ETEBASE_EASY_CONFIG_PATH is optional, the server serches for the
configurations files in this order:
- "ETEBASE_EASY_CONFIG_PATH"
- etebase-server.ini
- /etc/etebase-server/etebase-server.ini
Verifying the port was causing issues, and anyhow, this check is
paranoid and isn't strictly necessary for security.
The problem is that Django's `get_host()` and the equivalent on some
platforms returns it without the port, though on others (like e.g. the
library we use from JS) it returns with the port. This was inconsistent
and was causing authentication to fail.
We thus relaxed the test to not include the port when matching, which
should make it work consistently across all platforms.
Even with the previous check, there could still be a race condition where two
collections with the same UID are created. Adding this extra check after
will prevent that from happening.
Before this change we were returning all of the removed memberships that happened
after stoken. Though instead, we should just return the removed memberships that
happened after stoken and before the new stoken we are returning.
We only want to require that the account is authenticated, not the rest of
the permissions. As we want to be able to get a dashboard url for accounts
that aren't currently valid.
This lets servers share a dashboard url with clients so that they in
turn can present clients with a settings dashboard.
We currently use it on the main server, but self-hosted servers may
also benefit from it for letting users manage some of their settings
(e.g. 2FA).
We started with a string because we thought it could maybe provide more
flexibility, though really, an int makes much more sense, especially on
all the platforms etebase runs nowadays.
Victor R. Santos