Move custom fields to global admin settings

.gitignore

@@ -41,6 +41,3 @@ npm-debug.log
 .env
 
 .elixir_ls/
-
-# Docker secrets directory (generated by `just init-secrets`)
-/secrets/

CHANGELOG.md

@@ -17,7 +17,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - CopyToClipboard JavaScript hook with fallback for older browsers
   - Button shows count of visible selected members (respects search/filter)
   - German/English translations
-- Docker secrets support via `_FILE` environment variables for all sensitive configuration (SECRET_KEY_BASE, TOKEN_SIGNING_SECRET, OIDC_CLIENT_SECRET, DATABASE_URL, DATABASE_PASSWORD)
 
 ### Fixed
 - Email validation false positive when linking user and member with identical emails (#168 Problem #4)

Justfile

@@ -90,27 +90,4 @@ clean:
 remove-gettext-conflicts:
   #!/usr/bin/env bash
   set -euo pipefail
-  find priv/gettext -type f -exec sed -i '/^<<<<<<< HEAD$/d; /^=======$/d; /^>>>>>>>/d' {} \;
-
-# Production environment commands
-# ================================
-
-# Initialize secrets directory with generated secrets (only if not exists)
-init-prod-secrets:
-  #!/usr/bin/env bash
-  set -euo pipefail
-  if [ -d "secrets" ]; then
-    echo "Secrets directory already exists. Skipping generation."
-    exit 0
-  fi
-  echo "Creating secrets directory and generating secrets..."
-  mkdir -p secrets
-  mix phx.gen.secret > secrets/secret_key_base.txt
-  mix phx.gen.secret > secrets/token_signing_secret.txt
-  openssl rand -base64 32 | tr -d '\n' > secrets/db_password.txt
-  touch secrets/oidc_client_secret.txt
-  echo "Secrets generated in ./secrets/"
-
-# Start production environment with Docker Compose
-start-prod: init-prod-secrets
-  docker compose -f docker-compose.prod.yml up -d
+  find priv/gettext -type f -exec sed -i '/^<<<<<<< HEAD$/d; /^=======$/d; /^>>>>>>>/d' {} \;

README.md

@@ -217,13 +217,6 @@ For testing the production Docker build locally:
    # OIDC_BASE_URL=http://localhost:8080/auth/v1
    # OIDC_REDIRECT_URI=http://localhost:4001/auth/user/rauthy/callback
    # OIDC_CLIENT_SECRET=<from-rauthy-client>
-   
-   # Alternative: Use _FILE variables for Docker secrets (takes priority over regular vars):
-   # SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
-   # TOKEN_SIGNING_SECRET_FILE=/run/secrets/token_signing_secret
-   # OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
-   # DATABASE_URL_FILE=/run/secrets/database_url
-   # DATABASE_PASSWORD_FILE=/run/secrets/database_password
    ```
 
 3. **Start development environment** (for Rauthy):
@@ -257,7 +250,7 @@ For actual production deployment:
    - Set `OIDC_BASE_URL` to your production OIDC provider
    - Configure proper Docker networks
 3. **Set up SSL/TLS** (e.g., via reverse proxy like Nginx/Traefik)
-4. **Use secure secrets management** — All sensitive environment variables support a `_FILE` suffix for Docker secrets (e.g., `SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base`). See `docker-compose.prod.yml` for an example setup with Docker secrets.
+4. **Use secure secrets management** (environment variables, Docker secrets, vault)
 5. **Configure database backups**
 
 

config/runtime.exs

@@ -7,75 +7,6 @@ import Config
 # any compile-time configuration in here, as it won't be applied.
 # The block below contains prod specific runtime configuration.
 
