This commit addresses critical database errors that occurred during item deletion and restoration.
- **IntegrityError Fix**:
- The and functions were updated to prevent errors.
- The logic now checks for existing items by name in the destination list (trash or shopping list) before moving them, avoiding conflicts.
- **OperationalError Mitigation**:
- To address errors caused by concurrent writes, the SQLite connection timeout was increased to 30 seconds for all database connections. This provides more time for transactions to complete.
This commit introduces several UI enhancements, a change to the default trash bin behavior, and a versioning scheme update.
- **Versioning**:
- The project's versioning scheme has been updated from to to better reflect its maturity.
- The and have been updated to document this change.
- **Global Trash Default**:
- The default behavior for the global trash setting is now "disabled".
- The backend logic in was updated to reflect this, defaulting to if the setting is not present in the database.
- The API endpoint now correctly updates all lists to reflect the new global state (enabled or disabled).
- **Admin Panel Layout**:
- In the "Create User" form, the email field is now on its own wider row () for better readability.
- In the user list, the user's email is now displayed on a separate line below the username for clarity.
- **Settings Modal Layout**:
- The "Change Password" fields are now stacked vertically, each occupying .
- The settings modal is now narrower (removed ).
This comprehensive update introduces several key improvements and fixes across the application:
- **Enhanced Security (Unique Email Enforcement)**:
- The Pydantic model now supports an optional field.
- 's function includes a migration to create a unique index on the column in the punix table, ensuring no two non-empty email addresses are the same. This also includes graceful error handling for existing duplicate emails during migration.
- and API endpoints now correctly handle for duplicate email and username constraints, providing clear error messages to the user.
- **Improved Password Reset Functionality**:
- **Frontend Token Handling**: Fixed an issue in where the password reset token was incorrectly parsed from instead of . The frontend routing logic ( function) was updated to correctly display the reset password view using .
- **Visual Feedback**: Added a loading spinner and "Sending..." text to the "Send Reset Link" button in the "Forgot Password" view to enhance user experience during email dispatch.
- **Backend Token Verification**: (Previously fixed in a separate commit, but related to the overall flow) Ensures the reset token verification is robust.
- **Working Password Change for Logged-in Users**:
- Implemented the function and integrated it with the in . Users can now change their password while logged in, with client-side validation for password matching and length, and proper API interaction.
- **Localization Improvements**:
- The file was updated to include all newly introduced UI texts (e.g., for password change success/errors, loading states) in both German and English.
- The "Forgot Password" confirmation message () was rephrased to a more professional and security-conscious wording in both languages, avoiding user enumeration.
- **Documentation & Configuration**:
- Added an file to serve as a template for configuration.
- Updated to explain the use of the file.
- Updated with all recent changes.
These changes significantly enhance the application's security, user experience, and overall robustness, particularly concerning user management and authentication flows.
This comprehensive update introduces several key improvements and fixes across the application:
- **Enhanced Security (Unique Email Enforcement)**:
- The Pydantic model now supports an optional field.
- 's function includes a migration to create a unique index on the column in the punix table, ensuring no two non-empty email addresses are the same. This also includes graceful error handling for existing duplicate emails during migration.
- and API endpoints now correctly handle for duplicate email and username constraints, providing clear error messages to the user.
- **Improved Password Reset Functionality**:
- **Frontend Token Handling**: Fixed an issue in where the password reset token was incorrectly parsed from instead of . The frontend routing logic ( function) was updated to correctly display the reset password view using .
- **Visual Feedback**: Added a loading spinner and "Sending..." text to the "Send Reset Link" button in the "Forgot Password" view to enhance user experience during email dispatch.
- **Backend Token Verification**: (Previously fixed in a separate commit, but related to the overall flow) Ensures the reset token verification is robust.
- **Working Password Change for Logged-in Users**:
- Implemented the function and integrated it with the in . Users can now change their password while logged in, with client-side validation for password matching and length, and proper API interaction.
