring, "Z") {
 		format = `20060102T150405Z`
 	}
 
+	if len(tstring) == 8 {
+		format = `20060102`
+	}
+
 	t, err := time.Parse(format, tstring)
 	if err != nil {
 		log.Warningf("Error while parsing caldav time %s to TimeStamp: %s", tstring, err)

pkg/caldav/parsing_test.go

@@ -0,0 +1,101 @@
+// Vikunja is a to-do list application to facilitate your life.
+// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public Licensee as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public Licensee for more details.
+//
+// You should have received a copy of the GNU Affero General Public Licensee
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package caldav
+
+import (
+	"testing"
+	"time"
+
+	"code.vikunja.io/api/pkg/config"
+	"code.vikunja.io/api/pkg/models"
+	"gopkg.in/d4l3k/messagediff.v1"
+)
+
+func TestParseTaskFromVTODO(t *testing.T) {
+	type args struct {
+		content string
+	}
+	tests := []struct {
+		name      string
+		args      args
+		wantVTask *models.Task
+		wantErr   bool
+	}{
+		{
+			name: "normal",
+			args: args{content: `BEGIN:VCALENDAR
+VERSION:2.0
+METHOD:PUBLISH
+X-PUBLISHED-TTL:PT4H
+X-WR-CALNAME:test
+PRODID:-//RandomProdID which is not random//EN
+BEGIN:VTODO
+UID:randomuid
+DTSTAMP:20181201T011204
+SUMMARY:Todo #1
+DESCRIPTION:Lorem Ipsum
+LAST-MODIFIED:00010101T000000
+END:VTODO
+END:VCALENDAR`,
+			},
+			wantVTask: &models.Task{
+				Title:       "Todo #1",
+				UID:         "randomuid",
+				Description: "Lorem Ipsum",
+				Updated:     time.Unix(1543626724, 0).In(config.GetTimeZone()),
+			},
+		},
+		{
+			name: "With priority",
+			args: args{content: `BEGIN:VCALENDAR
+VERSION:2.0
+METHOD:PUBLISH
+X-PUBLISHED-TTL:PT4H
+X-WR-CALNAME:test
+PRODID:-//RandomProdID which is not random//EN
+BEGIN:VTODO
+UID:randomuid
+DTSTAMP:20181201T011204
+SUMMARY:Todo #1
+DESCRIPTION:Lorem Ipsum
+PRIORITY:9
+LAST-MODIFIED:00010101T000000
+END:VTODO
+END:VCALENDAR`,
+			},
+			wantVTask: &models.Task{
+				Title:       "Todo #1",
+				UID:         "randomuid",
+				Description: "Lorem Ipsum",
+				Priority:    1,
+				Updated:     time.Unix(1543626724, 0).In(config.GetTimeZone()),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ParseTaskFromVTODO(tt.args.content)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("ParseTaskFromVTODO() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if diff, equal := messagediff.PrettyDiff(got, tt.wantVTask); !equal {
+				t.Errorf("ParseTaskFromVTODO() gotVTask = %v, want %v, diff = %s", got, tt.wantVTask, diff)
+			}
+		})
+	}
+}

pkg/caldav/priority.go

@@ -0,0 +1,66 @@
+// Vikunja is a to-do list application to facilitate your life.
+// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public Licensee as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public Licensee for more details.
+//
+// You should have received a copy of the GNU Affero General Public Licensee
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package caldav
+
+// In caldav, priority values are an int from 0 to 9 where 1 is the highest priority and 9 the lowest. 0 is "unset".
+// Vikunja only has priorites from 0 to 5 where 0 is unset and 5 is the highest
+// See https://icalendar.org/iCalendar-RFC-5545/3-8-1-9-priority.html
+func mapPriorityToCaldav(priority int64) (caldavPriority int) {
+	switch priority {
+	case 0:
+		return 0
+	case 1: // Low
+		return 9
+	case 2: // Medium
+		return 5
+	case 3: // High
+		return 3
+	case 4: // Urgent
+		return 2
+	case 5: // DO NOW
+		return 1
+	}
+	return 0
+}
+
+// See mapPriorityToCaldav
+func parseVTODOPriority(priority int64) (vikunjaPriority int64) {
+	switch priority {
+	case 0:
+		return 0
+	case 1:
+		return 5
+	case 2:
+		return 4
+	case 3:
+		return 3
+	case 4:
+		return 3
+	case 5:
+		return 2
+	case 6:
+		return 1
+	case 7:
+		return 1
+	case 8:
+		return 1
+	case 9:
+		return 1
+	}
+
+	return 0
+}

pkg/caldav/priority_test.go

@@ -0,0 +1,131 @@
+// Vikunja is a to-do list application to facilitate your life.
+// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public Licensee as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public Licensee for more details.
+//
+// You should have received a copy of the GNU Affero General Public Licensee
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package caldav
+
+import "testing"
+
+func Test_parseVTODOPriority(t *testing.T) {
+	tests := []struct {
+		name     string
+		priority int64
+		want     int64
+	}{
+		{
+			name:     "unset",
+			priority: 0,
+			want:     0,
+		},
+		{
+			name:     "DO NOW",
+			priority: 1,
+			want:     5,
+		},
+		{
+			name:     "urgent",
+			priority: 2,
+			want:     4,
+		},
+		{
+			name:     "high 1",
+			priority: 3,
+			want:     3,
+		},
+		{
+			name:     "high 2",
+			priority: 4,
+			want:     3,
+		},
+		{
+			name:     "medium",
+			priority: 5,
+			want:     2,
+		},
+		{
+			name:     "low 1",
+			priority: 6,
+			want:     1,
+		},
+		{
+			name:     "low 2",
+			priority: 7,
+			want:     1,
+		},
+		{
+			name:     "low 3",
+			priority: 8,
+			want:     1,
+		},
+		{
+			name:     "low 4",
+			priority: 9,
+			want:     1,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if gotVikunjaPriority := parseVTODOPriority(tt.priority); gotVikunjaPriority != tt.want {
+				t.Errorf("parseVTODOPriority() = %v, want %v", gotVikunjaPriority, tt.want)
+			}
+		})
+	}
+}
+
+func Test_mapPriorityToCaldav(t *testing.T) {
+	tests := []struct {
+		name               string
+		priority           int64
+		wantCaldavPriority int
+	}{
+		{
+			name:               "unset",
+			priority:           0,
+			wantCaldavPriority: 0,
+		},
+		{
+			name:               "low",
+			priority:           1,
+			wantCaldavPriority: 9,
+		},
+		{
+			name:               "medium",
+			priority:           2,
+			wantCaldavPriority: 5,
+		},
+		{
+			name:               "high",
+			priority:           3,
+			wantCaldavPriority: 3,
+		},
+		{
+			name:               "urgent",
+			priority:           4,
+			wantCaldavPriority: 2,
+		},
+		{
+			name:               "DO NOW",
+			priority:           5,
+			wantCaldavPriority: 1,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if gotCaldavPriority := mapPriorityToCaldav(tt.priority); gotCaldavPriority != tt.wantCaldavPriority {
+				t.Errorf("mapPriorityToCaldav() = %v, want %v", gotCaldavPriority, tt.wantCaldavPriority)
+			}
+		})
+	}
+}

pkg/cmd/testmail.go

@@ -42,7 +42,7 @@ var testmailCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Info("Sending testmail...")
 		message := notifications.NewMail().
-			From(config.MailerFromEmail.GetString()).
+			From("Vikunja <"+config.MailerFromEmail.GetString()+">").
 			To(args[0]).
 			Subject("Test from Vikunja").
 			Line("This is a test mail!").

pkg/cmd/user.go

@@ -17,12 +17,15 @@
 package cmd
 
 import (
+	"bufio"
 	"fmt"
 	"os"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/asaskevich/govalidator"
+
 	"code.vikunja.io/api/pkg/db"
 	"code.vikunja.io/api/pkg/initialize"
 	"code.vikunja.io/api/pkg/log"
@@ -42,6 +45,7 @@ var (
 	userFlagResetPasswordDirectly bool
 	userFlagEnableUser            bool
 	userFlagDisableUser           bool
+	userFlagDeleteNow             bool
 )
 
 func init() {
@@ -66,7 +70,10 @@ func init() {
 	userChangeEnabledCmd.Flags().BoolVarP(&userFlagDisableUser, "disable", "d", false, "Disable the user.")
 	userChangeEnabledCmd.Flags().BoolVarP(&userFlagEnableUser, "enable", "e", false, "Enable the user.")
 
