Commit Graph

399 Commits

Author SHA1 Message Date
Tom Hacohen
fcb58f0f4c List APIs: fix the stoken calculation for collections.
I'm not sure why it just wouldn't work with aggregate. I also couldn't get it
to work with annotate then aggregate or any other alternative.
2020-06-22 14:20:30 +03:00
Tom Hacohen
6117cac111 List APIs: return a done field to indicate the fetch is done. 2020-06-22 13:03:58 +03:00
Tom Hacohen
2d7b90e848 Collection items: also show deleted items.
This was a mistake. We want deleted items to show because we want to
know when things have been deleted when we ask for updates.
2020-06-18 16:14:55 +03:00
Tom Hacohen
ab0d85c84f Change password: change to require a signed request, just like login.
Without this, it would be sufficient to steal an auth token to render the account
unusable because it would be possible to just reset the encrypted content
of the account. With this change we require the user to actually know
the account password in order to do it.
2020-06-17 14:38:02 +03:00
Tom Hacohen
54268ac027 Login: add an action indicator to know the user signed a login request. 2020-06-17 14:08:08 +03:00
Tom Hacohen
d1017aac76 Rename django_etesync to django_etebase. 2020-06-16 17:14:53 +03:00
Tom Hacohen
23b2bb3c0a Batch: refactor code and allow passing deps to check against. 2020-06-11 11:17:01 +03:00
Tom Hacohen
653341115f Chunks: add stricter validation. 2020-06-04 16:52:56 +03:00
Tom Hacohen
e062fcd429 Revision: add salt. 2020-06-04 16:17:13 +03:00
Tom Hacohen
119479d22b Test reset: allow anyone to reset test users and fully init accounts. 2020-06-03 17:22:10 +03:00
Tom Hacohen
29145f2215 Logout: don't use internal auth accessor. 2020-06-03 16:19:07 +03:00
Tom Hacohen
c00c208199 Change to our own token authentication. 2020-06-03 16:15:21 +03:00
Tom Hacohen
cc23d516a0 Add an endpoint to change password. 2020-06-03 14:35:44 +03:00
Tom Hacohen
9cc68291df Authentication classes: add permissions to logout. 2020-06-03 14:21:52 +03:00
Tom Hacohen
ad184f0ac3 Rename encryptedSeckey to encryptedContent. 2020-06-02 18:58:29 +03:00
Tom Hacohen
7842bd4d9c CollectionItem list: don't return the main item. 2020-06-01 12:45:06 +03:00
Tom Hacohen
1bd4c5be52 Send the login signal on login. 2020-05-31 18:26:21 +03:00
Tom Hacohen
c2337f244d Signup: fix signup for users without user info. 2020-05-31 16:57:56 +03:00
Tom Hacohen
15cd41db83 login: gracefully handle bad login attempts. 2020-05-31 16:39:27 +03:00
Tom Hacohen
215a260700 Login: use only the username (not email) for login.
We may add support for email in the future.
2020-05-31 16:39:27 +03:00
Tom Hacohen
6051a5ae3a Signup: use the recommended drf style for validation. 2020-05-31 16:39:27 +03:00
Tom Hacohen
40db4e14b0 Signup: rename the UserQuerySerializer to Signup. 2020-05-31 16:39:27 +03:00
Tom Hacohen
5b2040fda3 Fix running with postgres: convert memoryview to bytes for nacl. 2020-05-31 16:39:27 +03:00
Tom Hacohen
ddc43c638a Requirements: remove unused requirements. 2020-05-31 16:39:27 +03:00
Tom Hacohen
9347682997 Collection update: support limiting vs not limiting based on stoken. 2020-05-31 13:29:03 +03:00
Tom Hacohen
64b947d455 Change invitations to also follow our list return type format. 2020-05-27 17:14:38 +03:00
Tom Hacohen
89b47c67b7 Removed redundant get_serializer_context.
This is already provided by default in drf.
2020-05-27 17:06:22 +03:00
Tom Hacohen
9f2140ffac Change serializer fetching to the more drf way of doing it.
Also fix the ItemChunk serializer.
2020-05-27 17:05:00 +03:00
Tom Hacohen
6c31b8fb30 CollectionItemView: disallow normal item creation
People should only use transaction/batch
2020-05-27 16:59:28 +03:00
Tom Hacohen
f6960bb8cb CollectionMember: fix collection list to return data in the right format. 2020-05-27 16:51:12 +03:00
Tom Hacohen
e159bf971b Collection/item viewsets: enforce access. 2020-05-27 16:40:08 +03:00
Tom Hacohen
6e7fd5d0dd Collection membership: implement leaving/revoking access. 2020-05-27 16:03:16 +03:00
Tom Hacohen
d93a5d3f06 Collections: use the member stokens for filtering based on stoken
While at it, also generalised the stoken handling to be generic and
extendible.
2020-05-27 12:47:21 +03:00
Tom Hacohen
1f18f4e50b CollectionMember: add stokens when we create/change the member. 2020-05-27 10:52:31 +03:00
Tom Hacohen
91aadb6565 Make etag write-only. 2020-05-27 10:30:23 +03:00
Tom Hacohen
9c63f8d674 Rename stoken to etag and cstoken to stoken.
This conforms better with what people know from HTTP and properly
differentiates from CSToken which is now renamed to stoken.
2020-05-27 10:30:22 +03:00
Tom Hacohen
8eee280bbb Split cstoken and stoken to be different concepts
The stokens are really just integrity checks for items, and are really
just tied to what revision we expected to have first what we have. So we
will rename stoken to lastRev or something, and have them completely
separate.

