Bump version

Co-authored-by: Sascha Ißbrücker <sascha.issbruecker@gmail.com>

.dockerignore

@@ -8,6 +8,7 @@
 /static
 /build
 /out
+/.git
 
 /.dockerignore
 /.gitignore

CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## v1.8.6 (25/03/2022)
+- [bug] fix bookmark access restrictions
+- [bug] prevent external redirects
+- [chore] bump dependencies
+---
+
+## v1.8.5 (13/12/2021)
+- [**bug**] Ensure tag names do not contain spaces [#182](https://github.com/sissbruecker/linkding/issues/182)
+- [**bug**] Consider not copying whole GIT repository to Docker image [#174](https://github.com/sissbruecker/linkding/issues/174)
+- [**enhancement**] Make bookmarks count column in admin sortable [#183](https://github.com/sissbruecker/linkding/pull/183)
+
+---
+
+## v1.8.4 (16/10/2021)
+- [**enhancement**] Allow non-admin users to change their password [#166](https://github.com/sissbruecker/linkding/issues/166)
+
+---
+
+## v1.8.3 (03/10/2021)
+- [**enhancement**] Enhancement: let user configure to open links in same tab instead on a new window/tab [#27](https://github.com/sissbruecker/linkding/issues/27)
+
+---
+
+## v1.8.2 (02/10/2021)
+- [**bug**] Fix jumping search box [#163](https://github.com/sissbruecker/linkding/pull/163)
+---
+
 ## v1.8.1 (01/10/2021)
 - [**enhancement**] Add global shortcut for search [#161](https://github.com/sissbruecker/linkding/pull/161)
   - allows to press `s` to focus the search input

README.md

@@ -169,3 +169,4 @@ The frontend is now available under http://localhost:8000
 ## Community
 
 - [linkding-extension](https://github.com/jeroenpardon/linkding-extension) Chromium compatible extension that wraps the linkding bookmarklet. Tested with Chrome, Edge, Brave. By [jeroenpardon](https://github.com/jeroenpardon)
+- [linkding-injector](https://github.com/Fivefold/linkding-injector) Injects search results from linkding into the sidebar of search pages like google and duckduckgo. Tested with Firefox and Chrome. By [Fivefold](https://github.com/Fivefold)

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.8.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please send a mail to: 588ex5zl8@mozmail.com
+
+I'll try to get back to you as soon as possible.

bookmarks/admin.py

@@ -58,6 +58,8 @@ class AdminTag(admin.ModelAdmin):
 
     def bookmarks_count(self, obj):
         return obj.bookmarks_count
+    
+    bookmarks_count.admin_order_field = 'bookmarks_count'
 
     def delete_unused_tags(self, request, queryset: QuerySet):
         unused_tags = queryset.filter(bookmark__isnull=True)

bookmarks/api/serializers.py

@@ -41,14 +41,14 @@ class BookmarkSerializer(serializers.ModelSerializer):
         bookmark.url = validated_data['url']
         bookmark.title = validated_data['title']
         bookmark.description = validated_data['description']
-        tag_string = build_tag_string(validated_data['tag_names'], ' ')
+        tag_string = build_tag_string(validated_data['tag_names'])
         return create_bookmark(bookmark, tag_string, self.context['user'])
 
     def update(self, instance: Bookmark, validated_data):
         instance.url = validated_data['url']
         instance.title = validated_data['title']
         instance.description = validated_data['description']
-        tag_string = build_tag_string(validated_data['tag_names'], ' ')
+        tag_string = build_tag_string(validated_data['tag_names'])
         return update_bookmark(instance, tag_string, self.context['user'])
 
 

bookmarks/migrations/0010_userprofile_bookmark_link_target.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.6 on 2021-10-03 06:35
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('bookmarks', '0009_bookmark_web_archive_snapshot_url'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='userprofile',
+            name='bookmark_link_target',
+            field=models.CharField(choices=[('_blank', 'New page'), ('_self', 'Same page')], default='_blank', max_length=10),
+        ),
+    ]

bookmarks/models.py

@@ -20,11 +20,19 @@ class Tag(models.Model):
         return self.name
 
 
+def sanitize_tag_name(tag_name: str):
+    # strip leading/trailing spaces
+    # replace inner spaces with replacement char
+    return tag_name.strip().replace(' ', '-')
+
+
 def parse_tag_string(tag_string: str, delimiter: str = ','):
     if not tag_string:
         return []
     names = tag_string.strip().split(delimiter)
-    names = [name.strip() for name in names if name]
+    # remove empty names, sanitize remaining names
+    names = [sanitize_tag_name(name) for name in names if name]
+    # remove duplicates
     names = unique(names, str.lower)
     names.sort(key=str.lower)
 
@@ -91,12 +99,10 @@ class BookmarkForm(forms.ModelForm):
                                   widget=forms.Textarea())
     # Hidden field that determines whether to close window/tab after saving the bookmark
     auto_close = forms.CharField(required=False)
-    # Hidden field that determines where to redirect after saving the form
-    return_url = forms.CharField(required=False)
 
     class Meta:
         model = Bookmark
-        fields = ['url', 'tag_string', 'title', 'description', 'auto_close', 'return_url']
+        fields = ['url', 'tag_string', 'title', 'description', 'auto_close']
 
 
 class UserProfile(models.Model):
@@ -116,16 +122,24 @@ class UserProfile(models.Model):
         (BOOKMARK_DATE_DISPLAY_ABSOLUTE, 'Absolute'),
         (BOOKMARK_DATE_DISPLAY_HIDDEN, 'Hidden'),
     ]
+    BOOKMARK_LINK_TARGET_BLANK = '_blank'
+    BOOKMARK_LINK_TARGET_SELF = '_self'
+    BOOKMARK_LINK_TARGET_CHOICES = [
+        (BOOKMARK_LINK_TARGET_BLANK, 'New page'),
+        (BOOKMARK_LINK_TARGET_SELF, 'Same page'),
+    ]
     user = models.OneToOneField(get_user_model(), related_name='profile', on_delete=models.CASCADE)
     theme = models.CharField(max_length=10, choices=THEME_CHOICES, blank=False, default=THEME_AUTO)
     bookmark_date_display = models.CharField(max_length=10, choices=BOOKMARK_DATE_DISPLAY_CHOICES, blank=False,
                                              default=BOOKMARK_DATE_DISPLAY_RELATIVE)
+    bookmark_link_target = models.CharField(max_length=10, choices=BOOKMARK_LINK_TARGET_CHOICES, blank=False,
+                                            default=BOOKMARK_LINK_TARGET_BLANK)
 
 
 class UserProfileForm(forms.ModelForm):
     class Meta:
         model = UserProfile
-        fields = ['theme', 'bookmark_date_display']
+        fields = ['theme', 'bookmark_date_display', 'bookmark_link_target']
 
 
 @receiver(post_save, sender=get_user_model())

bookmarks/services/bookmarks.py

@@ -90,7 +90,7 @@ def delete_bookmarks(bookmark_ids: [Union[int, str]], current_user: User):
 def tag_bookmarks(bookmark_ids: [Union[int, str]], tag_string: str, current_user: User):
     sanitized_bookmark_ids = _sanitize_id_list(bookmark_ids)
     bookmarks = Bookmark.objects.filter(owner=current_user, id__in=sanitized_bookmark_ids)
-    tag_names = parse_tag_string(tag_string, ' ')
+    tag_names = parse_tag_string(tag_string)
     tags = get_or_create_tags(tag_names, current_user)
 
     for bookmark in bookmarks:
@@ -103,7 +103,7 @@ def tag_bookmarks(bookmark_ids: [Union[int, str]], tag_string: str, current_user
 def untag_bookmarks(bookmark_ids: [Union[int, str]], tag_string: str, current_user: User):
     sanitized_bookmark_ids = _sanitize_id_list(bookmark_ids)
     bookmarks = Bookmark.objects.filter(owner=current_user, id__in=sanitized_bookmark_ids)
-    tag_names = parse_tag_string(tag_string, ' ')
+    tag_names = parse_tag_string(tag_string)
     tags = get_or_create_tags(tag_names, current_user)
 
     for bookmark in bookmarks:
@@ -125,7 +125,7 @@ def _update_website_metadata(bookmark: Bookmark):
 
 
 def _update_bookmark_tags(bookmark: Bookmark, tag_string: str, user: User):
-    tag_names = parse_tag_string(tag_string, ' ')
+    tag_names = parse_tag_string(tag_string)
     tags = get_or_create_tags(tag_names, user)
     bookmark.tags.set(tags)
 

bookmarks/templates/bookmarks/archive.html

@@ -26,7 +26,7 @@
                 {% if empty %}
                     {% include 'bookmarks/empty_bookmarks.html' %}
                 {% else %}
-                    {% bookmark_list bookmarks return_url %}
+                    {% bookmark_list bookmarks return_url link_target %}
                 {% endif %}
             </form>
         </section>

