28 files changed, 511 insertions, 128 deletions

diff --git a/src/Wallabag/AnnotationBundle/Controller/WallabagAnnotationController.php b/src/Wallabag/AnnotationBundle/Controller/WallabagAnnotationController.php
index c13a034f..2b4b0e8d 100644
--- a/src/Wallabag/AnnotationBundle/Controller/WallabagAnnotationController.php
+++ b/src/Wallabag/AnnotationBundle/Controller/WallabagAnnotationController.php
@@ -7,6 +7,8 @@ use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
 use Wallabag\AnnotationBundle\Entity\Annotation;
+use Wallabag\AnnotationBundle\Form\EditAnnotationType;
+use Wallabag\AnnotationBundle\Form\NewAnnotationType;
 use Wallabag\CoreBundle\Entity\Entry;
 
 class WallabagAnnotationController extends FOSRestController
@@ -49,25 +51,25 @@ class WallabagAnnotationController extends FOSRestController
         $data = json_decode($request->getContent(), true);
 
         $em = $this->getDoctrine()->getManager();
-
         $annotation = new Annotation($this->getUser());
+        $annotation->setEntry($entry);
 
-        $annotation->setText($data['text']);
-        if (array_key_exists('quote', $data)) {
-            $annotation->setQuote($data['quote']);
-        }
-        if (array_key_exists('ranges', $data)) {
-            $annotation->setRanges($data['ranges']);
-        }
+        $form = $this->get('form.factory')->createNamed('', NewAnnotationType::class, $annotation, [
+            'csrf_protection' => false,
+            'allow_extra_fields' => true,
+        ]);
+        $form->submit($data);
 
-        $annotation->setEntry($entry);
+        if ($form->isValid()) {
+            $em->persist($annotation);
+            $em->flush();
 
-        $em->persist($annotation);
-        $em->flush();
+            $json = $this->get('serializer')->serialize($annotation, 'json');
 
-        $json = $this->get('serializer')->serialize($annotation, 'json');
+            return JsonResponse::fromJsonString($json);
+        }
 
-        return (new JsonResponse())->setJson($json);
+        return $form;
     }
 
     /**
@@ -86,16 +88,23 @@ class WallabagAnnotationController extends FOSRestController
     {
         $data = json_decode($request->getContent(), true);
 
-        if (!is_null($data['text'])) {
-            $annotation->setText($data['text']);
-        }
+        $form = $this->get('form.factory')->createNamed('', EditAnnotationType::class, $annotation, [
+            'csrf_protection' => false,
+            'allow_extra_fields' => true,
+        ]);
+        $form->submit($data);
 
-        $em = $this->getDoctrine()->getManager();
-        $em->flush();
+        if ($form->isValid()) {
+            $em = $this->getDoctrine()->getManager();
+            $em->persist($annotation);
+            $em->flush();
 
-        $json = $this->get('serializer')->serialize($annotation, 'json');
+            $json = $this->get('serializer')->serialize($annotation, 'json');
 
-        return (new JsonResponse())->setJson($json);
+            return JsonResponse::fromJsonString($json);
+        }
+
+        return $form;
     }
 
     /**
diff --git a/src/Wallabag/AnnotationBundle/Entity/Annotation.php b/src/Wallabag/AnnotationBundle/Entity/Annotation.php
index 0838f5aa..c8e41649 100644
--- a/src/Wallabag/AnnotationBundle/Entity/Annotation.php
+++ b/src/Wallabag/AnnotationBundle/Entity/Annotation.php
@@ -8,6 +8,7 @@ use JMS\Serializer\Annotation\Exclude;
 use JMS\Serializer\Annotation\VirtualProperty;
 use JMS\Serializer\Annotation\SerializedName;
 use JMS\Serializer\Annotation\Groups;
+use Symfony\Component\Validator\Constraints as Assert;
 use Wallabag\UserBundle\Entity\User;
 use Wallabag\CoreBundle\Entity\Entry;
 
