release: 2.0.2

.version

@@ -1 +1 @@
-2.0.0
+2.0.2

CHANGELOG.md

@@ -1,3 +1,30 @@
+## v2.0.2
+
+### Bug Fixes
+
+- migration fails if users exist with no email address ([2f651ad](https://github.com/pocket-id/pocket-id/commit/2f651adf3b4e8d689461da2083c3afcb1eb1d477) by @stonith404)
+- allow version downgrade database is dirty ([ba00f40](https://github.com/pocket-id/pocket-id/commit/ba00f40bd4b06f31d251599fcb1db63e902a6987) by @stonith404)
+- localhost callback URLs with port don't match correctly ([7c34501](https://github.com/pocket-id/pocket-id/commit/7c345010556f11a593948b2a1ae558b7a8003696) by @stonith404)
+
+### Other
+
+- add no-op migration to postgres ([a24b2af](https://github.com/pocket-id/pocket-id/commit/a24b2afb7b8165bed05976058a8ae797adc245df) by @stonith404)
+
+**Full Changelog**: https://github.com/pocket-id/pocket-id/compare/v2.0.1...v2.0.2
+
+## v2.0.1
+
+### Bug Fixes
+
+- admins imported from LDAP lose admin privileges ([2cce200](https://github.com/pocket-id/pocket-id/commit/2cce2008928081b5e0f0e6bcbc3f43816f082de9) by @stonith404)
+- restore old input input field size ([2341da9](https://github.com/pocket-id/pocket-id/commit/2341da99e9716686cf28dd0680d751ae9da0fadc) by @stonith404)
+
+### Other
+
+- bump image tag to `v2` ([cd2e9f3](https://github.com/pocket-id/pocket-id/commit/cd2e9f3a2ad753815ef8da998f9b54853d953a2a) by @stonith404)
+
+**Full Changelog**: https://github.com/pocket-id/pocket-id/compare/v2.0.0...v2.0.1
+
 ## v2.0.0
 
 ### Bug Fixes

backend/internal/utils/callback_url_util.go

@@ -17,31 +17,38 @@ func GetCallbackURLFromList(urls []string, inputCallbackURL string) (callbackURL
 	//   time of the request for loopback IP redirect URIs, to accommodate
 	//   clients that obtain an available ephemeral port from the operating
 	//   system at the time of the request.
-	loopbackRedirect := ""
+	loopbackCallbackURLWithoutPort := ""
 	u, _ := url.Parse(inputCallbackURL)
 
 	if u != nil && u.Scheme == "http" {
 		host := u.Hostname()
 		ip := net.ParseIP(host)
 		if host == "localhost" || (ip != nil && ip.IsLoopback()) {
-			loopbackRedirect = u.String()
 			u.Host = host
-			inputCallbackURL = u.String()
+			loopbackCallbackURLWithoutPort = u.String()
 		}
 	}
 
 	for _, pattern := range urls {
+		// Try the original callback first
 		matches, err := matchCallbackURL(pattern, inputCallbackURL)
 		if err != nil {
 			return "", err
-		} else if !matches {
+		}
-			continue
+		if matches {
+			return inputCallbackURL, nil
 		}
 
-		if loopbackRedirect != "" {
+		// If we have a loopback variant, try that too
-			return loopbackRedirect, nil
+		if loopbackCallbackURLWithoutPort != "" {
+			matches, err = matchCallbackURL(pattern, loopbackCallbackURLWithoutPort)
+			if err != nil {
+				return "", err
+			}
+			if matches {
+				return inputCallbackURL, nil
+			}
 		}
-		return inputCallbackURL, nil
 	}
 
 	return "", nil

backend/internal/utils/callback_url_util_test.go

@@ -392,6 +392,13 @@ func TestGetCallbackURLFromList_LoopbackSpecialHandling(t *testing.T) {
 			expectedURL:      "http://127.0.0.1:8080/callback",
 			expectMatch:      true,
 		},
+		{
+			name:             "127.0.0.1 with same port - exact match",
+			urls:             []string{"http://127.0.0.1:8080/callback"},
+			inputCallbackURL: "http://127.0.0.1:8080/callback",
+			expectedURL:      "http://127.0.0.1:8080/callback",
+			expectMatch:      true,
+		},
 		{
 			name:             "127.0.0.1 with different port",
 			urls:             []string{"http://127.0.0.1/callback"},

backend/internal/utils/db_migration_util.go

@@ -38,7 +38,14 @@ func MigrateDatabase(sqlDb *sql.DB) error {
 		return migrateDatabaseFromGitHub(sqlDb, requiredVersion)
 	}
 