bookmarks/templates/bookmarks/bookmark_list.html

@@ -9,7 +9,7 @@
                 <i class="form-icon"></i>
             </label>
             <div class="title truncate">
-                <a href="{{ bookmark.url }}" target="_blank" rel="noopener">{{ bookmark.resolved_title }}</a>
+                <a href="{{ bookmark.url }}" target="{{ link_target }}" rel="noopener">{{ bookmark.resolved_title }}</a>
             </div>
             <div class="description truncate">
                 {% if bookmark.tag_names %}
@@ -30,7 +30,7 @@
                     <span class="date-label text-gray text-sm">
                         {% if bookmark.web_archive_snapshot_url %}
                         <a href="{{ bookmark.web_archive_snapshot_url }}"
-                           title="Show snapshot on web archive" target="_blank" rel="noopener">
+                           title="Show snapshot on web archive" target="{{ link_target }}" rel="noopener">
                         {% endif %}
                         <span>{{ bookmark.date_added|humanize_relative_date }}</span>
                         {% if bookmark.web_archive_snapshot_url %}
@@ -44,7 +44,7 @@
                     <span class="date-label text-gray text-sm">
                         {% if bookmark.web_archive_snapshot_url %}
                         <a href="{{ bookmark.web_archive_snapshot_url }}"
-                           title="Show snapshot on web archive" target="_blank" rel="noopener">
+                           title="Show snapshot on web archive" target="{{ link_target }}" rel="noopener">
                         {% endif %}
                         <span>{{ bookmark.date_added|humanize_absolute_date }}</span>
                         {% if bookmark.web_archive_snapshot_url %}

bookmarks/templates/bookmarks/edit.html

@@ -7,7 +7,7 @@
             <div class="content-area-header">
                 <h2>Edit bookmark</h2>
             </div>
-            <form action="{% url 'bookmarks:edit' bookmark_id %}" method="post" class="col-6 col-md-12" novalidate>
+            <form action="{% url 'bookmarks:edit' bookmark_id %}?return_url={{ return_url|urlencode }}" method="post" class="col-6 col-md-12" novalidate>
                 {% bookmark_form form return_url bookmark_id %}
             </form>
         </section>

bookmarks/templates/bookmarks/form.html

@@ -4,7 +4,6 @@
 <div class="bookmarks-form">
     {% csrf_token %}
     {{ form.auto_close|attr:"type:hidden" }}
-    {{ form.return_url|attr:"type:hidden" }}
     <div class="form-group {% if form.url.errors %}has-error{% endif %}">
         <label for="{{ form.url.id_for_label }}" class="form-label">URL</label>
         {{ form.url|add_class:"form-input"|attr:"autofocus"|attr:"placeholder: " }}

bookmarks/templates/bookmarks/index.html

@@ -26,7 +26,7 @@
                 {% if empty %}
                     {% include 'bookmarks/empty_bookmarks.html' %}
                 {% else %}
-                    {% bookmark_list bookmarks return_url %}
+                    {% bookmark_list bookmarks return_url link_target %}
                 {% endif %}
             </form>
         </section>

bookmarks/templates/registration/password_change_done.html

@@ -0,0 +1,21 @@
+{% extends 'bookmarks/layout.html' %}
+{% load widget_tweaks %}
+
+{% block title %}Password changed{% endblock %}
+
+{% block content %}
+
+    <div class="auth-page">
+        <div class="columns">
+            <section class="content-area column col-5 col-md-12">
+                <div class="content-area-header">
+                    <h2>Password Changed</h2>
+                </div>
+                <p class="text-success">
+                    Your password was changed successfully.
+                </p>
+            </section>
+        </div>
+    </div>
+
+{% endblock %}

bookmarks/templates/registration/password_change_form.html

@@ -0,0 +1,55 @@
+{% extends 'bookmarks/layout.html' %}
+{% load widget_tweaks %}
+
+{% block title %}Change Password{% endblock %}
+
+{% block content %}
+
+    <div class="auth-page">
+        <div class="columns">
+            <section class="content-area column col-5 col-md-12">
+                <div class="content-area-header">
+                    <h2>Change Password</h2>
+                </div>
+                <form method="post" action="{% url 'change_password' %}">
+                    {% csrf_token %}
+                    <div class="form-group {% if form.old_password.errors %}has-error{% endif %}">
+                        <label class="form-label" for="{{ form.old_password.id_for_label }}">Old password</label>
+                        {{ form.old_password|add_class:'form-input'|attr:"placeholder: " }}
+                        {% if form.old_password.errors %}
+                            <div class="form-input-hint">
+                                {{ form.old_password.errors }}
+                            </div>
+                        {% endif %}
+                    </div>
+                    <div class="form-group {% if form.new_password1.errors %}has-error{% endif %}">
+                        <label class="form-label" for="{{ form.new_password1.id_for_label }}">New password</label>
+                        {{ form.new_password1|add_class:'form-input'|attr:"placeholder: " }}
+                        {% if form.new_password1.errors %}
+                            <div class="form-input-hint">
+                                {{ form.new_password1.errors }}
+                            </div>
+                        {% endif %}
+                    </div>
+                    <div class="form-group {% if form.new_password2.errors %}has-error{% endif %}">
+                        <label class="form-label" for="{{ form.new_password2.id_for_label }}">Confirm new password</label>
+                        {{ form.new_password2|add_class:'form-input'|attr:"placeholder: " }}
+                        {% if form.new_password2.errors %}
+                            <div class="form-input-hint">
+                                {{ form.new_password2.errors }}
+                            </div>
+                        {% endif %}
+                    </div>
+
+                    <br/>
+                    <div class="columns">
+                        <div class="column col-3">
+                            <input type="submit" value="Change Password" class="btn btn-primary">
+                        </div>
+                    </div>
+                </form>
+            </section>
+        </div>
+    </div>
+
+{% endblock %}

bookmarks/templates/settings/api.html

@@ -1,25 +0,0 @@
-{% extends "bookmarks/layout.html" %}
-
-{% block content %}
-    <div class="settings-page">
-
-        {% include 'settings/nav.html' %}
-
-        <section class="content-area">
-            <h2>API Token</h2>
-            <p>The following token can be used to authenticate 3rd-party applications against the REST API:</p>
-            <div class="form-group">
-                <div class="columns">
-                    <div class="column col-6 col-md-12">
-                        <input class="form-input" value="{{ api_token }}" disabled>
-                    </div>
-                </div>
-            </div>
-            <p><strong>Please treat this token as you would any other credential.</strong> Any party with access to this
-                token can access and manage all your bookmarks.</p>
-            <p>If you think that a token was compromised you can revoke (delete) it in the <a href="{% url 'admin:authtoken_tokenproxy_changelist' %}">admin panel</a>. After deleting the token, a new one will be generated when you reload this settings page.</p>
-        </section>
-
-    </div>
-
-{% endblock %}

bookmarks/templates/settings/general.html

@@ -9,6 +9,9 @@
         {# Profile section #}
         <section class="content-area">
             <h2>Profile</h2>
+            <p>
+                <a href="{% url 'change_password' %}">Change password</a>
+            </p>
             <form action="{% url 'bookmarks:settings.general' %}" method="post" novalidate>
                 {% csrf_token %}
                 <div class="form-group">
@@ -19,6 +22,10 @@
                     <label for="{{ form.bookmark_date_display.id_for_label }}" class="form-label">Bookmark date format</label>
                     {{ form.bookmark_date_display|add_class:"form-select col-2 col-sm-12" }}
                 </div>
+                <div class="form-group">
+                    <label for="{{ form.bookmark_link_target.id_for_label }}" class="form-label">Open bookmarks in</label>
+                    {{ form.bookmark_link_target|add_class:"form-select col-2 col-sm-12" }}
+                </div>
                 <div class="form-group">
                     <input type="submit" value="Save" class="btn btn-primary mt-2">
                 </div>

bookmarks/templates/settings/integrations.html

@@ -5,7 +5,6 @@
 
         {% include 'settings/nav.html' %}
 
-        {# Integrations section #}
         <section class="content-area">
             <h2>Browser Extension</h2>
             <p>The browser extension allows you to quickly add new bookmarks without leaving the page that you are on. The extension is available in the official extension stores for:</p>
@@ -29,5 +28,19 @@
                class="btn btn-primary">📎 Add bookmark</a>
         </section>
 
+        <section class="content-area">
+            <h2>REST API</h2>
+            <p>The following token can be used to authenticate 3rd-party applications against the REST API:</p>
+            <div class="form-group">
+                <div class="columns">
+                    <div class="column col-6 col-md-12">
+                        <input class="form-input" value="{{ api_token }}" readonly>
+                    </div>
+                </div>
+            </div>
+            <p><strong>Please treat this token as you would any other credential.</strong> Any party with access to this
+                token can access and manage all your bookmarks.</p>
+            <p>If you think that a token was compromised you can revoke (delete) it in the <a href="{% url 'admin:authtoken_tokenproxy_changelist' %}">admin panel</a>. After deleting the token, a new one will be generated when you reload this settings page.</p>
+        </section>
     </div>
 {% endblock %}

bookmarks/templates/settings/nav.html

@@ -1,7 +1,6 @@
 {% url 'bookmarks:settings.index' as index_url %}
 {% url 'bookmarks:settings.general' as general_url %}
 {% url 'bookmarks:settings.integrations' as integrations_url %}
-{% url 'bookmarks:settings.api' as api_url %}
 
 <ul class="tab tab-block">
     <li class="tab-item {% if request.get_full_path == index_url or request.get_full_path == general_url%}active{% endif %}">
@@ -10,9 +9,6 @@
     <li class="tab-item {% if request.get_full_path == integrations_url %}active{% endif %}">
         <a href="{% url 'bookmarks:settings.integrations' %}">Integrations</a>
     </li>
-    <li class="tab-item {% if request.get_full_path == api_url %}active{% endif %}">
-        <a href="{% url 'bookmarks:settings.api' %}">API</a>
-    </li>
     <li class="tab-item tooltip tooltip-bottom" data-tooltip="The admin panel provides additional features &#010; such as user management and bulk operations.">
         <a href="{% url 'admin:index' %}" target="_blank">
             <span>Admin</span>

bookmarks/templatetags/bookmarks.py

@@ -51,11 +51,12 @@ def tag_cloud(context, tags: List[Tag]):
 
