summary refs log tree commit diff
path: root/webclient (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-08-17Change get_users_in_room to using current stateErik Johnston1-2/+6
2016-08-17Add None check to _iterate_over_textErik Johnston1-1/+1
2016-08-17Change name of metricMatrix1-1/+1
2016-08-17Move Measure block inside loopErik Johnston1-9/+9
2016-08-17Clean up _ServiceQueuerErik Johnston2-32/+31
2016-08-17Remove dead appservice codeErik Johnston1-39/+2
2016-08-17Update unit testsErik Johnston1-0/+2
2016-08-17Measure notify_interested_servicesErik Johnston1-19/+22
2016-08-16Do it in storage functionErik Johnston2-1/+4
2016-08-16Don't update caches replication stream if tokens haven't advancedErik Johnston1-1/+1
2016-08-16Add lxml to jenkins-unittests.shErik Johnston1-0/+1
2016-08-16Flake8Erik Johnston1-4/+1
2016-08-16Fix up preview URL API. Add tests.Erik Johnston2-158/+275
This includes: - Splitting out methods of a class into stand alone functions, to make them easier to test. - Adding unit tests to split out functions, testing HTML -> preview. - Handle the fact that elements in lxml may have tail text.
2016-08-16Limit number of extremeties in backfill requestErik Johnston1-4/+5
This works around a bug where if we make a backfill request with too many extremeties it causes the request URI to be too long.
2016-08-16Use cached get_user_by_access_token in slavesErik Johnston3-2/+3
2016-08-15Refactor user_delete_access_tokens. Invalidate get_user_by_access_token to ↵Erik Johnston3-45/+39
slaves.
2016-08-15Doc get_next() context manager usageErik Johnston1-0/+4
2016-08-15Rename table. Add docs.Erik Johnston4-6/+16
2016-08-15Remove broken cache stuffErik Johnston2-21/+0
2016-08-15Use cached version of get_aliases_for_roomErik Johnston1-1/+1
2016-08-15Implement cache replication streamErik Johnston5-30/+92
2016-08-15Add some invalidations to a cache_streamErik Johnston7-31/+117
2016-08-15Always run txn.after_callbacksErik Johnston1-7/+8
2016-08-14Add missing database corruption recovery caseBenjamin Saunders1-1/+2
Signed-off-by: Benjamin Saunders <ben.e.saunders@gmail.com>
2016-08-14Log the value which is observed in the first place.Daniel Ehlers1-1/+1
The name 'result' is of bool type and has no len property, resulting in a TypeError. Futhermore in the flow control conn.response is observed and hence should be reported. Signed-off-by: Daniel Ehlers <sargon@toppoint.de>
2016-08-14Fix AttributeError when bind_dn is not defined.Daniel Ehlers1-1/+1
In case one does not define bind_dn in ldap configuration, filter attribute is not declared. Since auth code only uses ldap_filter attribute when according LDAP mode is selected, it is safe to only declare the attribute in that case. Signed-off-by: Daniel Ehlers <sargon@toppoint.de>
2016-08-12Make synchrotron accept /eventsErik Johnston5-18/+66
2016-08-12Dont invoke get_handlers fromClientV1RestServletErik Johnston9-1/+86
hs.get_handlers() can not be invoked from split out processes. Moving the invocations down a level means that we can slowly split out individual servlets.
2016-08-12Only process one local membership event per room at a timeErik Johnston1-1/+1
2016-08-11Synced up synchrotron set_state with PresenceHandler set_stateWill Hunt1-1/+1
2016-08-11Include prev_content in redacted state eventsErik Johnston1-0/+2
2016-08-10PEP8Erik Johnston1-1/+3
2016-08-10Clean up TransactionQueueErik Johnston4-221/+162
2016-08-10Don't stop on 4xx series errorsErik Johnston1-11/+1
2016-08-10Also check if server is in the roomErik Johnston1-2/+7
2016-08-10Also pull out rejected eventsErik Johnston1-1/+1
2016-08-10Correctly auth /event/ requestsErik Johnston1-5/+6
2016-08-10Only resign our own eventsErik Johnston1-9/+10
2016-08-10Don't change status_msg on /syncWill Hunt2-4/+7
2016-08-10Store if we fail to fetch an event from a destinationErik Johnston1-1/+36
2016-08-10Measure federation send transaction resourcesErik Johnston2-5/+21
2016-08-10Don't print stack traces when failing to get remote keysErik Johnston2-13/+19
2016-08-09/login: Respond with a 403 when we get an invalid m.login.tokenRichard van der Hoff1-3/+3
2016-08-08PEP8Richard van der Hoff1-0/+1
2016-08-08Clean up CAS login codeRichard van der Hoff1-125/+33
Remove some apparently unused code. Clean up parse_cas_response, mostly to catch the exception if the CAS response isn't valid XML.