@@ -56,7 +57,11 @@ class Annotation
     /**
      * @var string
      *
-     * @ORM\Column(name="quote", type="string")
+     * @Assert\Length(
+     *     max = 10000,
+     *     maxMessage = "validator.quote_length_too_high"
+     * )
+     * @ORM\Column(name="quote", type="text")
      *
      * @Groups({"entries_for_user", "export_all"})
      */
diff --git a/src/Wallabag/AnnotationBundle/Form/EditAnnotationType.php b/src/Wallabag/AnnotationBundle/Form/EditAnnotationType.php
new file mode 100644
index 00000000..3b587478
--- /dev/null
+++ b/src/Wallabag/AnnotationBundle/Form/EditAnnotationType.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Wallabag\AnnotationBundle\Form;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\FormBuilderInterface;
+
+class EditAnnotationType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        $builder
+            ->add('text', null, [
+                'empty_data' => '',
+            ])
+        ;
+    }
+}
diff --git a/src/Wallabag/AnnotationBundle/Form/NewAnnotationType.php b/src/Wallabag/AnnotationBundle/Form/NewAnnotationType.php
new file mode 100644
index 00000000..c73c3ded
--- /dev/null
+++ b/src/Wallabag/AnnotationBundle/Form/NewAnnotationType.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Wallabag\AnnotationBundle\Form;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\CollectionType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Wallabag\AnnotationBundle\Entity\Annotation;
+
+class NewAnnotationType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        $builder
+            ->add('text', null, [
+                'empty_data' => '',
+            ])
+            ->add('quote', null, [
+                'empty_data' => null,
+            ])
+            ->add('ranges', CollectionType::class, [
+                'entry_type' => RangeType::class,
+                'allow_add' => true,
+            ])
+        ;
+    }
+
+    public function configureOptions(OptionsResolver $resolver)
+    {
+        $resolver->setDefaults([
+            'data_class' => Annotation::class,
+        ]);
+    }
+}
diff --git a/src/Wallabag/AnnotationBundle/Form/RangeType.php b/src/Wallabag/AnnotationBundle/Form/RangeType.php
new file mode 100644
index 00000000..0647375e
--- /dev/null
+++ b/src/Wallabag/AnnotationBundle/Form/RangeType.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace Wallabag\AnnotationBundle\Form;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\FormBuilderInterface;
+
+class RangeType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        $builder
+            ->add('start')
+            ->add('startOffset')
+            ->add('end')
+            ->add('endOffset')
+        ;
+    }
+}
diff --git a/src/Wallabag/ApiBundle/Controller/EntryRestController.php b/src/Wallabag/ApiBundle/Controller/EntryRestController.php
index 93c8157e..09b73ccb 100644
--- a/src/Wallabag/ApiBundle/Controller/EntryRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/EntryRestController.php
@@ -299,65 +299,18 @@ class EntryRestController extends WallabagRestController
         $this->validateAuthentication();
 
         $url = $request->request->get('url');
-        $title = $request->request->get('title');
-        $tags = $request->request->get('tags', []);
-        $isArchived = $request->request->get('archive');
-        $isStarred = $request->request->get('starred');
-        $content = $request->request->get('content');
-        $language = $request->request->get('language');
-        $picture = $request->request->get('preview_picture');
-        $publishedAt = $request->request->get('published_at');
-        $authors = $request->request->get('authors', '');
 
-        $entry = $this->get('wallabag_core.entry_repository')->findByUrlAndUserId($url, $this->getUser()->getId());
+        $entry = $this->get('wallabag_core.entry_repository')->findByUrlAndUserId(
+            $url,
+            $this->getUser()->getId()
+        );
 
         if (false === $entry) {
             $entry = new Entry($this->getUser());
-        }
-
-        try {
-            $this->get('wallabag_core.content_proxy')->updateEntry(
-                $entry,
-                $url,
-                [
-                    'title' => $title,
-                    'html' => $content,
-                    'url' => $url,
-                    'language' => $language,
-                    'date' => $publishedAt,
-                    // faking the preview picture
-                    'open_graph' => [
-                        'og_image' => $picture,
-                    ],
-                    'authors' => explode(',', $authors),
-                ]
-            );
-        } catch (\Exception $e) {
-            $this->get('logger')->error('Error while saving an entry', [
-                'exception' => $e,
-                'entry' => $entry,
-            ]);
             $entry->setUrl($url);
         }
 
-        if (!empty($tags)) {
-            $this->get('wallabag_core.tags_assigner')->assignTagsToEntry($entry, $tags);
-        }
-
-        if (!is_null($isStarred)) {
-            $entry->setStarred((bool) $isStarred);
-        }
-
-        if (!is_null($isArchived)) {
-            $entry->setArchived((bool) $isArchived);
-        }
-
-        $em = $this->getDoctrine()->getManager();
-        $em->persist($entry);
-        $em->flush();
-
-        // entry saved, dispatch event about it!
-        $this->get('event_dispatcher')->dispatch(EntrySavedEvent::NAME, new EntrySavedEvent($entry));
+        $this->upsertEntry($entry, $request);
 