-# Helper function to read environment variables with Docker secrets support.
-# Supports the _FILE suffix pattern: if VAR_FILE is set, reads the value from
-# that file path. Otherwise falls back to VAR directly.
-# VAR_FILE takes priority and must contain the full absolute path to the secret file.
-get_env_or_file = fn var_name, default ->
-  file_var = "#{var_name}_FILE"
-
-  case System.get_env(file_var) do
-    nil ->
-      System.get_env(var_name, default)
-
-    file_path ->
-      case File.read(file_path) do
-        {:ok, content} ->
-          String.trim_trailing(content)
-
-        {:error, reason} ->
-          raise """
-          Failed to read secret from file specified in #{file_var}="#{file_path}".
-          Error: #{inspect(reason)}
-          """
-      end
-  end
-end
-
-# Same as get_env_or_file but raises if the value is not set
-get_env_or_file! = fn var_name, error_message ->
-  case get_env_or_file.(var_name, nil) do
-    nil -> raise error_message
-    value -> value
-  end
-end
-
-# Build database URL from individual components or use DATABASE_URL directly.
-# Supports both approaches:
-# 1. DATABASE_URL (or DATABASE_URL_FILE) - full connection URL
-# 2. Separate vars: DATABASE_HOST, DATABASE_USER, DATABASE_PASSWORD (or _FILE), DATABASE_NAME, DATABASE_PORT
-build_database_url = fn ->
-  case get_env_or_file.("DATABASE_URL", nil) do
-    nil ->
-      # Build URL from separate components
-      host =
-        System.get_env("DATABASE_HOST") ||
-          raise "DATABASE_HOST is required when DATABASE_URL is not set"
-
-      user =
-        System.get_env("DATABASE_USER") ||
-          raise "DATABASE_USER is required when DATABASE_URL is not set"
-
-      password =
-        get_env_or_file!.("DATABASE_PASSWORD", """
-        DATABASE_PASSWORD or DATABASE_PASSWORD_FILE is required when DATABASE_URL is not set.
-        """)
-
-      database =
-        System.get_env("DATABASE_NAME") ||
-          raise "DATABASE_NAME is required when DATABASE_URL is not set"
-
-      port = System.get_env("DATABASE_PORT", "5432")
-
-      # URL-encode the password to handle special characters
-      encoded_password = URI.encode_www_form(password)
-      "ecto://#{user}:#{encoded_password}@#{host}:#{port}/#{database}"
-
-    url ->
-      url
-  end
-end
-
 # ## Using releases
 #
 # If you use `mix release`, you need to explicitly enable the server
@@ -90,7 +21,12 @@ if System.get_env("PHX_SERVER") do
 end
 
 if config_env() == :prod do
-  database_url = build_database_url.()
+  database_url =
+    System.get_env("DATABASE_URL") ||
+      raise """
+      environment variable DATABASE_URL is missing.
+      For example: ecto://USER:PASS@HOST/DATABASE
+      """
 
   maybe_ipv6 = if System.get_env("ECTO_IPV6") in ~w(true 1), do: [:inet6], else: []
 
@@ -105,12 +41,12 @@ if config_env() == :prod do
   # want to use a different value for prod and you most likely don't want
   # to check this value into version control, so we use an environment
   # variable instead.
-  # Supports SECRET_KEY_BASE or SECRET_KEY_BASE_FILE for Docker secrets.
   secret_key_base =
-    get_env_or_file!.("SECRET_KEY_BASE", """
-    environment variable SECRET_KEY_BASE (or SECRET_KEY_BASE_FILE) is missing.
-    You can generate one by calling: mix phx.gen.secret
-    """)
+    System.get_env("SECRET_KEY_BASE") ||
+      raise """
+      environment variable SECRET_KEY_BASE is missing.
+      You can generate one by calling: mix phx.gen.secret
+      """
 
   host = System.get_env("PHX_HOST") || raise "Please define the PHX_HOST environment variable."
   port = String.to_integer(System.get_env("PORT") || "4000")
@@ -118,47 +54,32 @@ if config_env() == :prod do
   config :mv, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
 
