If someone send a malformated client_id when trying to authenticate using the API we got a 500 if wallabag use postgres because the request send a string instead of an integer.
As the deletion now requires that at least one entry for the user must
be linked to the given tag, we fix the test testDeleteUserTag by linking
it to an entry.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
Add a new helper to set a default title when it's empty:
1/ use basename part of entry's path, if any
2/ or use domain name
Fixes#2053
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
Ensure that origin_url is initially null
Ensure patching entry with origin_url=''
Ensure patching entry with origin_url=null
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
First, the setParameter() were done on the same parameter which in fact
just duplicated the condition in the SQL query (like `where t.label =
'test' and t.label = 'test'`.
Changed the parameter doesn't help because the query was then wrong.
Changing the way to match associated tags for an entry and it worked.
This date is used to sort starred entries.
Can not use Entry::timestamps method otherwise starred_at will be updated each time entry is updated.
Add an updateStar method into Entry class
A migration script has been added in order to set starred_at field.
The PATCH method for the entry should only update what user sent to us and not the whole entry as it was before.
Also, sending tags when patching an entry will now remove all current tags & assocatied new ones.
Listing entries can now be filtered by “public”.
Creating or patching an entry can now set is to public or remove the public.
Entry response now include “is_public” boolean field
While creating a new user using the API, we also create a new client for the current user.
So the app which just create the user can use its newly created client to configure the app.
That new client is only return after creating the user.
When calling the endpoint /api/user to get user information, the new client information won’t be return.
I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.
I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
Entry API can now have these new fields:
- content
- language
- preview_picture
- published_at
Re-use the ContentProxy to be able to do the same using the web UI (in the future).
htmLawed is used to clean stuff from content, I hope it’ll be enough to avoid security breach.
Lower content validation when we want to update an entry with content already defined. Before, language & content_type were required. If there weren’t provided, we re-fetched the content using graby. I think these fields aren’t required for an entry to be created. So I removed them.
Which means some import from the v1 export won’t be re-fetched since they provide content, url & title.
Also, remove liberation link from Readability import to avoid overlaping import (from wallabag v1, which had the same link)
The only ugly things is how we handle error by generating the view and then parse the content to retrieve all errors…
Fix exposition fields in User entity
It allows to request to delete a tag using query string instead of body parameter (which seems to be the standard).
Instead of breaking the previous behavior, I used a generic way to retrieve parameter (which looks into request attributes, query parameters and request parameters)