         return $this->sendResponse($entry);
     }
@@ -374,6 +327,11 @@ class EntryRestController extends WallabagRestController
      *          {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."},
      *          {"name"="archive", "dataType"="integer", "required"=false, "format"="1 or 0", "description"="archived the entry."},
      *          {"name"="starred", "dataType"="integer", "required"=false, "format"="1 or 0", "description"="starred the entry."},
+     *          {"name"="content", "dataType"="string", "required"=false, "description"="Content of the entry"},
+     *          {"name"="language", "dataType"="string", "required"=false, "description"="Language of the entry"},
+     *          {"name"="preview_picture", "dataType"="string", "required"=false, "description"="Preview picture of the entry"},
+     *          {"name"="published_at", "dataType"="datetime|integer", "format"="YYYY-MM-DDTHH:II:SS+TZ or a timestamp", "required"=false, "description"="Published date of the entry"},
+     *          {"name"="authors", "dataType"="string", "format"="Name Firstname,author2,author3", "required"=false, "description"="Authors of the entry"},
      *      }
      * )
      *
@@ -384,29 +342,7 @@ class EntryRestController extends WallabagRestController
         $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
-        $title = $request->request->get('title');
-        $isArchived = $request->request->get('archive');
-        $isStarred = $request->request->get('starred');
-
-        if (!is_null($title)) {
-            $entry->setTitle($title);
-        }
-
-        if (!is_null($isArchived)) {
-            $entry->setArchived((bool) $isArchived);
-        }
-
-        if (!is_null($isStarred)) {
-            $entry->setStarred((bool) $isStarred);
-        }
-
-        $tags = $request->request->get('tags', '');
-        if (!empty($tags)) {
-            $this->get('wallabag_core.tags_assigner')->assignTagsToEntry($entry, $tags);
-        }
-
-        $em = $this->getDoctrine()->getManager();
-        $em->flush();
+        $this->upsertEntry($entry, $request, true);
 
         return $this->sendResponse($entry);
     }
@@ -673,4 +609,68 @@ class EntryRestController extends WallabagRestController
 
         return (new JsonResponse())->setJson($json);
     }
+
+    /**
+     * Update or Insert a new entry.
+     *
+     * @param Entry   $entry
+     * @param Request $request
+     * @param bool    $disableContentUpdate If we don't want the content to be update by fetching the url (used when patching instead of posting)
+     */
+    private function upsertEntry(Entry $entry, Request $request, $disableContentUpdate = false)
+    {
+        $title = $request->request->get('title');
+        $tags = $request->request->get('tags', []);
+        $isArchived = $request->request->get('archive');
+        $isStarred = $request->request->get('starred');
+        $content = $request->request->get('content');
+        $language = $request->request->get('language');
+        $picture = $request->request->get('preview_picture');
+        $publishedAt = $request->request->get('published_at');
+        $authors = $request->request->get('authors', '');
+
+        try {
+            $this->get('wallabag_core.content_proxy')->updateEntry(
+                $entry,
+                $entry->getUrl(),
+                [
+                    'title' => !empty($title) ? $title : $entry->getTitle(),
+                    'html' => !empty($content) ? $content : $entry->getContent(),
+                    'url' => $entry->getUrl(),
+                    'language' => !empty($language) ? $language : $entry->getLanguage(),
+                    'date' => !empty($publishedAt) ? $publishedAt : $entry->getPublishedAt(),
+                    // faking the open graph preview picture
+                    'open_graph' => [
+                        'og_image' => !empty($picture) ? $picture : $entry->getPreviewPicture(),
+                    ],
+                    'authors' => is_string($authors) ? explode(',', $authors) : $entry->getPublishedBy(),
+                ],
+                $disableContentUpdate
+            );
+        } catch (\Exception $e) {
+            $this->get('logger')->error('Error while saving an entry', [
+                'exception' => $e,
+                'entry' => $entry,
+            ]);
+        }
+
+        if (!is_null($isArchived)) {
+            $entry->setArchived((bool) $isArchived);
+        }
+
+        if (!is_null($isStarred)) {
+            $entry->setStarred((bool) $isStarred);
+        }
+
+        if (!empty($tags)) {
+            $this->get('wallabag_core.tags_assigner')->assignTagsToEntry($entry, $tags);
+        }
+
+        $em = $this->getDoctrine()->getManager();
+        $em->persist($entry);
+        $em->flush();
+
+        // entry saved, dispatch event about it!
+        $this->get('event_dispatcher')->dispatch(EntrySavedEvent::NAME, new EntrySavedEvent($entry));
+    }
 }
diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php
index 8f675b8d..7471f5f6 100644
--- a/src/Wallabag/ApiBundle/Controller/UserRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php
@@ -9,6 +9,7 @@ use Nelmio\ApiDocBundle\Annotation\ApiDoc;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Wallabag\UserBundle\Entity\User;
+use Wallabag\ApiBundle\Entity\Client;
 
 class UserRestController extends WallabagRestController
 {
@@ -27,13 +28,14 @@ class UserRestController extends WallabagRestController
     }
 