 
 @register.inclusion_tag('bookmarks/bookmark_list.html', name='bookmark_list', takes_context=True)
-def bookmark_list(context, bookmarks: Page, return_url: str):
+def bookmark_list(context, bookmarks: Page, return_url: str, link_target: str = '_blank'):
     return {
         'request': context['request'],
         'bookmarks': bookmarks,
-        'return_url': return_url
+        'return_url': return_url,
+        'link_target': link_target,
     }
 
 

bookmarks/tests/test_bookmark_archive_view.py

@@ -1,3 +1,4 @@
+from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 
@@ -33,3 +34,22 @@ class BookmarkArchiveViewTestCase(TestCase, BookmarkFactoryMixin):
         )
 
         self.assertRedirects(response, reverse('bookmarks:close'))
+
+    def test_can_only_archive_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        bookmark = self.setup_bookmark(user=other_user)
+
+        response = self.client.get(reverse('bookmarks:archive', args=[bookmark.id]))
+        bookmark.refresh_from_db()
+
+        self.assertEqual(response.status_code, 404)
+        self.assertFalse(bookmark.is_archived)
+
+    def test_should_not_redirect_to_external_url(self):
+        bookmark = self.setup_bookmark()
+
+        response = self.client.get(
+            reverse('bookmarks:archive', args=[bookmark.id]) + '?return_url=https://example.com'
+        )
+
+        self.assertRedirects(response, reverse('bookmarks:index'))

bookmarks/tests/test_bookmark_archived_view.py

@@ -2,7 +2,7 @@ from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 
-from bookmarks.models import Bookmark, Tag
+from bookmarks.models import Bookmark, Tag, UserProfile
 from bookmarks.tests.helpers import BookmarkFactoryMixin
 
 
@@ -12,22 +12,22 @@ class BookmarkArchivedViewTestCase(TestCase, BookmarkFactoryMixin):
         user = self.get_or_create_test_user()
         self.client.force_login(user)
 
-    def assertVisibleBookmarks(self, response, bookmarks: [Bookmark]):
+    def assertVisibleBookmarks(self, response, bookmarks: [Bookmark], link_target: str = '_blank'):
         html = response.content.decode()
         self.assertContains(response, 'data-is-bookmark-item', count=len(bookmarks))
 
         for bookmark in bookmarks:
             self.assertInHTML(
-                '<a href="{0}" target="_blank" rel="noopener">{1}</a>'.format(bookmark.url, bookmark.resolved_title),
+                f'<a href="{bookmark.url}" target="{link_target}" rel="noopener">{bookmark.resolved_title}</a>',
                 html
             )
 
-    def assertInvisibleBookmarks(self, response, bookmarks: [Bookmark]):
+    def assertInvisibleBookmarks(self, response, bookmarks: [Bookmark], link_target: str = '_blank'):
         html = response.content.decode()
 
         for bookmark in bookmarks:
             self.assertInHTML(
-                '<a href="{0}" target="_blank" rel="noopener">{1}</a>'.format(bookmark.url, bookmark.resolved_title),
+                f'<a href="{bookmark.url}" target="{link_target}" rel="noopener">{bookmark.resolved_title}</a>',
                 html,
                 count=0
             )
@@ -130,3 +130,29 @@ class BookmarkArchivedViewTestCase(TestCase, BookmarkFactoryMixin):
 
         self.assertVisibleTags(response, visible_tags)
         self.assertInvisibleTags(response, invisible_tags)
+
+    def test_should_open_bookmarks_in_new_page_by_default(self):
+        visible_bookmarks = [
+            self.setup_bookmark(is_archived=True),
+            self.setup_bookmark(is_archived=True),
+            self.setup_bookmark(is_archived=True)
+        ]
+
+        response = self.client.get(reverse('bookmarks:archived'))
+
+        self.assertVisibleBookmarks(response, visible_bookmarks, '_blank')
+
+    def test_should_open_bookmarks_in_same_page_if_specified_in_user_profile(self):
+        user = self.get_or_create_test_user()
+        user.profile.bookmark_link_target = UserProfile.BOOKMARK_LINK_TARGET_SELF
+        user.profile.save()
+
+        visible_bookmarks = [
+            self.setup_bookmark(is_archived=True),
+            self.setup_bookmark(is_archived=True),
+            self.setup_bookmark(is_archived=True)
+        ]
+
+        response = self.client.get(reverse('bookmarks:archived'))
+
+        self.assertVisibleBookmarks(response, visible_bookmarks, '_self')

bookmarks/tests/test_bookmark_bulk_edit_view.py

@@ -1,3 +1,4 @@
+from django.contrib.auth.models import User
 from django.forms import model_to_dict
 from django.test import TestCase
 from django.urls import reverse
@@ -32,6 +33,21 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
         self.assertTrue(Bookmark.objects.get(id=bookmark2.id).is_archived)
         self.assertTrue(Bookmark.objects.get(id=bookmark3.id).is_archived)
 
+    def test_can_only_bulk_archive_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        bookmark1 = self.setup_bookmark(user=other_user)
+        bookmark2 = self.setup_bookmark(user=other_user)
+        bookmark3 = self.setup_bookmark(user=other_user)
+
+        self.client.post(reverse('bookmarks:bulk_edit'), {
+            'bulk_archive': [''],
+            'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
+        })
+
+        self.assertFalse(Bookmark.objects.get(id=bookmark1.id).is_archived)
+        self.assertFalse(Bookmark.objects.get(id=bookmark2.id).is_archived)
+        self.assertFalse(Bookmark.objects.get(id=bookmark3.id).is_archived)
+
     def test_bulk_unarchive(self):
         bookmark1 = self.setup_bookmark(is_archived=True)
         bookmark2 = self.setup_bookmark(is_archived=True)
@@ -46,6 +62,21 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
         self.assertFalse(Bookmark.objects.get(id=bookmark2.id).is_archived)
         self.assertFalse(Bookmark.objects.get(id=bookmark3.id).is_archived)
 
+    def test_can_only_bulk_unarchive_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        bookmark1 = self.setup_bookmark(is_archived=True, user=other_user)
+        bookmark2 = self.setup_bookmark(is_archived=True, user=other_user)
+        bookmark3 = self.setup_bookmark(is_archived=True, user=other_user)
+
+        self.client.post(reverse('bookmarks:bulk_edit'), {
+            'bulk_unarchive': [''],
+            'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
+        })
+
+        self.assertTrue(Bookmark.objects.get(id=bookmark1.id).is_archived)
+        self.assertTrue(Bookmark.objects.get(id=bookmark2.id).is_archived)
+        self.assertTrue(Bookmark.objects.get(id=bookmark3.id).is_archived)
+
     def test_bulk_delete(self):
         bookmark1 = self.setup_bookmark()
         bookmark2 = self.setup_bookmark()
@@ -57,8 +88,23 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
         })
 
         self.assertIsNone(Bookmark.objects.filter(id=bookmark1.id).first())
-        self.assertFalse(Bookmark.objects.filter(id=bookmark2.id).first())
-        self.assertFalse(Bookmark.objects.filter(id=bookmark3.id).first())
+        self.assertIsNone(Bookmark.objects.filter(id=bookmark2.id).first())
+        self.assertIsNone(Bookmark.objects.filter(id=bookmark3.id).first())
+
+    def test_can_only_bulk_delete_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        bookmark1 = self.setup_bookmark(user=other_user)
+        bookmark2 = self.setup_bookmark(user=other_user)
+        bookmark3 = self.setup_bookmark(user=other_user)
+
+        self.client.post(reverse('bookmarks:bulk_edit'), {
+            'bulk_delete': [''],
+            'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
+        })
+
+        self.assertIsNotNone(Bookmark.objects.filter(id=bookmark1.id).first())
+        self.assertIsNotNone(Bookmark.objects.filter(id=bookmark2.id).first())
+        self.assertIsNotNone(Bookmark.objects.filter(id=bookmark3.id).first())
 
     def test_bulk_tag(self):
         bookmark1 = self.setup_bookmark()
@@ -81,6 +127,28 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
         self.assertCountEqual(bookmark2.tags.all(), [tag1, tag2])
         self.assertCountEqual(bookmark3.tags.all(), [tag1, tag2])
 
+    def test_can_only_bulk_tag_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        bookmark1 = self.setup_bookmark(user=other_user)
+        bookmark2 = self.setup_bookmark(user=other_user)
+        bookmark3 = self.setup_bookmark(user=other_user)
+        tag1 = self.setup_tag()
+        tag2 = self.setup_tag()
+
+        self.client.post(reverse('bookmarks:bulk_edit'), {
+            'bulk_tag': [''],
+            'bulk_tag_string': [f'{tag1.name} {tag2.name}'],
+            'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
+        })
+
+        bookmark1.refresh_from_db()
+        bookmark2.refresh_from_db()
+        bookmark3.refresh_from_db()
+
+        self.assertCountEqual(bookmark1.tags.all(), [])
+        self.assertCountEqual(bookmark2.tags.all(), [])
+        self.assertCountEqual(bookmark3.tags.all(), [])
+
     def test_bulk_untag(self):
         tag1 = self.setup_tag()
         tag2 = self.setup_tag()
@@ -102,6 +170,28 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
         self.assertCountEqual(bookmark2.tags.all(), [])
         self.assertCountEqual(bookmark3.tags.all(), [])
 
