| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
the method "assert_params_in_request" does handle dicts and not
requests. A request body has to be parsed to json before this method
can be used
|
|
|
|
|
|
|
| |
parse_integer and parse_string can take a request and raise errors
in case we have wrong or missing params.
This PR tries to use them more to deduplicate some code and make it
better readable
|
| |
|
|
|
|
| |
This was introduced in d7ea8c4 / PR #2728
|
|
|
|
| |
Collect together all the places that validate a logged-in user via UI auth.
|
|
|
|
|
| |
Instead of returning False when auth is incomplete, throw an exception which
can be caught with a wrapper.
|
|
|
|
| |
(otherwise there's no point in the UI auth)
|
| |
|
|
|
|
|
|
| |
(But this doesn't implement the same for deleting access tokens or e2e keys.
Also respond to code review.
|
| |
|
|
|
|
| |
This implements the proposal here https://docs.google.com/document/d/1C-25Gqz3TXy2jIAoeOKxpNtmme0jI4g3yFGqv5GlAAk for deleting multiple devices at once in a single request.
|
|
|
|
|
| |
Expose /devices, /keys, and /sendToDevice to guest users, so that they can use
E2E.
|
|
|
|
|
| |
We should probably return a 401 rather than a 400 for existing clients that
don't know they have to do the UIA dance to delete a device.
|
| |
|
|
|
|
| |
You can update the displayname of devices now.
|
| |
|
| |
|
|
implement a GET /devices endpoint which lists all of the user's devices.
It also returns the last IP where we saw that device, so there is some dancing
to fish that out of the user_ips table.
|