-	userCmd.AddCommand(userListCmd, userCreateCmd, userUpdateCmd, userResetPasswordCmd, userChangeEnabledCmd)
+	// User deletion flags
+	userDeleteCmd.Flags().BoolVarP(&userFlagDeleteNow, "now", "n", false, "If provided, deletes the user immediately instead of sending them an email first.")
+
+	userCmd.AddCommand(userListCmd, userCreateCmd, userUpdateCmd, userResetPasswordCmd, userChangeEnabledCmd, userDeleteCmd)
 	rootCmd.AddCommand(userCmd)
 }
 
@@ -98,7 +105,7 @@ func getUserFromArg(s *xorm.Session, arg string) *user.User {
 		log.Fatalf("Invalid user id: %s", err)
 	}
 
-	u, err := user.GetUserByID(s, id)
+	u, err := user.GetUserWithEmail(s, &user.User{ID: id})
 	if err != nil {
 		log.Fatalf("Could not get user: %s", err)
 	}
@@ -135,7 +142,7 @@ var userListCmd = &cobra.Command{
 			"ID",
 			"Username",
 			"Email",
-			"Active",
+			"Status",
 			"Created",
 			"Updated",
 		})
@@ -145,7 +152,7 @@ var userListCmd = &cobra.Command{
 				strconv.FormatInt(u.ID, 10),
 				u.Username,
 				u.Email,
-				strconv.FormatBool(u.IsActive),
+				u.Status.String(),
 				u.Created.Format(time.RFC3339),
 				u.Updated.Format(time.RFC3339),
 			})
@@ -170,6 +177,11 @@ var userCreateCmd = &cobra.Command{
 			Email:    userFlagEmail,
 			Password: getPasswordFromFlagOrInput(),
 		}
+
+		if !govalidator.IsEmail(userFlagEmail) {
+			log.Fatalf("Provided email is invalid.")
+		}
+
 		newUser, err := user.CreateUser(s, u)
 		if err != nil {
 			_ = s.Rollback()
@@ -277,11 +289,15 @@ var userChangeEnabledCmd = &cobra.Command{
 		u := getUserFromArg(s, args[0])
 
 		if userFlagEnableUser {
-			u.IsActive = true
+			u.Status = user.StatusActive
 		} else if userFlagDisableUser {
-			u.IsActive = false
+			u.Status = user.StatusDisabled
 		} else {
-			u.IsActive = !u.IsActive
+			if u.Status == user.StatusActive {
+				u.Status = user.StatusDisabled
+			} else {
+				u.Status = user.StatusActive
+			}
 		}
 		_, err := user.UpdateUser(s, u)
 		if err != nil {
@@ -293,6 +309,64 @@ var userChangeEnabledCmd = &cobra.Command{
 			log.Fatalf("Error saving everything: %s", err)
 		}
 
-		fmt.Printf("User status successfully changed, user is now active: %t.\n", u.IsActive)
+		fmt.Printf("User status successfully changed, status is now \"%s\"\n", u.Status)
+	},
+}
+
+var userDeleteCmd = &cobra.Command{
+	Use:   "delete [user id]",
+	Short: "Delete an existing user.",
+	Long:  "Kick off the user deletion process. If call without the --now flag, this command will only trigger an email to the user in order for them to confirm and start the deletion process. With the flag the user is deleted immediately. USE WITH CAUTION.",
+	Args:  cobra.ExactArgs(1),
+	PreRun: func(cmd *cobra.Command, args []string) {
+		initialize.FullInit()
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		if userFlagDeleteNow {
+			fmt.Println("You requested to delete the user immediately. Are you sure?")
+			fmt.Println(`To confirm, please type "yes, I confirm" in all uppercase:`)
+
+			cr := bufio.NewReader(os.Stdin)
+			text, err := cr.ReadString('\n')
+			if err != nil {
+				log.Fatalf("could not read confirmation message: %s", err)
+			}
+			if text != "YES, I CONFIRM\n" {
+				log.Fatalf("invalid confirmation message")
+			}
+		}
+
+		s := db.NewSession()
+		defer s.Close()
+
+		if err := s.Begin(); err != nil {
+			log.Fatalf("Count not start transaction: %s", err)
+		}
+
+		u := getUserFromArg(s, args[0])
+
+		if userFlagDeleteNow {
+			err := models.DeleteUser(s, u)
+			if err != nil {
+				_ = s.Rollback()
+				log.Fatalf("Error removing the user: %s", err)
+			}
+		} else {
+			err := user.RequestDeletion(s, u)
+			if err != nil {
+				_ = s.Rollback()
+				log.Fatalf("Could not request user deletion: %s", err)
+			}
+		}
+
+		if err := s.Commit(); err != nil {
+			log.Fatalf("Error saving everything: %s", err)
+		}
+
+		if userFlagDeleteNow {
+			fmt.Println("User deleted successfully.")
+		} else {
+			fmt.Println("User scheduled for deletion successfully.")
+		}
 	},
 }

pkg/cmd/web.go

@@ -18,6 +18,7 @@ package cmd
 
 import (
 	"context"
+	"net"
 	"os"
 	"os/signal"
 	"time"
@@ -29,7 +30,9 @@ import (
 	"code.vikunja.io/api/pkg/log"
 	"code.vikunja.io/api/pkg/routes"
 	"code.vikunja.io/api/pkg/swagger"
+	"code.vikunja.io/api/pkg/utils"
 	"code.vikunja.io/api/pkg/version"
+	"github.com/labstack/echo/v4"
 	"github.com/spf13/cobra"
 )
 
@@ -37,6 +40,31 @@ func init() {
 	rootCmd.AddCommand(webCmd)
 }
 
+func setupUnixSocket(e *echo.Echo) error {
+	path := config.ServiceUnixSocket.GetString()
+
+	// Remove old unix socket that may have remained after a crash
+	if err := os.Remove(path); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	if config.ServiceUnixSocketMode.Get() != nil {
+		// Use Umask instead of Chmod to prevent insecure race condition
+		// (no-op on Windows)
+		mode := config.ServiceUnixSocketMode.GetInt()
+		oldmask := utils.Umask(0o777 &^ mode)
+		defer utils.Umask(oldmask)
+	}
+
+	l, err := net.Listen("unix", path)
+	if err != nil {
+		return err
+	}
+
+	e.Listener = l
+	return nil
+}
+
 var webCmd = &cobra.Command{
 	Use:   "web",
 	Short: "Starts the rest api web server",
@@ -56,6 +84,12 @@ var webCmd = &cobra.Command{
 		routes.RegisterRoutes(e)
 		// Start server
 		go func() {
+			// Listen unix socket if needed (ServiceInterface will be ignored)
+			if config.ServiceUnixSocket.GetString() != "" {
+				if err := setupUnixSocket(e); err != nil {
+					e.Logger.Fatal(err)
+				}
+			}
 			if err := e.Start(config.ServiceInterface.GetString()); err != nil {
 				e.Logger.Info("shutting down...")
 			}

pkg/config/config.go

@@ -21,8 +21,10 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"time"
 	_ "time/tzdata" // Imports time zone data instead of relying on the os
@@ -37,12 +39,17 @@ type Key string
 const (
 	// #nosec
 	ServiceJWTSecret       Key = `service.JWTSecret`
+	ServiceJWTTTL          Key = `service.jwtttl`
+	ServiceJWTTTLLong      Key = `service.jwtttllong`
 	ServiceInterface       Key = `service.interface`
+	ServiceUnixSocket      Key = `service.unixsocket`
+	ServiceUnixSocketMode  Key = `service.unixsocketmode`
 	ServiceFrontendurl     Key = `service.frontendurl`
 	ServiceEnableCaldav    Key = `service.enablecaldav`
 	ServiceRootpath        Key = `service.rootpath`
+	ServiceStaticpath      Key = `service.staticpath`
 	ServiceMaxItemsPerPage Key = `service.maxitemsperpage`
-	// Deprecated. Use metrics.enabled
+	// Deprecated: Use metrics.enabled
 	ServiceEnableMetrics         Key = `service.enablemetrics`
 	ServiceMotd                  Key = `service.motd`
 	ServiceEnableLinkSharing     Key = `service.enablelinksharing`
@@ -54,6 +61,8 @@ const (
 	ServiceSentryDsn             Key = `service.sentrydsn`
 	ServiceTestingtoken          Key = `service.testingtoken`
 	ServiceEnableEmailReminders  Key = `service.enableemailreminders`
+	ServiceEnableUserDeletion    Key = `service.enableuserdeletion`
+	ServiceMaxAvatarSize         Key = `service.maxavatarsize`
 
 	AuthLocalEnabled      Key = `auth.local.enabled`
 	AuthOpenIDEnabled     Key = `auth.openid.enabled`
@@ -73,6 +82,9 @@ const (
 	DatabaseMaxIdleConnections    Key = `database.maxidleconnections`
 	DatabaseMaxConnectionLifetime Key = `database.maxconnectionlifetime`
 	DatabaseSslMode               Key = `database.sslmode`
+	DatabaseSslCert               Key = `database.sslcert`
+	DatabaseSslKey                Key = `database.sslkey`
+	DatabaseSslRootCert           Key = `database.sslrootcert`
 	DatabaseTLS                   Key = `database.tls`
 
 	CacheEnabled        Key = `cache.enabled`
@@ -84,6 +96,7 @@ const (
 	MailerPort          Key = `mailer.port`
 	MailerUsername      Key = `mailer.username`
 	MailerPassword      Key = `mailer.password`
+	MailerAuthType      Key = `mailer.authtype`
 	MailerSkipTLSVerify Key = `mailer.skiptlsverify`
 	MailerFromEmail     Key = `mailer.fromemail`
 	MailerQueuelength   Key = `mailer.queuelength`
@@ -148,6 +161,18 @@ const (
 	MetricsEnabled  Key = `metrics.enabled`
 	MetricsUsername Key = `metrics.username`
 	MetricsPassword Key = `metrics.password`
+
+	DefaultSettingsAvatarProvider              Key = `defaultsettings.avatar_provider`
+	DefaultSettingsAvatarFileID                Key = `defaultsettings.avatar_file_id`
+	DefaultSettingsEmailRemindersEnabled       Key = `defaultsettings.email_reminders_enabled`
+	DefaultSettingsDiscoverableByName          Key = `defaultsettings.discoverable_by_name`
+	DefaultSettingsDiscoverableByEmail         Key = `defaultsettings.discoverable_by_email`
+	DefaultSettingsOverdueTaskRemindersEnabled Key = `defaultsettings.overdue_tasks_reminders_enabled`
+	DefaultSettingsDefaultListID               Key = `defaultsettings.default_list_id`
+	DefaultSettingsWeekStart                   Key = `defaultsettings.week_start`
+	DefaultSettingsLanguage                    Key = `defaultsettings.language`
+	DefaultSettingsTimezone                    Key = `defaultsettings.timezone`
+	DefaultSettingsOverdueTaskRemindersTime    Key = `defaultsettings.overdue_tasks_reminders_time`
 )
 
 // GetString returns a string config value
@@ -212,6 +237,39 @@ func (k Key) setDefault(i interface{}) {
 	viper.SetDefault(string(k), i)
 }
 