+    def test_can_only_bulk_untag_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        tag1 = self.setup_tag()
+        tag2 = self.setup_tag()
+        bookmark1 = self.setup_bookmark(tags=[tag1, tag2], user=other_user)
+        bookmark2 = self.setup_bookmark(tags=[tag1, tag2], user=other_user)
+        bookmark3 = self.setup_bookmark(tags=[tag1, tag2], user=other_user)
+
+        self.client.post(reverse('bookmarks:bulk_edit'), {
+            'bulk_untag': [''],
+            'bulk_tag_string': [f'{tag1.name} {tag2.name}'],
+            'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
+        })
+
+        bookmark1.refresh_from_db()
+        bookmark2.refresh_from_db()
+        bookmark3.refresh_from_db()
+
+        self.assertCountEqual(bookmark1.tags.all(), [tag1, tag2])
+        self.assertCountEqual(bookmark2.tags.all(), [tag1, tag2])
+        self.assertCountEqual(bookmark3.tags.all(), [tag1, tag2])
+
     def test_bulk_edit_handles_empty_bookmark_id(self):
         bookmark1 = self.setup_bookmark()
         bookmark2 = self.setup_bookmark()
@@ -130,3 +220,29 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
         })
 
         self.assertBookmarksAreUnmodified([bookmark1, bookmark2, bookmark3])
+
+    def test_bulk_edit_should_redirect_to_return_url(self):
+        bookmark1 = self.setup_bookmark()
+        bookmark2 = self.setup_bookmark()
+        bookmark3 = self.setup_bookmark()
+
+        url = reverse('bookmarks:bulk_edit') + '?return_url=' + reverse('bookmarks:settings.index')
+        response = self.client.post(url, {
+            'bulk_archive': [''],
+            'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
+        })
+
+        self.assertRedirects(response, reverse('bookmarks:settings.index'))
+
+    def test_bulk_edit_should_not_redirect_to_external_url(self):
+        bookmark1 = self.setup_bookmark()
+        bookmark2 = self.setup_bookmark()
+        bookmark3 = self.setup_bookmark()
+
+        url = reverse('bookmarks:bulk_edit') + '?return_url=https://example.com'
+        response = self.client.post(url, {
+            'bulk_archive': [''],
+            'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
+        })
+
+        self.assertRedirects(response, reverse('bookmarks:index'))

bookmarks/tests/test_bookmark_edit_view.py

@@ -1,3 +1,4 @@
+from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 
@@ -19,7 +20,6 @@ class BookmarkEditViewTestCase(TestCase, BookmarkFactoryMixin):
             'tag_string': 'editedtag1 editedtag2',
             'title': 'edited title',
             'description': 'edited description',
-            'return_url': reverse('bookmarks:index'),
         }
         return {**form_data, **overrides}
 
@@ -39,17 +39,6 @@ class BookmarkEditViewTestCase(TestCase, BookmarkFactoryMixin):
         self.assertEqual(bookmark.tags.all()[0].name, 'editedtag1')
         self.assertEqual(bookmark.tags.all()[1].name, 'editedtag2')
 
-    def test_should_use_bookmark_index_as_default_return_url(self):
-        bookmark = self.setup_bookmark()
-
-        response = self.client.get(reverse('bookmarks:edit', args=[bookmark.id]))
-        html = response.content.decode()
-
-        self.assertInHTML(
-            '<input type="hidden" name="return_url" value="{0}" '
-            'id="id_return_url">'.format(reverse('bookmarks:index')),
-            html)
-
     def test_should_prefill_bookmark_form_fields(self):
         tag1 = self.setup_tag()
         tag2 = self.setup_tag()
@@ -80,18 +69,38 @@ class BookmarkEditViewTestCase(TestCase, BookmarkFactoryMixin):
                           '</textarea>'.format(bookmark.description),
                           html)
 
-    def test_should_prefill_return_url_from_url_parameter(self):
-        bookmark = self.setup_bookmark()
-
-        response = self.client.get(reverse('bookmarks:edit', args=[bookmark.id]) + '?return_url=/test-return-url')
-        html = response.content.decode()
-
-        self.assertInHTML('<input type="hidden" name="return_url" value="/test-return-url" id="id_return_url">', html)
-
     def test_should_redirect_to_return_url(self):
         bookmark = self.setup_bookmark()
-        form_data = self.create_form_data({'return_url': reverse('bookmarks:close')})
+        form_data = self.create_form_data()
+
+        url = reverse('bookmarks:edit', args=[bookmark.id]) + '?return_url=' + reverse('bookmarks:close')
+        response = self.client.post(url, form_data)
+
+        self.assertRedirects(response, reverse('bookmarks:close'))
+
+    def test_should_redirect_to_bookmark_index_by_default(self):
+        bookmark = self.setup_bookmark()
+        form_data = self.create_form_data()
 
         response = self.client.post(reverse('bookmarks:edit', args=[bookmark.id]), form_data)
 
-        self.assertRedirects(response, form_data['return_url'])
+        self.assertRedirects(response, reverse('bookmarks:index'))
+
+    def test_should_not_redirect_to_external_url(self):
+        bookmark = self.setup_bookmark()
+        form_data = self.create_form_data({'return_url': 'https://example.com'})
+
+        response = self.client.post(reverse('bookmarks:edit', args=[bookmark.id]), form_data)
+
+        self.assertRedirects(response, reverse('bookmarks:index'))
+
+    def test_can_only_edit_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        bookmark = self.setup_bookmark(user=other_user)
+        form_data = self.create_form_data({'id': bookmark.id})
+
+        response = self.client.post(reverse('bookmarks:edit', args=[bookmark.id]), form_data)
+        bookmark.refresh_from_db()
+        self.assertNotEqual(bookmark.url, form_data['url'])
+        self.assertEqual(response.status_code, 404)
+

bookmarks/tests/test_bookmark_index_view.py

@@ -2,7 +2,7 @@ from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 
-from bookmarks.models import Bookmark, Tag
+from bookmarks.models import Bookmark, Tag, UserProfile
 from bookmarks.tests.helpers import BookmarkFactoryMixin
 
 
@@ -12,22 +12,22 @@ class BookmarkIndexViewTestCase(TestCase, BookmarkFactoryMixin):
         user = self.get_or_create_test_user()
         self.client.force_login(user)
 
-    def assertVisibleBookmarks(self, response, bookmarks: [Bookmark]):
+    def assertVisibleBookmarks(self, response, bookmarks: [Bookmark], link_target: str = '_blank'):
         html = response.content.decode()
         self.assertContains(response, 'data-is-bookmark-item', count=len(bookmarks))
 
         for bookmark in bookmarks:
             self.assertInHTML(
-                '<a href="{0}" target="_blank" rel="noopener">{1}</a>'.format(bookmark.url, bookmark.resolved_title),
+                f'<a href="{bookmark.url}" target="{link_target}" rel="noopener">{bookmark.resolved_title}</a>',
                 html
             )
 
-    def assertInvisibleBookmarks(self, response, bookmarks: [Bookmark]):
+    def assertInvisibleBookmarks(self, response, bookmarks: [Bookmark], link_target: str = '_blank'):
         html = response.content.decode()
 
         for bookmark in bookmarks:
             self.assertInHTML(
-                '<a href="{0}" target="_blank" rel="noopener">{1}</a>'.format(bookmark.url, bookmark.resolved_title),
+                f'<a href="{bookmark.url}" target="{link_target}" rel="noopener">{bookmark.resolved_title}</a>',
                 html,
                 count=0
             )
@@ -130,3 +130,29 @@ class BookmarkIndexViewTestCase(TestCase, BookmarkFactoryMixin):
 
         self.assertVisibleTags(response, visible_tags)
         self.assertInvisibleTags(response, invisible_tags)
+
+    def test_should_open_bookmarks_in_new_page_by_default(self):
+        visible_bookmarks = [
+            self.setup_bookmark(),
+            self.setup_bookmark(),
+            self.setup_bookmark()
+        ]
+
+        response = self.client.get(reverse('bookmarks:index'))
+
+        self.assertVisibleBookmarks(response, visible_bookmarks, '_blank')
+
+    def test_should_open_bookmarks_in_same_page_if_specified_in_user_profile(self):
+        user = self.get_or_create_test_user()
+        user.profile.bookmark_link_target = UserProfile.BOOKMARK_LINK_TARGET_SELF
+        user.profile.save()
+
+        visible_bookmarks = [
+            self.setup_bookmark(),
+            self.setup_bookmark(),
+            self.setup_bookmark()
+        ]
+
+        response = self.client.get(reverse('bookmarks:index'))
+
+        self.assertVisibleBookmarks(response, visible_bookmarks, '_self')

bookmarks/tests/test_bookmark_new_view.py

@@ -73,6 +73,13 @@ class BookmarkNewViewTestCase(TestCase, BookmarkFactoryMixin):
 
         self.assertRedirects(response, reverse('bookmarks:index'))
 