   # Rauthy OIDC configuration
-  # Supports OIDC_CLIENT_SECRET or OIDC_CLIENT_SECRET_FILE for Docker secrets.
-  # OIDC_CLIENT_SECRET is required only if OIDC is being used (indicated by explicit OIDC env vars).
-  oidc_base_url = System.get_env("OIDC_BASE_URL")
-  oidc_client_id = System.get_env("OIDC_CLIENT_ID")
-  oidc_in_use = not is_nil(oidc_base_url) or not is_nil(oidc_client_id)
-
-  client_secret =
-    if oidc_in_use do
-      get_env_or_file!.("OIDC_CLIENT_SECRET", """
-      environment variable OIDC_CLIENT_SECRET (or OIDC_CLIENT_SECRET_FILE) is missing.
-      This is required when OIDC authentication is configured (OIDC_BASE_URL or OIDC_CLIENT_ID is set).
-      """)
-    else
-      get_env_or_file.("OIDC_CLIENT_SECRET", nil)
-    end
-
   config :mv, :rauthy,
-    client_id: oidc_client_id || "mv",
-    base_url: oidc_base_url || "http://localhost:8080/auth/v1",
-    client_secret: client_secret,
+    client_id: System.get_env("OIDC_CLIENT_ID") || "mv",
+    base_url: System.get_env("OIDC_BASE_URL") || "http://localhost:8080/auth/v1",
+    client_secret: System.get_env("OIDC_CLIENT_SECRET"),
     redirect_uri:
       System.get_env("OIDC_REDIRECT_URI") || "http://#{host}:#{port}/auth/user/rauthy/callback"
 
   # Token signing secret from environment variable
   # This overrides the placeholder value set in prod.exs
-  # Supports TOKEN_SIGNING_SECRET or TOKEN_SIGNING_SECRET_FILE for Docker secrets.
   token_signing_secret =
-    get_env_or_file!.("TOKEN_SIGNING_SECRET", """
-    environment variable TOKEN_SIGNING_SECRET (or TOKEN_SIGNING_SECRET_FILE) is missing.
-    You can generate one by calling: mix phx.gen.secret
-    """)
+    System.get_env("TOKEN_SIGNING_SECRET") ||
+      raise """
+      environment variable TOKEN_SIGNING_SECRET is missing.
+      You can generate one by calling: mix phx.gen.secret
+      """
 
   config :mv, :token_signing_secret, token_signing_secret
 
   config :mv, MvWeb.Endpoint,
     url: [host: host, port: 443, scheme: "https"],
     http: [
-      # Bind on all IPv4 interfaces.
-      # Use {0, 0, 0, 0, 0, 0, 0, 0} for IPv6, or {127, 0, 0, 1} for localhost only.
+      # Enable IPv6 and bind on all interfaces.
+      # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
       # See the documentation on https://hexdocs.pm/bandit/Bandit.html#t:options/0
-      ip: {0, 0, 0, 0},
+      # for details about using IPv6 vs IPv4 and loopback vs public addresses.
+      ip: {0, 0, 0, 0, 0, 0, 0, 0},
       port: port
     ],
     secret_key_base: secret_key_base,

docker-compose.prod.yml

@@ -2,32 +2,21 @@ services:
   app:
     image: git.local-it.org/local-it/mitgliederverwaltung:latest
     container_name: mv-prod-app
-    ports:
-      - "4001:4001"
+    # Use host network for local testing to access localhost:8080 (Rauthy)
+    # In real production, remove this and use external OIDC provider
+    network_mode: host
     environment:
-      # Database configuration using separate variables
-      # Use Docker service name for internal networking
-      DATABASE_HOST: "db-prod"
-      DATABASE_PORT: "5432"
-      DATABASE_USER: "postgres"
-      DATABASE_NAME: "mv_prod"
-      DATABASE_PASSWORD_FILE: "/run/secrets/db_password"
-      # Phoenix secrets via Docker secrets
-      SECRET_KEY_BASE_FILE: "/run/secrets/secret_key_base"
-      TOKEN_SIGNING_SECRET_FILE: "/run/secrets/token_signing_secret"
-      PHX_HOST: "${PHX_HOST:-localhost}"
+      DATABASE_URL: "ecto://postgres:postgres@localhost:5001/mv_prod"
+      SECRET_KEY_BASE: "${SECRET_KEY_BASE}"
+      TOKEN_SIGNING_SECRET: "${TOKEN_SIGNING_SECRET}"
+      PHX_HOST: "${PHX_HOST}"
       PORT: "4001"
       PHX_SERVER: "true"
-      # Rauthy OIDC config - use host.docker.internal to reach host services
+      # Rauthy OIDC config - uses localhost because of host network mode
       OIDC_CLIENT_ID: "mv"
-      OIDC_BASE_URL: "http://host.docker.internal:8080/auth/v1"
-      OIDC_CLIENT_SECRET_FILE: "/run/secrets/oidc_client_secret"
+      OIDC_BASE_URL: "http://localhost:8080/auth/v1"
+      OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET:-}"
       OIDC_REDIRECT_URI: "http://localhost:4001/auth/user/rauthy/callback"
-    secrets:
-      - db_password
-      - secret_key_base
-      - token_signing_secret
-      - oidc_client_secret
     depends_on:
       - db-prod
     restart: unless-stopped
@@ -37,25 +26,13 @@ services:
     container_name: mv-prod-db
     environment:
       POSTGRES_USER: postgres
-      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
+      POSTGRES_PASSWORD: postgres
       POSTGRES_DB: mv_prod
-    secrets:
-      - db_password
     volumes:
       - postgres_data_prod:/var/lib/postgresql/data
     ports:
       - "5001:5432"
     restart: unless-stopped
 
