In 60239bd637 the assumption that init_oidc_client could be imported
from oidc_handler was introduced into admin_routes.py.
However, init_oidc_client was defined in __init__.py, leaving us with
the options of:
1. Importing from .
2. Moving the implementation to oidc_handler, and importing in
__init__.py
I've gone with option 2.
Fixes & Enhancements
* Resolved five critical Apprise notification issues:
• Ensured configuration reload during scheduled jobs
• Fixed warranty data fetching for Apprise-only users
• Refactored notification dispatch logic with dedicated helpers
• Corrected handler scoping via Flask app context
• Wrapped scheduler jobs with Flask app context to prevent context errors
→ Verified: Scheduled Apprise notifications now work reliably for "Apprise only" and "Both" channels.
* Added support for SMTP\_FROM\_ADDRESS environment variable, allowing sender address customization independent of SMTP username. (PR #115)
* Fixed duplicate scheduled notifications in multi-worker environments:
• Strengthened should\_run\_scheduler() logic
• Now guarantees exactly one scheduler instance across all Gunicorn modes.
* Fixed stale database connection handling in scheduled jobs:
• Fresh connection acquired each run, properly released via try/finally
• Eliminates "server closed the connection" errors.
* Definitive scheduler logic fix for all memory modes (ultra-light, optimized, performance):
• Single-worker runs scheduler if GUNICORN\_WORKER\_ID is unset
• Multi-worker: only worker 0 runs scheduler.
Impact
* Apprise and Email notifications are now stable, reliable, and production-ready
* No more duplicate or missed notifications across all memory modes
* Improved system efficiency and robustness
Fixes & Enhancements
* Resolved five critical Apprise notification issues:
• Ensured configuration reload during scheduled jobs
• Fixed warranty data fetching for Apprise-only users
• Refactored notification dispatch logic with dedicated helpers
• Corrected handler scoping via Flask app context
• Wrapped scheduler jobs with Flask app context to prevent context errors
→ Verified: Scheduled Apprise notifications now work reliably for "Apprise only" and "Both" channels.
* Added support for SMTP\_FROM\_ADDRESS environment variable, allowing sender address customization independent of SMTP username. (PR #115)
* Fixed duplicate scheduled notifications in multi-worker environments:
• Strengthened should\_run\_scheduler() logic
• Now guarantees exactly one scheduler instance across all Gunicorn modes.
* Fixed stale database connection handling in scheduled jobs:
• Fresh connection acquired each run, properly released via try/finally
• Eliminates "server closed the connection" errors.
* Definitive scheduler logic fix for all memory modes (ultra-light, optimized, performance):
• Single-worker runs scheduler if GUNICORN\_WORKER\_ID is unset
• Multi-worker: only worker 0 runs scheduler.
Impact
* Apprise and Email notifications are now stable, reliable, and production-ready
* No more duplicate or missed notifications across all memory modes
* Improved system efficiency and robustness
Fixes & Enhancements
* Resolved five critical Apprise notification issues:
• Ensured configuration reload during scheduled jobs
• Fixed warranty data fetching for Apprise-only users
• Refactored notification dispatch logic with dedicated helpers
• Corrected handler scoping via Flask app context
• Wrapped scheduler jobs with Flask app context to prevent context errors
→ Verified: Scheduled Apprise notifications now work reliably for "Apprise only" and "Both" channels.
* Added support for SMTP\_FROM\_ADDRESS environment variable, allowing sender address customization independent of SMTP username. (PR #115)
* Fixed duplicate scheduled notifications in multi-worker environments:
• Strengthened should\_run\_scheduler() logic
• Now guarantees exactly one scheduler instance across all Gunicorn modes.
* Fixed stale database connection handling in scheduled jobs:
• Fresh connection acquired each run, properly released via try/finally
• Eliminates "server closed the connection" errors.
* Definitive scheduler logic fix for all memory modes (ultra-light, optimized, performance):
• Single-worker runs scheduler if GUNICORN\_WORKER\_ID is unset
• Multi-worker: only worker 0 runs scheduler.
Impact
* Apprise and Email notifications are now stable, reliable, and production-ready
* No more duplicate or missed notifications across all memory modes
* Improved system efficiency and robustness
Resolved critical scheduler initialization bug in Docker ultra-light mode by moving scheduler setup into the create_app() function and improving worker detection logic. Added missing /api/timezones and /api/locales endpoints to support frontend settings page. Ensured compatibility across all memory modes with single-worker and multi-worker setups. Also fixed mobile UI issues including text overflow on the "Manage Tags" button and oversized warranty cards in list view. Implemented responsive CSS adjustments for mobile screens to improve layout and usability.
### Highlights:
- **Environment Variable Precedence Fix:** Corrected config loading logic to prioritize environment variables over database defaults on fresh installations. Ensured OIDC, Apprise, and email settings are now correctly derived from `.env` files. Also fixed the `/api/auth/oidc-status` endpoint to reflect the true state.
- **PostgreSQL Migration Permissions:** Updated migration scripts to avoid `CREATEROLE` errors on standard DB users by using `DO` blocks with graceful fallbacks.
### Major Code Refactoring:
- **Blueprint Extraction:**
- Moved admin, warranty, tag, file handling, and statistics routes into dedicated Flask Blueprints for improved maintainability.
- Introduced `file_routes.py`, `tags_routes.py`, `admin_routes.py`, `warranties_routes.py`, and `statistics_routes.py`.
- **Application Factory Pattern:**
- Adopted the Flask Application Factory pattern using `create_app()` for modular, testable architecture.
- Added `config.py`, centralized `extensions.py`, and simplified `app.py` to a minimal entry point.
### Additional Fixes:
- Restored missing `/api/currencies` and `/api/settings/global-view-status` endpoints.
- Fixed status page warranty expansion and toast notification issues.
- Updated frontend logic to properly show Paperless-ngx documents on warranty cards and status page.
### Impact:
- Configuration via Docker `.env` now works reliably.
- Application can now run on standard PostgreSQL setups.
- Codebase is modular and easier to maintain.
- Frontend issues related to missing endpoints and document visibility are resolved.
This update introduces comprehensive OpenID Connect (OIDC) Single Sign-On support with dynamic configuration via the database and full frontend/backend integration. Key additions include:
- OIDC SSO login via external providers (e.g., Google, Keycloak), with automatic user provisioning and session linking.
- Admin settings UI for enabling/disabling SSO and managing provider credentials.
- Provider-branded SSO buttons with dynamic labels, icons, and styles.
- Exact warranty expiration date support alongside duration-based input, with full validation and UI enhancements.
- Full UI responsiveness for warranty field updates, tag creation, and note editing.
- Memory usage optimization for low-resource deployments via configurable modes (optimized, ultra-light, performance).
- Numerous fixes for SSO authentication flow, UI sync issues, database constraints, and modal interactions.
- Upgraded dependencies for security, performance, and compatibility (Flask 3.0.3, Gunicorn 23.0.0, etc.).
- Frontend improvements: Chart.js loading fix, tooltips for long product names, and dark/light mode-compatible footer.
This release significantly improves authentication flexibility, performance, and user experience across all major components.
