Commit Graph

516 Commits

Author SHA1 Message Date
Tom Hacohen
843b59a0ac Login/Changepassword: change to verifying the hostname without the part.
Verifying the port was causing issues, and anyhow, this check is
paranoid and isn't strictly necessary for security.
The problem is that Django's `get_host()` and the equivalent on some
platforms returns it without the port, though on others (like e.g. the
library we use from JS) it returns with the port. This was inconsistent
and was causing authentication to fail.

We thus relaxed the test to not include the port when matching, which
should make it work consistently across all platforms.
2020-11-02 10:16:06 +02:00
Tom Hacohen
a6f5e070a4 Update changelog. 2020-11-01 11:32:22 +02:00
Tom Hacohen
422b62d5b2 Disallow creating new collections without a collection type set. 2020-11-01 11:29:01 +02:00
Tom Hacohen
f55ebeae7c Collection saving: add another verification for collection UID uniqueness.
Even with the previous check, there could still be a race condition where two
collections with the same UID are created. Adding this extra check after
will prevent that from happening.
2020-11-01 11:29:01 +02:00
Tom Hacohen
b097f3b8fa
README: update instructions and fix type
Fixes #60
2020-10-30 16:46:21 +02:00
Tom Hacohen
46abeac2c0 Test reset: also reset memberships. 2020-10-25 12:15:13 +02:00
Tom Hacohen
037f0f79a7
README: improve the update instructions for versions < 0.5.0 2020-10-24 10:38:48 +03:00
Tom Hacohen
0a246aaa8d
README: improve self-hosting instructions 2020-10-21 18:45:09 +03:00
Tom Hacohen
3b4cd424ab Update changelog. 2020-10-18 18:29:00 +03:00
Tom Hacohen
529b5c22e8
README: mention that this is EteSync 2.0 2020-10-18 18:13:38 +03:00
Tom Hacohen
0e814ea410 Merge: merge in the new etebase (EteSync 2.0) code 2020-10-18 17:50:52 +03:00
Tom Hacohen
5bce4d9932 Collection Type: fix backwards compatibility for creating new collections.
Continuation to 409248d419.
2020-10-15 15:06:24 +03:00
Tom Hacohen
409248d419 CollectionTypes: add backward compatibility adjustments until 2.0 is out. 2020-10-15 10:50:07 +03:00
Tom Hacohen
5d8a92f000 Collections: add support for collection types.
We also added the field for invitations, as it's needed for collections
to work.
2020-10-13 18:39:18 +03:00
Tom Hacohen
acd22b9b47 Serializers: remove unused field. 2020-10-13 16:30:16 +03:00
Tom Hacohen
741b6d7c52 Collection removed memberships: only return removed memberships within our returned range.
Before this change we were returning all of the removed memberships that happened
after stoken. Though instead, we should just return the removed memberships that
happened after stoken and before the new stoken we are returning.
2020-10-13 13:50:06 +03:00
Tom Hacohen
aa7b049b62 Stoken: always return the stoken object, not the rev. 2020-10-13 13:49:29 +03:00
Tom Hacohen
c7bd01b2d1 Logout: allow any authenticated user (instead of normal permissions).
We should always allow users to log out if they are authenticated. This
doesn't need to use the global permissions.
2020-10-13 12:09:34 +03:00
Tom Hacohen
47f3e08846 Signup: improve docs. 2020-10-13 11:10:55 +03:00
Tom Hacohen
24c161b0d8 Signup: don't try to clean fields for objects we haven't created. 2020-10-13 11:09:22 +03:00
Tom Hacohen
9cad5d62e1 Account: change Dashboard URL endpoint's permissions.
We only want to require that the account is authenticated, not the rest of
the permissions. As we want to be able to get a dashboard url for accounts
that aren't currently valid.
2020-10-09 13:10:41 +03:00
Tom Hacohen
74f40abc65 Account: add a dashboard url endpoint.
