2d7b90e848
Collection items: also show deleted items.
...
This was a mistake. We want deleted items to show because we want to
know when things have been deleted when we ask for updates.
4 years ago
ab0d85c84f
Change password: change to require a signed request, just like login.
...
Without this, it would be sufficient to steal an auth token to render the account
unusable because it would be possible to just reset the encrypted content
of the account. With this change we require the user to actually know
the account password in order to do it.
4 years ago
54268ac027
Login: add an action indicator to know the user signed a login request.
4 years ago
d1017aac76
Rename django_etesync to django_etebase.
4 years ago
23b2bb3c0a
Batch: refactor code and allow passing deps to check against.
4 years ago
653341115f
Chunks: add stricter validation.
4 years ago
e062fcd429
Revision: add salt.
4 years ago
119479d22b
Test reset: allow anyone to reset test users and fully init accounts.
4 years ago
29145f2215
Logout: don't use internal auth accessor.
4 years ago
c00c208199
Change to our own token authentication.
4 years ago
cc23d516a0
Add an endpoint to change password.
4 years ago
9cc68291df
Authentication classes: add permissions to logout.
4 years ago
ad184f0ac3
Rename encryptedSeckey to encryptedContent.
4 years ago
7842bd4d9c
CollectionItem list: don't return the main item.
4 years ago
1bd4c5be52
Send the login signal on login.
4 years ago
c2337f244d
Signup: fix signup for users without user info.
4 years ago
15cd41db83
login: gracefully handle bad login attempts.
4 years ago
215a260700
Login: use only the username (not email) for login.
...
We may add support for email in the future.
4 years ago
6051a5ae3a
Signup: use the recommended drf style for validation.
4 years ago
40db4e14b0
Signup: rename the UserQuerySerializer to Signup.
4 years ago
5b2040fda3
Fix running with postgres: convert memoryview to bytes for nacl.
4 years ago
ddc43c638a
Requirements: remove unused requirements.
4 years ago
9347682997
Collection update: support limiting vs not limiting based on stoken.
4 years ago
64b947d455
Change invitations to also follow our list return type format.
4 years ago
89b47c67b7
Removed redundant get_serializer_context.
...
This is already provided by default in drf.
4 years ago
9f2140ffac
Change serializer fetching to the more drf way of doing it.
...
Also fix the ItemChunk serializer.
4 years ago
6c31b8fb30
CollectionItemView: disallow normal item creation
...
People should only use transaction/batch
4 years ago
f6960bb8cb
CollectionMember: fix collection list to return data in the right format.
4 years ago
e159bf971b
Collection/item viewsets: enforce access.
4 years ago
6e7fd5d0dd
Collection membership: implement leaving/revoking access.
4 years ago
d93a5d3f06
Collections: use the member stokens for filtering based on stoken
...
While at it, also generalised the stoken handling to be generic and
extendible.
4 years ago
1f18f4e50b
CollectionMember: add stokens when we create/change the member.
4 years ago
91aadb6565
Make etag write-only.
4 years ago
9c63f8d674
Rename stoken to etag and cstoken to stoken.
...
This conforms better with what people know from HTTP and properly
differentiates from CSToken which is now renamed to stoken.
4 years ago
8eee280bbb
Split cstoken and stoken to be different concepts
...
The stokens are really just integrity checks for items, and are really
just tied to what revision we expected to have first what we have. So we
will rename stoken to lastRev or something, and have them completely
separate.
A partial revert of e22a49f982046e875d4e1c5007a91353527d7a0f
4 years ago
6e7ad92a12
Add missing migrations forgotten in the previous commit
...
Missing from: 73f4ff765c7713c9aa48dec2bfc4c3c1c0c7e9f3
4 years ago
2a39f3538e
Change to standalone stoken objects (+ small optimisation).
...
Makes it possible to now generate Stokens as we need so we can add them to
non-revision objects, for example, membership changes.
We also slightly improved how we filter by revs.
4 years ago
3cdb7783fe
Make sure to always return fresh stokens.
4 years ago
fce844bfc3
Uid: Change how validation is done.
4 years ago
10b9d33ffe
UidValidator: fix to actually validate.
4 years ago
e94e2f9d70
Add a separate pubkey/privatekey for sharing.
...
It's separated from the login one so that encryption key and identity
can be rotated separately.
4 years ago
863c405802
Rename pubkey to loginPubkey because we'll soon have another pubkey.
...
This breaks sharing because we no longer have a normal pubkey.
This will be fixed in the next commit.
4 years ago
2412c295de
Signup: fix bug making signup not to work.
4 years ago
8323f23561
Add a nop for api/logout/
...
It's there for etesync.com and is used to invalidate the token.
Unfortunately we can't fully implement it here because the token
implementation is lacking. This will be fixed soon once we update the
token library with the next version of the protocol.
4 years ago
a965a76c36
Invitation: move outgoing invitations to invite/outgoing.
4 years ago
118dbea4e3
InvitationSerializer: fix user validator.
4 years ago
7f7d223b9b
Fix indentation error.
4 years ago
40b7edcb84
Add a way to fetch a user's pubkey.
4 years ago
47e1eec122
Incoming invitations: implement incoming invitations and accepting them
4 years ago
8d1c02dcb9
Collection invitation: implement creating and manipulating collections invitations.
4 years ago
Tom Hacohen