68 Commits (daac0c163b8b6943d89bd010b68d1c2fdae3ca9d)

Author SHA1 Message Date
Tom Hacohen c2eb4fd30c Pass generic context to callbacks instead of the whole view 4 years ago
Tom Hacohen 9559a0fd35 Chunk download: use the new sendfile to serve files. 4 years ago
Tom Hacohen baa42d040d Collection: also save the collection UID on the model itself.
This enables us to have db-constraints for making sure that UIDs are
unique, as well as being more efficient for lookups (which are very
common).

The UID should always be the same as the main_item.uid, though that's
easily enforced as neither of them is allowed to change.
4 years ago
Tom Hacohen 2d0bcbdc20 Stoken annotation: move it all to one place to reduce duplication. 4 years ago
Tom Hacohen c790b5f489 Reformat some files using black. 4 years ago
Tom Hacohen d893d35c6f Fix the host checks to only check against hostname.
Fixes https://github.com/etesync/etesync-web/issues/183
As discussed in #66
Continuation of 843b59a0ac.
4 years ago
Tal Leibman d8e5c37db1
Use black for code formatting and format the code
Merge #65
4 years ago
Tom Hacohen 843b59a0ac Login/Changepassword: change to verifying the hostname without the part.
Verifying the port was causing issues, and anyhow, this check is
paranoid and isn't strictly necessary for security.
The problem is that Django's `get_host()` and the equivalent on some
platforms returns it without the port, though on others (like e.g. the
library we use from JS) it returns with the port. This was inconsistent
and was causing authentication to fail.

We thus relaxed the test to not include the port when matching, which
should make it work consistently across all platforms.
4 years ago
Tom Hacohen 422b62d5b2 Disallow creating new collections without a collection type set. 4 years ago
Tom Hacohen 46abeac2c0 Test reset: also reset memberships. 4 years ago
Tom Hacohen 409248d419 CollectionTypes: add backward compatibility adjustments until 2.0 is out. 4 years ago
Tom Hacohen 5d8a92f000 Collections: add support for collection types.
We also added the field for invitations, as it's needed for collections
to work.
4 years ago
Tom Hacohen 741b6d7c52 Collection removed memberships: only return removed memberships within our returned range.
Before this change we were returning all of the removed memberships that happened
after stoken. Though instead, we should just return the removed memberships that
happened after stoken and before the new stoken we are returning.
4 years ago
Tom Hacohen aa7b049b62 Stoken: always return the stoken object, not the rev. 4 years ago
Tom Hacohen c7bd01b2d1 Logout: allow any authenticated user (instead of normal permissions).
We should always allow users to log out if they are authenticated. This
doesn't need to use the global permissions.
4 years ago
Tom Hacohen 9cad5d62e1 Account: change Dashboard URL endpoint's permissions.
We only want to require that the account is authenticated, not the rest of
the permissions. As we want to be able to get a dashboard url for accounts
that aren't currently valid.
4 years ago
Tom Hacohen 74f40abc65 Account: add a dashboard url endpoint.
This lets servers share a dashboard url with clients so that they in
turn can present clients with a settings dashboard.
We currently use it on the main server, but self-hosted servers may
also benefit from it for letting users manage some of their settings
(e.g. 2FA).
4 years ago
Tom Hacohen 9152e6f42d Fix bad stoken error.
We were calling the validation constructor wrong.
4 years ago
Tom Hacohen 06f2dd72a7 Exception: fix detail/code for exception. 4 years ago
Tom Hacohen f5ced873ac Lint: fix lint errors. 4 years ago
Tom Hacohen 7b8b0a5685 Login: make case insensitive. 4 years ago
Tom Hacohen 374048f013 Fix disabling of browseable API when debug is off. 4 years ago
Tom Hacohen 00cf2d83a0 Only enable browsable API when debugging is on.
The reason for that is that the API may expose data that shouldn't be exposed,
such as the list of users on the service.
4 years ago
Tom Hacohen 9c6a7e9428 Login: fix server error when trying to login to users without userinfo. 4 years ago
Tom Hacohen a85e816810 User not found: return a 401 instead of a 404. 4 years ago
Tom Hacohen 43569727f4 Signup: send a signal on account signup. 4 years ago
Tom Hacohen 2327466113 Invitations: error when trying to invite oneself. 4 years ago
Tom Hacohen 8593ab1357 Login: add a user visible error on password failure. 4 years ago
Tom Hacohen 693a5ec778 Login: return an UNAUTHORIZED (401) error on bad username/password, not 400. 4 years ago
Tom Hacohen 5af2aeda7e Add an endpoint to know if a server is an etebase server or not.
Very useful for when migrating people from legacy EteSync apps because
we can automatically know if they are running a self-hosted etesync or
etebase server.
4 years ago
Tom Hacohen cf9b6f5904 Prefetch: change the type of value prefetch accept.
It's 'auto' by default, but can be changed to 'medium' and soon
another value.
4 years ago
Tom Hacohen a613a32628 prefetch: fix handling of the prefetch param. 4 years ago
Tom Hacohen 393b85d3ca Chunks: move to reside under the collection. 4 years ago
Tom Hacohen 1d5baece1e Chunk uploading: implement properly using a custom Parser. 4 years ago
Tom Hacohen c0575cb64c Exceptions: have correct code/status_code for every error. 4 years ago
Tom Hacohen 04231ebfe5 Views: fix issue with iterators sometimes returning the wrong type. 4 years ago
Tom Hacohen 46b4f08afa Signup: use the get_user_queryset function when checking if user exists. 4 years ago
Tom Hacohen a39617cf2e Make sure usernames are case insensitive on lookup 4 years ago
Tom Hacohen f9add36f18 Add support for custom user filtering. 4 years ago
Tom Hacohen 3680bd53b1 Views: change according to DRF best practices. 4 years ago
Tom Hacohen fae15fe420 Views: clean up how we use serializers and remove integrity_errors catch-alls.
The integrity errors were a bad relic from the EteSync sources and needed
to be removed.
4 years ago
Tom Hacohen ee23707fff Debug reset: put the whole request in a transaction. 4 years ago
Tom Hacohen 3dfceb63b1 Views: move the base64 encoding to the renderers.
Hard-coding the serialization encoding in the serializers is wrong.
This fix now enables us to change to easily change to msgpack as the
transport layer.
4 years ago
Tom Hacohen 2880673e27 drf_msgpack: add code to parse/serialise msgpack
It's not actually used by clients but it's there and can be used. It
works for receiving msgpack messages, but doesn't yet work for sending
because some of the types will be converted to base64.
4 years ago
Tom Hacohen 453275eadf Authentication: move to msgpack for the encrypted parts. 4 years ago
Tom Hacohen cbb1d81850 Rename inline to prefetch and have it on by default. 4 years ago
Tom Hacohen c21c6af1d7 Filter by stoken: fix the done implementation for more functions
The done implementation wasn't great because it would indicate we are
not done even when we are when the last chunk returned is exactly the
size of limit.
4 years ago
Tom Hacohen 0ce2e8d996 Filter by stoken: cleanup and fix the done implementation
The done implementation wasn't great because it would indicate we are
not done even when we are when the last chunk returned is exactly the
size of limit.
4 years ago
Tom Hacohen 61383b9896 Stoken filtering: order by max_stoken to make sure we have a reliable order. 4 years ago
Tom Hacohen caa84c2a96 Stoken filtering: clean up stoken filtering and annotation.
We are now querying the database less and simplified the queries.
4 years ago