* [AI] Enforce file access authorization on sync API endpoints
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor file deletion authorization to return error message as text
* Refactor file upload validation to improve error handling
* Add tests to allow admin users to retrieve encryption keys and sync files for other users
- Implemented a test for admin access to retrieve encryption keys for another user's file in the /user-get-key endpoint.
- Added a test for admin users to sync another user's file in the /sync endpoint, ensuring proper response and headers.
These changes enhance the authorization checks for admin actions on user files.
* Refactor file cleanup in tests to use onTestFinished for better error handling
* Enhance admin capabilities in file management tests
* Add migration to backfill file owners with admin ID
* Enhance file access authorization in sync API
* Update migration to backfill file owners with admin ID to ensure consistent ordering in the query
* Refactor access control tests for file downloads in sync API
* Add test for non-owner file download access via user_access in sync API
This test verifies that users with appropriate access can download files owned by others, utilizing the requireFileAccess logic and UserService.countUserAccess. It ensures correct response headers and content delivery for shared files.
* Refactor file cleanup in upload and download tests to utilize onTestFinished for improved error handling
This update consolidates file cleanup logic in the test suite, ensuring that temporary files are removed after each test execution. The changes enhance the reliability of tests by consistently managing file state across various scenarios.
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Add authentication middleware to SimpleFIN and Pluggy.ai endpoints
Protect /simplefin/* and /pluggyai/* routes with validateSessionMiddleware
so only authenticated users can access bank account and transaction data.
Co-authored-by: Cursor <cursoragent@cursor.com>
* Release notes
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Apply import sorting with perfectionist/sort-named-imports rule
- Add perfectionist/sort-named-imports oxlint rule
- Sort named imports: value imports before type imports
- Update component-library and desktop-client files to match new rule
* Add release notes for linting updates on named imports
* Update linting rules and replace @ts-ignore with @ts-expect-error
* Add release notes for PR #6636
* Fix TypeScript linting issue by adding @ts-ignore for electron types in server start message
* Change category to Maintenance and update linting rules
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Added Global Synced Prefs
* [autofix.ci] apply automated fixes
* Add release notes for PR #6234
* typecheck
* lint fix
* Refactor global synced preferences to server preferences
- Removed global synced preferences implementation and related files.
- Introduced server preferences with a new slice and hooks for managing user settings.
- Updated components and hooks to utilize server preferences instead of global synced preferences.
- Adjusted Redux store and mock configurations to reflect the changes.
- Enhanced user settings consistency across devices with the new server preferences structure.
* Implement server preferences for feature flags and enhance admin permissions
- Updated the Experimental component to conditionally display based on user permissions and login method.
- Refactored feature flag handling to use 'flags.plugins' instead of 'plugins'.
- Introduced server-side checks to restrict access to server preferences for admin users only.
- Added comprehensive tests for server preferences management, ensuring proper handling of user roles and preferences.
* Enhance error handling in saveServerPrefs thunk
- Updated the saveServerPrefs async thunk to handle potential errors from the server response.
- Added a check for the presence of an error in the result and return it accordingly.
- Ensured that preferences are still dispatched to the store upon successful save.
* Feedback: strict "flags.plugins" typing
* Feedback: move state slice
* Feedback: localstorage pref
* Feedback: move serverPrefsSlide into prefsSlice
* Refactor: Remove duplicate import of PostError in app.ts
* Rename serverPrefs state slice property to server (#6596)
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matiss Janis Aboltins <matiss@mja.lv>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
* Fix LHV bank adapter not being loaded due to filename mismatch
The bank-factory.js loads bank adapters by filtering for files containing
underscores, but lhv-lhvbee22.js used a hyphen. This caused the LHV adapter
to never be loaded, falling back to the generic IntegrationBank handler
which doesn't extract payee names from card transaction remittance info.
Rename lhv-lhvbee22.js to lhv_lhvbee22.js to match the naming convention
used by all other bank adapters.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Add release notes for PR #6533🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* [autofix.ci] apply automated fixes
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* 🔖 (26.1.0)
* Trigger CI
* Remove used release notes
* Add release notes for version 26.1.0
This commit introduces the release notes for version 26.1.0, highlighting notable improvements such as currency display in the budget, mobile schedules functionality, link detection in transaction notes, and an extension of historical data. The release also includes various enhancements, bug fixes, and maintenance updates, acknowledging contributions from multiple developers.
* Update spelling expectations and release notes for version 26.1.0
This commit adds new terms to the spelling expectations file and updates the release notes to reflect changes in the documentation, including formatting improvements for clarity. Notable contributions from various developers are acknowledged.