2016-08-08Fix CAS loginRichard van der Hoff1-0/+1
Attempting to log in with CAS was giving a 500 error.
2016-08-08Fix login with m.login.tokenRichard van der Hoff4-32/+87
login with token (as used by CAS auth) was broken by 067596d, such that it always returned a 401.
2016-08-08Capatailize HTMLErik Johnston1-1/+1
2016-08-08Be bolderErik Johnston1-1/+1
2016-08-08Update changelogErik Johnston1-3/+7
2016-08-08Update changelogErik Johnston1-1/+1
2016-08-08Bump changelog and versionErik Johnston2-1/+16
2016-08-08Make psutil optionalErik Johnston3-6/+16
2016-08-05Fix a couple of python bugsErik Johnston1-6/+8
2016-08-05Retry joining via other servers if first one failedErik Johnston1-5/+16
2016-08-05Print newline after result in federation_client scriptErik Johnston1-0/+1
2016-08-05Add federation /version APIErik Johnston6-9/+25
2016-08-05Change the way we specify if we require auth or notErik Johnston1-40/+55
2016-08-05Raise 404 when couldn't find eventErik Johnston1-1/+1
2016-08-05Don't include html comments in descriptionErik Johnston1-1/+2
2016-08-05Update changelog v0.17.0-rc4Erik Johnston1-2/+2
2016-08-05Fix backfill auth eventsErik Johnston1-21/+50
2016-08-05Bump version and changelogErik Johnston2-1/+17
2016-08-05Fix typoErik Johnston1-1/+1
2016-08-05Check if we already have the events returned by /state/Erik Johnston1-2/+16
2016-08-05Delete more tablesErik Johnston1-0/+5
2016-08-05Fallback to /state/ on both 400 and 404Erik Johnston1-1/+1
2016-08-04Tweak integrity error recovery to work as intendedBenjamin Saunders2-1/+4
2016-08-04TypoErik Johnston1-1/+1
2016-08-04Test summarizationErik Johnston2-52/+193
2016-08-04Fix typoErik Johnston1-3/+4
2016-08-04Retry event persistence on IntegrityErrorErik Johnston1-4/+65
Due to a bug in the porting script some backfilled events were not correctly persisted, causing irrecoverable IntegrityErrors on future attempts to persist those events. This commit adds a retry mechanism invoked upon IntegrityError, where when retried the tables are purged for all references to the events being persisted.
2016-08-04Fix typos.Erik Johnston1-3/+3
2016-08-04Tidy up get_eventsErik Johnston1-12/+10
2016-08-04Factor out more common code from the jenkins scripts (#980)Mark Haines4-138/+44
* Factor out more common code from the jenkins scripts * Fix install_and_run path * Poke jenkins * Poke jenkins
2016-08-04Allow upgrading from old port_from_sqlite3 formatErik Johnston1-0/+21
2016-08-04Handle the fact that some tables have negative rowid rowsErik Johnston1-43/+111
2016-08-04keys/query: Omit device displayname if nullRichard van der Hoff1-3/+4
... which makes it more consistent with user displaynames.
2016-08-03Rename fields to _idsErik Johnston2-4/+4
2016-08-03Fix copy + paste failsErik Johnston2-6/+11
2016-08-03PEP8Richard van der Hoff2-12/+10
2016-08-03Include device name in /keys/query responseRichard van der Hoff3-20/+143
Add an 'unsigned' section which includes the device display name.
2016-08-03keys/query: return all users which were asked forRichard van der Hoff2-3/+52
In the situation where all of a user's devices get deleted, we want to indicate this to a client, so we want to return an empty dictionary, rather than nothing at all.