     /**
-     * Register an user.
+     * Register an user and create a client.
      *
      * @ApiDoc(
      *      requirements={
      *          {"name"="username", "dataType"="string", "required"=true, "description"="The user's username"},
      *          {"name"="password", "dataType"="string", "required"=true, "description"="The user's password"},
-     *          {"name"="email", "dataType"="string", "required"=true, "description"="The user's email"}
+     *          {"name"="email", "dataType"="string", "required"=true, "description"="The user's email"},
+     *          {"name"="client_name", "dataType"="string", "required"=true, "description"="The client name (to be used by your app)"}
      *      }
      * )
      *
@@ -97,29 +99,38 @@ class UserRestController extends WallabagRestController
                 ->setStatusCode(JsonResponse::HTTP_BAD_REQUEST);
         }
 
+        // create a default client
+        $client = new Client($user);
+        $client->setName($request->request->get('client_name', 'Default client'));
+
+        $this->getDoctrine()->getManager()->persist($client);
+
+        $user->addClient($client);
+
         $userManager->updateUser($user);
 
         // dispatch a created event so the associated config will be created
         $event = new UserEvent($user, $request);
         $this->get('event_dispatcher')->dispatch(FOSUserEvents::USER_CREATED, $event);
 
-        return $this->sendUser($user, JsonResponse::HTTP_CREATED);
+        return $this->sendUser($user, 'user_api_with_client', JsonResponse::HTTP_CREATED);
     }
 
     /**
      * Send user response.
      *
-     * @param User $user
-     * @param int  $status HTTP Status code to send
+     * @param User   $user
+     * @param string $group  Used to define with serialized group might be used
+     * @param int    $status HTTP Status code to send
      *
      * @return JsonResponse
      */
-    private function sendUser(User $user, $status = JsonResponse::HTTP_OK)
+    private function sendUser(User $user, $group = 'user_api', $status = JsonResponse::HTTP_OK)
     {
         $json = $this->get('serializer')->serialize(
             $user,
             'json',
-            SerializationContext::create()->setGroups(['user_api'])
+            SerializationContext::create()->setGroups([$group])
         );
 
         return (new JsonResponse())
diff --git a/src/Wallabag/ApiBundle/Entity/Client.php b/src/Wallabag/ApiBundle/Entity/Client.php
index 9ed9f980..c15fd3fa 100644
--- a/src/Wallabag/ApiBundle/Entity/Client.php
+++ b/src/Wallabag/ApiBundle/Entity/Client.php
@@ -5,6 +5,9 @@ namespace Wallabag\ApiBundle\Entity;
 use Doctrine\ORM\Mapping as ORM;
 use FOS\OAuthServerBundle\Entity\Client as BaseClient;
 use Wallabag\UserBundle\Entity\User;
+use JMS\Serializer\Annotation\Groups;
+use JMS\Serializer\Annotation\SerializedName;
+use JMS\Serializer\Annotation\VirtualProperty;
 
 /**
  * @ORM\Table("oauth2_clients")
@@ -23,6 +26,8 @@ class Client extends BaseClient
      * @var string
      *
      * @ORM\Column(name="name", type="text", nullable=false)
+     *
+     * @Groups({"user_api_with_client"})
      */
     protected $name;
 
@@ -37,6 +42,14 @@ class Client extends BaseClient
     protected $accessTokens;
 
