From eba6a8e00f46a6935746668c3f15bebe27a12f9a Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Mon, 17 Jul 2023 10:25:44 +0200
Subject: [PATCH 1/6] setup sonarqube github action

Signed-off-by: binsky <timo@binsky.org>
---
 .github/workflows/sonarqube.yml | 26 ++++++++++++++++++++++++++
 sonar-project.properties        |  4 ++++
 2 files changed, 30 insertions(+)
 create mode 100644 .github/workflows/sonarqube.yml
 create mode 100644 sonar-project.properties

diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml
new file mode 100644
index 00000000..d1adfe8c
--- /dev/null
+++ b/.github/workflows/sonarqube.yml
@@ -0,0 +1,26 @@
+name: SonarQube
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: SonarQube Scan
+        uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      # If you wish to fail your job when the Quality Gate is red, uncomment the
+      # following lines. This would typically be used to fail a deployment.
+      - name: SonarQube Quality Gate check
+        uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 00000000..dee737c7
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,4 @@
+sonar.projectKey=Passman
+sonar.qualitygate.wait=true
+sonar.sources=.
+sonar.language=php

From 67eb8e86395c7018e214bf5eff4c539200f91f0d Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Mon, 17 Jul 2023 10:44:47 +0200
Subject: [PATCH 2/6] exclude l10n and tests from sonar sources

Signed-off-by: binsky <timo@binsky.org>
---
 sonar-project.properties | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sonar-project.properties b/sonar-project.properties
index dee737c7..566d4d0f 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -1,4 +1,5 @@
 sonar.projectKey=Passman
 sonar.qualitygate.wait=true
-sonar.sources=.
+sonar.sources=./
+sonar.exclusions=./l10n,./tests
 sonar.language=php

From 3727c802c35e75531823c02defc11d37e1d0ce54 Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Mon, 17 Jul 2023 11:01:29 +0200
Subject: [PATCH 3/6] ignore hardcoded credential detection in l10n due to a
 lot of false positives

Signed-off-by: binsky <timo@binsky.org>
---
 sonar-project.properties | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sonar-project.properties b/sonar-project.properties
index 566d4d0f..671a9c92 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -3,3 +3,8 @@ sonar.qualitygate.wait=true
 sonar.sources=./
 sonar.exclusions=./l10n,./tests
 sonar.language=php
+
+sonar.issue.ignore.multicriteria=e1
+# Ignore "Hard-coded credentials are security-sensitive"
+sonar.issue.ignore.multicriteria.e1.ruleKey=javascript:S2068
+sonar.issue.ignore.multicriteria.e1.resourceKey=l10n/*

From 0cd2e01a50a8e078ea09ee1a1aa0884f4902e607 Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Sat, 10 Jan 2026 20:45:31 +0100
Subject: [PATCH 4/6] ignore css directory in sonar analysis since it contains
 only compiled scss or external css

---
 sonar-project.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sonar-project.properties b/sonar-project.properties
index 671a9c92..027f378f 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -1,7 +1,7 @@
 sonar.projectKey=Passman
 sonar.qualitygate.wait=true
 sonar.sources=./
-sonar.exclusions=./l10n,./tests
+sonar.exclusions=./l10n,./tests,./css
 sonar.language=php
 
 sonar.issue.ignore.multicriteria=e1

From d9188aa530dd6ef55c0ed721c63bd15f9964a3af Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Sat, 10 Jan 2026 20:54:57 +0100
Subject: [PATCH 5/6] explicitly mention the visibility of method in
 NotificationService.php; add new constant

---
 lib/Service/NotificationService.php | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/lib/Service/NotificationService.php b/lib/Service/NotificationService.php
index a77c33a9..08498a28 100644
--- a/lib/Service/NotificationService.php
+++ b/lib/Service/NotificationService.php
@@ -31,6 +31,8 @@
 use OCP\Notification\IManager;
 
 class NotificationService {
+    public const APP_URL_PREFIX = 'index.php/apps/' . Application::APP_ID;
+
 	public function __construct(
 		private IManager $manager,
 		private IURLGenerator $urlGenerator,
@@ -38,8 +40,8 @@ public function __construct(
 	) {
 	}
 
-	function credentialExpiredNotification($credential, $link) {
-		$api = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'index.php/apps/' . Application::APP_ID));
+	public function credentialExpiredNotification($credential, $link) {
+		$api = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', self::APP_URL_PREFIX));
 		$notification = $this->manager->createNotification();
 		$remindAction = $notification->createAction();
 		$remindAction->setLabel('remind')
@@ -62,9 +64,9 @@ function credentialExpiredNotification($credential, $link) {
 	}
 