-secrets:
-  db_password:
-    file: ./secrets/db_password.txt
-  secret_key_base:
-    file: ./secrets/secret_key_base.txt
-  token_signing_secret:
-    file: ./secrets/token_signing_secret.txt
-  oidc_client_secret:
-    file: ./secrets/oidc_client_secret.txt
-
 volumes:
   postgres_data_prod:

lib/mv_web/components/core_components.ex

@@ -79,7 +79,7 @@ defmodule MvWeb.CoreComponents do
           <p>{msg}</p>
         </div>
         <div class="flex-1" />
-        <button type="button" class="self-start cursor-pointer group" aria-label={gettext("close")}>
+        <button type="button" class="group self-start cursor-pointer" aria-label={gettext("close")}>
           <.icon name="hero-x-mark" class="size-5 opacity-40 group-hover:opacity-70" />
         </button>
       </div>
@@ -368,63 +368,61 @@ defmodule MvWeb.CoreComponents do
       end
 
     ~H"""
-    <div class="overflow-auto">
-      <table class="table table-zebra">
-        <thead>
-          <tr>
-            <th :for={col <- @col}>{col[:label]}</th>
-            <th :for={dyn_col <- @dynamic_cols}>
-              <.live_component
-                module={MvWeb.Components.SortHeaderComponent}
-                id={:"sort_custom_field_#{dyn_col[:custom_field].id}"}
-                field={"custom_field_#{dyn_col[:custom_field].id}"}
-                label={dyn_col[:custom_field].name}
-                sort_field={@sort_field}
-                sort_order={@sort_order}
-              />
-            </th>
-            <th :if={@action != []}>
-              <span class="sr-only">{gettext("Actions")}</span>
-            </th>
-          </tr>
-        </thead>
-        <tbody id={@id} phx-update={is_struct(@rows, Phoenix.LiveView.LiveStream) && "stream"}>
-          <tr :for={row <- @rows} id={@row_id && @row_id.(row)}>
-            <td
-              :for={col <- @col}
-              phx-click={@row_click && @row_click.(row)}
-              class={["max-w-xs truncate", @row_click && "hover:cursor-pointer"]}
-            >
-              {render_slot(col, @row_item.(row))}
-            </td>
-            <td
-              :for={dyn_col <- @dynamic_cols}
-              phx-click={@row_click && @row_click.(row)}
-              class={["max-w-xs truncate", @row_click && "hover:cursor-pointer"]}
-            >
-              {if dyn_col[:render] do
-                rendered = dyn_col[:render].(@row_item.(row))
+    <table class="table table-zebra">
+      <thead>
+        <tr>
+          <th :for={col <- @col}>{col[:label]}</th>
+          <th :for={dyn_col <- @dynamic_cols}>
+            <.live_component
+              module={MvWeb.Components.SortHeaderComponent}
+              id={:"sort_custom_field_#{dyn_col[:custom_field].id}"}
+              field={"custom_field_#{dyn_col[:custom_field].id}"}
+              label={dyn_col[:custom_field].name}
+              sort_field={@sort_field}
+              sort_order={@sort_order}
+            />
+          </th>
+          <th :if={@action != []}>
+            <span class="sr-only">{gettext("Actions")}</span>
+          </th>
+        </tr>
+      </thead>
+      <tbody id={@id} phx-update={is_struct(@rows, Phoenix.LiveView.LiveStream) && "stream"}>
+        <tr :for={row <- @rows} id={@row_id && @row_id.(row)}>
+          <td
+            :for={col <- @col}
+            phx-click={@row_click && @row_click.(row)}
+            class={@row_click && "hover:cursor-pointer"}
+          >
+            {render_slot(col, @row_item.(row))}
+          </td>
+          <td
+            :for={dyn_col <- @dynamic_cols}
+            phx-click={@row_click && @row_click.(row)}
+            class={@row_click && "hover:cursor-pointer"}
+          >
+            {if dyn_col[:render] do
+              rendered = dyn_col[:render].(@row_item.(row))
 
