Commit graph

371 commits

Author SHA1 Message Date
Adrià Casajús
3a75686898
Generate a web session from an api key (#1224)
* Create a token to exchange for a cookie

* Added Route to exchange token for cookie

* add missing migration



Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-08-10 18:48:32 +02:00
Adrià Casajús
25fde11a86
Refactor alias suffix (#1194)
* Extract suffix generation and validation to a module

* Updated tests

* Make custom alias use signed suffixes

* Added the signature check to the module

* Fix invalid route

* Move more suffix related stuff

* Fix tests

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-27 17:40:22 +02:00
Adrià Casajús
06c1c7f2f7
Restrict the number of free alias for new free users (#1155)
* Restrict the number of free alias for new free users

* Fix test

* Make flag reverse

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-20 11:09:22 +02:00
Adrià Casajús
67be5ba050
Enforce int params in routes (#1159)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-15 17:10:00 +02:00
Adrià Casajús
aabcc8e72a
Feature: Add delete account route for the api (#1132)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-02 16:45:58 +02:00
Adrià Casajús
aac493ad2f
Update docs and error message for sudo route (#1117)
* Update docs and error message for sudo route

* Fix

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-28 14:40:06 +02:00
Adrià Casajús
de31e6d072
Allow to set sudo mode for api requests (#1108)
* Allow to set sudo mode for api requests

* Rebase migration on top of master

* PR comments

* Added missing migration

* Removed unused import

* Apply suggestions from code review

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-23 14:26:36 +02:00
Son Nguyen Kim
83d58c7bca
handle case empty latest_receipt_info (#1081) 2022-06-13 12:42:56 +02:00
Son Nguyen Kim
0afd414a66
use responseBody.Latest_receipt_info and not responseBody.Receipt.In_app (#1066)
https://developer.apple.com/documentation/appstorereceipts/responsebody/receipt/in_app
2022-06-10 15:50:09 +02:00
Adrià Casajús
5dde39eb37
Prevent free users from creating reverse-alias 2022-05-12 13:20:05 +02:00
Son
a2c477a816 support "enabled" param in /api/v2/aliases 2022-04-28 17:24:35 +02:00
Son
7b7cb0b571 prevent disabled user from using the api 2022-04-27 16:24:38 +02:00
Son
58b332b7bc add new parameter disabled in /GET /api/v2/aliases 2022-04-25 09:22:29 +02:00
Son
debed67c68 return whether a domain is custom or primary in GET /api/v5/alias/options 2022-04-14 17:28:40 +02:00
Adrià Casajús
2b149747f5
Also track login and register events from the api routes 2022-04-11 16:11:01 +02:00
Son Nguyen Kim
d561bae7dd
Merge pull request #864 from simple-login/ac/insecure-random
Replace using random with secrets for security purposes
2022-03-30 11:49:33 +07:00
Adrià Casajús
b15facb6e4
Use secrets instead of random 2022-03-29 18:40:52 +02:00
Adrià Casajús
c5b0f5304e
Format 2022-03-29 18:18:11 +02:00
Adrià Casajús
d6df5e0ea0
Add limiters to auth routes 2022-03-29 18:14:13 +02:00
Son
9dc7cff87f add rate limiting for /auth/mfa 2022-03-21 14:23:35 +01:00
Son
a662ef4aee remove g.deduct_limit in api auth endpoint 2022-03-21 14:23:20 +01:00
Son
4faf0d7636 optimize dashboard page: load custom domain using joinedload() instead of explicit join 2022-02-26 17:34:53 +01:00
Son
7da06ba424 return 422 if account not activated 2022-02-22 22:12:36 +01:00
Son
5b62f5a745 add rate limit to /auth/register 2022-02-07 18:45:41 +01:00
Son
4d1c4cfdff support pinned parameter in /api/v2/aliases 2022-02-03 11:16:49 +01:00
Son Nguyen Kim
89a800eed9
Merge pull request #753 from FozzieHi/totp-invalid-login-email
Invalid TOTP and recovery code email notifications
2022-01-24 18:35:52 +01:00
Son
5b7949f346 return title in /api/notifications 2022-01-24 15:20:59 +01:00
george
50122da0fe
Implement API notifications and use a function in email_utils 2022-01-20 17:42:11 +00:00
Son
b929dc5462 check if alias is not none 2022-01-18 09:40:50 +01:00
Son
0806f9243e return custom domain json in patch 2022-01-16 17:26:11 +01:00
Son
6cd8e45d21 return the default sender format (AT) in case user uses a non-supported sender format 2022-01-12 10:19:25 +01:00
Son
a0727435eb use warning level 2022-01-09 20:13:41 +01:00
Son
1bdae7fbe8 handle CannotCreateContactForReverseAlias when user creates a new contact 2022-01-07 10:47:36 +01:00
Son
9ff323c746 make sure to set custom_domain_id when creating a new alias 2022-01-06 15:29:37 +01:00
Son
b7e8324e5a move get_custom_domain() to alias_utils 2022-01-06 15:20:09 +01:00
Son
4d8c89105f GET /api/phone/reservations/:reservation_id 2022-01-04 16:22:41 +01:00
Son
61226545c2 handle the 2 consecutive dots in alias 2021-12-31 11:15:24 +01:00
Son
a6f5b755aa set apple_sub.product_id 2021-12-30 16:20:31 +01:00
Son
30ba566457 take into account _MACAPP_MONTHLY_PRODUCT_ID in verify_receipt 2021-12-30 16:15:33 +01:00
Son
f439e39580 cache smtp server and remove POSTFIX_PORT_FORWARD 2021-12-29 16:26:37 +01:00
Son
a270c72d60 add random_alias_suffix to settings api 2021-12-28 15:24:58 +01:00
Son
eec2880c41 fix case signed_suffix is None 2021-12-15 17:12:27 +01:00
Son
226ce9333c return error if invalid alias address 2021-12-02 16:17:41 +01:00
Son
b5c2d9ee2a fix custom domain not correctly set on /v2/alias/custom/new and /v3/alias/custom/new 2021-11-22 16:20:50 +01:00
Son
b2c31ef658 fix the pagination error display 2021-11-19 18:30:36 +01:00
Son
fdfa286d3e allow contact email to be case sensitive 2021-11-18 16:44:04 +01:00
Son
67377a0f22 do not show subdomains on the domain page 2021-11-17 11:52:33 +01:00
Son
6eb702870c handle the case alias is in trash 2021-11-17 10:56:43 +01:00
Son
abc074ea9b make sure password can't be longer than 100 chars 2021-11-16 19:41:05 +01:00
Son
416eafaeb9 use the first alias suffix when creating a new random alias 2021-11-12 11:04:00 +01:00