+    def test_should_not_redirect_to_external_url(self):
+        form_data = self.create_form_data()
+
+        response = self.client.post(reverse('bookmarks:new') + '?return_url=https://example.com', form_data)
+
+        self.assertRedirects(response, reverse('bookmarks:index'))
+
     def test_auto_close_should_redirect_to_close_view(self):
         form_data = self.create_form_data({'auto_close': 'true'})
 

bookmarks/tests/test_bookmark_remove_view.py

@@ -1,3 +1,4 @@
+from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 
@@ -33,3 +34,21 @@ class BookmarkRemoveViewTestCase(TestCase, BookmarkFactoryMixin):
         )
 
         self.assertRedirects(response, reverse('bookmarks:close'))
+
+    def test_should_not_redirect_to_external_url(self):
+        bookmark = self.setup_bookmark()
+
+        response = self.client.get(
+            reverse('bookmarks:remove', args=[bookmark.id]) + '?return_url=https://example.com'
+        )
+
+        self.assertRedirects(response, reverse('bookmarks:index'))
+
+    def test_can_only_edit_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        bookmark = self.setup_bookmark(user=other_user)
+
+        response = self.client.get(reverse('bookmarks:remove', args=[bookmark.id]))
+
+        self.assertEqual(response.status_code, 404)
+        self.assertTrue(Bookmark.objects.filter(id=bookmark.id).exists())

bookmarks/tests/test_bookmark_unarchive_view.py

@@ -1,3 +1,4 @@
+from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 
@@ -33,3 +34,22 @@ class BookmarkUnarchiveViewTestCase(TestCase, BookmarkFactoryMixin):
         )
 
         self.assertRedirects(response, reverse('bookmarks:close'))
+
+    def test_should_not_redirect_to_external_url(self):
+        bookmark = self.setup_bookmark()
+
+        response = self.client.get(
+            reverse('bookmarks:unarchive', args=[bookmark.id]) + '?return_url=https://example.com'
+        )
+
+        self.assertRedirects(response, reverse('bookmarks:archived'))
+
+    def test_can_only_archive_own_bookmarks(self):
+        other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
+        bookmark = self.setup_bookmark(is_archived=True, user=other_user)
+
+        response = self.client.get(reverse('bookmarks:unarchive', args=[bookmark.id]))
+        bookmark.refresh_from_db()
+
+        self.assertEqual(response.status_code, 404)
+        self.assertTrue(bookmark.is_archived)

bookmarks/tests/test_bookmarks_api.py

@@ -60,6 +60,18 @@ class BookmarksApiTestCase(LinkdingApiTestCase, BookmarkFactoryMixin):
         self.assertEqual(bookmark.tags.filter(name=data['tag_names'][0]).count(), 1)
         self.assertEqual(bookmark.tags.filter(name=data['tag_names'][1]).count(), 1)
 
+    def test_create_bookmark_replaces_whitespace_in_tag_names(self):
+        data = {
+            'url': 'https://example.com/',
+            'title': 'Test title',
+            'description': 'Test description',
+            'tag_names': ['tag 1', 'tag 2']
+        }
+        self.post(reverse('bookmarks:bookmark-list'), data, status.HTTP_201_CREATED)
+        bookmark = Bookmark.objects.get(url=data['url'])
+        tag_names = [tag.name for tag in bookmark.tags.all()]
+        self.assertListEqual(tag_names, ['tag-1', 'tag-2'])
+
     def test_create_bookmark_minimal_payload(self):
         data = {'url': 'https://example.com/'}
         self.post(reverse('bookmarks:bookmark-list'), data, status.HTTP_201_CREATED)

bookmarks/tests/test_bookmarks_list_tag.py

@@ -4,13 +4,39 @@ from django.template import Template, RequestContext
 from django.test import TestCase, RequestFactory
 from django.utils import timezone, formats
 
-from bookmarks.models import UserProfile
+from bookmarks.models import Bookmark, UserProfile
 from bookmarks.tests.helpers import BookmarkFactoryMixin
 
 
 class BookmarkListTagTest(TestCase, BookmarkFactoryMixin):
 
-    def render_template(self, bookmarks) -> str:
+    def assertBookmarksLink(self, html: str, bookmark: Bookmark, link_target: str = '_blank'):
+        self.assertInHTML(
+            f'<a href="{bookmark.url}" target="{link_target}" rel="noopener">{bookmark.resolved_title}</a>',
+            html
+        )
+
+    def assertDateLabel(self, html: str, label_content: str):
+        self.assertInHTML(f'''
+        <span class="date-label text-gray text-sm">
+            <span>{label_content}</span>
+        </span>
+        <span class="text-gray text-sm">|</span>
+        ''', html)
+
+    def assertWebArchiveLink(self, html: str, label_content: str, url: str, link_target: str = '_blank'):
+        self.assertInHTML(f'''
+        <span class="date-label text-gray text-sm">
+            <a href="{url}"
+               title="Show snapshot on web archive" target="{link_target}" rel="noopener">
+                <span>{label_content}</span>
+                <span>∞</span>
+            </a>
+        </span>
+        <span class="text-gray text-sm">|</span>
+        ''', html)
+
+    def render_template(self, bookmarks: [Bookmark], template: Template) -> str:
         rf = RequestFactory()
         request = rf.get('/test')
         request.user = self.get_or_create_test_user()
@@ -18,11 +44,23 @@ class BookmarkListTagTest(TestCase, BookmarkFactoryMixin):
         page = paginator.page(1)
 
         context = RequestContext(request, {'bookmarks': page, 'return_url': '/test'})
-        template_to_render = Template(
+        return template.render(context)
+
+    def render_default_template(self, bookmarks: [Bookmark]) -> str:
+        template = Template(
             '{% load bookmarks %}'
             '{% bookmark_list bookmarks return_url %}'
         )
-        return template_to_render.render(context)
+        return self.render_template(bookmarks, template)
+
+    def render_template_with_link_target(self, bookmarks: [Bookmark], link_target: str) -> str:
+        template = Template(
+            f'''
+            {{% load bookmarks %}}
+            {{% bookmark_list bookmarks return_url '{link_target}' %}}
+            '''
+        )
+        return self.render_template(bookmarks, template)
 
     def setup_date_format_test(self, date_display_setting: str, web_archive_url: str = ''):
         bookmark = self.setup_bookmark()
@@ -36,55 +74,62 @@ class BookmarkListTagTest(TestCase, BookmarkFactoryMixin):
 
     def test_should_respect_absolute_date_setting(self):
         bookmark = self.setup_date_format_test(UserProfile.BOOKMARK_DATE_DISPLAY_ABSOLUTE)
-        html = self.render_template([bookmark])
+        html = self.render_default_template([bookmark])
         formatted_date = formats.date_format(bookmark.date_added, 'SHORT_DATE_FORMAT')
 
-        self.assertInHTML(f'''
-        <span class="date-label text-gray text-sm">
-            <span>{formatted_date}</span>
-        </span>
-        <span class="text-gray text-sm">|</span>
-        ''', html)
+        self.assertDateLabel(html, formatted_date)
 
     def test_should_render_web_archive_link_with_absolute_date_setting(self):
         bookmark = self.setup_date_format_test(UserProfile.BOOKMARK_DATE_DISPLAY_ABSOLUTE,
                                                'https://web.archive.org/web/20210811214511/https://wanikani.com/')
-        html = self.render_template([bookmark])
+        html = self.render_default_template([bookmark])
         formatted_date = formats.date_format(bookmark.date_added, 'SHORT_DATE_FORMAT')
 
-        self.assertInHTML(f'''
-        <span class="date-label text-gray text-sm">
-            <a href="{bookmark.web_archive_snapshot_url}"
-               title="Show snapshot on web archive" target="_blank" rel="noopener">
-                <span>{formatted_date}</span>
-                <span>∞</span>
-            </a>
-        </span>
-        <span class="text-gray text-sm">|</span>
-        ''', html)
+        self.assertWebArchiveLink(html, formatted_date, bookmark.web_archive_snapshot_url)
 
     def test_should_respect_relative_date_setting(self):
         bookmark = self.setup_date_format_test(UserProfile.BOOKMARK_DATE_DISPLAY_RELATIVE)
-        html = self.render_template([bookmark])
+        html = self.render_default_template([bookmark])
 
