Verifying the port was causing issues, and anyhow, this check is
paranoid and isn't strictly necessary for security.
The problem is that Django's `get_host()` and the equivalent on some
platforms returns it without the port, though on others (like e.g. the
library we use from JS) it returns with the port. This was inconsistent
and was causing authentication to fail.
We thus relaxed the test to not include the port when matching, which
should make it work consistently across all platforms.
Before this change we were returning all of the removed memberships that happened
after stoken. Though instead, we should just return the removed memberships that
happened after stoken and before the new stoken we are returning.
We only want to require that the account is authenticated, not the rest of
the permissions. As we want to be able to get a dashboard url for accounts
that aren't currently valid.
This lets servers share a dashboard url with clients so that they in
turn can present clients with a settings dashboard.
We currently use it on the main server, but self-hosted servers may
also benefit from it for letting users manage some of their settings
(e.g. 2FA).
Very useful for when migrating people from legacy EteSync apps because
we can automatically know if they are running a self-hosted etesync or
etebase server.
Hard-coding the serialization encoding in the serializers is wrong.
This fix now enables us to change to easily change to msgpack as the
transport layer.
It's not actually used by clients but it's there and can be used. It
works for receiving msgpack messages, but doesn't yet work for sending
because some of the types will be converted to base64.
The done implementation wasn't great because it would indicate we are
not done even when we are when the last chunk returned is exactly the
size of limit.
The done implementation wasn't great because it would indicate we are
not done even when we are when the last chunk returned is exactly the
size of limit.
This used to be the default, so it still is.
It only affects the list endpoint, the rest all support withCollection
anyway, because IDs are passed directly.
Tom Hacohen