-                if rendered == "" do
-                  ""
-                else
-                  rendered
-                end
-              else
+              if rendered == "" do
                 ""
-              end}
-            </td>
-            <td :if={@action != []} class="w-0 font-semibold">
-              <div class="flex gap-4">
-                <%= for action <- @action do %>
-                  {render_slot(action, @row_item.(row))}
-                <% end %>
-              </div>
-            </td>
-          </tr>
-        </tbody>
-      </table>
-    </div>
+              else
+                rendered
+              end
+            else
+              ""
+            end}
+          </td>
+          <td :if={@action != []} class="w-0 font-semibold">
+            <div class="flex gap-4">
+              <%= for action <- @action do %>
+                {render_slot(action, @row_item.(row))}
+              <% end %>
+            </div>
+          </td>
+        </tr>
+      </tbody>
+    </table>
     """
   end
 

lib/mv_web/helpers/date_formatter.ex

@@ -1,27 +0,0 @@
-defmodule MvWeb.Helpers.DateFormatter do
-  @moduledoc """
-  Centralized date formatting helper for the application.
-  Formats dates in European format (dd.mm.yyyy).
-  """
-
-  use Gettext, backend: MvWeb.Gettext
-
-  @doc """
-  Formats a Date struct to European format (dd.mm.yyyy).
-
-  ## Examples
-
-      iex> MvWeb.Helpers.DateFormatter.format_date(~D[2024-03-15])
-      "15.03.2024"
-
-      iex> MvWeb.Helpers.DateFormatter.format_date(nil)
-      ""
-  """
-  def format_date(%Date{} = date) do
-    Calendar.strftime(date, "%d.%m.%Y")
-  end
-
-  def format_date(nil), do: ""
-
-  def format_date(_), do: "Invalid date"
-end

lib/mv_web/live/components/sort_header_component.ex

@@ -19,7 +19,7 @@ defmodule MvWeb.Components.SortHeaderComponent do
   @impl true
   def render(assigns) do
     ~H"""
-    <div class="tooltip tooltip-bottom" data-tip={aria_sort(@field, @sort_field, @sort_order)}>
+    <div class="tooltip" data-tip={aria_sort(@field, @sort_field, @sort_order)}>
       <button
         type="button"
         aria-label={aria_sort(@field, @sort_field, @sort_order)}

lib/mv_web/live/member_live/index.ex

@@ -32,7 +32,6 @@ defmodule MvWeb.MemberLive.Index do
 
   alias Mv.Membership
   alias MvWeb.MemberLive.Index.Formatter
-  alias MvWeb.Helpers.DateFormatter
 
   # Prefix used in sort field names for custom fields (e.g., "custom_field_<id>")
   @custom_field_prefix "custom_field_"
@@ -938,7 +937,4 @@ defmodule MvWeb.MemberLive.Index do
       Map.get(visibility_config, Atom.to_string(field), true)
     end)
   end
-
-  # Public helper function to format dates for use in templates
-  def format_date(date), do: DateFormatter.format_date(date)
 end

lib/mv_web/live/member_live/index.html.heex

@@ -224,7 +224,7 @@
         """
       }
     >
-      {MvWeb.MemberLive.Index.format_date(member.join_date)}
+      {member.join_date}
     </:col>
     <:col :let={member} label={gettext("Paid")}>
       <span class={[

lib/mv_web/live/member_live/index/formatter.ex

@@ -6,7 +6,6 @@ defmodule MvWeb.MemberLive.Index.Formatter do
   formats them appropriately for display in the UI.
   """
   use Gettext, backend: MvWeb.Gettext
-  alias MvWeb.Helpers.DateFormatter
 
   @doc """
   Formats a custom field value for display.
@@ -62,11 +61,11 @@ defmodule MvWeb.MemberLive.Index.Formatter do
   defp format_value_by_type(value, :boolean, _) when value == false, do: gettext("No")
   defp format_value_by_type(value, :boolean, _), do: to_string(value)
 