-        self.assertInHTML('''
-        <span class="date-label text-gray text-sm">
-            <span>1 week ago</span>
-        </span>
-        <span class="text-gray text-sm">|</span>
-        ''', html)
+        self.assertDateLabel(html, '1 week ago')
 
     def test_should_render_web_archive_link_with_relative_date_setting(self):
         bookmark = self.setup_date_format_test(UserProfile.BOOKMARK_DATE_DISPLAY_RELATIVE,
                                                'https://web.archive.org/web/20210811214511/https://wanikani.com/')
-        html = self.render_template([bookmark])
-        self.assertInHTML(f'''
-        <span class="date-label text-gray text-sm">
-            <a href="{bookmark.web_archive_snapshot_url}"
-               title="Show snapshot on web archive" target="_blank" rel="noopener">
-                <span>1 week ago</span>
-                <span>∞</span>
-            </a>
-        </span>
-        <span class="text-gray text-sm">|</span>
-        ''', html)
+        html = self.render_default_template([bookmark])
+
+        self.assertWebArchiveLink(html, '1 week ago', bookmark.web_archive_snapshot_url)
+
+    def test_bookmark_link_target_should_be_blank_by_default(self):
+        bookmark = self.setup_bookmark()
+
+        html = self.render_default_template([bookmark])
+
+        self.assertBookmarksLink(html, bookmark, link_target='_blank')
+
+    def test_bookmark_link_target_should_respect_link_target_parameter(self):
+        bookmark = self.setup_bookmark()
+
+        html = self.render_template_with_link_target([bookmark], '_self')
+
+        self.assertBookmarksLink(html, bookmark, link_target='_self')
+
+    def test_web_archive_link_target_should_be_blank_by_default(self):
+        bookmark = self.setup_bookmark()
+        bookmark.date_added = timezone.now() - relativedelta(days=8)
+        bookmark.web_archive_snapshot_url = 'https://example.com'
+        bookmark.save()
+
+        html = self.render_default_template([bookmark])
+
+        self.assertWebArchiveLink(html, '1 week ago', bookmark.web_archive_snapshot_url, link_target='_blank')
+
+    def test_web_archive_link_target_respect_link_target_parameter(self):
+        bookmark = self.setup_bookmark()
+        bookmark.date_added = timezone.now() - relativedelta(days=8)
+        bookmark.web_archive_snapshot_url = 'https://example.com'
+        bookmark.save()
+
+        html = self.render_template_with_link_target([bookmark], '_self')
+
+        self.assertWebArchiveLink(html, '1 week ago', bookmark.web_archive_snapshot_url, link_target='_self')

bookmarks/tests/test_bookmarks_service.py

@@ -21,7 +21,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
     def test_create_should_create_web_archive_snapshot(self):
         with patch.object(tasks, 'create_web_archive_snapshot') as mock_create_web_archive_snapshot:
             bookmark_data = Bookmark(url='https://example.com')
-            bookmark = create_bookmark(bookmark_data, 'tag1 tag2', self.user)
+            bookmark = create_bookmark(bookmark_data, 'tag1,tag2', self.user)
 
             mock_create_web_archive_snapshot.assert_called_once_with(bookmark.id, False)
 
@@ -29,7 +29,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         with patch.object(tasks, 'create_web_archive_snapshot') as mock_create_web_archive_snapshot:
             bookmark = self.setup_bookmark()
             bookmark.url = 'https://example.com/updated'
-            update_bookmark(bookmark, 'tag1 tag2', self.user)
+            update_bookmark(bookmark, 'tag1,tag2', self.user)
 
             mock_create_web_archive_snapshot.assert_called_once_with(bookmark.id, True)
 
@@ -37,7 +37,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         with patch.object(tasks, 'create_web_archive_snapshot') as mock_create_web_archive_snapshot:
             bookmark = self.setup_bookmark()
             bookmark.title = 'updated title'
-            update_bookmark(bookmark, 'tag1 tag2', self.user)
+            update_bookmark(bookmark, 'tag1,tag2', self.user)
 
             mock_create_web_archive_snapshot.assert_not_called()
 
@@ -216,7 +216,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         tag1 = self.setup_tag()
         tag2 = self.setup_tag()
 
-        tag_bookmarks([bookmark1.id, bookmark2.id, bookmark3.id], f'{tag1.name} {tag2.name}',
+        tag_bookmarks([bookmark1.id, bookmark2.id, bookmark3.id], f'{tag1.name},{tag2.name}',
                       self.get_or_create_test_user())
 
         bookmark1.refresh_from_db()
@@ -232,7 +232,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         bookmark2 = self.setup_bookmark()
         bookmark3 = self.setup_bookmark()
 
-        tag_bookmarks([bookmark1.id, bookmark2.id, bookmark3.id], 'tag1 tag2', self.get_or_create_test_user())
+        tag_bookmarks([bookmark1.id, bookmark2.id, bookmark3.id], 'tag1,tag2', self.get_or_create_test_user())
 
         bookmark1.refresh_from_db()
         bookmark2.refresh_from_db()
@@ -257,7 +257,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         tag1 = self.setup_tag()
         tag2 = self.setup_tag()
 
-        tag_bookmarks([bookmark1.id, bookmark3.id], f'{tag1.name} {tag2.name}', self.get_or_create_test_user())
+        tag_bookmarks([bookmark1.id, bookmark3.id], f'{tag1.name},{tag2.name}', self.get_or_create_test_user())
 
         bookmark1.refresh_from_db()
         bookmark2.refresh_from_db()
@@ -275,7 +275,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         tag1 = self.setup_tag()
         tag2 = self.setup_tag()
 
-        tag_bookmarks([bookmark1.id, bookmark2.id, inaccessible_bookmark.id], f'{tag1.name} {tag2.name}',
+        tag_bookmarks([bookmark1.id, bookmark2.id, inaccessible_bookmark.id], f'{tag1.name},{tag2.name}',
                       self.get_or_create_test_user())
 
         bookmark1.refresh_from_db()
@@ -293,7 +293,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         tag1 = self.setup_tag()
         tag2 = self.setup_tag()
 
-        tag_bookmarks([str(bookmark1.id), bookmark2.id, str(bookmark3.id)], f'{tag1.name} {tag2.name}',
+        tag_bookmarks([str(bookmark1.id), bookmark2.id, str(bookmark3.id)], f'{tag1.name},{tag2.name}',
                       self.get_or_create_test_user())
 
         self.assertCountEqual(bookmark1.tags.all(), [tag1, tag2])
@@ -307,7 +307,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         bookmark2 = self.setup_bookmark(tags=[tag1, tag2])
         bookmark3 = self.setup_bookmark(tags=[tag1, tag2])
 
-        untag_bookmarks([bookmark1.id, bookmark2.id, bookmark3.id], f'{tag1.name} {tag2.name}',
+        untag_bookmarks([bookmark1.id, bookmark2.id, bookmark3.id], f'{tag1.name},{tag2.name}',
                         self.get_or_create_test_user())
 
         bookmark1.refresh_from_db()
@@ -325,7 +325,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         bookmark2 = self.setup_bookmark(tags=[tag1, tag2])
         bookmark3 = self.setup_bookmark(tags=[tag1, tag2])
 
-        untag_bookmarks([bookmark1.id, bookmark3.id], f'{tag1.name} {tag2.name}', self.get_or_create_test_user())
+        untag_bookmarks([bookmark1.id, bookmark3.id], f'{tag1.name},{tag2.name}', self.get_or_create_test_user())
 
         bookmark1.refresh_from_db()
         bookmark2.refresh_from_db()
@@ -343,7 +343,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         bookmark2 = self.setup_bookmark(tags=[tag1, tag2])
         inaccessible_bookmark = self.setup_bookmark(user=other_user, tags=[tag1, tag2])
 
-        untag_bookmarks([bookmark1.id, bookmark2.id, inaccessible_bookmark.id], f'{tag1.name} {tag2.name}',
+        untag_bookmarks([bookmark1.id, bookmark2.id, inaccessible_bookmark.id], f'{tag1.name},{tag2.name}',
                         self.get_or_create_test_user())
 
         bookmark1.refresh_from_db()
@@ -361,7 +361,7 @@ class BookmarkServiceTestCase(TestCase, BookmarkFactoryMixin):
         bookmark2 = self.setup_bookmark(tags=[tag1, tag2])
         bookmark3 = self.setup_bookmark(tags=[tag1, tag2])
 
-        untag_bookmarks([str(bookmark1.id), bookmark2.id, str(bookmark3.id)], f'{tag1.name} {tag2.name}',
+        untag_bookmarks([str(bookmark1.id), bookmark2.id, str(bookmark3.id)], f'{tag1.name},{tag2.name}',
                         self.get_or_create_test_user())
 
         self.assertCountEqual(bookmark1.tags.all(), [])

bookmarks/tests/test_importer.py

@@ -2,6 +2,7 @@ from unittest.mock import patch
 
 from django.test import TestCase
 
+from bookmarks.models import Tag
 from bookmarks.services import tasks
 from bookmarks.services.importer import import_netscape_html
 from bookmarks.tests.helpers import BookmarkFactoryMixin, disable_logging
@@ -20,6 +21,18 @@ class ImporterTestCase(TestCase, BookmarkFactoryMixin):
 </DL><p>
         '''
 
