This commit modifies the Navigation component and the CMS index page to replace the "Mitglieder" link with "Mitgliederverwaltung" and updates the corresponding route. Additionally, it removes the outdated "mitgliedschaftsantraege" page, streamlining the CMS structure and improving user navigation.
This commit ensures that the Satzung content is loaded as a string, enhancing reliability. Additionally, it refines the HTML conversion function by improving the handling of line breaks, merging related lines, and removing empty paragraphs. These changes enhance the overall quality and readability of the generated HTML content.
This commit updates the text-to-HTML conversion function to remove page numbers and footers from the extracted text. It also introduces enhanced handling for enumerated lists, allowing for better formatting of items with specific patterns (e.g., a), b), c)). These changes improve the overall quality and readability of the generated HTML content.
This commit introduces a new mechanism for extracting text from uploaded PDF files using pdftotext, followed by a basic plausibility check of the extracted content. If the text meets the criteria, it is converted to HTML format and stored in the configuration, replacing the previous static content handling. This enhancement improves the accuracy and reliability of the Satzung content management.
This commit removes the PDF text extraction logic and replaces it with a fallback mechanism that retains existing content or provides a neutral message. The configuration update now only sets the PDF path without automatically generating HTML content, improving clarity and maintaining the integrity of the existing data.
This commit modifies the navigation and CMS user management components to allow access for both 'admin' and 'vorstand' roles. The changes include updating the conditional rendering logic in the Navigation and index.vue files, as well as adjusting the API endpoint to reflect the new role permissions, enhancing the flexibility of user access within the CMS.
This commit introduces role-based access control for user contact information in the CMS. It updates the user list display to show email and phone details only to users with the 'vorstand' role, while masking this information for others. Additionally, it modifies the API endpoints to ensure that contact data is only returned for authorized users, improving data privacy and security.
This commit modifies the loadMannschaften function across multiple components to fetch CSV data from the new API endpoint '/api/mannschaften' instead of the previous static file path '/data/mannschaften.csv'. This change enhances data retrieval consistency and aligns with the updated data management strategy in the application.
This commit adds logic to remove outdated `.gz` and `.br` files after a successful CSV write operation in the CMS. This ensures that users do not encounter inconsistent content due to leftover pre-compressed assets, enhancing data integrity and reliability in the application.
This commit improves the CSV file handling in the CMS by implementing an atomic write function that ensures data integrity during file saves. It introduces a verification step to check file size after writing, preventing issues with incomplete or corrupted files. Additionally, it refines the logic for determining target paths, prioritizing preferred directories and providing better error handling for write operations. These changes enhance the reliability and robustness of data management in the application.
This commit updates the version of several packages in package.json and package-lock.json, including downgrading "quill" to 2.0.2 and upgrading "devalue", "diff", "h3", "node-mock-http", "tar", and "undici" to their latest versions. Additionally, it improves the CSV file handling in the CMS by implementing a cache-busting mechanism for fetching data and enhancing error handling during file saving, ensuring more robust data management.
This commit enhances the cookie handling logic by providing detailed comments on the SameSite attribute options and their implications for security. It sets the default SameSite value to 'none' to allow iframe embedding while ensuring that Secure is true when SameSite is 'none'. Additionally, it adds a warning for cases where SameSite is 'none' but Secure is false, improving the overall security posture of cookie management.
This commit removes the X-Frame-Options header in favor of using Content Security Policy (CSP) with frame-ancestors for better flexibility and modern security practices. It also adds a fallback for frame-ancestors in case CSP is not enabled. Additionally, the JavaScript middleware is updated to reflect these changes, ensuring consistent security header management across the application.
This commit introduces a mechanism to handle multiple possible encryption keys for data decryption across various modules, including auth.js, members.js, newsletter.js, and encryption.js. It adds functions to retrieve potential old keys for migration purposes and updates the decryption logic to attempt decryption with these keys. Additionally, it includes warnings for users when old keys are used and provides guidance for re-encrypting data. This enhancement improves data migration capabilities and ensures backward compatibility with previously encrypted data.
This commit updates the newsletter subscription component to display the user's email when logged in, improving user experience. It also adds logic to load the user's profile data upon authentication, ensuring that the email field is pre-filled for logged-in users. Additionally, the server-side subscription handler is modified to check user authentication status, allowing only logged-in users to subscribe to certain groups. This change enhances the overall subscription process and aligns it with user authentication state.
This commit deletes several files related to Passkey functionality, including CORS_TEST_ANLEITUNG.md, CROSS_DEVICE_DEBUG.md, CROSS_DEVICE_PROBLEM_ZUSAMMENFASSUNG.md, SMARTPHONE_TEST_ANLEITUNG.md, test-cors.html, test-smartphone.html, and Vue components for Passkey registration and recovery. These removals are part of a broader effort to streamline the codebase and focus on core authentication methods while Passkey support is under review.
Update the registrieren.vue component to enhance debug logging for local authenticator usage, providing clearer messages about the expected behavior during registration. Modify the register-passkey-options API to specify the use of local authenticators, ensuring better clarity on the authenticator selection process. This update aims to improve user understanding and troubleshooting during Passkey registration without the need for Cross-Device functionality.
Update the registrieren.vue component to improve debug logging for Cross-Device registration, including checks for local authenticators and tunnel server connections. Add warnings for potential issues when Cross-Device is not used. Modify the register-passkey-options API to ensure compatibility with Cross-Device requirements by allowing both platform and cross-platform authenticators. This update aims to provide clearer insights and troubleshooting guidance during the Passkey registration process.
Update the CROSS_DEVICE_PROBLEM_ZUSAMMENFASSUNG.md to clarify the role of tunnel servers in the Cross-Device authentication process and outline troubleshooting steps. Additionally, enhance the registrieren.vue component with detailed information about the FIDO Cross-Device flow, including QR-Code format, connection requirements, and potential issues. Improve the register-passkey-options API documentation to reflect the use of tunnel servers, ensuring better understanding and support for Cross-Device functionality.
Add functionality to log all requests from mobile devices, improving debugging capabilities. Extend the existing passkey endpoint checks to include a new endpoint for cross-device registration. This update aims to provide clearer insights into mobile user interactions with the application.
Improve logging in the register-passkey-options and log-requests middleware to provide detailed insights into request handling. Add user-agent analysis, IP address logging, and mobile/desktop detection to aid in troubleshooting. This update aims to enhance the clarity of request logs and support better debugging during the Passkey registration process.
Update the registrieren.vue component to include detailed debug statements for the Cross-Device authentication flow, specifically during QR-Code generation. Improve logging in the register-passkey-options and register-passkey APIs to capture request details such as user agent and IP address, aiding in troubleshooting. Additionally, introduce a new function to retrieve pre-registration data, enhancing the overall registration process and compliance with Cross-Device requirements.
Add additional debug statements to the register-passkey-options API to validate the options structure, including checks for challenge type and user ID format. Improve logging to capture detailed information about the options being returned, aiding in troubleshooting and ensuring compliance with Cross-Device requirements.
Add detailed debug statements in the registrieren.vue component to validate the complete options structure during Passkey registration. Update the register-passkey API to simplify the options return process, eliminating unnecessary serialization while maintaining comprehensive logging of the options details for improved troubleshooting.