     /**
+     * @var string
+     *
+     * @SerializedName("client_secret")
+     * @Groups({"user_api_with_client"})
+     */
+    protected $secret;
+
+    /**
      * @ORM\ManyToOne(targetEntity="Wallabag\UserBundle\Entity\User", inversedBy="clients")
      */
     private $user;
@@ -78,4 +91,14 @@ class Client extends BaseClient
     {
         return $this->user;
     }
+
+    /**
+     * @VirtualProperty
+     * @SerializedName("client_id")
+     * @Groups({"user_api_with_client"})
+     */
+    public function getClientId()
+    {
+        return $this->getId().'_'.$this->getRandomId();
+    }
 }
diff --git a/src/Wallabag/CoreBundle/Command/ShowUserCommand.php b/src/Wallabag/CoreBundle/Command/ShowUserCommand.php
new file mode 100644
index 00000000..0eeaabc4
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Command/ShowUserCommand.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace Wallabag\CoreBundle\Command;
+
+use Doctrine\ORM\NoResultException;
+use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Wallabag\UserBundle\Entity\User;
+
+class ShowUserCommand extends ContainerAwareCommand
+{
+    /** @var OutputInterface */
+    protected $output;
+
+    protected function configure()
+    {
+        $this
+            ->setName('wallabag:user:show')
+            ->setDescription('Show user details')
+            ->setHelp('This command shows the details for an user')
+            ->addArgument(
+                'username',
+                InputArgument::REQUIRED,
+                'User to show details for'
+            );
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $this->output = $output;
+
+        $username = $input->getArgument('username');
+
+        try {
+            $user = $this->getUser($username);
+            $this->showUser($user);
+        } catch (NoResultException $e) {
+            $output->writeln(sprintf('<error>User "%s" not found.</error>', $username));
+
+            return 1;
+        }
+
+        return 0;
+    }
+
+    /**
+     * @param User $user
+     */
+    private function showUser(User $user)
+    {
+        $this->output->writeln(sprintf('Username : %s', $user->getUsername()));
+        $this->output->writeln(sprintf('Email : %s', $user->getEmail()));
+        $this->output->writeln(sprintf('Display name : %s', $user->getName()));
+        $this->output->writeln(sprintf('Creation date : %s', $user->getCreatedAt()->format('Y-m-d H:i:s')));
+        $this->output->writeln(sprintf('Last login : %s', $user->getLastLogin() !== null ? $user->getLastLogin()->format('Y-m-d H:i:s') : 'never'));
+        $this->output->writeln(sprintf('2FA activated: %s', $user->isTwoFactorAuthentication() ? 'yes' : 'no'));
+    }
+
+    /**
+     * Fetches a user from its username.
+     *
+     * @param string $username
+     *
+     * @return \Wallabag\UserBundle\Entity\User
+     */
+    private function getUser($username)
+    {
+        return $this->getDoctrine()->getRepository('WallabagUserBundle:User')->findOneByUserName($username);
+    }
+
+    private function getDoctrine()
+    {
+        return $this->getContainer()->get('doctrine');
+    }
+}
diff --git a/src/Wallabag/CoreBundle/Helper/ContentProxy.php b/src/Wallabag/CoreBundle/Helper/ContentProxy.php
index bfaa1976..0c971863 100644
--- a/src/Wallabag/CoreBundle/Helper/ContentProxy.php
+++ b/src/Wallabag/CoreBundle/Helper/ContentProxy.php
@@ -7,6 +7,9 @@ use Psr\Log\LoggerInterface;
 use Wallabag\CoreBundle\Entity\Entry;
 use Wallabag\CoreBundle\Tools\Utils;
 use Symfony\Component\HttpFoundation\File\MimeType\MimeTypeExtensionGuesser;
+use Symfony\Component\Validator\Constraints\Locale as LocaleConstraint;
+use Symfony\Component\Validator\Constraints\Url as UrlConstraint;
+use Symfony\Component\Validator\Validator\ValidatorInterface;
 
 /**
  * This kind of proxy class take care of getting the content from an url
@@ -16,15 +19,17 @@ class ContentProxy
 {
     protected $graby;
     protected $tagger;
+    protected $validator;
     protected $logger;
     protected $mimeGuesser;
     protected $fetchingErrorMessage;
     protected $eventDispatcher;
 
-    public function __construct(Graby $graby, RuleBasedTagger $tagger, LoggerInterface $logger, $fetchingErrorMessage)
+    public function __construct(Graby $graby, RuleBasedTagger $tagger, ValidatorInterface $validator, LoggerInterface $logger, $fetchingErrorMessage)
     {
         $this->graby = $graby;
         $this->tagger = $tagger;
+        $this->validator = $validator;
         $this->logger = $logger;
         $this->mimeGuesser = new MimeTypeExtensionGuesser();
         $this->fetchingErrorMessage = $fetchingErrorMessage;
@@ -105,7 +110,7 @@ class ContentProxy
             }
         }
 
-        if (!empty($content['authors'])) {
+        if (!empty($content['authors']) && is_array($content['authors'])) {
             $entry->setPublishedBy($content['authors']);
         }
 
@@ -113,7 +118,24 @@ class ContentProxy
             $entry->setHeaders($content['all_headers']);
         }
 
-        $entry->setLanguage(isset($content['language']) ? $content['language'] : '');
+        $this->validateAndSetLanguage(
+            $entry,
+            isset($content['language']) ? $content['language'] : ''
+        );
+
+        $this->validateAndSetPreviewPicture(
+            $entry,
+            isset($content['open_graph']['og_image']) ? $content['open_graph']['og_image'] : ''
+        );
+
+        // if content is an image, define it as a preview too
+        if (!empty($content['content_type']) && in_array($this->mimeGuesser->guess($content['content_type']), ['jpeg', 'jpg', 'gif', 'png'], true)) {
+            $this->validateAndSetPreviewPicture(
+                $entry,
+                $content['url']
+            );
+        }
+
         $entry->setMimetype(isset($content['content_type']) ? $content['content_type'] : '');
         $entry->setReadingTime(Utils::getReadingTime($html));
 