2016-08-03Actually call get_room_stateErik Johnston1-0/+4
2016-08-03Fix syntax errorErik Johnston1-1/+8
2016-08-03CommentErik Johnston1-0/+14
2016-08-03Add /state_ids federation APIErik Johnston4-3/+125
The new API only returns the event_ids for the state, as most requesters will already have the vast majority of the events already.
2016-08-03PEP8Richard van der Hoff1-1/+1
2016-08-03E2eKeysHandler: minor tweaksRichard van der Hoff1-5/+3
PR feedback
2016-08-03Print status code in federation_client.pyErik Johnston1-0/+1
2016-08-03Remove other bit of deduplicationErik Johnston1-19/+0
2016-08-03Default device_display_name to nullRichard van der Hoff4-5/+23
It turns out that it's more useful to return a null device display name (and let clients decide how to handle it: eg, falling back to device_id) than using a constant string like "unknown device".
2016-08-03Ensure we only persist an event once at a timeErik Johnston1-1/+18
2016-08-02Factor out some of the code shared between the sytest scripts (#974)Mark Haines6-69/+71
* Factor out some of the code shared between the different sytest jenkins scripts * Exclude jenkins from the MANIFEST * Fix dendron build * Missing new line * Poke jenkins * Export the PORT_BASE and PORT_COUNT * Poke jenkins
2016-08-02Don't infer paragrahs from newlinesErik Johnston1-2/+1
2016-08-02Comment on why we cloneErik Johnston1-0/+1
2016-08-02Spelling.Erik Johnston1-3/+3
2016-08-02Make it actually compileErik Johnston1-1/+1
2016-08-02Change the way we summarize URLsErik Johnston1-11/+67
Using XPath is slow on some machines (for unknown reasons), so use a different approach to get a list of text nodes. Try to generate a summary that respect paragraph and then word boundaries, adding ellipses when appropriate.
2016-08-02E2E keys: Make federation query share code with client queryRichard van der Hoff3-47/+92
Refactor the e2e query handler to separate out the local query, and then make the federation handler use it.
2016-08-02Bump version and changelog v0.17.0-rc3Erik Johnston2-2/+8
2016-08-02Don't double wrap 200Erik Johnston1-2/+2
2016-08-02Fix response cacheErik Johnston1-1/+1
2016-08-02Typo v0.17.0-rc2Erik Johnston1-1/+1
2016-08-02Change wordingErik Johnston1-2/+2
2016-08-02Bump changeog and versionErik Johnston2-1/+18
2016-08-02Print authorization header for federation_client.pyErik Johnston1-5/+6
2016-08-02Change default jenkins port base and countErik Johnston3-6/+7
2016-08-01Move e2e query logic into a handlerRichard van der Hoff4-60/+102
2016-08-01missing --upgradeMatthew Hodgson1-1/+1
2016-07-31Ignore AlreadyCalled errors on timer cancelErik Johnston2-3/+16
2016-07-29Fix adding emails on registrationDavid Baker1-9/+7
Synapse was not adding email addresses to accounts registered with an email address, due to too many different variables called 'result'. Rename both of them. Also remove the defer.returnValue() with no params because that's not a thing.
2016-07-29Make jenkins dendron test federation read apisErik Johnston1-0/+1
2016-07-29Mention that func will fetch auth eventsErik Johnston1-0/+2
2016-07-29Update docstringErik Johnston1-0/+6
2016-07-29Fix SQL to supply arguments in the same orderMark Haines1-1/+1
2016-07-28Create separate methods for getting messages to pushMark Haines5-51/+204
for the email and http pushers rather than trying to make a single method that will work with their conflicting requirements. The http pusher needs to get the messages in ascending stream order, and doesn't want to miss a message. The email pusher needs to get the messages in descending timestamp order, and doesn't mind if it misses messages.