+    def test_replace_whitespace_in_tag_names(self):
+        test_html = self.create_import_html(f'''
+            <DT><A HREF="https://example.com" ADD_DATE="1616337559" PRIVATE="0" TOREAD="0" TAGS="tag 1, tag 2, tag 3">Example.com</A>
+            <DD>Example.com
+        ''')
+        import_netscape_html(test_html, self.get_or_create_test_user())
+
+        tags = Tag.objects.all()
+        tag_names = [tag.name for tag in tags]
+
+        self.assertListEqual(tag_names, ['tag-1', 'tag-2', 'tag-3'])
+
     @disable_logging
     def test_validate_empty_or_missing_bookmark_url(self):
         test_html = self.create_import_html(f'''

bookmarks/tests/test_password_change_view.py

@@ -0,0 +1,55 @@
+from django.contrib.auth.models import User
+from django.test import TestCase
+from django.urls import reverse
+
+from bookmarks.tests.helpers import BookmarkFactoryMixin
+
+
+class PasswordChangeViewTestCase(TestCase, BookmarkFactoryMixin):
+    def setUp(self) -> None:
+        self.user = User.objects.create_user('testuser', 'test@example.com', 'initial_password')
+        self.client.force_login(self.user)
+
+    def test_change_password(self):
+        form_data = {
+            'old_password': 'initial_password',
+            'new_password1': 'new_password',
+            'new_password2': 'new_password',
+        }
+
+        response = self.client.post(reverse('change_password'), form_data)
+
+        self.assertRedirects(response, reverse('password_change_done'))
+
+    def test_change_password_done(self):
+        form_data = {
+            'old_password': 'initial_password',
+            'new_password1': 'new_password',
+            'new_password2': 'new_password',
+        }
+
+        response = self.client.post(reverse('change_password'), form_data, follow=True)
+
+        self.assertContains(response, 'Your password was changed successfully')
+
+    def test_should_return_error_for_invalid_old_password(self):
+        form_data = {
+            'old_password': 'wrong_password',
+            'new_password1': 'new_password',
+            'new_password2': 'new_password',
+        }
+
+        response = self.client.post(reverse('change_password'), form_data)
+
+        self.assertIn('old_password', response.context_data['form'].errors)
+
+    def test_should_return_error_for_mismatching_new_password(self):
+        form_data = {
+            'old_password': 'initial_password',
+            'new_password1': 'new_password',
+            'new_password2': 'wrong_password',
+        }
+
+        response = self.client.post(reverse('change_password'), form_data)
+
+        self.assertIn('new_password2', response.context_data['form'].errors)

bookmarks/tests/test_settings_api_view.py

@@ -1,40 +0,0 @@
-from django.test import TestCase
-from django.urls import reverse
-from rest_framework.authtoken.models import Token
-
-from bookmarks.tests.helpers import BookmarkFactoryMixin
-
-
-class SettingsApiViewTestCase(TestCase, BookmarkFactoryMixin):
-
-    def setUp(self) -> None:
-        user = self.get_or_create_test_user()
-        self.client.force_login(user)
-
-    def test_should_render_successfully(self):
-        response = self.client.get(reverse('bookmarks:settings.api'))
-
-        self.assertEqual(response.status_code, 200)
-
-    def test_should_check_authentication(self):
-        self.client.logout()
-        response = self.client.get(reverse('bookmarks:settings.api'), follow=True)
-
-        self.assertRedirects(response, reverse('login') + '?next=' + reverse('bookmarks:settings.api'))
-
-    def test_should_generate_api_token_if_not_exists(self):
-        self.assertEqual(Token.objects.count(), 0)
-
-        self.client.get(reverse('bookmarks:settings.api'))
-
-        self.assertEqual(Token.objects.count(), 1)
-        token = Token.objects.first()
-        self.assertEqual(token.user, self.user)
-
-    def test_should_not_generate_api_token_if_exists(self):
-        Token.objects.get_or_create(user=self.user)
-        self.assertEqual(Token.objects.count(), 1)
-
-        self.client.get(reverse('bookmarks:settings.api'))
-
-        self.assertEqual(Token.objects.count(), 1)

bookmarks/tests/test_settings_general_view.py

@@ -26,6 +26,7 @@ class SettingsGeneralViewTestCase(TestCase, BookmarkFactoryMixin):
         form_data = {
             'theme': UserProfile.THEME_DARK,
             'bookmark_date_display': UserProfile.BOOKMARK_DATE_DISPLAY_HIDDEN,
+            'bookmark_link_target': UserProfile.BOOKMARK_LINK_TARGET_SELF,
         }
         response = self.client.post(reverse('bookmarks:settings.general'), form_data)
 
@@ -34,3 +35,4 @@ class SettingsGeneralViewTestCase(TestCase, BookmarkFactoryMixin):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(self.user.profile.theme, form_data['theme'])
         self.assertEqual(self.user.profile.bookmark_date_display, form_data['bookmark_date_display'])
+        self.assertEqual(self.user.profile.bookmark_link_target, form_data['bookmark_link_target'])

bookmarks/tests/test_settings_integrations_view.py

@@ -1,5 +1,6 @@
 from django.test import TestCase
 from django.urls import reverse
+from rest_framework.authtoken.models import Token
 
 from bookmarks.tests.helpers import BookmarkFactoryMixin
 
@@ -20,3 +21,20 @@ class SettingsIntegrationsViewTestCase(TestCase, BookmarkFactoryMixin):
         response = self.client.get(reverse('bookmarks:settings.integrations'), follow=True)
 
         self.assertRedirects(response, reverse('login') + '?next=' + reverse('bookmarks:settings.integrations'))
+
+    def test_should_generate_api_token_if_not_exists(self):
+        self.assertEqual(Token.objects.count(), 0)
+
+        self.client.get(reverse('bookmarks:settings.integrations'))
+
+        self.assertEqual(Token.objects.count(), 1)
+        token = Token.objects.first()
+        self.assertEqual(token.user, self.user)
+
+    def test_should_not_generate_api_token_if_exists(self):
+        Token.objects.get_or_create(user=self.user)
+        self.assertEqual(Token.objects.count(), 1)
+
+        self.client.get(reverse('bookmarks:settings.integrations'))
+
+        self.assertEqual(Token.objects.count(), 1)

bookmarks/tests/test_tags_model.py

@@ -25,3 +25,9 @@ class TagTestCase(TestCase):
     def test_parse_tag_string_deduplicates_tag_names(self):
         self.assertEqual(len(parse_tag_string('book,book,Book,BOOK')), 1)
 
+    def test_parse_tag_string_handles_duplicate_separators(self):
+        self.assertCountEqual(parse_tag_string('book,,movie,,,album'), ['album', 'book', 'movie'])
+
+    def test_parse_tag_string_replaces_whitespace_within_names(self):
+        self.assertCountEqual(parse_tag_string('travel guide, book recommendations'),
+                              ['travel-guide', 'book-recommendations'])

bookmarks/urls.py

@@ -23,7 +23,6 @@ urlpatterns = [
     path('settings', views.settings.general, name='settings.index'),
     path('settings/general', views.settings.general, name='settings.general'),
     path('settings/integrations', views.settings.integrations, name='settings.integrations'),
-    path('settings/api', views.settings.api, name='settings.api'),
     path('settings/import', views.settings.bookmark_import, name='settings.import'),
     path('settings/export', views.settings.bookmark_export, name='settings.export'),
     # API

bookmarks/utils.py

@@ -95,3 +95,10 @@ def parse_timestamp(value: str):
 
     # Timestamp is out of range
     raise ValueError(f'{value} exceeds maximum value for a timestamp')
+
+
+def get_safe_return_url(return_url: str, fallback_url: str):
+    # Use fallback if URL is none or URL is not on same domain
+    if not return_url or not return_url.startswith('/'):
+        return fallback_url
+    return return_url

bookmarks/views/bookmarks.py

@@ -2,7 +2,7 @@ import urllib.parse
 
 from django.contrib.auth.decorators import login_required
 from django.core.paginator import Paginator
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, Http404
 from django.shortcuts import render
 from django.urls import reverse
 
@@ -10,6 +10,7 @@ from bookmarks import queries
 from bookmarks.models import Bookmark, BookmarkForm, build_tag_string
 from bookmarks.services.bookmarks import create_bookmark, update_bookmark, archive_bookmark, archive_bookmarks, \
     unarchive_bookmark, unarchive_bookmarks, delete_bookmarks, tag_bookmarks, untag_bookmarks
+from bookmarks.utils import get_safe_return_url
 
 _default_page_size = 30
 
@@ -40,6 +41,7 @@ def get_bookmark_view_context(request, query_set, tags, base_url):
     paginator = Paginator(query_set, _default_page_size)
     bookmarks = paginator.get_page(page)
     return_url = generate_return_url(base_url, page, query_string)
+    link_target = request.user.profile.bookmark_link_target
 
     if request.GET.get('tag'):
         mod = request.GET.copy()
@@ -51,7 +53,8 @@ def get_bookmark_view_context(request, query_set, tags, base_url):
         'tags': tags,
         'query': query_string if query_string else '',
         'empty': paginator.count == 0,
-        'return_url': return_url
+        'return_url': return_url,
+        'link_target': link_target,
     }
 
 
@@ -66,6 +69,12 @@ def generate_return_url(base_url, page, query_string):
     return urllib.parse.quote_plus(return_url)
 
 
+def convert_tag_string(tag_string: str):
+    # Tag strings coming from inputs are space-separated, however services.bookmarks functions expect comma-separated
+    # strings
+    return tag_string.replace(' ', ',')
+
+
 @login_required
 def new(request):
     initial_url = request.GET.get('url')
@@ -76,7 +85,8 @@ def new(request):
         auto_close = form.data['auto_close']
         if form.is_valid():
             current_user = request.user
-            create_bookmark(form.save(commit=False), form.data['tag_string'], current_user)
+            tag_string = convert_tag_string(form.data['tag_string'])
+            create_bookmark(form.save(commit=False), tag_string, current_user)
             if auto_close:
                 return HttpResponseRedirect(reverse('bookmarks:close'))
             else:
@@ -99,22 +109,22 @@ def new(request):
 
 @login_required
 def edit(request, bookmark_id: int):
-    bookmark = Bookmark.objects.get(pk=bookmark_id)
+    try:
+        bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user)
+    except Bookmark.DoesNotExist:
+        raise Http404('Bookmark does not exist')
+    return_url = get_safe_return_url(request.GET.get('return_url'), reverse('bookmarks:index'))
 
     if request.method == 'POST':
         form = BookmarkForm(request.POST, instance=bookmark)
-        return_url = form.data['return_url']
         if form.is_valid():
-            update_bookmark(form.save(commit=False), form.data['tag_string'], request.user)
+            tag_string = convert_tag_string(form.data['tag_string'])
+            update_bookmark(form.save(commit=False), tag_string, request.user)
             return HttpResponseRedirect(return_url)
     else:
-        return_url = request.GET.get('return_url')
         form = BookmarkForm(instance=bookmark)
 