@@ -122,15 +144,6 @@ class ContentProxy
             $entry->setDomainName($domainName);
         }
 
-        if (!empty($content['open_graph']['og_image'])) {
-            $entry->setPreviewPicture($content['open_graph']['og_image']);
-        }
-
-        // if content is an image define as a preview too
-        if (!empty($content['content_type']) && in_array($this->mimeGuesser->guess($content['content_type']), ['jpeg', 'jpg', 'gif', 'png'], true)) {
-            $entry->setPreviewPicture($content['url']);
-        }
-
         try {
             $this->tagger->tag($entry);
         } catch (\Exception $e) {
@@ -152,4 +165,52 @@ class ContentProxy
     {
         return !empty($content['title']) && !empty($content['html']) && !empty($content['url']);
     }
+
+    /**
+     * Use a Symfony validator to ensure the language is well formatted.
+     *
+     * @param Entry  $entry
+     * @param string $value Language to validate
+     */
+    private function validateAndSetLanguage($entry, $value)
+    {
+        // some lang are defined as fr-FR, es-ES.
+        // replacing - by _ might increase language support
+        $value = str_replace('-', '_', $value);
+
+        $errors = $this->validator->validate(
+            $value,
+            (new LocaleConstraint())
+        );
+
+        if (0 === count($errors)) {
+            $entry->setLanguage($value);
+
+            return;
+        }
+
+        $this->logger->warning('Language validation failed. '.(string) $errors);
+    }
+
+    /**
+     * Use a Symfony validator to ensure the preview picture is a real url.
+     *
+     * @param Entry  $entry
+     * @param string $value URL to validate
+     */
+    private function validateAndSetPreviewPicture($entry, $value)
+    {
+        $errors = $this->validator->validate(
+            $value,
+            (new UrlConstraint())
+        );
+
+        if (0 === count($errors)) {
+            $entry->setPreviewPicture($value);
+
+            return;
+        }
+
+        $this->logger->warning('PreviewPicture validation failed. '.(string) $errors);
+    }
 }
diff --git a/src/Wallabag/CoreBundle/Helper/DownloadImages.php b/src/Wallabag/CoreBundle/Helper/DownloadImages.php
index 54e23a05..ed888cdb 100644
--- a/src/Wallabag/CoreBundle/Helper/DownloadImages.php
+++ b/src/Wallabag/CoreBundle/Helper/DownloadImages.php
@@ -5,6 +5,7 @@ namespace Wallabag\CoreBundle\Helper;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\DomCrawler\Crawler;
 use GuzzleHttp\Client;
+use GuzzleHttp\Message\Response;
 use Symfony\Component\HttpFoundation\File\MimeType\MimeTypeExtensionGuesser;
 use Symfony\Component\Finder\Finder;
 
@@ -116,13 +117,11 @@ class DownloadImages
             return false;
         }
 
-        $ext = $this->mimeGuesser->guess($res->getHeader('content-type'));
-        $this->logger->debug('DownloadImages: Checking extension', ['ext' => $ext, 'header' => $res->getHeader('content-type')]);
-        if (!in_array($ext, ['jpeg', 'jpg', 'gif', 'png'], true)) {
-            $this->logger->error('DownloadImages: Processed image with not allowed extension. Skipping: '.$imagePath);
-
+        $ext = $this->getExtensionFromResponse($res, $imagePath);
+        if (false === $res) {
             return false;
         }
+
         $hashImage = hash('crc32', $absolutePath);
         $localPath = $folderPath.'/'.$hashImage.'.'.$ext;
 