- **Localization Improvements**:
- The file was updated to include all newly introduced UI texts (e.g., for password change success/errors, loading states) in both German and English.
- The "Forgot Password" confirmation message () was rephrased to a more professional and security-conscious wording in both languages, avoiding user enumeration.
These changes significantly enhance the application's security, user experience, and overall robustness, particularly concerning user management and authentication flows.
This commit addresses the issue where the password reset page was not displayed correctly after clicking the reset link in the email.
- ****:
- **Reset Token Parsing**: Changed the logic in the function to extract the from instead of . The reset links send the token as part of the URL fragment, which would not capture.
- **View Routing Condition**: Updated the conditional checks for displaying the to use instead of a strict equality check (). This ensures that the view is correctly triggered when the hash contains additional query parameters, such as the reset token.
These changes ensure that users are correctly directed to the password reset form when they click the email link, allowing them to complete the password reset process.
This commit addresses several issues related to email sending and password reset functionality:
- **docker-compose.yml**: Removed inline default values for MAIL_PORT, MAIL_STARTTLS, MAIL_SSL_TLS, and MAIL_SUPPRESS_SEND environment variables. This ensures that the application correctly uses the values provided in the .env file or environment. Previously, inline defaults could override intended settings, leading to unexpected behavior.
- **main.py**:
- **MAIL_SUPPRESS_SEND Interpretation**: Corrected the boolean interpretation of the MAIL_SUPPRESS_SEND environment variable. Previously, bool("False") would evaluate to True, inadvertently suppressing email sending even when explicitly set to False. The fix ensures accurate evaluation.
- **Email Sending Logging**: Added an INFO level log message before attempting to send a password reset email to provide clearer debugging information.
- **Password Reset Token Verification**: Refactored the reset_password function's token verification logic. Instead of directly querying the database with a raw token (which would fail as tokens are stored hashed), the function now iterates through all stored reset tokens and uses pwd_context.verify to match the provided token against the hashed versions. This ensures secure and correct token validation. Additionally, the token expiration and deletion logic was refined.
Fügt eine CSS-Regel hinzu, um sicherzustellen, dass die E-Mail-Adressen der Benutzer, die mit der Klasse .text-muted angezeigt werden, im dunklen Thema eine helle, lesbare Farbe haben.
- Ersetzt die SVG-Icons für Einstellungen und Abmelden durch ein Emoji bzw. ein benutzerdefiniertes, farbiges SVG-Icon.
- Vergrößert alle Icons für Löschen, Papierkorb, Einstellungen und Abmelden für eine bessere Sichtbarkeit.
- Korrigiert die Größe des roten Papierkorb-Icons, das erscheint, wenn Artikel markiert werden.
This commit addresses several issues encountered during application startup and frontend rendering:
- **Backend (main.py):
- Corrected ConnectionConfig parameters for fastapi_mail: Replaced deprecated MAIL_TLS/MAIL_SSL with MAIL_STARTTLS/MAIL_SSL_TLS and removed MAIL_CONSOLE_BACKEND (now handled by SUPPRESS_SEND).
- Ensured 'templates/email' directory exists to resolve TEMPLATE_FOLDER validation error.
- Replaced print() statements with logging.info()/logging.error() for email sending to improve log visibility in Docker.
- **Frontend (static/index.html):**
- Implemented missing and JavaScript functions to fix a that prevented proper frontend rendering.
- Added corresponding event listeners for password reset forms and links.
- Added missing function for the admin user management.
These changes ensure the application starts without Pydantic validation errors, the frontend renders correctly, and email-related actions are properly logged in development.
- Modified the function: when the global trash usage is disabled in the admin panel, individual lists are now set to use the trash by default (use_trash = 1), instead of being disabled. This provides a better default and returns control to the user for individual list settings.
- On application startup, the global trash setting is now checked and enforced across all existing lists to ensure a consistent state.