2016-07-28Add destination retry to slave storeErik Johnston2-0/+32
2016-07-28Add slace storage functions for public room listErik Johnston3-0/+48
2016-07-28Comment get_unread_push_actions_for_user_in_range functionKegan Dougal1-2/+26
2016-07-28Add get_auth_chain to slave storeErik Johnston1-0/+4
2016-07-28Handle the case of missing auth events when joining a roomErik Johnston1-4/+23
2016-07-28Add more key storage funcs into slave storeErik Johnston2-24/+26
2016-07-28Use correct pathErik Johnston1-1/+1
2016-07-28Add some basic admin API docsErik Johnston3-0/+46
2016-07-28Add authors to changelog v0.17.0-rc1Erik Johnston1-4/+5
2016-07-28Update changelogErik Johnston1-0/+4
2016-07-28Fix retry utils to check if the exception is a subclass of CMEMark Haines1-1/+1
2016-07-28Bump version and changelogErik Johnston2-3/+6
2016-07-28Don't include name of room for invites in pushDavid Baker1-1/+4
Avoids insane pushes like, "Bob invited you to invite from Bob"
2016-07-28Add r0.1.0 to the "supported versions" listRichard van der Hoff1-0/+1
2016-07-28TypoDavid Baker1-1/+1
2016-07-28Add r0.2.0 to the "supported versions" listRichard van der Hoff1-1/+4
2016-07-273PID defined on first mentionevelynmitchell1-2/+2
2016-07-27Forbid non-ASes from registering users whose names begin with '_' (SYN-738)Paul "LeoNerd" Evans1-0/+7
2016-07-27Bump CHANGES and versionErik Johnston2-1/+57
2016-07-27key upload tweaksRichard van der Hoff1-7/+5
1. Add v2_alpha URL back in, since things seem to be using it. 2. Don't reject the request if the device_id in the upload request fails to match that in the access_token.
2016-07-27Clean up verify_json_objects_for_serverMark Haines1-68/+75
2016-07-27SQL syntax fixRichard van der Hoff1-1/+1
2016-07-27Delete e2e keys on device deleteRichard van der Hoff3-4/+28
2016-07-26Make the device id on e2e key upload optionalRichard van der Hoff2-12/+54
We should now be able to get our device_id from the access_token, so the device_id on the upload request is optional. Where it is supplied, we should check that it matches. For active access_tokens without an associated device_id, we ought to register the device in the devices table. Also update the table on upgrade so that all of the existing e2e keys are associated with real devices.
2016-07-26Add a couple more checks to the keyringMark Haines1-2/+9
2016-07-26Fix a couple of bugs in the transaction and keyring codeMark Haines2-9/+11
2016-07-26Add `create_requester` functionRichard van der Hoff11-75/+101
Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout
2016-07-26Check if the user is banned when handling 3pid invitesMark Haines1-0/+4
2016-07-26Fix typoRichard van der Hoff1-1/+1
2016-07-26Fix flake8 violationRichard van der Hoff1-5/+3
Apparently flake8 v3 puts the error on a different line to v2. Easiest way to make sure that happens is by putting the whole statement on one line :)
2016-07-26Fix flake8 configurationRichard van der Hoff1-4/+2
Apparently flake8 v3 doesn't like trailing comments on config settings. Also remove the pep8 config, which didn't work (because it was missing W503) and duplicated the flake8 config. We don't use pep8 on its own, so the config was duplicative.
2016-07-26Delete refresh tokens when deleting devicesRichard van der Hoff3-15/+83
2016-07-26Fix how push_actions are redacted.Mark Haines1-8/+10
2016-07-26Don't add rejected events if we've seen them befrore. Add some comments to ↵Mark Haines1-5/+48
explain what the code is doing mechanically
2016-07-26federation doesn't work over ipv6 yet thanks to twistedMatthew Hodgson1-1/+1
2016-07-26typoMatthew Hodgson1-1/+1
2016-07-26Implement updating devicesRichard van der Hoff5-8/+119
You can update the displayname of devices now.
2016-07-26Implement deleting devicesRichard van der Hoff11-21/+176
2016-07-25Only update the events and event_json tables for rejected eventsMark Haines2-52/+63
2016-07-25Log when adding listenersRichard van der Hoff1-0/+1
2016-07-25Don't add the events to forward extremities if the event is rejectedMark Haines1-3/+6
2016-07-25Don't add rejections to the state_group, persist all rejectionsMark Haines2-5/+6
2016-07-25fix: defer.returnValue takes one argumentMark Haines1-1/+1
2016-07-25background updates: fix assert againRichard van der Hoff1-1/+1
2016-07-25background updates: Fix assertion to do somethingRichard van der Hoff1-2/+2
2016-07-25PEP8Richard van der Hoff1-1/+1
2016-07-25Slightly saner logging for unittestsRichard van der Hoff1-4/+7
1. Give the handler used for logging in unit tests a formatter, so that the output is slightly more meaningful 2. Log some synapse.storage stuff, because it's useful.