@@ -237,4 +236,45 @@ class DownloadImages
 
         return false;
     }
+
+    /**
+     * Retrieve and validate the extension from the response of the url of the image.
+     *
+     * @param Response $res       Guzzle Response
+     * @param string   $imagePath Path from the src image from the content (used for log only)
+     *
+     * @return string|false Extension name or false if validation failed
+     */
+    private function getExtensionFromResponse(Response $res, $imagePath)
+    {
+        $ext = $this->mimeGuesser->guess($res->getHeader('content-type'));
+        $this->logger->debug('DownloadImages: Checking extension', ['ext' => $ext, 'header' => $res->getHeader('content-type')]);
+
+        // ok header doesn't have the extension, try a different way
+        if (empty($ext)) {
+            $types = [
+                'jpeg' => "\xFF\xD8\xFF",
+                'gif' => 'GIF',
+                'png' => "\x89\x50\x4e\x47\x0d\x0a",
+            ];
+            $bytes = substr((string) $res->getBody(), 0, 8);
+
+            foreach ($types as $type => $header) {
+                if (0 === strpos($bytes, $header)) {
+                    $ext = $type;
+                    break;
+                }
+            }
+
+            $this->logger->debug('DownloadImages: Checking extension (alternative)', ['ext' => $ext]);
+        }
+
+        if (!in_array($ext, ['jpeg', 'jpg', 'gif', 'png'], true)) {
+            $this->logger->error('DownloadImages: Processed image with not allowed extension. Skipping: '.$imagePath);
+
+            return false;
+        }
+
+        return $ext;
+    }
 }
diff --git a/src/Wallabag/CoreBundle/Resources/config/services.yml b/src/Wallabag/CoreBundle/Resources/config/services.yml
index 8b00700f..4be79547 100644
--- a/src/Wallabag/CoreBundle/Resources/config/services.yml
+++ b/src/Wallabag/CoreBundle/Resources/config/services.yml
@@ -90,6 +90,7 @@ services:
         arguments:
             - "@wallabag_core.graby"
             - "@wallabag_core.rule_based_tagger"
+            - "@validator"
             - "@logger"
             - '%wallabag_core.fetching_error_message%'
 
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.da.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.da.yml
index 32a8b4a8..c6a84209 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.da.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.da.yml
@@ -4,3 +4,4 @@ validator:
     # password_wrong_value: 'Wrong value for your current password'
     # item_per_page_too_high: 'This will certainly kill the app'
     # rss_limit_too_high: 'This will certainly kill the app'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.de.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.de.yml
index 37b9888f..c74c00ca 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.de.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.de.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: 'Falscher Wert für dein aktuelles Kennwort'
     item_per_page_too_high: 'Dies wird die Anwendung möglicherweise beenden'
     rss_limit_too_high: 'Dies wird die Anwendung möglicherweise beenden'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.en.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.en.yml
index 29217497..8cc117fe 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.en.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.en.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: 'Wrong value for your current password'
     item_per_page_too_high: 'This will certainly kill the app'
     rss_limit_too_high: 'This will certainly kill the app'
+    quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.es.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.es.yml
index 57ddaa5a..97a8edfa 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.es.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.es.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: 'Entrada equivocada para su contraseña actual'
     item_per_page_too_high: 'Esto matará la aplicación'
     rss_limit_too_high: 'Esto matará la aplicación'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.fa.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.fa.yml
index e0536d18..ef677525 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.fa.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.fa.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: 'رمز فعلی را اشتباه وارد کرده‌اید'
     item_per_page_too_high: 'با این تعداد برنامه به فنا می‌رود'
     rss_limit_too_high: 'با این تعداد برنامه به فنا می‌رود'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.fr.yml
index 64574709..f31b4ed2 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.fr.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.fr.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: "Votre mot de passe actuel est faux"
     item_per_page_too_high: "Ça ne va pas plaire à l’application"
     rss_limit_too_high: "Ça ne va pas plaire à l’application"
+    quote_length_too_high: "La citation est trop longue. Elle doit avoir au maximum {{ limit }} caractères."
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.it.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.it.yml
index d9beb54f..d949cc3b 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.it.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.it.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: 'Valore inserito per la password corrente errato'
     item_per_page_too_high: 'Questo valore è troppo alto'
     rss_limit_too_high: 'Questo valore è troppo alto'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.oc.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.oc.yml
index f92c2708..fb4aa592 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.oc.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.oc.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: 'Vòstre senhal actual es pas bon'
     item_per_page_too_high: "Aquò li agradarà pas a l'aplicacion"
     rss_limit_too_high: "Aquò li agradarà pas a l'aplicacion"
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.pl.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.pl.yml
index ffcd5e7f..58d19cc9 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.pl.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.pl.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: 'Twoje obecne hasło jest błędne'
     item_per_page_too_high: 'To może spowodować problemy z aplikacją'
     rss_limit_too_high: 'To może spowodować problemy z aplikacją'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.pt.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.pt.yml
index 4eddff10..a8c1f9de 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.pt.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.pt.yml
@@ -4,3 +4,4 @@ validator:
     password_wrong_value: 'A senha atual informada está errada'
     item_per_page_too_high: 'Certamente isso pode matar a aplicação'
     rss_limit_too_high: 'Certamente isso pode matar a aplicação'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.ro.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.ro.yml
index 59a8cdd8..6840cf11 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.ro.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.ro.yml
@@ -4,3 +4,4 @@ validator:
     # password_wrong_value: 'Wrong value for your current password'
     # item_per_page_too_high: 'This will certainly kill the app'
     # rss_limit_too_high: 'This will certainly kill the app'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/translations/validators.tr.yml b/src/Wallabag/CoreBundle/Resources/translations/validators.tr.yml
index 01388771..e1e7317f 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/validators.tr.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/validators.tr.yml
@@ -4,3 +4,4 @@ validator:
     # password_wrong_value: 'Wrong value for your current password'
     # item_per_page_too_high: 'This will certainly kill the app'
     # rss_limit_too_high: 'This will certainly kill the app'
+    # quote_length_too_high: 'The quote is too long. It should have {{ limit }} characters or less.'
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/common/Developer/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/common/Developer/index.html.twig
index b3f0affb..528b055c 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/common/Developer/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/common/Developer/index.html.twig
@@ -33,7 +33,7 @@
                                     <table class="striped">
                                         <tr>
                                             <td>{{ 'developer.existing_clients.field_id'|trans }}</td>
-                                            <td><strong><code>{{ client.id }}_{{ client.randomId }}</code></strong></td>
+                                            <td><strong><code>{{ client.clientId }}</code></strong></td>
                                         </tr>
                                         <tr>
                                             <td>{{ 'developer.existing_clients.field_secret'|trans }}</td>
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index ed6ce331..aba76ca7 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -6,6 +6,7 @@ use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\ORM\Mapping as ORM;
 use JMS\Serializer\Annotation\Groups;
 use JMS\Serializer\Annotation\XmlRoot;
+use JMS\Serializer\Annotation\Accessor;
 use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
 use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;
 use FOS\UserBundle\Model\User as BaseUser;
@@ -36,7 +37,7 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
      * @ORM\Id
      * @ORM\GeneratedValue(strategy="AUTO")
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $id;
 