-  defp format_value_by_type(%Date{} = date, :date, _), do: DateFormatter.format_date(date)
+  defp format_value_by_type(%Date{} = date, :date, _), do: Date.to_string(date)
 
   defp format_value_by_type(value, :date, _) when is_binary(value) do
     case Date.from_iso8601(value) do
-      {:ok, date} -> DateFormatter.format_date(date)
+      {:ok, date} -> Date.to_string(date)
       _ -> value
     end
   end

lib/mv_web/live/member_live/show.ex

@@ -23,7 +23,6 @@ defmodule MvWeb.MemberLive.Show do
   """
   use MvWeb, :live_view
   import Ash.Query
-  alias MvWeb.Helpers.DateFormatter
 
   @impl true
   def render(assigns) do
@@ -53,8 +52,8 @@ defmodule MvWeb.MemberLive.Show do
           {if @member.paid, do: gettext("Yes"), else: gettext("No")}
         </:item>
         <:item title={gettext("Phone Number")}>{@member.phone_number}</:item>
-        <:item title={gettext("Join Date")}>{DateFormatter.format_date(@member.join_date)}</:item>
-        <:item title={gettext("Exit Date")}>{DateFormatter.format_date(@member.exit_date)}</:item>
+        <:item title={gettext("Join Date")}>{@member.join_date}</:item>
+        <:item title={gettext("Exit Date")}>{@member.exit_date}</:item>
         <:item title={gettext("Notes")}>{@member.notes}</:item>
         <:item title={gettext("City")}>{@member.city}</:item>
         <:item title={gettext("Street")}>{@member.street}</:item>
@@ -82,7 +81,10 @@ defmodule MvWeb.MemberLive.Show do
             # name
             cfv.custom_field && cfv.custom_field.name,
             # value
-            format_custom_field_value(cfv)
+            case cfv.value do
+              %{value: v} -> v
+              v -> v
+            end
           }
         end)
       } />
@@ -112,17 +114,4 @@ defmodule MvWeb.MemberLive.Show do
 
   defp page_title(:show), do: gettext("Show Member")
   defp page_title(:edit), do: gettext("Edit Member")
-
-  defp format_custom_field_value(cfv) do
-    value =
-      case cfv.value do
-        %{value: v} -> v
-        v -> v
-      end
-
-    case value do
-      %Date{} = date -> DateFormatter.format_date(date)
-      other -> other
-    end
-  end
 end

lib/mv_web/live/user_live/form.ex

@@ -42,7 +42,7 @@ defmodule MvWeb.UserLive.Form do
         <:subtitle>{gettext("Use this form to manage user records in your database.")}</:subtitle>
       </.header>
 
-      <.form class="max-w-xl" for={@form} id="user-form" phx-change="validate" phx-submit="save">
+      <.form for={@form} id="user-form" phx-change="validate" phx-submit="save">
         <.input field={@form[:email]} label={gettext("Email")} required type="email" />
         
     <!-- Password Section -->
@@ -61,7 +61,7 @@ defmodule MvWeb.UserLive.Form do
           </label>
 
           <%= if @show_password_fields do %>
-            <div class="p-4 mt-4 space-y-4 rounded-lg bg-gray-50">
+            <div class="mt-4 space-y-4 p-4 bg-gray-50 rounded-lg">
               <.input
                 field={@form[:password]}
                 label={gettext("Password")}
@@ -83,7 +83,7 @@ defmodule MvWeb.UserLive.Form do
 
               <div class="text-sm text-gray-600">
                 <p><strong>{gettext("Password requirements")}:</strong></p>
-                <ul class="mt-1 space-y-1 text-xs list-disc list-inside">
+                <ul class="list-disc list-inside text-xs mt-1 space-y-1">
                   <li>{gettext("At least 8 characters")}</li>
                   <li>{gettext("Include both letters and numbers")}</li>
                   <li>{gettext("Consider using special characters")}</li>
@@ -91,7 +91,7 @@ defmodule MvWeb.UserLive.Form do
               </div>
 
