1
0
mirror of https://github.com/etesync/server synced 2024-11-19 07:18:08 +00:00
Commit Graph

124 Commits

Author SHA1 Message Date
Tom Hacohen
4ceb42780e Remove unused django_etebase code. 2020-12-28 16:42:39 +02:00
Tom Hacohen
6c05a7898a Add functions to split read and write permissions. 2020-12-28 16:42:39 +02:00
Tom Hacohen
70619fc1c7 Fix unbound variable warning. 2020-12-27 15:14:42 +02:00
Tom Hacohen
c2eb4fd30c Pass generic context to callbacks instead of the whole view 2020-12-27 15:03:07 +02:00
Tom Hacohen
5a6c8a1d05 Gracefully handle uploading the same revision
This is needed so that immediately re-played requests don't fail.

Consider for example the following scenario: a client makes a batch
request that registers correctly on the server, but fails to return
(e.g. a networking error after the request has been processed). The
client would think that the request failed, but the server will already
have the up to date information. This commit just returns a successful
status if this request is sent again (by the client retrying the
request) instead of returning a conflict.

This however doesn't handle the case of a request failing, a
modification being made by another client, and then the request being
retried. This case will stay fail.
2020-12-27 11:22:02 +02:00
Tom Hacohen
2de51b978a Serializers: fix an issue with handling validation errors. 2020-12-24 16:15:25 +02:00
Tom Hacohen
7eb08d2946 Collection invitation: fix the wrong field type 2020-12-24 16:15:11 +02:00
Tom Hacohen
1cb84cfa6d Serializers: cleanup how we handle validation errors. 2020-12-22 13:15:12 +02:00
Tom Hacohen
3fcea20d68 Serializers: fully clean an object on signup. 2020-12-22 12:46:42 +02:00
Tom Hacohen
3b4ba75930 Chunk serialization: support not passing chunk content if exists. 2020-12-16 15:24:35 +02:00
Tom Hacohen
0585d6ee92 Chunk file uploader: accept all kinds of media types.
This restriction was unnecessary and annoying to deal with in clients.
2020-12-15 13:59:06 +02:00
Tom Hacohen
cd86c060b5 Collection: fix UID validation to return a Conflict error. 2020-12-15 10:14:15 +02:00
Tom Hacohen
9559a0fd35 Chunk download: use the new sendfile to serve files. 2020-12-14 16:47:47 +02:00
Tom Hacohen
a19a982b1c Sendfile: add a sendfile module based on django-sendfile2 2020-12-14 16:47:47 +02:00
Tom Hacohen
7571261479 Remove unused imports. 2020-12-14 16:47:47 +02:00
Tom Hacohen
baa42d040d Collection: also save the collection UID on the model itself.
This enables us to have db-constraints for making sure that UIDs are
unique, as well as being more efficient for lookups (which are very
common).

The UID should always be the same as the main_item.uid, though that's
easily enforced as neither of them is allowed to change.
2020-12-14 13:33:11 +02:00
Tom Hacohen
2d0bcbdc20 Stoken annotation: move it all to one place to reduce duplication. 2020-12-04 19:03:13 +02:00
Tom Hacohen
4ce96e043e Collection: further improve stoken performance.
We merged the two queries into one and we made it like in the view, so we
can now merge the two instead of having two implementations.
2020-12-04 18:55:22 +02:00
Tom Hacohen
bb070639a3 Collection: fix the slow performance when calculating stoken.
We were running a very expensive query instead of the much simpler and
more efficient alternative we just introduced.
2020-12-04 18:28:58 +02:00
Tom Hacohen
c790b5f489 Reformat some files using black. 2020-12-01 12:45:38 +02:00
Tom Hacohen
d893d35c6f Fix the host checks to only check against hostname.
Fixes https://github.com/etesync/etesync-web/issues/183
As discussed in #66
Continuation of 843b59a0ac.
2020-11-20 18:11:35 +02:00
Tal Leibman
d8e5c37db1
Use black for code formatting and format the code
Merge #65
2020-11-14 17:04:41 +02:00
Tom Hacohen
bdd787b915 Gracefully handle uploading the same item twice.
We were failing until now, but since the uid is sure to be unique,
we can just assume that if it's the same uid it's the same content.
This means we can just gracefully fail as the data is the same.

Until now, we were raising an error, but we now just do nothing
and consider it a success.

This is especially useful when a network error caused an item to
be uploaded but not updated on the client side.
2020-11-10 10:07:56 +02:00
Tom Hacohen
843b59a0ac Login/Changepassword: change to verifying the hostname without the part.
Verifying the port was causing issues, and anyhow, this check is
paranoid and isn't strictly necessary for security.
The problem is that Django's `get_host()` and the equivalent on some
platforms returns it without the port, though on others (like e.g. the
library we use from JS) it returns with the port. This was inconsistent
and was causing authentication to fail.

