only restrict pw length in django and check it in frontend via js

README.md

@@ -3,7 +3,7 @@
 Clipster is a multi platform cloud clipboard:  
 Copy a text on your smartphone and paste it on your desktop, or vice versa.  
 Easy, secure, open source.  
-Supports Android, Linux, MacOS and Windows.  
+Supports Android, Linux, MacOS, Windows and all browsers.  
 
 This package allows you to set up your own Linux server including a web front-end.  
 For the mobile client see [Clipster-Android](https://github.com/mc51/Clipster-Android).  

clipster/views.py

@@ -44,36 +44,28 @@ def post(self, request):
 
 class CopyPaste(APIView):
     """
-    Create new Clip or return last Clip
+    Create new Clip or return all Clips
     """
 
     permission_classes = (permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly)
     throttle_classes = (AnonRateThrottle, UserRateThrottle)
 
-    def get_last_clip(self, user):
-        # Get last clip
-        try:
-            return Clip.objects.filter(user=user).last()
-        except Clip.DoesNotExist:
-            raise Http404
-
-    def get_clips(self, user):
-        # Get all clips
+    def get_all_clips(self, user):
         try:
             return Clip.objects.filter(user=user)
         except Clip.DoesNotExist:
             raise Http404
 
     def post(self, request):
-        # Create new Clip and save
+        # Create new Clip and save if valid
         serializer = ClipSerializer(data=request.data)
         if serializer.is_valid():
             serializer.save(user=request.user)
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
     def get(self, request):
-        clips = self.get_clips(request.user)
+        clips = self.get_all_clips(request.user)
         serializer = ClipSerializer(clips, many=True)
         return Response(serializer.data)
 
@@ -103,7 +95,7 @@ def post(self, request):
                 raw_password = form.cleaned_data.get("password1")
                 user = authenticate(username=username, password=raw_password)
                 login(request, user)
-                return redirect("list_clips")
+                return redirect("list_clips_frontend")
             else:
                 return Response(
                     {"error": ["Error"], "form": form},
@@ -156,7 +148,7 @@ def post(self, request):
         form = ShareClipForm(request.POST)
         if form.is_valid():
             form.save()
-            return redirect("list_clips")
+            return redirect("list_clips_frontend")
         else:
             return Response(
                 {"error": ["Error"], "form": form},

server/settings.py

@@ -18,15 +18,15 @@
 MAX_CLIPS_PER_USER = 5
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = None
+SECRET_KEY = "sfsdfsdfsdfsdfsdfdsfsdfdsf"
 if not SECRET_KEY:
     print(
         "ERROR: You must specify a secret key. Edit server/settings.py and set a key there."
     )
     sys.exit(1)
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = False
+DEBUG = True
 
 # Add your domain / ip to the allowed hosts
 # "*" allows all !
@@ -77,12 +77,12 @@
 
 # Password validation
 AUTH_PASSWORD_VALIDATORS = [
-    {
-        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
-    },
+    # {
+    #     "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+    # },
     {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",},
-    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",},
-    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",},
+    # {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",},
+    # {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",},
 ]
 
 

server/staticfiles/crypto/crypto_form.js

@@ -5,6 +5,7 @@
 
 const HASH_ITER_LOGIN = 20000;
 const HASH_ITER_MSG = 10000;
+const MIN_PW_LENGTH = 8;
 
 const API_USER_VERIFY = "/verify-user/";
 
@@ -44,6 +45,11 @@ function pwToHashRegister(event) {
         return true;
     }
 
+    if (password1.length < MIN_PW_LENGTH) {
+        console.log("Password is too short!")
+        return true;
+    }
+
     var b64Key = pwToHashForAuth(username, password);
 
     console.log("PW Hash: " + b64Key);

server/templates/rest_framework/share_clip.html

@@ -56,7 +56,7 @@
             </div>
         </form>
     </div>
-    <p style="text-align: center;"><a href="{% url 'list_clips' %}">Want to list your shared clips?</a></p>
+    <p style="text-align: center;"><a href="{% url 'list_clips_frontend' %}">Want to list your shared clips?</a></p>
 
 </div>
 

server/urls.py

@@ -20,10 +20,10 @@
 
 urlpatterns = [
     url(r"^admin/", admin.site.urls),
-    url(r"^$|^accounts/profile/", cb.ListClip.as_view(), name="list_clips"),
-    url(r"^copy-paste/", cb.CopyPaste.as_view(), name="copy_paste"),
+    url(r"^$|^accounts/profile/", cb.ListClip.as_view(), name="list_clips_frontend"),
+    url(r"^share-clip/", cb.ShareClip.as_view(), name="share_clip"),
     url(r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")),
+    url(r"^copy-paste/", cb.CopyPaste.as_view(), name="copy_paste"),
     url(r"^register/", cb.UserRegister.as_view(), name="register"),
     url(r"^verify-user/", cb.UserVerify.as_view(), name="verify"),
-    url(r"^share-clip/", cb.ShareClip.as_view(), name="share_clip"),
 ]

setup.py

@@ -2,7 +2,7 @@
 
 setup(
     name="clipster-server",
-    version="0.4.1",
+    version="0.4.2",
     description="Multi Platform Cloud Clipboard - Linux Server",
     url="http://github.com/mc51/Clipster-Server",
     author="MC51",