Jeremy Benoist [Wed, 3 May 2017 08:23:49 +0000 (10:23 +0200)]
Add a live test for restricted article
It is not aimed to test if we can get the full article (since we aren't using real login/password)
but mostly to test the full work (with authentication, etc.)
Do not clean fixtured to avoid SQLite to re-use id for entry tag relation 😓
Jeremy Benoist [Sat, 10 Jun 2017 13:31:57 +0000 (15:31 +0200)]
Add public filter/field in the API
Listing entries can now be filtered by “public”.
Creating or patching an entry can now set is to public or remove the public.
Entry response now include “is_public” boolean field
Jeremy Benoist [Thu, 8 Jun 2017 20:24:49 +0000 (22:24 +0200)]
Log an error level message when user auth fail
When a user login using the form we know log an error level information with information about the user:
- username used
- IP
- User agent
For example:
> Authentication failure for user "eza", from IP "127.0.0.1", with UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36".
It’ll allows server admin using fail2ban to configure it to block these people if they generate too much failure authentication.
Jeremy Benoist [Thu, 8 Jun 2017 19:51:46 +0000 (21:51 +0200)]
Validate language & preview picture fields
Instead of saving the value of each field right into the content without any validation, it seems better to validate them.
This might sounds obvious now we say that.
Jeremy Benoist [Wed, 7 Jun 2017 21:23:28 +0000 (23:23 +0200)]
Create a client when creating a user using the api
While creating a new user using the API, we also create a new client for the current user.
So the app which just create the user can use its newly created client to configure the app.
That new client is only return after creating the user.
When calling the endpoint /api/user to get user information, the new client information won’t be return.
Jeremy Benoist [Mon, 5 Jun 2017 20:54:02 +0000 (22:54 +0200)]
Use an alternative way to detect image
When parsing content to retrieve images to save locally, we only check for the content-type of the image response.
In some case, that value is empty.
Now we’re also checking for the first few bytes of the content as an alternative to detect if it’s an image wallabag can handle.
We might get higher image supports using that alternative method.
Jeremy Benoist [Fri, 2 Jun 2017 08:19:33 +0000 (10:19 +0200)]
API user creation behing a toggle
I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.
I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
Jerome Charaoui [Wed, 7 Dec 2016 20:16:49 +0000 (15:16 -0500)]
Add disableContentUpdate import option
This commit also decouples the "import" and "update" functions inside
ContentProxy. If a content array is available, it must be passed to the
new importEntry method.
Jerome Charaoui [Wed, 7 Dec 2016 03:17:44 +0000 (22:17 -0500)]
Avoid returning objects passed by reference.
Objects are always passed by reference, so it doesn't make sense to
return an object which is passed by reference as it will always be the
same object. This change makes the code a bit more readable.
Jeremy Benoist [Thu, 1 Jun 2017 07:29:16 +0000 (09:29 +0200)]
Page parameter was never used in the function
It could have been used if we set the current page inside PreparePagerForEntries.
But we did that in each controller because we can have an OutOfRangeCurrentPageException