We thus relaxed the test to not include the port when matching, which
should make it work consistently across all platforms.
2020-11-02 10:16:06 +02:00
Tom Hacohen
422b62d5b2 Disallow creating new collections without a collection type set. 2020-11-01 11:29:01 +02:00
Tom Hacohen
f55ebeae7c Collection saving: add another verification for collection UID uniqueness.
Even with the previous check, there could still be a race condition where two
collections with the same UID are created. Adding this extra check after
will prevent that from happening.
2020-11-01 11:29:01 +02:00
Tom Hacohen
46abeac2c0 Test reset: also reset memberships. 2020-10-25 12:15:13 +02:00
Tom Hacohen
5bce4d9932 Collection Type: fix backwards compatibility for creating new collections.
Continuation to 409248d419.
2020-10-15 15:06:24 +03:00
Tom Hacohen
409248d419 CollectionTypes: add backward compatibility adjustments until 2.0 is out. 2020-10-15 10:50:07 +03:00
Tom Hacohen
5d8a92f000 Collections: add support for collection types.
We also added the field for invitations, as it's needed for collections
to work.
2020-10-13 18:39:18 +03:00
Tom Hacohen
acd22b9b47 Serializers: remove unused field. 2020-10-13 16:30:16 +03:00
Tom Hacohen
741b6d7c52 Collection removed memberships: only return removed memberships within our returned range.
Before this change we were returning all of the removed memberships that happened
after stoken. Though instead, we should just return the removed memberships that
happened after stoken and before the new stoken we are returning.
2020-10-13 13:50:06 +03:00
Tom Hacohen
aa7b049b62 Stoken: always return the stoken object, not the rev. 2020-10-13 13:49:29 +03:00
Tom Hacohen
c7bd01b2d1 Logout: allow any authenticated user (instead of normal permissions).
We should always allow users to log out if they are authenticated. This
doesn't need to use the global permissions.
2020-10-13 12:09:34 +03:00
Tom Hacohen
47f3e08846 Signup: improve docs. 2020-10-13 11:10:55 +03:00
Tom Hacohen
24c161b0d8 Signup: don't try to clean fields for objects we haven't created. 2020-10-13 11:09:22 +03:00
Tom Hacohen
9cad5d62e1 Account: change Dashboard URL endpoint's permissions.
We only want to require that the account is authenticated, not the rest of
the permissions. As we want to be able to get a dashboard url for accounts
that aren't currently valid.
2020-10-09 13:10:41 +03:00
Tom Hacohen
74f40abc65 Account: add a dashboard url endpoint.
This lets servers share a dashboard url with clients so that they in
turn can present clients with a settings dashboard.
We currently use it on the main server, but self-hosted servers may
also benefit from it for letting users manage some of their settings
(e.g. 2FA).
2020-10-08 21:06:33 +03:00
Tom Hacohen
9152e6f42d Fix bad stoken error.
We were calling the validation constructor wrong.
2020-10-08 21:01:45 +03:00
Tom Hacohen
06f2dd72a7 Exception: fix detail/code for exception. 2020-10-01 16:50:09 +03:00
Tom Hacohen
6214688170 Invitations: share the username of the inviter. 2020-10-01 16:47:53 +03:00
Tom Hacohen
8a557ff82c Disable signups by default.
The next commit includes README instructions on how to create users
and enable signups.
2020-09-27 09:42:01 +03:00
Tom Hacohen
f5ced873ac Lint: fix lint errors. 2020-09-23 16:27:20 +03:00
Tom Hacohen
5d9b47531b Collectin: make sure collections always have a unique UID. 2020-09-22 12:17:33 +03:00
Tom Hacohen
18b3f45b79 Collection main_item: make a OneToOneField intsead of just a foreign key. 2020-09-22 11:33:17 +03:00
Tom Hacohen
7b8b0a5685 Login: make case insensitive. 2020-09-21 12:09:19 +03:00
Tom Hacohen
4dbdb3d7cf Invitations: gracefully error when trying to invite an already invited user. 2020-09-20 19:33:55 +03:00
Tom Hacohen
374048f013 Fix disabling of browseable API when debug is off. 2020-09-13 14:37:48 +03:00
Tom Hacohen
00cf2d83a0 Only enable browsable API when debugging is on.
The reason for that is that the API may expose data that shouldn't be exposed,
such as the list of users on the service.
2020-09-13 14:17:57 +03:00
Tom Hacohen
3de1d48b9e Browsable API: use input fields for relations. 2020-09-13 14:17:57 +03:00