2016-07-25Fix background_update testsRichard van der Hoff2-13/+36
A bit of a cleanup for background_updates, and make sure that the real background updates have run before we start the unit tests, so that they don't interfere with the tests.
2016-07-22Use get to avoid KeyErrorsDavid Baker1-1/+1
2016-07-22Log the hostname the reCAPTCHA was completed onDavid Baker1-2/+11
This could be useful information to have in the logs. Also comment about how & why we don't verify the hostname.
2016-07-22PEP8Richard van der Hoff1-1/+0
2016-07-22Create index on user_ips in the backgroundRichard van der Hoff3-12/+80
user_ips is kinda big, so really we want to add the index in the background once we're running. Replace the schema delta with one which will do that. I've done this in a way that's reasonably easy to reuse as there a few other indexes I need, and I don't suppose they will be the last.
2016-07-21Cache getPeerErik Johnston1-2/+5
2016-07-21Split out a FederationReader processErik Johnston4-0/+238
2016-07-21make /devices return a listRichard van der Hoff2-9/+12
Turns out I specced this to return a list of devices rather than a dict of them
2016-07-21Fix PEP8 errorsRichard van der Hoff2-1/+2
2016-07-21Implement GET /device/{deviceId}Richard van der Hoff3-19/+89
2016-07-21storage/client_ips: remove some dead codeRichard van der Hoff1-3/+0
2016-07-21Set host not pathErik Johnston1-1/+1
2016-07-21Preserve device_id from first call to /registerRichard van der Hoff1-11/+10
device_id may only be passed in the first call to /register, so make sure we fish it out of the register `params` rather than the body of the final call.
2016-07-21Send the correct host header when fetching keysErik Johnston1-3/+6
2016-07-21Cache federation state responsesErik Johnston5-32/+60
2016-07-20Fix PEP8 errorsRichard van der Hoff2-3/+1
2016-07-20Don't explode if we have no snapshots yetErik Johnston1-0/+3
2016-07-20GET /devices endpointRichard van der Hoff10-17/+397
implement a GET /devices endpoint which lists all of the user's devices. It also returns the last IP where we saw that device, so there is some dancing to fish that out of the user_ips table.
2016-07-20Record device_id in client_ipsRichard van der Hoff3-8/+34
Record the device_id when we add a client ip; it's somewhat redundant as we could get it via the access_token, but it will make querying rather easier.
2016-07-20More doc-commentsRichard van der Hoff2-10/+14
Fix some more comments on some things
2016-07-20Register a device_id in the /v2/register flow.Richard van der Hoff2-18/+49
This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit.
2016-07-20Make jenkins install deps on unit testsErik Johnston1-0/+4
2016-07-20Add metrics for psutil derived memory usageErik Johnston4-1/+50
2016-07-20Don't notify pusher pool for backfilled eventsErik Johnston1-5/+6
2016-07-20CommentErik Johnston1-0/+4
2016-07-19MANIFEST.in: Add *.pyiRichard van der Hoff1-0/+1
2016-07-19Type annotationsRichard van der Hoff6-0/+46
Add some type annotations to help PyCharm (in particular) to figure out the types of a bunch of things.
2016-07-19Further registration refactoringRichard van der Hoff5-22/+57
* `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change.
2016-07-19Don't bind email unless threepid contains expected fieldsRichard van der Hoff1-28/+25
2016-07-19rest/client/v2_alpha/register.py: Refactor flow somewhat.Richard van der Hoff2-76/+104
This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful.
2016-07-19schema fixRichard van der Hoff1-1/+1
device_id should be text, not bigint.
2016-07-19Summary lineMark Haines1-2/+1
2016-07-19Update docstring on Handlers.Mark Haines1-3/+15
To indicate it is deprecated.
2016-07-18Add device_id support to /loginRichard van der Hoff12-31/+354
Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed.
2016-07-18Refactor login flowRichard van der Hoff2-65/+82
Make sure that we have the canonical user_id *before* calling get_login_tuple_for_user_id. Replace login_with_password with a method which just validates the password, and have the caller call get_login_tuple_for_user_id. This brings the password flow into line with the other flows, and will give us a place to register the device_id if necessary.