- The client-side WebSocket handler now refetches global settings upon receiving an update broadcast, ensuring that UI elements (like the visibility of the individual trash switch) react immediately to changes made by an administrator.
- Resolved issue where global trash usage setting was not persisted across container restarts by storing it in .
- Modified API endpoint for global trash setting from to .
- Updated list creation logic to respect the global trash setting for new lists.
- Fixed "Method Not Allowed" error by updating frontend calls to use the new global trash endpoint.
- Ensured default list is only created if no other lists exist on fresh install or empty database.
- Corrected display logic for individual list trash switch:
- Ensured is fetched for all users and before rendering lists.
- Disabled the individual trash switch in the main view if the global trash setting is active to prevent accidental changes.
- Ensured the individual trash switch in the rename modal also respects the global setting.
Correctly retrieve and set the state of the 'use trash for all lists' switch in the admin panel on page load. Previously, the switch would revert to 'off' after a refresh because its state was not fetched from the backend.
This is now fixed by introducing a getUseTrashAllSetting function that queries the backend for the global setting and sets the switch's state accordingly.
- Correctly set the application title to 'Geteilte Einkaufs/Aufgabenliste'.
- Fix the missing label for the 'send notification without username' switch in the admin panel by adding the correct translation key.
- Widen the deletion password input field with a 'min-width' CSS rule to ensure the placeholder text is fully visible.
- Implement the 'Use Trash' switch in the list renaming modal for individual list settings.
- Implement a global 'Use Trash' switch in the admin panel to apply the setting to all lists.
- Add all necessary backend logic in 'main.py' to support the 'use_trash' functionality, including database migration, new API endpoints, and updated deletion logic.
- Add all necessary frontend logic in 'static/index.html' to handle the new switches and their interactions with the backend.
- Correctly translate all new UI elements.
- Add a 'use_trash' column to the shopping_lists table to control whether a list uses the trash functionality.
- Add a switch in the list settings to toggle the 'use_trash' flag for each list.
- Add a switch in the admin panel to enable/disable the 'use_trash' flag for all lists at once.
- Modify the delete functionality to respect the 'use_trash' flag.
- Fix a bug where the search placeholder was not translated.
- Fix a bug where the 'Restore to' text was not translated and was displayed in the dark theme with the wrong color.
- Fix a bug where the title was always 'Noteshop' instead of 'Geteilte Einkaufsliste'.
- Fix a bug where the 'send notification without username' switch was missing its label.
- Added a search bar to the trash can view to filter items.
- Implemented the functionality to restore items from the trash can to the last selected list.
- The 'Restore to' text is now displayed in the trash can view, indicating the target list for restoration.
- The search bar and 'Restore to' text are now correctly styled in both light and dark themes.
- Ensured that all new UI elements are correctly translated.
This feature allows any authenticated user to delete a shopping list.
- **Backend:**
- Removed the admin-only restriction from the `DELETE /api/lists/{list_id}` endpoint.
- Removed the check that prevented the deletion of the last remaining list.
- **Frontend:**
- Added a "Delete current" option to the list management dropdown menu.
- Implemented a confirmation modal to prevent accidental deletion.
- Added internationalization for all new UI elements.
This feature allows administrators to configure whether the username and list name are included in Gotify notifications.
- **Backend:**
- Added a new setting to the table.
- Implemented new API endpoints ( and at ) for managing this setting.
- Modified the endpoint to check this setting and adjust the Gotify message title accordingly. By default, both username and list name are included. If the setting is enabled, only the list name is sent.
- **Frontend:**
- Added a toggle switch in the admin panel to control the setting.
- Updated JavaScript logic (, ) to interact with the new API endpoints.
- Updated translation files (, , ) with new keys for the switch label.
- Corrected CSS for dark theme to ensure the switch label is visible.
This commit fixes a bug where the shopping list selection would incorrectly change after adding an item to a newly created list. It also ensures that the selected list is correctly persisted and reloaded across browser sessions.