+// Tries different methods to figure out the binary folder.
+// Copied and adopted from https://github.com/speedata/publisher/commit/3b668668d57edef04ea854d5bbd58f83eb1b799f
+func getBinaryDirLocation() string {
+	// First, check if the standard library gives us the path. This will work 99% of the time.
+	ex, err := os.Executable()
+	if err == nil {
+		return filepath.Dir(ex)
+	}
+
+	// Then check if the binary was run with a full path and use that if that's the case.
+	if strings.Contains(os.Args[0], "/") {
+		binDir, err := filepath.Abs(filepath.Dir(os.Args[0]))
+		if err != nil {
+			log.Fatal(err)
+		}
+		return binDir
+	}
+
+	exeSuffix := ""
+	if runtime.GOOS == "windows" {
+		exeSuffix = ".exe"
+	}
+
+	// All else failing, search for a vikunja binary in the current $PATH.
+	// This can give wrong results.
+	exeLocation, err := exec.LookPath("vikunja" + exeSuffix)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	return filepath.Dir(exeLocation)
+}
+
 // InitDefaultConfig sets default config values
 // This is an extra function so we can call it when initializing tests without initializing the full config
 func InitDefaultConfig() {
@@ -223,16 +281,15 @@ func InitDefaultConfig() {
 
 	// Service
 	ServiceJWTSecret.setDefault(random)
+	ServiceJWTTTL.setDefault(259200)      // 72 hours
+	ServiceJWTTTLLong.setDefault(2592000) // 30 days
 	ServiceInterface.setDefault(":3456")
+	ServiceUnixSocket.setDefault("")
 	ServiceFrontendurl.setDefault("")
 	ServiceEnableCaldav.setDefault(true)
 
-	ex, err := os.Executable()
-	if err != nil {
-		panic(err)
-	}
-	exPath := filepath.Dir(ex)
-	ServiceRootpath.setDefault(exPath)
+	ServiceRootpath.setDefault(getBinaryDirLocation())
+	ServiceStaticpath.setDefault("")
 	ServiceMaxItemsPerPage.setDefault(50)
 	ServiceEnableMetrics.setDefault(false)
 	ServiceMotd.setDefault("")
@@ -243,6 +300,8 @@ func InitDefaultConfig() {
 	ServiceEnableTaskComments.setDefault(true)
 	ServiceEnableTotp.setDefault(true)
 	ServiceEnableEmailReminders.setDefault(true)
+	ServiceEnableUserDeletion.setDefault(true)
+	ServiceMaxAvatarSize.setDefault(1024)
 
 	// Auth
 	AuthLocalEnabled.setDefault(true)
@@ -259,6 +318,9 @@ func InitDefaultConfig() {
 	DatabaseMaxIdleConnections.setDefault(50)
 	DatabaseMaxConnectionLifetime.setDefault(10000)
 	DatabaseSslMode.setDefault("disable")
+	DatabaseSslCert.setDefault("")
+	DatabaseSslKey.setDefault("")
+	DatabaseSslRootCert.setDefault("")
 	DatabaseTLS.setDefault("false")
 
 	// Cacher
@@ -269,13 +331,14 @@ func InitDefaultConfig() {
 	MailerEnabled.setDefault(false)
 	MailerHost.setDefault("")
 	MailerPort.setDefault("587")
-	MailerUsername.setDefault("user")
+	MailerUsername.setDefault("")
 	MailerPassword.setDefault("")
 	MailerSkipTLSVerify.setDefault(false)
 	MailerFromEmail.setDefault("mail@vikunja")
 	MailerQueuelength.setDefault(100)
 	MailerQueueTimeout.setDefault(30)
 	MailerForceSSL.setDefault(false)
+	MailerAuthType.setDefault("plain")
 	// Redis
 	RedisEnabled.setDefault(false)
 	RedisHost.setDefault("localhost:6379")
@@ -320,6 +383,10 @@ func InitDefaultConfig() {
 	KeyvalueType.setDefault("memory")
 	// Metrics
 	MetricsEnabled.setDefault(false)
+	// Settings
+	DefaultSettingsAvatarProvider.setDefault("initials")
+	DefaultSettingsOverdueTaskRemindersEnabled.setDefault(true)
+	DefaultSettingsOverdueTaskRemindersTime.setDefault("9:00")
 }
 
 // InitConfig initializes the config, sets defaults etc.
@@ -346,11 +413,17 @@ func InitConfig() {
 
 	viper.AddConfigPath(".")
 	viper.SetConfigName("config")
+
 	err = viper.ReadInConfig()
-	if err != nil {
-		log.Println(err.Error())
-		log.Println("Using default config.")
-		return
+	if viper.ConfigFileUsed() != "" {
+		log.Printf("Using config file: %s", viper.ConfigFileUsed())
+
+		if err != nil {
+			log.Println(err.Error())
+			log.Println("Using default config.")
+		}
+	} else {
+		log.Println("No config file found, using default or config from environment variables.")
 	}
 
 	if CacheType.GetString() == "keyvalue" {
@@ -361,10 +434,18 @@ func InitConfig() {
 		RateLimitStore.Set(KeyvalueType.GetString())
 	}
 
+	if ServiceFrontendurl.GetString() != "" && !strings.HasSuffix(ServiceFrontendurl.GetString(), "/") {
+		ServiceFrontendurl.Set(ServiceFrontendurl.GetString() + "/")
+	}
+
 	if AuthOpenIDRedirectURL.GetString() == "" {
 		AuthOpenIDRedirectURL.Set(ServiceFrontendurl.GetString() + "auth/openid/")
 	}
 
+	if MigrationTodoistRedirectURL.GetString() == "" {
+		MigrationTodoistRedirectURL.Set(ServiceFrontendurl.GetString() + "migrate/todoist")
+	}
+
 	if MigrationTrelloRedirectURL.GetString() == "" {
 		MigrationTrelloRedirectURL.Set(ServiceFrontendurl.GetString() + "migrate/trello")
 	}
@@ -373,12 +454,14 @@ func InitConfig() {
 		MigrationMicrosoftTodoRedirectURL.Set(ServiceFrontendurl.GetString() + "migrate/microsoft-todo")
 	}
 
+	if DefaultSettingsTimezone.GetString() == "" {
+		DefaultSettingsTimezone.Set(ServiceTimeZone.GetString())
+	}
+
 	if ServiceEnableMetrics.GetBool() {
 		log.Println("WARNING: service.enablemetrics is deprecated and will be removed in a future release. Please use metrics.enable.")
 		MetricsEnabled.Set(true)
 	}
-
-	log.Printf("Using config file: %s", viper.ConfigFileUsed())
 }
 
 func random(length int) (string, error) {

pkg/db/db.go

@@ -19,7 +19,6 @@ package db
 import (
 	"encoding/gob"
 	"fmt"
-	"net/url"
 	"os"
 	"strconv"
 	"strings"
@@ -28,9 +27,9 @@ import (
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/log"
 	xrc "gitea.com/xorm/xorm-redis-cache"
-	"xorm.io/core"
 	"xorm.io/xorm"
 	"xorm.io/xorm/caches"
+	"xorm.io/xorm/names"
 	"xorm.io/xorm/schemas"
 
 	_ "github.com/go-sql-driver/mysql" // Because.
@@ -81,7 +80,7 @@ func CreateDBEngine() (engine *xorm.Engine, err error) {
 		log.Fatalf("Error parsing time zone: %s", err)
 	}
 	engine.SetTZDatabase(loc)
-	engine.SetMapper(core.GonicMapper{})
+	engine.SetMapper(names.GonicMapper{})
 	logger := log.NewXormLogger("")
 	engine.SetLogger(logger)
 
@@ -150,13 +149,17 @@ func parsePostgreSQLHostPort(info string) (string, string) {
 
 func initPostgresEngine() (engine *xorm.Engine, err error) {
 	host, port := parsePostgreSQLHostPort(config.DatabaseHost.GetString())
-	connStr := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s",
+	// postgresql://username:password@host:port/dbname[?paramspec]
+	connStr := fmt.Sprintf("postgres://%s:%s@%s:%s/%s?sslmode=%s&sslcert=%s&sslkey=%s&sslrootcert=%s",
+		config.DatabaseUser.GetString(),
+		config.DatabasePassword.GetString(),
 		host,
 		port,
-		url.PathEscape(config.DatabaseUser.GetString()),
-		url.PathEscape(config.DatabasePassword.GetString()),
 		config.DatabaseDatabase.GetString(),
 		config.DatabaseSslMode.GetString(),
+		config.DatabaseSslCert.GetString(),
+		config.DatabaseSslKey.GetString(),
+		config.DatabaseSslRootCert.GetString(),
 	)
 
 	engine, err = xorm.NewEngine("postgres", connStr)
@@ -186,7 +189,7 @@ func initSqliteEngine() (engine *xorm.Engine, err error) {
 	}
 	file, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE, 0)
 	if err != nil {
-		return nil, fmt.Errorf("could not open database file [uid=%d, gid=%d]: %s", os.Getuid(), os.Getgid(), err)
+		return nil, fmt.Errorf("could not open database file [uid=%d, gid=%d]: %w", os.Getuid(), os.Getgid(), err)
 	}
 	_ = file.Close() // We directly close the file because we only want to check if it is writable. It will be reopened lazily later by xorm.
 

pkg/db/dump.go

@@ -19,6 +19,8 @@ package db
 import (
 	"encoding/json"
 
+	"code.vikunja.io/api/pkg/log"
+
 	"xorm.io/xorm/schemas"
 )
 