               <%= if @user do %>
-                <div class="p-3 mt-3 border border-orange-200 rounded bg-orange-50">
+                <div class="mt-3 p-3 bg-orange-50 border border-orange-200 rounded">
                   <p class="text-sm text-orange-800">
                     <strong>{gettext("Admin Note")}:</strong> {gettext(
                       "As an administrator, you can directly set a new password for this user using the same secure Ash Authentication system."
@@ -102,7 +102,7 @@ defmodule MvWeb.UserLive.Form do
             </div>
           <% else %>
             <%= if @user do %>
-              <div class="p-4 mt-4 rounded-lg bg-blue-50">
+              <div class="mt-4 p-4 bg-blue-50 rounded-lg">
                 <p class="text-sm text-blue-800">
                   <strong>{gettext("Note")}:</strong> {gettext(
                     "Check 'Change Password' above to set a new password for this user."
@@ -110,7 +110,7 @@ defmodule MvWeb.UserLive.Form do
                 </p>
               </div>
             <% else %>
-              <div class="p-4 mt-4 rounded-lg bg-yellow-50">
+              <div class="mt-4 p-4 bg-yellow-50 rounded-lg">
                 <p class="text-sm text-yellow-800">
                   <strong>{gettext("Note")}:</strong> {gettext(
                     "User will be created without a password. Check 'Set Password' to add one."
@@ -123,11 +123,11 @@ defmodule MvWeb.UserLive.Form do
         
     <!-- Member Linking Section -->
         <div class="mt-6">
-          <h2 class="mb-3 text-base font-semibold">{gettext("Linked Member")}</h2>
+          <h2 class="text-base font-semibold mb-3">{gettext("Linked Member")}</h2>
 
           <%= if @user && @user.member && !@unlink_member do %>
             <!-- Show linked member with unlink button -->
-            <div class="p-4 border border-green-200 rounded-lg bg-green-50">
+            <div class="p-4 bg-green-50 border border-green-200 rounded-lg">
               <div class="flex items-center justify-between">
                 <div>
                   <p class="font-medium text-green-900">
@@ -147,7 +147,7 @@ defmodule MvWeb.UserLive.Form do
           <% else %>
             <%= if @unlink_member do %>
               <!-- Show unlink pending message -->
-              <div class="p-4 border border-yellow-200 rounded-lg bg-yellow-50">
+              <div class="p-4 bg-yellow-50 border border-yellow-200 rounded-lg">
                 <p class="text-sm text-yellow-800">
                   <strong>{gettext("Unlinking scheduled")}:</strong> {gettext(
                     "Member will be unlinked when you save. Cannot select new member until saved."
@@ -219,7 +219,7 @@ defmodule MvWeb.UserLive.Form do
               </div>
 
               <%= if @user && @user.email && @available_members != [] && Enum.all?(@available_members, &(&1.email == to_string(@user.email))) do %>
-                <div class="p-3 border border-yellow-200 rounded bg-yellow-50">
+                <div class="p-3 bg-yellow-50 border border-yellow-200 rounded">
                   <p class="text-sm text-yellow-800">
                     <strong>{gettext("Note")}:</strong> {gettext(
                       "A member with this email already exists. To link with a different member, please change one of the email addresses first."
@@ -231,12 +231,12 @@ defmodule MvWeb.UserLive.Form do
               <%= if @selected_member_id && @selected_member_name do %>
                 <div
                   id="member-selected"
-                  class="p-3 mt-2 border border-blue-200 rounded-lg bg-blue-50"
+                  class="mt-2 p-3 bg-blue-50 border border-blue-200 rounded-lg"
                 >
                   <p class="text-sm text-blue-800">
                     <strong>{gettext("Selected")}:</strong> {@selected_member_name}
                   </p>
-                  <p class="mt-1 text-xs text-blue-600">
+                  <p class="text-xs text-blue-600 mt-1">
                     {gettext("Save to confirm linking.")}
                   </p>
                 </div>
@@ -245,12 +245,10 @@ defmodule MvWeb.UserLive.Form do
           <% end %>
         </div>
 