- Refactored the function to create a more robust and predictable state selection logic, prioritizing the current user's selection.
- Simplified the function to prevent race conditions with WebSocket updates.
- Enforced consistent type handling for list IDs (number) to prevent strict equality () check failures.
This commit introduces a series of improvements to the user interface and experience, and fixes several bugs.
- **Responsive Header**: The header is now responsive, ensuring the title and action buttons display correctly on mobile devices.
- **Dynamic List Button**: The list selection button now dynamically displays the name of the active list, improving user context.
- **Last List Persistence**: The application now remembers and re-opens the last used list on page load.
- **Dark Mode Dropdown**: The list selection dropdown menu now correctly supports dark mode.
- **Bugfix**: Fixed a bug that prevented switching between lists after renaming.
- **Translations**: Updated and shortened button and title translations for clarity.
Dieser Commit fügt die Funktionalität für mehrere Einkaufslisten hinzu.
- **Backend:**
- Implementiert eine Datenbankmigration zur Unterstützung mehrerer Listen.
- Fügt neue Tabellen für hinzu.
- Erweitert das -Modell um .
- Fügt API-Endpunkte für das Abrufen, Erstellen und Umbenennen von Listen hinzu.
- Passt bestehende API-Endpunkte (, , ) an, um zu berücksichtigen.
- **Frontend:**
- Fügt UI-Elemente für die Listenverwaltung hinzu (Dropdown, Buttons).
- Implementiert Logik zum Abrufen und Umschalten zwischen Listen.
- Passt Frontend-Logik an, um bei Item-Operationen zu verwenden.
This commit introduces the ability to edit existing shopping list items.
- **Backend:** Added model and endpoint.
- **Frontend:** Added edit icon, , , and functions.
- **Translations:** Added error messages for German and English.
Introduces WebSocket-based real-time updates for the shopping list.
Changes to items (add, mark, delete) are now instantly reflected
across all connected user sessions without requiring a page refresh.
This commit:
- Extends the WebSocket ConnectionManager to broadcast item updates.
- Modifies item manipulation endpoints (add, mark, delete) to trigger broadcasts.
- Updates the frontend to listen for update broadcasts and refresh the list.
- Updates README.md to reflect the new real-time update feature.
The password prompt for deleting items was not appearing for non-admin
users because the backend endpoint to check for the password's
existence was incorrectly restricted to admins, and the frontend logic
did not properly handle the check.
This commit fixes the issue by:
- Allowing all authenticated users to check if a deletion password is set.
- Updating the frontend to correctly show the prompt based on this check.
Adds a new Features section to highlight the applications
capabilities, including multi-user support, real-time updates,
and automatic language detection.
Expands the How to Use section with detailed instructions on
managing the shopping list, explaining how to add, mark, and
delete items, including the new deletion password requirement.
Implementiert die serverseitige Spracherkennung basierend auf dem
Accept-Language-Header des Browsers. Das Backend liefert nun die
index.html-Datei dynamisch mit dem korrekten lang-Attribut aus.
Das Frontend-JavaScript wurde aktualisiert, um das lang-Attribut des
HTML-Dokuments zu berücksichtigen und eine konsistente
Sprachbehandlung zu gewährleisten.
Zusätzlich behebt dieser Commit einen Fehler, bei dem die
Beispiel-Vorschläge nach dem Hinzufügen eines Artikels nicht
ausgeblendet wurden. Außerdem wird die Funktionalität des
"Hinzufügen"-Buttons und der Enter-Taste wiederhergestellt.
Replaced the text-based 'Select All' button with a more intuitive and space-efficient Bootstrap icon (check2-square).
This change enhances the user interface by providing a symbolic representation for the 'Select All' action.
- Replaced the button in `static/index.html` with an SVG icon.
- Removed the corresponding JavaScript code that sets the button's text content.
- Removed the now-unused `select_all_button` translations from `translations.py`.