This lets servers share a dashboard url with clients so that they in
turn can present clients with a settings dashboard.
We currently use it on the main server, but self-hosted servers may
also benefit from it for letting users manage some of their settings
(e.g. 2FA).
2020-10-08 21:06:33 +03:00
Tom Hacohen
9152e6f42d Fix bad stoken error.
We were calling the validation constructor wrong.
2020-10-08 21:01:45 +03:00
Tom Hacohen
06f2dd72a7 Exception: fix detail/code for exception. 2020-10-01 16:50:09 +03:00
Tom Hacohen
6214688170 Invitations: share the username of the inviter. 2020-10-01 16:47:53 +03:00
Simon Vandevelde
c9983fd79d
Update README for Etebase with new wiki links (#56) 2020-09-27 17:48:52 +03:00
Tom Hacohen
1e7e9eceac README: update signup instructions to EteSync 2.0.
Fixes #55.
2020-09-27 09:45:31 +03:00
Tom Hacohen
8a557ff82c Disable signups by default.
The next commit includes README instructions on how to create users
and enable signups.
2020-09-27 09:42:01 +03:00
Tom Hacohen
f5ced873ac Lint: fix lint errors. 2020-09-23 16:27:20 +03:00
Tom Hacohen
5c803d8a51 Only expose drf's auth in debug mode. 2020-09-22 18:00:28 +03:00
Tom Hacohen
5d9b47531b Collectin: make sure collections always have a unique UID. 2020-09-22 12:17:33 +03:00
Tom Hacohen
18b3f45b79 Collection main_item: make a OneToOneField intsead of just a foreign key. 2020-09-22 11:33:17 +03:00
Tom Hacohen
7b8b0a5685 Login: make case insensitive. 2020-09-21 12:09:19 +03:00
Tom Hacohen
4dbdb3d7cf Invitations: gracefully error when trying to invite an already invited user. 2020-09-20 19:33:55 +03:00
Tom Hacohen
374048f013 Fix disabling of browseable API when debug is off. 2020-09-13 14:37:48 +03:00
Tom Hacohen
00cf2d83a0 Only enable browsable API when debugging is on.
The reason for that is that the API may expose data that shouldn't be exposed,
such as the list of users on the service.
2020-09-13 14:17:57 +03:00
Tom Hacohen
3de1d48b9e Browsable API: use input fields for relations. 2020-09-13 14:17:57 +03:00
Tom Hacohen
c04650f890 README: update contribution information. 2020-09-11 16:02:47 +03:00
Tom Hacohen
eac8fae376 README: update contribution information. 2020-09-11 16:01:44 +03:00
Tom Hacohen
9efb8d4c40 Update example-configs to etebase. 2020-09-10 19:21:22 +03:00
Prof. Jayanth R Varma
b9f20d251a Add example config for using using nginx with uwsgi 2020-09-10 19:20:21 +03:00
Tom Hacohen
38e0700ac0 Update django and remove unused deps. 2020-09-10 19:19:19 +03:00
Pierre-Alain TORET
5785f803ac Port over easyconfig from the etesync server code.
Migrated by Tom, but kept the credit to daftaupe
2020-09-10 19:18:51 +03:00
Tom Hacohen
9c6a7e9428 Login: fix server error when trying to login to users without userinfo. 2020-09-10 13:31:54 +03:00
Tom Hacohen
a85e816810 User not found: return a 401 instead of a 404. 2020-09-09 17:07:32 +03:00
Tom Hacohen
d90931fbe5 Make access level an int instead of a string.
We started with a string because we thought it could maybe provide more
flexibility, though really, an int makes much more sense, especially on
all the platforms etebase runs nowadays.
2020-09-07 11:02:53 +03:00
Tom Hacohen
43569727f4 Signup: send a signal on account signup. 2020-09-02 12:54:50 +03:00
Tom Hacohen
42a72ce5c7 Serializers user signup: correctly handle EtebaseValidationErrors.
Don't coerce them to strings
2020-09-02 12:50:51 +03:00
Tom Hacohen
7ab9513e05 Serializers: rename message to detail to conform with the rest of the API.
This was a mistake in the previous commit.
2020-09-02 11:11:20 +03:00
Tom Hacohen
bf22b1676f Serializers: improve field serialization errors. 2020-09-02 11:07:43 +03:00