 
-	function credentialSharedNotification($data) {
-		$link = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'index.php/apps/' . Application::APP_ID . '/#/'));
-		$api = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'index.php/apps/' . Application::APP_ID));
+	public function credentialSharedNotification($data) {
+		$link = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', self::APP_URL_PREFIX . '/#/'));
+		$api = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', self::APP_URL_PREFIX));
 		$notification = $this->manager->createNotification();
 
 		$declineAction = $notification->createAction();
@@ -83,7 +85,7 @@ function credentialSharedNotification($data) {
 	}
 
 
-	function credentialDeclinedSharedNotification($data) {
+	public function credentialDeclinedSharedNotification($data) {
 		$notification = $this->manager->createNotification();
 		$notification->setApp(Application::APP_ID)
 			->setUser($data['target_user'])
@@ -94,7 +96,7 @@ function credentialDeclinedSharedNotification($data) {
 	}
 
 
-	function credentialAcceptedSharedNotification($data) {
+	public function credentialAcceptedSharedNotification($data) {
 		$notification = $this->manager->createNotification();
 		$notification->setApp(Application::APP_ID)
 			->setUser($data['target_user'])
@@ -104,7 +106,7 @@ function credentialAcceptedSharedNotification($data) {
 		$this->manager->notify($notification);
 	}
 
-	function hasCredentialExpirationNotification($credential): bool {
+	public function hasCredentialExpirationNotification($credential): bool {
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('*')
 			->from('notifications')
@@ -113,7 +115,7 @@ function hasCredentialExpirationNotification($credential): bool {
 			return $qb->executeQuery()->rowCount() !== 0;
 	}
 
-	function deleteNotificationsOfCredential($credential) {
+	public function deleteNotificationsOfCredential($credential) {
 		$qb = $this->db->getQueryBuilder();
 		$qb->delete('notifications')
 			->where($qb->expr()->eq('object_id', $qb->createNamedParameter($credential->getId(), IQueryBuilder::PARAM_INT)))
@@ -121,7 +123,7 @@ function deleteNotificationsOfCredential($credential) {
 		return $qb->executeStatement();
 	}
 
-	function markNotificationOfCredentialAsProcessed(int $credential_id, string $user_id): void {
+	public function markNotificationOfCredentialAsProcessed(int $credential_id, string $user_id): void {
 		$notification = $this->manager->createNotification();
 		$notification->setApp(Application::APP_ID)
 			->setObject('credential', $credential_id)

From 8b7dd9aa43b245b6ebcd84ffe3fd35b75497f0a0 Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Sat, 10 Jan 2026 20:59:25 +0100
Subject: [PATCH 6/6] remove duplicate scss code

---
 sass/menu.scss        | 8 --------
 sass/public-page.scss | 1 -
 2 files changed, 9 deletions(-)

diff --git a/sass/menu.scss b/sass/menu.scss
index f803e803..5590ec5e 100644
--- a/sass/menu.scss
+++ b/sass/menu.scss
@@ -247,15 +247,11 @@
   background: none;
   background-position-x: 0%;
   background-position-y: 0%;
-  background-repeat: repeat;
-  background-image: none;
-  background-size: auto;
   background-image: var(--icon-triangle-s-dark);
   background-size: 16px;
   background-repeat: no-repeat;
   background-position: center;
   border: none;
-  border-radius: 0;
   outline: none !important;
   box-shadow: none;
   content: " ";
@@ -273,10 +269,6 @@
 #app-navigation:not(.vue) > ul > li > .app-navigation-entry-bullet + a, #app-navigation:not(.vue) > ul > li > ul > li > .app-navigation-entry-bullet + a {
   background: rgba(0,0,0,0) !important;
 }
-#app-navigation:not(.vue) > ul > li > a.svg, #app-navigation:not(.vue) > ul > li > ul > li > a.svg {
-  padding: 0 12px 0 44px;
-  padding-left: 44px;
-}
 #app-navigation:not(.vue) > ul > li > .app-navigation-entry-bullet, #app-navigation:not(.vue) > ul > li > ul > li > .app-navigation-entry-bullet {
   position: absolute;
   display: block;
diff --git a/sass/public-page.scss b/sass/public-page.scss
index 09d9c8b3..36f75235 100644
--- a/sass/public-page.scss
+++ b/sass/public-page.scss
@@ -95,7 +95,6 @@ header {
 }
 
 .credential_field {
-  /* overflow: hidden; */
   display: flex;
   flex-wrap: wrap;
   align-items: center;