-	if err := m.Migrate(requiredVersion); err != nil && !errors.Is(err, migrate.ErrNoChange) {
+	err = m.Migrate(requiredVersion)
+	if err != nil {
+		if errors.Is(err, migrate.ErrNoChange) {
+			return nil
+		}
+		if errors.As(err, &migrate.ErrDirty{}) {
+			return fmt.Errorf("database migration failed. Please create an issue on GitHub and temporarely downgrade to the previous version: %w", err)
+		}
 		return fmt.Errorf("failed to apply embedded migrations: %w", err)
 	}
 	return nil
@@ -98,7 +105,7 @@ func migrateDatabaseFromGitHub(sqlDb *sql.DB, version uint) error {
 		return fmt.Errorf("failed to create GitHub migration instance: %w", err)
 	}
 
-	if err := m.Migrate(version); err != nil && !errors.Is(err, migrate.ErrNoChange) {
+	if err := m.Force(int(version)); err != nil && !errors.Is(err, migrate.ErrNoChange) { //nolint:gosec
 		return fmt.Errorf("failed to apply GitHub migrations: %w", err)
 	}
 	return nil

backend/resources/migrations/postgres/20260102231700_ldap_admin_group_rename.down.sql

@@ -0,0 +1 @@
+UPDATE app_config_variables SET value = 'ldapAttributeAdminGroup' WHERE value = 'ldapAdminGroupName';

backend/resources/migrations/postgres/20260102231700_ldap_admin_group_rename.up.sql

@@ -0,0 +1,8 @@
+UPDATE app_config_variables
+SET key = 'ldapAdminGroupName'
+WHERE key = 'ldapAttributeAdminGroup'
+  AND NOT EXISTS (
+    SELECT 1
+    FROM app_config_variables
+    WHERE key = 'ldapAdminGroupName'
+);

backend/resources/migrations/postgres/20260103142200_user_nullable_fields.down.sql

@@ -0,0 +1 @@
+-- No-op on Postgres

backend/resources/migrations/postgres/20260103142200_user_nullable_fields.up.sql

@@ -0,0 +1 @@
+-- No-op on Postgres

backend/resources/migrations/sqlite/20251217141000_v2_export_normalization.up.sql

@@ -10,8 +10,8 @@ CREATE TABLE users_new
     id           TEXT                  NOT NULL PRIMARY KEY,
     created_at   DATETIME,
     username     TEXT COLLATE NOCASE   NOT NULL UNIQUE,
-    email        TEXT                  NOT NULL UNIQUE,
+    email        TEXT UNIQUE,
-    first_name   TEXT,
+    first_name   TEXT                  NOT NULL,
     last_name    TEXT                  NOT NULL,
     display_name TEXT                  NOT NULL,
     is_admin     BOOLEAN DEFAULT FALSE NOT NULL,

backend/resources/migrations/sqlite/20260102231700_ldap_admin_group_rename.down.sql

@@ -0,0 +1,7 @@
+PRAGMA foreign_keys= OFF;
+BEGIN;
+
+UPDATE app_config_variables SET value = 'ldapAttributeAdminGroup' WHERE value = 'ldapAdminGroupName';
+
+COMMIT;
+PRAGMA foreign_keys= ON;

backend/resources/migrations/sqlite/20260102231700_ldap_admin_group_rename.up.sql

