utf8mb4_unicode_ci considers that 'caché' is equal to 'cache' which
can lead to attaching incorrect tags to entries. This issue is due to
some unicode normalization done by MySQL.
utf8mb4_bin makes no unicode normalization, letting wallabag to consider
'cache' and 'caché' as two different tags.
We change the collation of the whole table as Doctrine does not support
setting a collation on a column for a specific platform (it tries to
apply utf8mb4_bin even for pgsql and sqlite).
Fixes#3302
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
detail=metadata will nullify the content field of entries in order to
make smaller responses.
detail=full keeps the former behavior, it sends the content of entries.
It's the default, for backward compatibility.
Fixes#2817
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
Instead of fetching one domain, we use the same method as in site config (to retrieve the matching file) and handle api.example.org, example.org, .org (yes the last one isn’t useful).
If one of these match, we got it and use it.
The expect parameter enables an application to request the whole entry
or only the id when requesting its deletion.
`expects` defaults to `entry` to prevent any API breakage.
Fixes#3711
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
When using the entity manager to retrieve an already stored entry, the
id disapears from $entry after the first delete call. This leads to
testing a nonexistent endpoint (api/entries/.json) during the second
delete call.
This change now creates an entry specifically for the test.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
- Adds a new `search` key to `src/Wallabag/ApiBundle/Resources/config/routing_rest.yml`
- Reuses the `getBuilderForSearchByUser` method from the EntryRepository
- Supports, `term`, `page`, and `perPage` query parameters
- Some very basic tests
Useful for api client which required some information.
We might add more inside them in the future.
The endpoint /api/version should be avoided now as it contains not so much information rather the version.
If someone send a malformated client_id when trying to authenticate using the API we got a 500 if wallabag use postgres because the request send a string instead of an integer.
As the deletion now requires that at least one entry for the user must
be linked to the given tag, we fix the test testDeleteUserTag by linking
it to an entry.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
When creating the schema for test these tables use default length for
string: 255. Which fail when using utf8mb4.
> Syntax error or access violation: 1071 Specified key was too long; max key length is 767 bytes
Also move the `setKeepStaticConnections` in before and after class to
avoid:
> SAVEPOINT DOCTRINE2_SAVEPOINT_2 does not exist
See https://github.com/dmaicher/doctrine-test-bundle#troubleshooting
Add the ability to specify hosts and patterns lists to ignore the given
entry url and replace it with the fetched content url without touching
to origin_url.
This initial support should be reworked in the following months to move
the hardcoded ignore lists in the database.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
- Leave origin_url unchanged if difference is an ending slash
- Leave origin_url unchanged if difference is scheme
- Ignore (noop) if difference is query string or fragment
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
Thanks to the BC compatibility, almost nothing have to be changed.
All changes are related to new bundle version of:
- SensioFrameworkExtraBundle
- DoctrineFixturesBundle
Add a new helper to set a default title when it's empty:
1/ use basename part of entry's path, if any
2/ or use domain name
Fixes#2053
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
Ensure that origin_url is initially null
Ensure patching entry with origin_url=''
Ensure patching entry with origin_url=null
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This twig filter removes scheme (only http and https are supported) and
pass the result to removeWww filter to also remove 'www.' at the
beginning of an url.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
First, the setParameter() were done on the same parameter which in fact
just duplicated the condition in the SQL query (like `where t.label =
'test' and t.label = 'test'`.
Changed the parameter doesn't help because the query was then wrong.
Changing the way to match associated tags for an entry and it worked.
This date is used to sort starred entries.
Can not use Entry::timestamps method otherwise starred_at will be updated each time entry is updated.
Add an updateStar method into Entry class
A migration script has been added in order to set starred_at field.
The PATCH method for the entry should only update what user sent to us and not the whole entry as it was before.
Also, sending tags when patching an entry will now remove all current tags & assocatied new ones.
It is not aimed to test if we can get the full article (since we aren't using real login/password)
but mostly to test the full work (with authentication, etc.)
Do not clean fixtured to avoid SQLite to re-use id for entry tag relation 😓
Listing entries can now be filtered by “public”.
Creating or patching an entry can now set is to public or remove the public.
Entry response now include “is_public” boolean field
Instead of saving the value of each field right into the content without any validation, it seems better to validate them.
This might sounds obvious now we say that.
While creating a new user using the API, we also create a new client for the current user.
So the app which just create the user can use its newly created client to configure the app.
That new client is only return after creating the user.
When calling the endpoint /api/user to get user information, the new client information won’t be return.
When parsing content to retrieve images to save locally, we only check for the content-type of the image response.
In some case, that value is empty.
Now we’re also checking for the first few bytes of the content as an alternative to detect if it’s an image wallabag can handle.
We might get higher image supports using that alternative method.
I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.
I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
This commit also decouples the "import" and "update" functions inside
ContentProxy. If a content array is available, it must be passed to the
new importEntry method.
Objects are always passed by reference, so it doesn't make sense to
return an object which is passed by reference as it will always be the
same object. This change makes the code a bit more readable.
Entry API can now have these new fields:
- content
- language
- preview_picture
- published_at
Re-use the ContentProxy to be able to do the same using the web UI (in the future).
htmLawed is used to clean stuff from content, I hope it’ll be enough to avoid security breach.
Lower content validation when we want to update an entry with content already defined. Before, language & content_type were required. If there weren’t provided, we re-fetched the content using graby. I think these fields aren’t required for an entry to be created. So I removed them.
Which means some import from the v1 export won’t be re-fetched since they provide content, url & title.
Also, remove liberation link from Readability import to avoid overlaping import (from wallabag v1, which had the same link)