* Add new terms to spelling expectations file
This commit updates the spelling expectations by adding new terms, enhancing the accuracy of the documentation spell-checking process. The changes include the addition of 'jws' and 'oxc' to the list of expected terms.
* Update release notes for version 26.1.0 to include Flathub availability for Linux users
* Update release notes to reflect Docker tag for version 26.1.0 in documentation
---------
Co-authored-by: MatissJanis <886567+MatissJanis@users.noreply.github.com>
Co-authored-by: Matiss Janis Aboltins <matiss@mja.lv>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Initial plan
* Add permission checks for budget deletion
- Server-side: Check if user is file owner or admin before allowing deletion
- Client-side: Hide "Delete from all devices" button for non-owners
- Add comprehensive tests for permission checking
- Non-owners see message that only owner can delete from server
Co-authored-by: MatissJanis <886567+MatissJanis@users.noreply.github.com>
* Add release notes for PR #6338
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6338
* Fix: Change unauthorized to forbidden in delete-user-file
Co-authored-by: matiss <matiss@mja.lv>
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6338
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6338
* Fix: Update error reason from 'unauthorized' to 'forbidden' in delete-user-file response
* Update VRT screenshot for date filter test case
* [autofix.ci] apply automated fixes
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: MatissJanis <886567+MatissJanis@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: matiss <matiss@mja.lv>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Matt Fiddaman <github@m.fiddaman.uk>
* Update typography rule to disallow curly quotes with auto-fix
- Reverse typography rule to detect and flag curly quotes instead of straight quotes
- Add auto-fixer that converts curly quotes to straight quotes
- Fix auto-fixer to properly escape quotes when they match string delimiters
* Fix quotation marks in error messages and formatting strings across multiple files
- Standardize quotation marks from curly to straight in error messages and string formatting for consistency.
- Update various components and utility files to ensure proper string handling and improve readability.
* Standardize quotation marks across multiple files
- Replace curly quotes with straight quotes in various documentation and code files for consistency and improved readability.
- Update error messages, comments, and documentation to ensure uniformity in string formatting.
* Standardize month formatting across multiple components
- Update month formatting strings from "MMMM 'yy" to "MMMM ''yy" in various components and utility files for consistency.
- Ensure uniformity in how months are displayed throughout the application.
* Refactor typography rule to enhance curly quote handling
- Simplify the error reporting mechanism for curly quotes by creating a shared fix function.
- Update test cases to include various curly quote scenarios for improved coverage.
- Ensure consistent handling of curly quotes in formatting functions across multiple files.
* Refactor typography handling and update tests for curly quotes
- Replace curly quotes with their Unicode equivalents in typography rule and related test cases for consistency.
- Remove unnecessary eslint-disable comments to improve code clarity.
- Ensure proper handling of quotes in arithmetic and utility tests to align with updated typography standards.
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6454
* Fix: Correct typo in budget cell notification message
Co-authored-by: matiss <matiss@mja.lv>
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6454
* Temporarily disable i18n string extraction workflow
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Add ESM loader support and update sync-server modules
* Update TypeScript configuration and fix bank file import filter in sync-server
* Remove deprecated loader and register files, update TypeScript configuration to use ES2021, and add a new script for automatically adding import extensions to JavaScript files.
* Update test script in package.json to include a custom loader and clean up import extensions script by removing unused 'stat' import.
* feat: Add warning for unresolved imports
Co-authored-by: matiss <matiss@mja.lv>
* [autofix.ci] apply automated fixes
* Remove unused 'import/extensions' rule from ESLint configuration
* Refactor import statements in sync-server
- Updated import path for migrations to remove file extension.
- Added ESLint directive to ignore import extension rule for reset-password script.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* 🔖 (25.12.0)
* force ci
* Remove used release notes
* add blog post
* fix spelling
* make netlify happy?
* last one
* fix some formatting
* remove icns from allowed spelling to avoid accidental missspellings
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6285
* force ci
* force ci
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6285
* revert flaky vrt. please don't update again...
* make the release dates match
---------
Co-authored-by: youngcw <28542559+youngcw@users.noreply.github.com>
Co-authored-by: youngcw <calebyoung94@gmail.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* fix server sync file download when server-files are in .config directory on linux
* extra security
* release notes
* putting it back after testing
* also accounting for directories
* derp
* enhancement: fix Cetelem bank transations
The amount coming from GoCardless has the opposite sign of what we expect.
* Cetelem bank: make code more future-proof
Change based on code review suggestion
Co-authored-by: Matt Fiddaman <github@m.fiddaman.uk>
---------
Co-authored-by: Matt Fiddaman <github@m.fiddaman.uk>