@@ -0,0 +1,14 @@
+PRAGMA foreign_keys= OFF;
+BEGIN;
+
+UPDATE app_config_variables
+SET key = 'ldapAdminGroupName'
+WHERE key = 'ldapAttributeAdminGroup'
+  AND NOT EXISTS (
+    SELECT 1
+    FROM app_config_variables
+    WHERE key = 'ldapAdminGroupName'
+);
+
+COMMIT;
+PRAGMA foreign_keys= ON;

backend/resources/migrations/sqlite/20260103142200_user_nullable_fields.down.sql

@@ -0,0 +1 @@
+-- No-op

backend/resources/migrations/sqlite/20260103142200_user_nullable_fields.up.sql

@@ -0,0 +1,52 @@
+PRAGMA foreign_keys= OFF;
+BEGIN;
+
+CREATE TABLE users_new
+(
+    id           TEXT                  NOT NULL PRIMARY KEY,
+    created_at   DATETIME,
+    updated_at   DATETIME,
+    username     TEXT COLLATE NOCASE   NOT NULL UNIQUE,
+    email        TEXT UNIQUE,
+    first_name   TEXT                  NOT NULL,
+    last_name    TEXT                  NOT NULL,
+    display_name TEXT                  NOT NULL,
+    is_admin     BOOLEAN DEFAULT FALSE NOT NULL,
+    ldap_id      TEXT UNIQUE,
+    locale       TEXT,
+    disabled     BOOLEAN DEFAULT FALSE NOT NULL
+);
+
+INSERT INTO users_new (
+    id,
+    created_at,
+    updated_at,
+    username,
+    email,
+    first_name,
+    last_name,
+    display_name,
+    is_admin,
+    ldap_id,
+    locale,
+    disabled
+) SELECT
+    id,
+    created_at,
+    updated_at,
+    username,
+    email,
+    first_name,
+    last_name,
+    display_name,
+    is_admin,
+    ldap_id,
+    locale,
+    disabled FROM users;
+
+DROP TABLE users;
+ALTER TABLE users_new RENAME TO users;
+
+
+COMMIT;
+PRAGMA foreign_keys= ON;

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   pocket-id:
-    image: ghcr.io/pocket-id/pocket-id:v1
+    image: ghcr.io/pocket-id/pocket-id:v2
     restart: unless-stopped
     env_file: .env
     ports:

frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pocket-id-frontend",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "private": true,
   "type": "module",
   "scripts": {

frontend/src/lib/components/login-wrapper.svelte

@@ -53,7 +53,7 @@
 			)}"
 		>
 			<div class="flex h-full w-full flex-col overflow-hidden">
-				<div class="relative flex grow flex-col items-center justify-center overflow-auto">
+				<div class="relative flex grow flex-col items-center justify-center overflow-auto p-1">
 					{@render children()}
 				</div>
 				{#if showAlternativeSignInMethodButton}

frontend/src/lib/components/ui/input/input.svelte

@@ -24,7 +24,7 @@
 		bind:this={ref}
 		data-slot="input"
 		class={cn(
-			'selection:bg-primary dark:bg-input/30 selection:text-primary-foreground border-input ring-offset-background placeholder:text-muted-foreground flex h-8 w-full min-w-0 rounded-md border bg-transparent px-3 py-2 text-sm font-medium shadow-xs transition-[color,box-shadow] outline-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm',
+			'selection:bg-primary dark:bg-input/30 selection:text-primary-foreground border-input ring-offset-background placeholder:text-muted-foreground flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-2 text-base font-medium shadow-xs transition-[color,box-shadow] outline-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm',
 			'focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]',
 			'aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive',
 			className
@@ -39,7 +39,7 @@
 		bind:this={ref}
 		data-slot="input"
 		class={cn(
-			'border-input bg-background selection:bg-primary dark:bg-input/30 selection:text-primary-foreground ring-offset-background placeholder:text-muted-foreground flex h-8 w-full min-w-0 rounded-md border px-3 py-1 text-sm shadow-xs transition-[color,box-shadow] outline-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm',
+			'border-input bg-background selection:bg-primary dark:bg-input/30 selection:text-primary-foreground ring-offset-background placeholder:text-muted-foreground flex h-9 w-full min-w-0 rounded-md border px-3 py-1 text-base shadow-xs transition-[color,box-shadow] outline-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm',
 			'focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]',
 			'aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive',
 			className