2016-07-18Fix a doc-commentRichard van der Hoff1-1/+1
The `store` in a handler is a generic DataStore, not just an events.StateStore.
2016-07-16Use body.get to check for 'user'Will Hunt1-2/+1
2016-07-16Fall back to 'username' if 'user' is not given for appservice reg.Will Hunt1-3/+5
2016-07-15Fix 500 ISE when sending alias event without a state_keyMark Haines1-0/+5
2016-07-15Fix /purge_history bugErik Johnston1-19/+15
This was caused by trying to insert duplicate backward extremeties
2016-07-15Pull out min stream_ordering from ex_outlier_streamErik Johnston1-1/+2
2016-07-15event_backwards_extremeties may not be emptyErik Johnston1-1/+11
2016-07-15CommentErik Johnston2-0/+6
2016-07-14Check sender signed eventErik Johnston3-6/+12
2016-07-14Add filter param to /messages APIErik Johnston4-11/+29
2016-07-14Add support for filters in paginate_room_eventsErik Johnston1-1/+51
2016-07-14Add 'contains_url' to filterErik Johnston1-3/+20
2016-07-14Add sender and contains_url field to events tableErik Johnston2-0/+142
2016-07-14Add hs objectErik Johnston1-0/+1
2016-07-14Only accept password authErik Johnston1-12/+0
2016-07-14Add an /account/deactivate endpointErik Johnston1-0/+55
2016-07-13Bug fix: expire invalid access tokensNegar Fazeli6-9/+42
2016-07-13Check if alias event's state_key matches sender's domainErik Johnston1-0/+11
2016-07-13Check creation event's room_id domain matches sender'sErik Johnston1-0/+7
2016-07-12be more pythonicDavid Baker1-1/+1
2016-07-12on_OPTIONS isn't neccessaryDavid Baker2-10/+1
2016-07-12Remove other debug loggingDavid Baker1-2/+0
2016-07-11Separate out requestTokens to separate handlersDavid Baker2-65/+93
2016-07-11Oops, remove debug loggingDavid Baker1-4/+0
2016-07-08Implement https://github.com/matrix-org/matrix-doc/pull/346/filesDavid Baker2-0/+60
2016-07-08Add a comment explaining allow_noneMark Haines1-0/+2
2016-07-08Ensure that the guest user is in the database when upgrading accountsMark Haines1-0/+13
2016-07-07Bump version and changelogErik Johnston2-1/+9
2016-07-07Fix bug where we did not correctly explode when multiple user_ids were set ↵Erik Johnston1-5/+10
in macaroon
2016-07-07CommentErik Johnston1-0/+3
2016-07-07Return 400 rather than 500Erik Johnston1-1/+4
2016-07-06Add rest servlet. Fix SQL.Erik Johnston2-5/+5
2016-07-06Check that there are no null bytes in user and passswordErik Johnston1-0/+6
2016-07-06Add null separator to hmacErik Johnston2-0/+4
2016-07-06Update password config commentKent Shikama1-1/+1
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-06Update hash_password scriptKent Shikama1-1/+17
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-05Remove spurious txnErik Johnston1-9/+0
2016-07-05Fix for postgresErik Johnston1-2/+2
2016-07-05Add an admin option to shared secret registrationErik Johnston4-27/+58
2016-07-05Protect password when registering using shared secretErik Johnston2-7/+15
2016-07-05Add ReadWriteLock for pagination and history pruneErik Johnston2-36/+38
2016-07-05Add ReadWriteLockErik Johnston2-0/+167
2016-07-05Fix typoMark Haines1-1/+1
2016-07-05Make get_events_around more efficient on sqlite3Mark Haines1-13/+49
2016-07-05Remove default password pepper stringKent Shikama1-2/+1
2016-07-05Fix password configKent Shikama2-3/+3
2016-07-05Fix pep8Kent Shikama2-2/+3
2016-07-05Add comment to prompt changing of pepperKent Shikama1-0/+1
2016-07-05Use true/false for boolean parameter inclusive to avoid potential for sqli, ↵Mark Haines2-5/+7
and possibly make the code clearer
2016-07-05Add purge_history APIErik Johnston4-1/+38
2016-07-04Use different SQL for postgres and sqlite3 for when using multicolumn indexesMark Haines2-59/+59