@@ -47,6 +49,9 @@ func Dump() (data map[string][]byte, err error) {
 
 // Restore restores a table with all its entries
 func Restore(table string, contents []map[string]interface{}) (err error) {
+	if _, err := x.IsTableExist(table); err != nil {
+		return err
+	}
 
 	for _, content := range contents {
 		if _, err := x.Table(table).Insert(content); err != nil {
@@ -54,6 +59,15 @@ func Restore(table string, contents []map[string]interface{}) (err error) {
 		}
 	}
 
+	if Type() == schemas.POSTGRES {
+		idSequence := table + "_id_seq"
+		_, err = x.Query("SELECT setval('" + idSequence + "', COALESCE(MAX(id), 1) )")
+		if err != nil {
+			log.Warningf("Could not reset id sequence for %s: %s", idSequence, err)
+			err = nil
+		}
+	}
+
 	return
 }
 

pkg/db/fixtures/buckets.yml

@@ -3,6 +3,7 @@
   list_id: 1
   created_by_id: 1
   limit: 9999999 # This bucket has a limit we will never exceed in the tests to make sure the logic allows for buckets with limits
+  position: 2
   created: 2020-04-18 21:13:52
   updated: 2020-04-18 21:13:52
 - id: 2
@@ -10,6 +11,7 @@
   list_id: 1
   created_by_id: 1
   limit: 3
+  position: 1
   created: 2020-04-18 21:13:52
   updated: 2020-04-18 21:13:52
 - id: 3
@@ -17,6 +19,7 @@
   list_id: 1
   created_by_id: 1
   is_done_bucket: 1
+  position: 3
   created: 2020-04-18 21:13:52
   updated: 2020-04-18 21:13:52
 - id: 4

pkg/db/fixtures/favorites.yml

@@ -0,0 +1,21 @@
+- entity_id: 1
+  user_id: 1
+  kind: 1
+- entity_id: 15
+  user_id: 6 # owner
+  kind: 1
+- entity_id: 15
+  user_id: 1
+  kind: 1
+- entity_id: 34
+  user_id: 13 # owner
+  kind: 1
+- entity_id: 34
+  user_id: 1
+  kind: 1
+- entity_id: 23
+  user_id: 12 # owner
+  kind: 2
+- entity_id: 23
+  user_id: 1
+  kind: 2

pkg/db/fixtures/lists.yml

@@ -5,6 +5,7 @@
   identifier: test1
   owner_id: 1
   namespace_id: 1
+  position: 3
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -14,6 +15,7 @@
   identifier: test2
   owner_id: 3
   namespace_id: 1
+  position: 2
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -23,6 +25,7 @@
   identifier: test3
   owner_id: 3
   namespace_id: 2
+  position: 1
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -32,6 +35,7 @@
   identifier: test4
   owner_id: 3
   namespace_id: 3
+  position: 4
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -41,6 +45,7 @@
   identifier: test5
   owner_id: 5
   namespace_id: 5
+  position: 5
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -50,6 +55,7 @@
   identifier: test6
   owner_id: 6
   namespace_id: 6
+  position: 6
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -59,6 +65,7 @@
   identifier: test7
   owner_id: 6
   namespace_id: 6
+  position: 7
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -68,6 +75,7 @@
   identifier: test8
   owner_id: 6
   namespace_id: 6
+  position: 8
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -77,6 +85,7 @@
   identifier: test9
   owner_id: 6
   namespace_id: 6
+  position: 9
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -86,6 +95,7 @@
   identifier: test10
   owner_id: 6
   namespace_id: 6
+  position: 10
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -95,6 +105,7 @@
   identifier: test11
   owner_id: 6
   namespace_id: 6
+  position: 11
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -104,6 +115,7 @@
   identifier: test12
   owner_id: 6
   namespace_id: 7
+  position: 12
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -113,6 +125,7 @@
   identifier: test13
   owner_id: 6
   namespace_id: 8
+  position: 13
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -122,6 +135,7 @@
   identifier: test14
   owner_id: 6
   namespace_id: 9
+  position: 14
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -131,6 +145,7 @@
   identifier: test15
   owner_id: 6
   namespace_id: 10
+  position: 15
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -140,6 +155,7 @@
   identifier: test16
   owner_id: 6
   namespace_id: 11
+  position: 16
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -149,6 +165,7 @@
   identifier: test17
   owner_id: 6
   namespace_id: 12
+  position: 17
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 # This list is owned by user 7, and several other users have access to it via different methods.
@@ -160,6 +177,7 @@
   identifier: test18
   owner_id: 7
   namespace_id: 13
+  position: 18
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -169,6 +187,7 @@
   identifier: test19
   owner_id: 7
   namespace_id: 14
+  position: 19
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 # User 1 does not have access to this list
@@ -179,6 +198,7 @@
   identifier: test20
   owner_id: 13
   namespace_id: 15
+  position: 20
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -188,6 +208,7 @@
   identifier: test21
   owner_id: 1
   namespace_id: 16
+  position: 21
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -198,6 +219,7 @@
   owner_id: 1
   namespace_id: 1
   is_archived: 1
+  position: 22
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
 -
@@ -207,6 +229,16 @@
   identifier: test23
   owner_id: 12
   namespace_id: 17
-  is_favorite: true
+  position: 23
+  updated: 2018-12-02 15:13:12
+  created: 2018-12-01 15:13:12
+-
+  id: 24
+  title: Test24
+  description: Lorem Ipsum
+  identifier: test6
+  owner_id: 6
+  namespace_id: 6
+  position: 7
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12

pkg/db/fixtures/tasks.yml

@@ -8,7 +8,7 @@
   created: 2018-12-01 01:12:04
   updated: 2018-12-01 01:12:04
   bucket_id: 1
-  is_favorite: true
+  position: 2
 - id: 2
   title: 'task #2 done'
   done: true
@@ -18,6 +18,7 @@
   created: 2018-12-01 01:12:04
   updated: 2018-12-01 01:12:04
   bucket_id: 1
+  position: 4
 - id: 3
   title: 'task #3 high prio'
   done: false
@@ -141,7 +142,6 @@
   list_id: 6
   index: 1
   bucket_id: 6
-  is_favorite: true
   created: 2018-12-01 01:12:04
   updated: 2018-12-01 01:12:04
 - id: 16
@@ -317,7 +317,6 @@
   list_id: 20
   index: 20
   bucket_id: 5
-  is_favorite: true
   created: 2018-12-01 01:12:04
   updated: 2018-12-01 01:12:04
 - id: 35

pkg/db/fixtures/user_tokens.yml

@@ -0,0 +1,18 @@
+-
+  id: 1
+  user_id: 3
+  token: 'passwordresettesttoken'
+  kind: 1
+  created: 2021-07-12 00:00:11
+-
+  id: 2
+  user_id: 4
+  token: 'tiepiQueed8ahc7zeeFe1eveiy4Ein8osooxegiephauph2Ael'
+  kind: 2
+  created: 2021-07-12 00:00:12
+-
+  id: 3
+  user_id: 5
+  token: 'tiepiQueed8ahc7zeeFe1eveiy4Ein8osooxegiephauph2Aei'
+  kind: 2
+  created: 2021-07-12 00:00:13

pkg/db/fixtures/users.yml

@@ -3,7 +3,6 @@
   username: 'user1'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user1@example.com'
-  is_active: true
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -20,7 +19,6 @@
   username: 'user3'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user3@example.com'
-  password_reset_token: passwordresettesttoken
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -29,7 +27,7 @@
   username: 'user4'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user4@example.com'
-  email_confirm_token: tiepiQueed8ahc7zeeFe1eveiy4Ein8osooxegiephauph2Ael
+  status: 1
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -38,8 +36,7 @@
   username: 'user5'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user5@example.com'
-  email_confirm_token: tiepiQueed8ahc7zeeFe1eveiy4Ein8osooxegiephauph2Ael
-  is_active: false
+  status: 1
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -48,7 +45,6 @@
   username: 'user6'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user6@example.com'
-  is_active: true
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -56,7 +52,6 @@
   username: 'user7'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user7@example.com'
-  is_active: true
   issuer: local
   discoverable_by_email: true
   updated: 2018-12-02 15:13:12
@@ -65,7 +60,6 @@
   username: 'user8'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user8@example.com'
-  is_active: true
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -73,7 +67,6 @@
   username: 'user9'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user9@example.com'
-  is_active: true
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -81,7 +74,6 @@
   username: 'user10'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user10@example.com'
-  is_active: true
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -90,7 +82,6 @@
   name: 'Some one else'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user11@example.com'
-  is_active: true
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -99,7 +90,6 @@
   name: 'Name with spaces'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user12@example.com'
-  is_active: true
   issuer: local
   discoverable_by_name: true
   updated: 2018-12-02 15:13:12
@@ -108,7 +98,6 @@
   username: 'user13'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user14@example.com'
-  is_active: true
   issuer: local
   updated: 2018-12-02 15:13:12
   created: 2018-12-01 15:13:12
@@ -116,7 +105,6 @@
   username: 'user14'
   password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
   email: 'user15@some.service.com'
-  is_active: true
   issuer: 'https://some.service.com'
   subject: '12345'
   updated: 2018-12-02 15:13:12

pkg/db/helpers.go

@@ -0,0 +1,35 @@
+// Vikunja is a to-do list application to facilitate your life.
+// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public Licensee as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public Licensee for more details.
+//
+// You should have received a copy of the GNU Affero General Public Licensee
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package db
+
+import (
+	"xorm.io/builder"
+	"xorm.io/xorm/schemas"
+)
+
+// ILIKE returns an ILIKE query on postgres and a LIKE query on all other platforms.
+// Postgres' is case sensitive by default.
+// To work around this, we're using ILIKE as opposed to normal LIKE statements.
+// ILIKE is preferred over LOWER(text) LIKE for performance reasons.
+// See https://stackoverflow.com/q/7005302/10924593
+func ILIKE(column, search string) builder.Cond {
+	if Type() == schemas.POSTGRES {
+		return builder.Expr(column+" ILIKE ?", "%"+search+"%")
+	}
+
+	return &builder.Like{column, "%" + search + "%"}
+}

pkg/db/test.go

@@ -23,9 +23,10 @@ import (
 
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/log"
+
 	"github.com/stretchr/testify/assert"
-	"xorm.io/core"
 	"xorm.io/xorm"
+	"xorm.io/xorm/names"
 )
 
