* Add manual backup creation and delete buttons to Update Manager
- Add "Create Backup" button in the backups tab for on-demand backups
- Add delete buttons (trash icons) for update logs and backups
- New controller routes with CSRF protection and permission checks
- Use data-turbo-confirm for CSP-safe confirmation dialogs
- Add deleteLog() method to UpdateExecutor with filename validation
* Add Docker backup support: download button, SQLite restore fix, decouple from auto-update
- Decouple backup creation/restore UI from can_auto_update so Docker
and other non-git installations can use backup features
- Add backup download endpoint for saving backups externally
- Fix SQLite restore to use configured DATABASE_URL path instead of
hardcoded var/app.db (affects Docker and custom SQLite paths)
- Show Docker-specific warning about var/backups/ not being persisted
- Pass is_docker flag to template via InstallationTypeDetector
* Add tests for backup/update manager improvements
- Controller tests: auth, CSRF validation, 404 for missing backups, restore disabled check
- UpdateExecutor: deleteLog validation, non-existent file, successful deletion
- BackupManager: deleteBackup validation for missing/non-zip files
* Fix test failures: add locale prefix to URLs, correct log directory path
* Fix auth test: expect 401 instead of redirect for HTTP Basic auth
* Improve test coverage for update manager controller
Add happy-path tests for backup creation, deletion, download,
and log deletion with valid CSRF tokens. Also test the locked
state blocking backup creation.
* Fix CSRF tests: initialize session before getting tokens
* Fix CSRF tests: extract tokens from rendered page HTML
* Harden backup security: password confirmation, CSRF, env toggle
Address security review feedback from jbtronics:
- Add IS_AUTHENTICATED_FULLY to all sensitive endpoints (create/delete
backup, delete log, download backup, start update, restore)
- Change backup download from GET to POST with CSRF token
- Require password confirmation before downloading backups (backups
contain sensitive data like password hashes and secrets)
- Add DISABLE_BACKUP_DOWNLOAD env var (default: disabled) to control
whether backup downloads are allowed
- Add password confirmation modal with security warning in template
- Add comprehensive tests: auth checks, env var blocking, POST-only
enforcement, status/progress endpoint auth
* Fix download modal: use per-backup modals for CSP/Turbo compatibility
- Replace shared modal + inline JS with per-backup modals that have
filename pre-set in hidden fields (no JavaScript needed)
- Add data-turbo="false" to download forms for native browser handling
- Add data-bs-dismiss="modal" to submit button to auto-close modal
- Add hidden username field for Chrome accessibility best practice
- Fix test: GET on POST-only route returns 404 not 405
* Fixed translation keys
* Fixed text justification in download modal
* Hardenened security of deleteLogEndpoint
* Show whether backup, restores and updates are allowed or disabled by sysadmin on update manager
* Added documentation for update manager related env variables
---------
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
* add option to disable keybindings
* add tests for disabling keybindings
* Fixed translation keys
* Added env to env configuration list
* Removed useless tests
The tests are already enforced by type declarations
---------
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
* Initial plan
* Improve documentation clarity, fix typos, and update outdated information
Co-authored-by: jbtronics <5410681+jbtronics@users.noreply.github.com>
* Replace LCSC with Mouser in cloud providers list per d-buchmann's review
Co-authored-by: jbtronics <5410681+jbtronics@users.noreply.github.com>
* Remove outdated Mouser API issue notice
Removed outdated information about the Mouser API's current issues with datasheets and part specifications.
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jbtronics <5410681+jbtronics@users.noreply.github.com>
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
* Erweiterungstätigkeiten zur IPN-Vorschlagsliste anhand von Präfixen aus den Kategorien
* Umstellung Migrationen bzgl. Multi-Plattform-Support.
Zunächst MySQL, SQLite Statements integrieren.
* Postgre Statements integrieren
* SQL-Formatierung in Migration verbessern
* Erweitere IPN-Suggest um Bauteilbeschreibung.
Die Implementierung berücksichtigt nun zusätzlich die Bauteilbeschreibung zu maximal 150 Zeichen Länge für die Generierung von IPN-Vorschlägen und Inkrementen.
* Anpassungen aus Analyse vornehmen
* IPN-Validierung für Parts überarbeiten
* IPN-Vorschlagslogik um Konfiguration erweitert
* Anpassungen aus phpstan Analyse
* IPN-Vorschlagslogik erweitert und Bauteil-IPN vereindeutigt
Die IPN-Logik wurde um eine Konfiguration zur automatischen Suffix-Anfügung und die Berücksichtigung von doppelten Beschreibungen bei Bedarf ergänzt. Zudem wurde das Datenmodell angepasst, um eine eindeutige Speicherung der IPN zu gewährleisten.
* Regex-Konfigurationsmöglichkeit für IPN-Vorschläge einführen
Die Einstellungen für die IPN-Vorschlagslogik wurden um eine Regex-Validierung und eine Hilfetext-Konfiguration erweitert. Tests und Änderungen an den Formularoptionen wurden implementiert.
* Match range assert and form limits in suggestPartDigits
* Keep existing behavior with autoAppend suffix by default
* Show the regex hint in the browser validation notice.
* Improved translations
* Removed unnecessary service definition
* Removed german comments
---------
Co-authored-by: Marcel Diegelmann <marcel.diegelmann@gmail.com>
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
* Add env option to disable part image overlay
Fixes#369 while preserving the state as-is
* Added documentation and use 1 instead of true for new env
---------
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
The php-saml library use its own logic to determine the current path, and we need to set the use_proxy_vars so that it respects the proxy FORWARDED headers.
This should fix issue #436