-        <div class="mt-4">
-          <.button phx-disable-with={gettext("Saving...")} variant="primary">
-            {gettext("Save User")}
-          </.button>
-          <.button navigate={return_path(@return_to, @user)}>{gettext("Cancel")}</.button>
-        </div>
+        <.button phx-disable-with={gettext("Saving...")} variant="primary">
+          {gettext("Save User")}
+        </.button>
+        <.button navigate={return_path(@return_to, @user)}>{gettext("Cancel")}</.button>
       </.form>
     </Layouts.app>
     """

lib/mv_web/live/user_live/index.html.heex

@@ -49,6 +49,7 @@
     >
       {user.email}
     </:col>
+    <:col :let={user} label={gettext("OIDC ID")}>{user.oidc_id}</:col>
     <:col :let={user} label={gettext("Linked Member")}>
       <%= if user.member do %>
         {user.member.first_name} {user.member.last_name}

lib/mv_web/live/user_live/show.ex

@@ -46,7 +46,9 @@ defmodule MvWeb.UserLive.Show do
       </.header>
 
       <.list>
+        <:item title={gettext("ID")}>{@user.id}</:item>
         <:item title={gettext("Email")}>{@user.email}</:item>
+        <:item title={gettext("OIDC ID")}>{@user.oidc_id || gettext("Not set")}</:item>
         <:item title={gettext("Password Authentication")}>
           {if @user.hashed_password, do: gettext("Enabled"), else: gettext("Not enabled")}
         </:item>
@@ -54,13 +56,13 @@ defmodule MvWeb.UserLive.Show do
           <%= if @user.member do %>
             <.link
               navigate={~p"/members/#{@user.member}"}
-              class="text-blue-600 underline hover:text-blue-800"
+              class="text-blue-600 hover:text-blue-800 underline"
             >
-              <.icon name="hero-users" class="inline w-4 h-4 mr-1" />
+              <.icon name="hero-users" class="h-4 w-4 inline mr-1" />
               {@user.member.first_name} {@user.member.last_name}
             </.link>
           <% else %>
-            <span class="italic text-gray-500">{gettext("No member linked")}</span>
+            <span class="text-gray-500 italic">{gettext("No member linked")}</span>
           <% end %>
         </:item>
       </.list>

priv/gettext/de/LC_MESSAGES/default.po

@@ -47,7 +47,7 @@ msgstr "Löschen"
 #: lib/mv_web/live/user_live/index.html.heex:66
 #, elixir-autogen, elixir-format
 msgid "Edit"
-msgstr "Bearbeiten"
+msgstr "Bearbeite"
 
 #: lib/mv_web/live/member_live/show.ex:41
 #: lib/mv_web/live/member_live/show.ex:116

test/mv_web/live/profile_navigation_test.exs

@@ -90,6 +90,8 @@ defmodule MvWeb.ProfileNavigationTest do
       # Verify we're on the correct profile page with OIDC specific information
       {:ok, _profile_view, html} = live(conn, "/users/#{user.id}")
       assert html =~ to_string(user.email)
+      # OIDC ID should be visible
+      assert html =~ "oidc_123"
       # Password auth should be disabled for OIDC users
       assert html =~ "Not enabled"
     end

test/mv_web/member_live/index_custom_fields_display_test.exs

@@ -231,8 +231,8 @@ defmodule MvWeb.MemberLive.IndexCustomFieldsDisplayTest do
     conn = conn_with_oidc_user(conn)
     {:ok, _view, html} = live(conn, "/members")
 
-    # Date should be displayed in European format (dd.mm.yyyy)
-    assert html =~ "15.05.1990"
+    # Date should be displayed in readable format
+    assert html =~ "1990" or html =~ "1990-05-15" or html =~ "15.05.1990"
   end
 
   test "formats email custom field values correctly", %{conn: conn, member1: _member1} do

test/mv_web/user_live/index_test.exs

@@ -33,6 +33,8 @@ defmodule MvWeb.UserLive.IndexTest do
 
       assert html =~ "alice@example.com"
       assert html =~ "bob@example.com"
+      assert html =~ "alice123"
+      assert html =~ "bob456"
     end
 
     test "shows correct action links", %{conn: conn} do
@@ -384,6 +386,10 @@ defmodule MvWeb.UserLive.IndexTest do
 
       # Should still show the table structure
       assert html =~ "Email"
+      assert html =~ "OIDC ID"
+      # Should show the authenticated user at minimum
+      # Matches the generated email pattern oidc.user{unique_id}@example.com
+      assert html =~ "oidc.user"
     end
 
     test "handles users with missing OIDC ID", %{conn: conn} do