 // CreateTestEngine creates an instance of the db engine which lives in memory
@@ -48,7 +49,7 @@ func CreateTestEngine() (engine *xorm.Engine, err error) {
 		}
 	}
 
-	engine.SetMapper(core.GonicMapper{})
+	engine.SetMapper(names.GonicMapper{})
 	logger := log.NewXormLogger("DEBUG")
 	logger.ShowSQL(os.Getenv("UNIT_TESTS_VERBOSE") == "1")
 	engine.SetLogger(logger)

pkg/db/test_fixtures.go

@@ -59,10 +59,6 @@ func InitFixtures(tablenames ...string) (err error) {
 	}
 
 	fixtures, err = testfixtures.New(loaderOptions...)
-	if err != nil {
-		return err
-	}
-
 	return err
 }
 
@@ -106,7 +102,7 @@ func LoadFixtures() error {
 			}
 		}
 	}
-	return err
+	return nil
 }
 
 // LoadAndAssertFixtures loads all fixtures defined before and asserts they are correctly loaded

pkg/events/testing.go

@@ -17,8 +17,12 @@
 package events
 
 import (
+	"encoding/json"
 	"testing"
 
+	"github.com/ThreeDotsLabs/watermill"
+	"github.com/ThreeDotsLabs/watermill/message"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -47,3 +51,13 @@ func AssertDispatched(t *testing.T, event Event) {
 
 	assert.True(t, found, "Failed to assert "+event.Name()+" has been dispatched.")
 }
+
+// TestListener takes an event and a listener and calls the listener's Handle method.
+func TestListener(t *testing.T, event Event, listener Listener) {
+	content, err := json.Marshal(event)
+	assert.NoError(t, err)
+
+	msg := message.NewMessage(watermill.NewUUID(), content)
+	err = listener.Handle(msg)
+	assert.NoError(t, err)
+}

pkg/files/files.go

@@ -17,12 +17,17 @@
 package files
 
 import (
+	"errors"
 	"io"
+	"os"
 	"strconv"
 	"time"
 
+	"xorm.io/xorm"
+
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/db"
+	"code.vikunja.io/api/pkg/log"
 	"code.vikunja.io/web"
 	"github.com/c2h5oh/datasize"
 	"github.com/spf13/afero"
@@ -75,7 +80,18 @@ func Create(f io.Reader, realname string, realsize uint64, a web.Auth) (file *Fi
 
 // CreateWithMime creates a new file from an FileHeader and sets its mime type
 func CreateWithMime(f io.Reader, realname string, realsize uint64, a web.Auth, mime string) (file *File, err error) {
+	s := db.NewSession()
+	defer s.Close()
 
+	file, err = CreateWithMimeAndSession(s, f, realname, realsize, a, mime)
+	if err != nil {
+		_ = s.Rollback()
+		return
+	}
+	return
+}
+
+func CreateWithMimeAndSession(s *xorm.Session, f io.Reader, realname string, realsize uint64, a web.Auth, mime string) (file *File, err error) {
 	// Get and parse the configured file size
 	var maxSize datasize.ByteSize
 	err = maxSize.UnmarshalText([]byte(config.FilesMaxSize.GetString()))
@@ -94,21 +110,13 @@ func CreateWithMime(f io.Reader, realname string, realsize uint64, a web.Auth, m
 		Mime:        mime,
 	}
 
-	s := db.NewSession()
-	defer s.Close()
-
 	_, err = s.Insert(file)
 	if err != nil {
-		_ = s.Rollback()
 		return
 	}
 
 	// Save the file to storage with its new ID as path
 	err = file.Save(f)
-	if err != nil {
-		_ = s.Rollback()
-		return
-	}
 	return
 }
 
@@ -129,9 +137,17 @@ func (f *File) Delete() (err error) {
 
 	err = afs.Remove(f.getFileName())
 	if err != nil {
+		var perr *os.PathError
+		if errors.As(err, &perr) {
+			// Don't fail when removing the file failed
+			log.Errorf("Error deleting file %d: %w", err)
+			return s.Commit()
+		}
+
 		_ = s.Rollback()
 		return err
 	}
+
 	return
 }
 

pkg/initialize/init.go

@@ -78,15 +78,15 @@ func FullInit() {
 
 	LightInit()
 
+	// Initialize the files handler
+	files.InitFileHandler()
+
 	// Run the migrations
 	migration.Migrate(nil)
 
 	// Set Engine
 	InitEngines()
 
-	// Initialize the files handler
-	files.InitFileHandler()
-
 	// Start the mail daemon
 	mail.StartMailDaemon()
 
@@ -94,6 +94,10 @@ func FullInit() {
 	cron.Init()
 	models.RegisterReminderCron()
 	models.RegisterOverdueReminderCron()
+	user.RegisterTokenCleanupCron()
+	user.RegisterDeletionNotificationCron()
+	models.RegisterUserDeletionCron()
+	models.RegisterOldExportCleanupCron()
 
 	// Start processing events
 	go func() {

pkg/integrations/archived_test.go

@@ -227,7 +227,7 @@ func TestArchived(t *testing.T) {
 				assertHandlerErrorCode(t, err, models.ErrCodeListIsArchived)
 			})
 			t.Run("unarchivable", func(t *testing.T) {
-				rec, err := testListHandler.testUpdateWithUser(nil, map[string]string{"list": "22"}, `{"title":"LoremIpsum","is_archived":false}`)
+				rec, err := testListHandler.testUpdateWithUser(nil, map[string]string{"list": "22"}, `{"title":"LoremIpsum","is_archived":false,"namespace_id":1}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"is_archived":false`)
 			})

pkg/integrations/healthcheck_test.go

@@ -0,0 +1,33 @@
+// Vikunja is a to-do list application to facilitate your life.
+// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public Licensee as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public Licensee for more details.
+//
+// You should have received a copy of the GNU Affero General Public Licensee
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package integrations
+
+import (
+	"net/http"
+	"testing"
+
+	"code.vikunja.io/api/pkg/routes"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestHealthcheck(t *testing.T) {
+	t.Run("healthcheck", func(t *testing.T) {
+		rec, err := newTestRequest(t, http.MethodGet, routes.HealthcheckHandler, ``, nil, nil)
+		assert.NoError(t, err)
+		assert.Contains(t, rec.Body.String(), "OK")
+	})
+}

pkg/integrations/integrations.go

@@ -17,6 +17,7 @@
 package integrations
 
 import (
+	"errors"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -24,18 +25,18 @@ import (
 	"strings"
 	"testing"
 
-	"code.vikunja.io/api/pkg/events"
-
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/db"
+	"code.vikunja.io/api/pkg/events"
 	"code.vikunja.io/api/pkg/files"
 	"code.vikunja.io/api/pkg/models"
 	"code.vikunja.io/api/pkg/modules/auth"
+	"code.vikunja.io/api/pkg/modules/keyvalue"
 	"code.vikunja.io/api/pkg/routes"
 	"code.vikunja.io/api/pkg/user"
 	"code.vikunja.io/web"
 	"code.vikunja.io/web/handler"
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/labstack/echo/v4"
 	"github.com/stretchr/testify/assert"
 )
@@ -47,7 +48,6 @@ var (
 		Username: "user1",
 		Password: "$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.",
 		Email:    "user1@example.com",
-		IsActive: true,
 	}
 	testuser2 = user.User{
 		ID:       2,
@@ -56,26 +56,23 @@ var (
 		Email:    "user2@example.com",
 	}
 	testuser3 = user.User{
-		ID:                 3,
-		Username:           "user3",
-		Password:           "$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.",
-		Email:              "user3@example.com",
-		PasswordResetToken: "passwordresettesttoken",
+		ID:       3,
+		Username: "user3",
+		Password: "$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.",
+		Email:    "user3@example.com",
 	}
 	testuser4 = user.User{
-		ID:                4,
-		Username:          "user4",
-		Password:          "$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.",
-		Email:             "user4@example.com",
-		EmailConfirmToken: "tiepiQueed8ahc7zeeFe1eveiy4Ein8osooxegiephauph2Ael",
+		ID:       4,
+		Username: "user4",
+		Password: "$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.",
+		Email:    "user4@example.com",
 	}
 	testuser5 = user.User{
-		ID:                4,
-		Username:          "user5",
-		Password:          "$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.",
-		Email:             "user5@example.com",
-		EmailConfirmToken: "tiepiQueed8ahc7zeeFe1eveiy4Ein8osooxegiephauph2Ael",
-		IsActive:          false,
+		ID:       4,
+		Username: "user5",
+		Password: "$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.",
+		Email:    "user5@example.com",
+		Status:   user.StatusDisabled,
 	}
 )
 