@@ -45,21 +46,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
      *
      * @ORM\Column(name="name", type="text", nullable=true)
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $name;
 
     /**
      * @var string
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $username;
 
     /**
      * @var string
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $email;
 
@@ -68,7 +69,7 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
      *
      * @ORM\Column(name="created_at", type="datetime")
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $createdAt;
 
@@ -77,7 +78,7 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
      *
      * @ORM\Column(name="updated_at", type="datetime")
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $updatedAt;
 
@@ -97,7 +98,8 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
     private $authCode;
 
     /**
-     * @var bool Enabled yes/no
+     * @var bool
+     *
      * @ORM\Column(type="boolean")
      */
     private $twoFactorAuthentication = false;
@@ -108,10 +110,20 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
     private $trusted;
 
     /**
+     * @var ArrayCollection
+     *
      * @ORM\OneToMany(targetEntity="Wallabag\ApiBundle\Entity\Client", mappedBy="user", cascade={"remove"})
      */
     protected $clients;
 
+    /**
+     * @see getFirstClient() below
+     *
+     * @Groups({"user_api_with_client"})
+     * @Accessor(getter="getFirstClient")
+     */
+    protected $default_client;
+
     public function __construct()
     {
         parent::__construct();
@@ -288,4 +300,16 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
     {
         return $this->clients;
     }
+
+    /**
+     * Only used by the API when creating a new user it'll also return the first client (which was also created at the same time).
+     *
+     * @return Client
+     */
+    public function getFirstClient()
+    {
+        if (!empty($this->clients)) {
+            return $this->clients->first();
+        }
+    }
 }
diff --git a/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
new file mode 100644
index 00000000..10f13233
--- /dev/null
+++ b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Wallabag\UserBundle\EventListener;
+
+use Psr\Log\LoggerInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+
+class AuthenticationFailureListener implements EventSubscriberInterface
+{
+    private $requestStack;
+    private $logger;
+
+    public function __construct(RequestStack $requestStack, LoggerInterface $logger)
+    {
+        $this->requestStack = $requestStack;
+        $this->logger = $logger;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents()
+    {
+        return [
+            AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthenticationFailure',
+        ];
+    }
+
+    /**
+     * On failure, add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
+     */
+    public function onAuthenticationFailure()
+    {
+        $request = $this->requestStack->getMasterRequest();
+
+        $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
+    }
+}
diff --git a/src/Wallabag/UserBundle/Resources/config/services.yml b/src/Wallabag/UserBundle/Resources/config/services.yml
index bfba6010..d3925de3 100644
--- a/src/Wallabag/UserBundle/Resources/config/services.yml
+++ b/src/Wallabag/UserBundle/Resources/config/services.yml
@@ -35,3 +35,11 @@ services:
             - "%wallabag_core.list_mode%"
         tags:
             - { name: kernel.event_subscriber }
+
+    wallabag_user.listener.authentication_failure_event_listener:
+        class: Wallabag\UserBundle\EventListener\AuthenticationFailureListener
+        arguments:
+            - "@request_stack"
+            - "@logger"
+        tags:
+            - { name: kernel.event_listener, event: security.authentication.failure, method: onAuthenticationFailure }