A partial revert of e22a49f982046e875d4e1c5007a91353527d7a0f
2020-05-27 10:30:22 +03:00
Tom Hacohen
6e7ad92a12 Add missing migrations forgotten in the previous commit
Missing from: 73f4ff765c7713c9aa48dec2bfc4c3c1c0c7e9f3
2020-05-27 10:30:07 +03:00
Tom Hacohen
2a39f3538e Change to standalone stoken objects (+ small optimisation).
Makes it possible to now generate Stokens as we need so we can add them to
non-revision objects, for example, membership changes.

We also slightly improved how we filter by revs.
2020-05-26 18:53:51 +03:00
Tom Hacohen
3cdb7783fe Make sure to always return fresh stokens. 2020-05-26 18:14:39 +03:00
Tom Hacohen
fce844bfc3 Uid: Change how validation is done. 2020-05-26 16:36:37 +03:00
Tom Hacohen
10b9d33ffe UidValidator: fix to actually validate. 2020-05-26 16:13:18 +03:00
Tom Hacohen
e94e2f9d70 Add a separate pubkey/privatekey for sharing.
It's separated from the login one so that encryption key and identity
can be rotated separately.
2020-05-26 13:44:40 +03:00
Tom Hacohen
863c405802 Rename pubkey to loginPubkey because we'll soon have another pubkey.
This breaks sharing because we no longer have a normal pubkey.
This will be fixed in the next commit.
2020-05-26 13:24:00 +03:00
Tom Hacohen
2412c295de Signup: fix bug making signup not to work. 2020-05-26 13:17:35 +03:00
Tom Hacohen
8323f23561 Add a nop for api/logout/
It's there for etesync.com and is used to invalidate the token.
Unfortunately we can't fully implement it here because the token
implementation is lacking. This will be fixed soon once we update the
token library with the next version of the protocol.
2020-05-25 17:44:46 +03:00
Tom Hacohen
a965a76c36 Invitation: move outgoing invitations to invite/outgoing. 2020-05-24 18:24:47 +03:00
Tom Hacohen
118dbea4e3 InvitationSerializer: fix user validator. 2020-05-24 17:52:09 +03:00
Tom Hacohen
7f7d223b9b Fix indentation error. 2020-05-24 17:22:43 +03:00
Tom Hacohen
40b7edcb84 Add a way to fetch a user's pubkey. 2020-05-24 17:18:57 +03:00