@@ -88,6 +85,7 @@ func setupTestEnv() (e *echo.Echo, err error) {
 	user.InitTests()
 	models.SetupTests()
 	events.Fake()
+	keyvalue.InitStorage()
 
 	err = db.LoadFixtures()
 	if err != nil {
@@ -122,7 +120,7 @@ func newTestRequest(t *testing.T, method string, handler func(ctx echo.Context)
 
 func addUserTokenToContext(t *testing.T, user *user.User, c echo.Context) {
 	// Get the token as a string
-	token, err := auth.NewUserJWTAuthtoken(user)
+	token, err := auth.NewUserJWTAuthtoken(user, false)
 	assert.NoError(t, err)
 	// We send the string token through the parsing function to get a valid jwt.Token
 	tken, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {
@@ -177,8 +175,8 @@ func assertHandlerErrorCode(t *testing.T, err error, expectedErrorCode int) {
 		t.Error("Error is nil")
 		t.FailNow()
 	}
-	httperr, ok := err.(*echo.HTTPError)
-	if !ok {
+	var httperr *echo.HTTPError
+	if !errors.As(err, &httperr) {
 		t.Error("Error is not *echo.HTTPError")
 		t.FailNow()
 	}

pkg/integrations/link_sharing_test.go

@@ -232,12 +232,12 @@ func TestLinkSharing(t *testing.T) {
 					assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 				})
 				t.Run("Shared write", func(t *testing.T) {
-					rec, err := testHandlerListWrite.testUpdateWithLinkShare(nil, map[string]string{"list": "2"}, `{"title":"TestLoremIpsum"}`)
+					rec, err := testHandlerListWrite.testUpdateWithLinkShare(nil, map[string]string{"list": "2"}, `{"title":"TestLoremIpsum","namespace_id":1}`)
 					assert.NoError(t, err)
 					assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 				})
 				t.Run("Shared admin", func(t *testing.T) {
-					rec, err := testHandlerListAdmin.testUpdateWithLinkShare(nil, map[string]string{"list": "3"}, `{"title":"TestLoremIpsum"}`)
+					rec, err := testHandlerListAdmin.testUpdateWithLinkShare(nil, map[string]string{"list": "3"}, `{"title":"TestLoremIpsum","namespace_id":2}`)
 					assert.NoError(t, err)
 					assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 				})

pkg/integrations/list_test.go

@@ -171,7 +171,7 @@ func TestList(t *testing.T) {
 	t.Run("Update", func(t *testing.T) {
 		t.Run("Normal", func(t *testing.T) {
 			// Check the list was loaded successfully afterwards, see testReadOneWithUser
-			rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "1"}, `{"title":"TestLoremIpsum"}`)
+			rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "1"}, `{"title":"TestLoremIpsum","namespace_id":1}`)
 			assert.NoError(t, err)
 			assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			// The description should not be updated but returned correctly
@@ -183,7 +183,7 @@ func TestList(t *testing.T) {
 			assertHandlerErrorCode(t, err, models.ErrCodeListDoesNotExist)
 		})
 		t.Run("Normal with updating the description", func(t *testing.T) {
-			rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "1"}, `{"title":"TestLoremIpsum","description":"Lorem Ipsum dolor sit amet"}`)
+			rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "1"}, `{"title":"TestLoremIpsum","description":"Lorem Ipsum dolor sit amet","namespace_id":1}`)
 			assert.NoError(t, err)
 			assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			assert.Contains(t, rec.Body.String(), `"description":"Lorem Ipsum dolor sit amet`)
@@ -211,12 +211,12 @@ func TestList(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via Team write", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "7"}, `{"title":"TestLoremIpsum"}`)
+				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "7"}, `{"title":"TestLoremIpsum","namespace_id":6}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			})
 			t.Run("Shared Via Team admin", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "8"}, `{"title":"TestLoremIpsum"}`)
+				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "8"}, `{"title":"TestLoremIpsum","namespace_id":6}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			})
@@ -227,12 +227,12 @@ func TestList(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via User write", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "10"}, `{"title":"TestLoremIpsum"}`)
+				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "10"}, `{"title":"TestLoremIpsum","namespace_id":6}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			})
 			t.Run("Shared Via User admin", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "11"}, `{"title":"TestLoremIpsum"}`)
+				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "11"}, `{"title":"TestLoremIpsum","namespace_id":6}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			})
@@ -243,12 +243,12 @@ func TestList(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceTeam write", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "13"}, `{"title":"TestLoremIpsum"}`)
+				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "13"}, `{"title":"TestLoremIpsum","namespace_id":8}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			})
 			t.Run("Shared Via NamespaceTeam admin", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "14"}, `{"title":"TestLoremIpsum"}`)
+				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "14"}, `{"title":"TestLoremIpsum","namespace_id":9}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			})
@@ -259,12 +259,12 @@ func TestList(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceUser write", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "16"}, `{"title":"TestLoremIpsum"}`)
+				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "16"}, `{"title":"TestLoremIpsum","namespace_id":11}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			})
 			t.Run("Shared Via NamespaceUser admin", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "17"}, `{"title":"TestLoremIpsum"}`)
+				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"list": "17"}, `{"title":"TestLoremIpsum","namespace_id":12}`)
 				assert.NoError(t, err)
 				assert.Contains(t, rec.Body.String(), `"title":"TestLoremIpsum"`)
 			})

pkg/integrations/task_collection_test.go

@@ -113,49 +113,49 @@ func TestTaskCollection(t *testing.T) {
 			t.Run("by priority", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"priority"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":33,"title":"task #33 with percent done","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0.5,"identifier":"test1-17","index":17,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":1,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":4,"title":"task #4 low prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":1,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-4","index":4,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":3,"title":"task #3 high prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":100,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-3","index":3,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `{"id":33,"title":"task #33 with percent done","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0.5,"identifier":"test1-17","index":17,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":1,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
 			})
 			t.Run("by priority desc", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"priority"}, "order_by": []string{"desc"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `[{"id":3,"title":"task #3 high prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":100,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-3","index":3,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":4,"title":"task #4 low prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":1`)
+				assert.Contains(t, rec.Body.String(), `[{"id":3,"title":"task #3 high prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":100,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-3","index":3,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":4,"title":"task #4 low prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":1`)
 			})
 			t.Run("by priority asc", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"priority"}, "order_by": []string{"asc"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":33,"title":"task #33 with percent done","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0.5,"identifier":"test1-17","index":17,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":1,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":4,"title":"task #4 low prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":1,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-4","index":4,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":3,"title":"task #3 high prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":100,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-3","index":3,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `{"id":33,"title":"task #33 with percent done","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0.5,"identifier":"test1-17","index":17,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":1,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
 			})
 			// should equal duedate asc
 			t.Run("by due_date", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `[{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}`)
 			})
 			t.Run("by duedate desc", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}, "order_by": []string{"desc"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `[{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":6,"title":"task #6 lower due date`)
+				assert.Contains(t, rec.Body.String(), `[{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":6,"title":"task #6 lower due date`)
 			})
 			// Due date without unix suffix
 			t.Run("by duedate asc without  suffix", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}, "order_by": []string{"asc"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `[{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}`)
 			})
-			t.Run("by due_date without  suffix", func(t *testing.T) {
+			t.Run("by due_date without suffix", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `[{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}`)
 			})
 			t.Run("by duedate desc without  suffix", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}, "order_by": []string{"desc"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `[{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":6,"title":"task #6 lower due date`)
+				assert.Contains(t, rec.Body.String(), `[{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":6,"title":"task #6 lower due date`)
 			})
 			t.Run("by duedate asc", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}, "order_by": []string{"asc"}}, urlParams)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `[{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}`)
 			})
 			t.Run("invalid sort parameter", func(t *testing.T) {
 				_, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"loremipsum"}}, urlParams)
@@ -244,12 +244,37 @@ func TestTaskCollection(t *testing.T) {
 					// the current date.
 					assert.Equal(t, "[]\n", rec.Body.String())
 				})
+				t.Run("unix timestamps", func(t *testing.T) {
+					rec, err := testHandler.testReadAllWithUser(
+						url.Values{
+							"filter_by":         []string{"start_date", "end_date", "due_date"},
+							"filter_value":      []string{"1544500000", "1513164001", "1543500000"},
+							"filter_comparator": []string{"greater", "less", "greater"},
+						},
+						urlParams,
+					)
+					assert.NoError(t, err)
+					assert.NotContains(t, rec.Body.String(), `task #1`)
+					assert.NotContains(t, rec.Body.String(), `task #2`)
+					assert.NotContains(t, rec.Body.String(), `task #3`)
+					assert.NotContains(t, rec.Body.String(), `task #4`)
+					assert.Contains(t, rec.Body.String(), `task #5`)
+					assert.Contains(t, rec.Body.String(), `task #6`)
+					assert.Contains(t, rec.Body.String(), `task #7`)
+					assert.NotContains(t, rec.Body.String(), `task #8`)
+					assert.Contains(t, rec.Body.String(), `task #9`)
+					assert.NotContains(t, rec.Body.String(), `task #10`)
+					assert.NotContains(t, rec.Body.String(), `task #11`)
+					assert.NotContains(t, rec.Body.String(), `task #12`)
+					assert.NotContains(t, rec.Body.String(), `task #13`)
+					assert.NotContains(t, rec.Body.String(), `task #14`)
+				})
 			})
 			t.Run("invalid date", func(t *testing.T) {
 				_, err := testHandler.testReadAllWithUser(
 					url.Values{
 						"filter_by":         []string{"due_date"},
-						"filter_value":      []string{"1540000000"},
+						"filter_value":      []string{"invalid"},
 						"filter_comparator": []string{"greater"},
 					},
 					nil,
@@ -341,33 +366,33 @@ func TestTaskCollection(t *testing.T) {
 			t.Run("by priority", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"priority"}}, nil)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":33,"title":"task #33 with percent done","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0.5,"identifier":"test1-17","index":17,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":1,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":4,"title":"task #4 low prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":1,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-4","index":4,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":3,"title":"task #3 high prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":100,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-3","index":3,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `{"id":33,"title":"task #33 with percent done","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0.5,"identifier":"test1-17","index":17,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":1,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
 			})
 			t.Run("by priority desc", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"priority"}, "order_by": []string{"desc"}}, nil)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `[{"id":3,"title":"task #3 high prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":100,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-3","index":3,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":4,"title":"task #4 low prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":1`)
+				assert.Contains(t, rec.Body.String(), `[{"id":3,"title":"task #3 high prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":100,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-3","index":3,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":4,"title":"task #4 low prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":1`)
 			})
 			t.Run("by priority asc", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"priority"}, "order_by": []string{"asc"}}, nil)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":33,"title":"task #33 with percent done","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0.5,"identifier":"test1-17","index":17,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":1,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":4,"title":"task #4 low prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":1,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-4","index":4,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":3,"title":"task #3 high prio","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":100,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-3","index":3,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `{"id":33,"title":"task #33 with percent done","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"0001-01-01T00:00:00Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0.5,"identifier":"test1-17","index":17,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":1,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
 			})
 			// should equal duedate asc
 			t.Run("by due_date", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}}, nil)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `[{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}`)
 			})
 			t.Run("by duedate desc", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}, "order_by": []string{"desc"}}, nil)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `[{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":6,"title":"task #6 lower due date`)
+				assert.Contains(t, rec.Body.String(), `[{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":6,"title":"task #6 lower due date`)
 			})
 			t.Run("by duedate asc", func(t *testing.T) {
 				rec, err := testHandler.testReadAllWithUser(url.Values{"sort_by": []string{"due_date"}, "order_by": []string{"asc"}}, nil)
 				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}]`)
+				assert.Contains(t, rec.Body.String(), `[{"id":6,"title":"task #6 lower due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-11-30T22:25:24Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-6","index":6,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":3,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}},{"id":5,"title":"task #5 higher due date","description":"","done":false,"done_at":"0001-01-01T00:00:00Z","due_date":"2018-12-01T03:58:44Z","reminder_dates":null,"list_id":1,"repeat_after":0,"repeat_mode":0,"priority":0,"start_date":"0001-01-01T00:00:00Z","end_date":"0001-01-01T00:00:00Z","assignees":null,"labels":null,"hex_color":"","percent_done":0,"identifier":"test1-5","index":5,"related_tasks":{},"attachments":null,"cover_image_attachment_id":0,"is_favorite":false,"created":"2018-12-01T01:12:04Z","updated":"2018-12-01T01:12:04Z","bucket_id":2,"position":0,"kanban_position":0,"created_by":{"id":1,"name":"","username":"user1","created":"2018-12-01T15:13:12Z","updated":"2018-12-02T15:13:12Z"}}`)
 			})
 			t.Run("invalid parameter", func(t *testing.T) {
 				// Invalid parameter should not sort at all
@@ -451,7 +476,7 @@ func TestTaskCollection(t *testing.T) {
 				_, err := testHandler.testReadAllWithUser(
 					url.Values{
 						"filter_by":         []string{"due_date"},
-						"filter_value":      []string{"1540000000"},
+						"filter_value":      []string{"invalid"},
 						"filter_comparator": []string{"greater"},
 					},
 					nil,

pkg/integrations/task_comment_test.go

@@ -63,6 +63,7 @@ func TestTaskComments(t *testing.T) {
 			assertHandlerErrorCode(t, err, models.ErrCodeTaskDoesNotExist)
 		})
 		t.Run("Rights check", func(t *testing.T) {
+			// Only the own comments can be updated
 			t.Run("Forbidden", func(t *testing.T) {
 				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "14", "commentid": "2"}, `{"comment":"Lorem Ipsum"}`)
 				assert.Error(t, err)
@@ -74,14 +75,14 @@ func TestTaskComments(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via Team write", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "16", "commentid": "4"}, `{"comment":"Lorem Ipsum"}`)
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `"comment":"Lorem Ipsum"`)
+				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "16", "commentid": "4"}, `{"comment":"Lorem Ipsum"}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via Team admin", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "17", "commentid": "5"}, `{"comment":"Lorem Ipsum"}`)
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `"comment":"Lorem Ipsum"`)
+				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "17", "commentid": "5"}, `{"comment":"Lorem Ipsum"}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 
 			t.Run("Shared Via User readonly", func(t *testing.T) {
@@ -90,14 +91,14 @@ func TestTaskComments(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via User write", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "19", "commentid": "7"}, `{"comment":"Lorem Ipsum"}`)
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `"comment":"Lorem Ipsum"`)
+				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "19", "commentid": "7"}, `{"comment":"Lorem Ipsum"}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via User admin", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "20", "commentid": "8"}, `{"comment":"Lorem Ipsum"}`)
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `"comment":"Lorem Ipsum"`)
+				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "20", "commentid": "8"}, `{"comment":"Lorem Ipsum"}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 
 			t.Run("Shared Via NamespaceTeam readonly", func(t *testing.T) {
@@ -106,14 +107,14 @@ func TestTaskComments(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceTeam write", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "22", "commentid": "10"}, `{"comment":"Lorem Ipsum"}`)
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `"comment":"Lorem Ipsum"`)
+				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "22", "commentid": "10"}, `{"comment":"Lorem Ipsum"}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceTeam admin", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "23", "commentid": "11"}, `{"comment":"Lorem Ipsum"}`)
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `"comment":"Lorem Ipsum"`)
+				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "23", "commentid": "11"}, `{"comment":"Lorem Ipsum"}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 
 			t.Run("Shared Via NamespaceUser readonly", func(t *testing.T) {
@@ -122,14 +123,14 @@ func TestTaskComments(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceUser write", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "25", "commentid": "13"}, `{"comment":"Lorem Ipsum"}`)
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `"comment":"Lorem Ipsum"`)
+				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "25", "commentid": "13"}, `{"comment":"Lorem Ipsum"}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceUser admin", func(t *testing.T) {
-				rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "26", "commentid": "14"}, `{"comment":"Lorem Ipsum"}`)
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `"comment":"Lorem Ipsum"`)
+				_, err := testHandler.testUpdateWithUser(nil, map[string]string{"task": "26", "commentid": "14"}, `{"comment":"Lorem Ipsum"}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 		})
 	})
@@ -145,6 +146,7 @@ func TestTaskComments(t *testing.T) {
 			assertHandlerErrorCode(t, err, models.ErrCodeTaskDoesNotExist)
 		})
 		t.Run("Rights check", func(t *testing.T) {
+			// Only the own comments can be deleted
 			t.Run("Forbidden", func(t *testing.T) {
 				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "14", "commentid": "2"})
 				assert.Error(t, err)
@@ -156,14 +158,14 @@ func TestTaskComments(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via Team write", func(t *testing.T) {
-				rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "16", "commentid": "4"})
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `Successfully deleted.`)
+				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "16", "commentid": "4"})
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via Team admin", func(t *testing.T) {
-				rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "17", "commentid": "5"})
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `Successfully deleted.`)
+				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "17", "commentid": "5"})
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 
 			t.Run("Shared Via User readonly", func(t *testing.T) {
@@ -172,14 +174,14 @@ func TestTaskComments(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via User write", func(t *testing.T) {
-				rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "19", "commentid": "7"})
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `Successfully deleted.`)
+				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "19", "commentid": "7"})
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via User admin", func(t *testing.T) {
-				rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "20", "commentid": "8"})
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `Successfully deleted.`)
+				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "20", "commentid": "8"})
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 
 			t.Run("Shared Via NamespaceTeam readonly", func(t *testing.T) {
@@ -188,14 +190,14 @@ func TestTaskComments(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceTeam write", func(t *testing.T) {
-				rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "22", "commentid": "10"})
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `Successfully deleted.`)
+				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "22", "commentid": "10"})
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceTeam admin", func(t *testing.T) {
-				rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "23", "commentid": "11"})
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `Successfully deleted.`)
+				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "23", "commentid": "11"})
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 
 			t.Run("Shared Via NamespaceUser readonly", func(t *testing.T) {
@@ -204,14 +206,14 @@ func TestTaskComments(t *testing.T) {
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceUser write", func(t *testing.T) {
-				rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "25", "commentid": "13"})
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `Successfully deleted.`)
+				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "25", "commentid": "13"})
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 			t.Run("Shared Via NamespaceUser admin", func(t *testing.T) {
-				rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "26", "commentid": "14"})
-				assert.NoError(t, err)
-				assert.Contains(t, rec.Body.String(), `Successfully deleted.`)
+				_, err := testHandler.testDeleteWithUser(nil, map[string]string{"task": "26", "commentid": "14"})
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
 		})
 	})

pkg/log/logging.go

@@ -63,23 +63,26 @@ func InitLogger() {
 		}
 	}
 
-	// We define our two backends
-	if config.LogStandard.GetString() != "off" {
+	// The backend is the part which actually handles logging the log entries somewhere.
+	cf := config.LogStandard.GetString()
+	var backend logging.Backend
+	backend = &NoopBackend{}
+	if cf != "off" && cf != "false" {
 		stdWriter := GetLogWriter("standard")
 
-		level, err := logging.LogLevel(strings.ToUpper(config.LogLevel.GetString()))
-		if err != nil {
-			Fatalf("Error setting database log level: %s", err.Error())
-		}
-
 		logBackend := logging.NewLogBackend(stdWriter, "", 0)
-		backend := logging.NewBackendFormatter(logBackend, logging.MustStringFormatter(Fmt+"\n"))
-
-		backendLeveled := logging.AddModuleLevel(backend)
-		backendLeveled.SetLevel(level, logModule)
-
-		logInstance.SetBackend(backendLeveled)
+		backend = logging.NewBackendFormatter(logBackend, logging.MustStringFormatter(Fmt+"\n"))
 	}
+
+	level, err := logging.LogLevel(strings.ToUpper(config.LogLevel.GetString()))
+	if err != nil {
+		Fatalf("Error setting database log level: %s", err.Error())
+	}
+
+	backendLeveled := logging.AddModuleLevel(backend)
+	backendLeveled.SetLevel(level, logModule)
+
+	logInstance.SetBackend(backendLeveled)
 }
 
 // GetLogWriter returns the writer to where the normal log goes, depending on the config

pkg/log/noop.go

@@ -0,0 +1,28 @@
+// Vikunja is a to-do list application to facilitate your life.
+// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public Licensee as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public Licensee for more details.
+//
+// You should have received a copy of the GNU Affero General Public Licensee
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package log
+
+import (
+	"github.com/op/go-logging"
+)
+
+// NoopBackend doesn't log anything. Used in cases where we want to disable logging completely.
+type NoopBackend struct{}
+
+func (n *NoopBackend) Log(level logging.Level, i int, record *logging.Record) error {
+	return nil
+}

pkg/log/watermill_logger.go

@@ -45,8 +45,13 @@ func NewWatermillLogger() *WatermillLogger {
 		logger: logging.MustGetLogger(watermillLogModule),
 	}
 
-	logBackend := logging.NewLogBackend(GetLogWriter("events"), "", 0)
-	backend := logging.NewBackendFormatter(logBackend, logging.MustStringFormatter(watermillFmt+"\n"))
+	cf := config.LogEvents.GetString()
+	var backend logging.Backend
+	backend = &NoopBackend{}
+	if cf != "off" && cf != "false" {
+		logBackend := logging.NewLogBackend(GetLogWriter("events"), "", 0)
+		backend = logging.NewBackendFormatter(logBackend, logging.MustStringFormatter(watermillFmt+"\n"))
+	}
 
 	backendLeveled := logging.AddModuleLevel(backend)
 	backendLeveled.SetLevel(level, watermillLogModule)

pkg/mail/mail.go

@@ -17,31 +17,68 @@
 package mail
 
 import (
+	"context"
 	"crypto/tls"
 	"time"
 
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/log"
-	"gopkg.in/gomail.v2"
+
+	"github.com/wneessen/go-mail"
 )
 
 // Queue is the mail queue
-var Queue chan *gomail.Message
+var Queue chan *mail.Msg
 
-func getDialer() *gomail.Dialer {
-	d := gomail.NewDialer(config.MailerHost.GetString(), config.MailerPort.GetInt(), config.MailerUsername.GetString(), config.MailerPassword.GetString())
-	// #nosec
-	d.TLSConfig = &tls.Config{
-		InsecureSkipVerify: config.MailerSkipTLSVerify.GetBool(),
-		ServerName:         config.MailerHost.GetString(),
+func getClient() (*mail.Client, error) {
+
+	var authType mail.SMTPAuthType
+	switch config.MailerAuthType.GetString() {
+	case "plain":
+		authType = mail.SMTPAuthPlain
+	case "login":
+		authType = mail.SMTPAuthLogin
+	case "cram-md5":
+		authType = mail.SMTPAuthCramMD5
 	}
-	d.SSL = config.MailerForceSSL.GetBool()
-	return d
+
+	tlsPolicy := mail.TLSOpportunistic
+	if config.MailerForceSSL.GetBool() {
+		tlsPolicy = mail.TLSMandatory
+	}
+
+	opts := []mail.Option{
+		mail.WithPort(config.MailerPort.GetInt()),
+		mail.WithTLSPolicy(tlsPolicy),
+		//#nosec G402
+		mail.WithTLSConfig(&tls.Config{
+			InsecureSkipVerify: config.MailerSkipTLSVerify.GetBool(),
+			ServerName:         config.MailerHost.GetString(),
+		}),
+		mail.WithTimeout((config.MailerQueueTimeout.GetDuration() + 3) * time.Second), // 3s more for us to close before mail server timeout
+	}
+
+	if config.MailerUsername.GetString() != "" && config.MailerPassword.GetString() != "" {
+		opts = append(opts, mail.WithSMTPAuth(authType))
+	}
+
+	if config.MailerUsername.GetString() != "" {
+		opts = append(opts, mail.WithUsername(config.MailerUsername.GetString()))
+	}
+
+	if config.MailerPassword.GetString() != "" {
+		opts = append(opts, mail.WithPassword(config.MailerPassword.GetString()))
+	}
+
+	return mail.NewClient(
+		config.MailerHost.GetString(),
+		opts...,
+	)
 }
 
 // StartMailDaemon starts the mail daemon
 func StartMailDaemon() {
-	Queue = make(chan *gomail.Message, config.MailerQueuelength.GetInt())
+	Queue = make(chan *mail.Msg, config.MailerQueuelength.GetInt())
 
 	if !config.MailerEnabled.GetBool() {
 		return
@@ -52,10 +89,12 @@ func StartMailDaemon() {
 		return
 	}
 
+	c, err := getClient()
+	if err != nil {
+		log.Errorf("Could not create mail client: %v", err)
+		return
+	}
 	go func() {
-		d := getDialer()
-
-		var s gomail.SendCloser
 		var err error
 		open := false
 		for {
@@ -65,30 +104,31 @@ func StartMailDaemon() {
 					return
 				}
 				if !open {
-					if s, err = d.Dial(); err != nil {
-						log.Error("Error during connect to smtp server: %s", err)
+					err = c.DialWithContext(context.Background())
+					if err != nil {
+						log.Errorf("Error during connect to smtp server: %s", err)
+						break
 					}
 					open = true
 				}
-				if err := gomail.Send(s, m); err != nil {
-					log.Error("Error when sending mail: %s", err)
+				err = c.Send(m)
+				if err != nil {
+					log.Errorf("Error when sending mail: %s", err)
+					break
 				}
 				// Close the connection to the SMTP server if no email was sent in
 				// the last 30 seconds.
 			case <-time.After(config.MailerQueueTimeout.GetDuration() * time.Second):
 				if open {
-					if err := s.Close(); err != nil {
-						log.Error("Error closing the mail server connection: %s\n", err)
-					}
-					log.Infof("Closed connection to mailserver")
 					open = false
+					err = c.Close()
+					if err != nil {
+						log.Errorf("Error closing the mail server connection: %s\n", err)
+						break
+					}
+					log.Info("Closed connection to mail server")
 				}
 			}
 		}
 	}()
 }
-
-// StopMailDaemon closes the mail queue channel, aka stops the daemon
-func StopMailDaemon() {
-	close(Queue)
-}

pkg/mail/send_mail.go

@@ -17,9 +17,14 @@
 package mail
 
 import (
+	"embed"
+	"io"
+
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/log"
-	"gopkg.in/gomail.v2"
+	"code.vikunja.io/api/pkg/version"
+
+	"github.com/wneessen/go-mail"
 )
 
 // Opts holds infos for a mail
@@ -32,6 +37,8 @@ type Opts struct {
 	ContentType ContentType
 	Boundary    string
 	Headers     []*header
+	Embeds      map[string]io.Reader
+	EmbedFS     map[string]*embed.FS
 }
 
 // ContentType represents mail content types
@@ -45,11 +52,11 @@ const (
 )
 
 type header struct {
-	Field   string
+	Field   mail.Header
 	Content string
 }
 
-// SendTestMail sends a test mail to a receipient.
+// SendTestMail sends a test mail to a recipient.
 // It works without a queue.
 func SendTestMail(opts *Opts) error {
 	if config.MailerHost.GetString() == "" {
@@ -57,39 +64,51 @@ func SendTestMail(opts *Opts) error {
 		return nil
 	}
 
-	d := getDialer()
-	s, err := d.Dial()
+	c, err := getClient()
 	if err != nil {
 		return err
 	}
-	defer s.Close()
 
-	m := sendMail(opts)
+	m := getMessage(opts)
 
-	return gomail.Send(s, m)
+	return c.DialAndSend(m)
 }
 
-func sendMail(opts *Opts) *gomail.Message {
-	m := gomail.NewMessage()
+func getMessage(opts *Opts) *mail.Msg {
+	m := mail.NewMsg()
+	m.SetUserAgent("Vikunja " + version.Version)
 	if opts.From == "" {
-		opts.From = config.MailerFromEmail.GetString()
+		opts.From = "Vikunja <" + config.MailerFromEmail.GetString() + ">"
 	}
-	m.SetHeader("From", opts.From)
-	m.SetHeader("To", opts.To)
-	m.SetHeader("Subject", opts.Subject)
+	_ = m.From(opts.From)
+	_ = m.To(opts.To)
+	m.Subject(opts.Subject)
+
 	for _, h := range opts.Headers {
 		m.SetHeader(h.Field, h.Content)
 	}
 
+	for name, content := range opts.Embeds {
+		m.EmbedReader(name, content)
+	}
+
+	for name, fs := range opts.EmbedFS {
+		err := m.EmbedFromEmbedFS(name, fs)
+		if err != nil {
+			log.Errorf("Error embedding %s via embed.FS into mail: %v", err)
+		}
+	}
+
 	switch opts.ContentType {
 	case ContentTypePlain:
-		m.SetBody("text/plain", opts.Message)
+		m.SetBodyString("text/plain", opts.Message)
 	case ContentTypeHTML:
-		m.SetBody("text/html", opts.Message)
+		m.SetBodyString("text/html", opts.Message)
 	case ContentTypeMultipart:
-		m.SetBody("text/plain", opts.Message)
-		m.AddAlternative("text/html", opts.HTMLMessage)
+		m.SetBodyString("text/plain", opts.Message)
+		m.AddAlternativeString("text/html", opts.HTMLMessage)
 	}
+
 	return m
 }
 
@@ -100,6 +119,6 @@ func SendMail(opts *Opts) {
 		return
 	}
 
-	m := sendMail(opts)
+	m := getMessage(opts)
 	Queue <- m
 }

pkg/metrics/active_users.go

@@ -91,12 +91,8 @@ func SetUserActive(a web.Auth) (err error) {
 
 // getActiveUsers returns the active users from redis
 func getActiveUsers() (users activeUsersMap, err error) {
-	u, _, err := keyvalue.Get(ActiveUsersKey)
-	if err != nil {
-		return nil, err
-	}
-
-	users = u.(activeUsersMap)
+	users = activeUsersMap{}
+	_, err = keyvalue.GetWithValue(ActiveUsersKey, &users)
 	return
 }