-    return_url = return_url if return_url else reverse('bookmarks:index')
-
     form.initial['tag_string'] = build_tag_string(bookmark.tag_names, ' ')
-    form.initial['return_url'] = return_url
 
     context = {
         'form': form,
@@ -127,28 +137,37 @@ def edit(request, bookmark_id: int):
 
 @login_required
 def remove(request, bookmark_id: int):
-    bookmark = Bookmark.objects.get(pk=bookmark_id)
+    try:
+        bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user)
+    except Bookmark.DoesNotExist:
+        raise Http404('Bookmark does not exist')
+
     bookmark.delete()
-    return_url = request.GET.get('return_url')
-    return_url = return_url if return_url else reverse('bookmarks:index')
+    return_url = get_safe_return_url(request.GET.get('return_url'), reverse('bookmarks:index'))
     return HttpResponseRedirect(return_url)
 
 
 @login_required
 def archive(request, bookmark_id: int):
-    bookmark = Bookmark.objects.get(pk=bookmark_id)
+    try:
+        bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user)
+    except Bookmark.DoesNotExist:
+        raise Http404('Bookmark does not exist')
+
     archive_bookmark(bookmark)
-    return_url = request.GET.get('return_url')
-    return_url = return_url if return_url else reverse('bookmarks:index')
+    return_url = get_safe_return_url(request.GET.get('return_url'), reverse('bookmarks:index'))
     return HttpResponseRedirect(return_url)
 
 
 @login_required
 def unarchive(request, bookmark_id: int):
-    bookmark = Bookmark.objects.get(pk=bookmark_id)
+    try:
+        bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user)
+    except Bookmark.DoesNotExist:
+        raise Http404('Bookmark does not exist')
+
     unarchive_bookmark(bookmark)
-    return_url = request.GET.get('return_url')
-    return_url = return_url if return_url else reverse('bookmarks:archived')
+    return_url = get_safe_return_url(request.GET.get('return_url'), reverse('bookmarks:archived'))
     return HttpResponseRedirect(return_url)
 
 
@@ -164,14 +183,13 @@ def bulk_edit(request):
     if 'bulk_delete' in request.POST:
         delete_bookmarks(bookmark_ids, request.user)
     if 'bulk_tag' in request.POST:
-        tag_string = request.POST['bulk_tag_string']
+        tag_string = convert_tag_string(request.POST['bulk_tag_string'])
         tag_bookmarks(bookmark_ids, tag_string, request.user)
     if 'bulk_untag' in request.POST:
-        tag_string = request.POST['bulk_tag_string']
+        tag_string = convert_tag_string(request.POST['bulk_tag_string'])
         untag_bookmarks(bookmark_ids, tag_string, request.user)
 
-    return_url = request.GET.get('return_url')
-    return_url = return_url if return_url else reverse('bookmarks:index')
+    return_url = get_safe_return_url(request.GET.get('return_url'), reverse('bookmarks:index'))
     return HttpResponseRedirect(return_url)
 
 

bookmarks/views/settings.py

@@ -43,15 +43,9 @@ def general(request):
 @login_required
 def integrations(request):
     application_url = request.build_absolute_uri("/bookmarks/new")
+    api_token = Token.objects.get_or_create(user=request.user)[0]
     return render(request, 'settings/integrations.html', {
         'application_url': application_url,
-    })
-
-
-@login_required
-def api(request):
-    api_token = Token.objects.get_or_create(user=request.user)[0]
-    return render(request, 'settings/api.html', {
         'api_token': api_token.key
     })
 

bootstrap.sh

@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
 # Bootstrap script that gets executed in new Docker containers
 
+LD_SERVER_PORT="${LD_SERVER_PORT:-9090}"
+
 # Create data folder if it does not exist
 mkdir -p data
 
@@ -18,4 +20,4 @@ if [ "$LD_DISABLE_BACKGROUND_TASKS" != "True" ]; then
 fi
 
 # Start uwsgi server
-uwsgi uwsgi.ini
+uwsgi --http :$LD_SERVER_PORT uwsgi.ini

docker-compose.yml

@@ -8,4 +8,6 @@ services:
       - "${LD_HOST_PORT:-9090}:9090"
     volumes:
       - "${LD_HOST_DATA_DIR:-./data}:/etc/linkding/data"
-    restart: unless-stopped
+    env_file:
+      - .env
+    restart: unless-stopped

docs/Options.md

@@ -44,4 +44,10 @@ This can be useful if you intend to store non fully qualified domain name URLs,
 
 Values: `Integer` as seconds | Default = `60`
 
-Configures the request timeout in the uwsgi application server. This can be useful if you want to import a bookmark file with a high number of bookmarks and run into request timeouts.
+Configures the request timeout in the uwsgi application server. This can be useful if you want to import a bookmark file with a high number of bookmarks and run into request timeouts.
+
+### `LD_SERVER_PORT`
+
+Values: Valid port number | Default = `9090`
+
+Allows to set a custom port for the UWSGI server running in the container. While Docker containers have their own IP address namespace and port collisions are impossible to achieve, there are other container solutions that share one. Podman, for example, runs all containers in a pod under one namespace, which results in every port only being allowed to be assigned once. This option allows to set a custom port in order to avoid collisions with other containers.

docs/how-to.md

@@ -20,6 +20,22 @@ Now when you are browsing the web and you want to save the current page as a boo
 
 For more info see here: https://paul.kinlan.me/use-bookmarklets-on-chrome-on-android/
 
+## Using HTTP Shortcuts app on Android
+
+**Note** This allows you to share URL from any app to bookmark it to linkding
+
+- Install HTTP Shortcuts from [Play Store](https://play.google.com/store/apps/details?id=ch.rmy.android.http_shortcuts) or [F-Droid](https://f-droid.org/en/packages/ch.rmy.android.http_shortcuts/).
+
+- Download [linkding_shortcut.json](/docs/linkding_shortcut.json) from this repository.
+
+- Open HTTP Shortcuts, tap the 3-dot-button at the top-right corner, tap `Import/Export`, then tap `Import from file`.
+
+- Select the json file you downloaded earlier, go back, tap the 3-dot-button again, then tap `Variables`.
+
+- Edit the `values` of `linkding_instance`, `linkding_tag` and `linkding_api_token`.
+
+Try using share button on an app, a new item `Send to...` should appear on the share sheet. You can also manually share by tapping the shortcut inside the HTTP Shortcuts app itself.
+
 ## Create a share action on iOS for adding bookmarks to linkding
 
 This how-to explains how to make use of the app shortcuts iOS app to create a share action that can be used in Safari for adding bookmarks to your linkding instance.

docs/linkding_shortcut.json

@@ -0,0 +1,59 @@
+{
+  "categories": [
+    {
+      "id": "8f4299d4-4c30-4a8e-a3f9-c90694011713",
+      "name": "Shortcuts",
+      "shortcuts": [
+        {
+          "bodyContent": "{ \"url\": \"{{b2953f61-b302-4c79-b90d-39858a06d9a6}}\", \"tag_names\": [ \"{{c360f61f-ce17-47b4-bea3-1d8c3913ca52}}\" ] }",
+          "contentType": "application/json",
+          "description": "Bookmark to linkding",
+          "headers": [
+            {
+              "id": "d235f7b4-fce2-41f4-a00f-72d5fde9e4b9",
+              "key": "Authorization",
+              "value": "Token {{6a739a16-d16d-4a06-93a5-3457da3c3d20}}"
+            }
+          ],
+          "iconName": "flat_grey_ribbon",
+          "id": "1e047d02-a4a3-4cad-b4cc-123cc16c8398",
+          "launcherShortcut": true,
+          "method": "POST",
+          "name": "Linkding",
+          "quickSettingsTileShortcut": true,
+          "responseHandling": {
+            "failureOutput": "simple",
+            "id": "61fa9fc3-8b7a-47ce-b43c-f24618a65e1e",
+            "uiType": "toast"
+          },
+          "url": "{{ea2db14b-b9ca-45d8-8555-403271a38f5a}}/api/bookmarks/"
+        }
+      ]
+    }
+  ],
+  "variables": [
+    {
+      "id": "ea2db14b-b9ca-45d8-8555-403271a38f5a",
+      "key": "linkding_instance",
+      "value": "https://your.instance.tld.without.slashed.end"
+    },
+    {
+      "flags": 1,
+      "id": "b2953f61-b302-4c79-b90d-39858a06d9a6",
+      "key": "linkding_add_url",
+      "title": "Enter URL",
+      "type": "text"
+    },
+    {
+      "id": "c360f61f-ce17-47b4-bea3-1d8c3913ca52",
+      "key": "linkding_tag",
+      "value": "single-tag"
+    },
+    {
+      "id": "6a739a16-d16d-4a06-93a5-3457da3c3d20",
+      "key": "linkding_api_token",
+      "value": "your_token_from_integrations_tab"
+    }
+  ],
+  "version": 45
+}

package-lock.json

@@ -1,8 +1,604 @@
 {
   "name": "linkding",
-  "version": "1.0.0",
-  "lockfileVersion": 1,
+  "version": "1.8.6",
+  "lockfileVersion": 2,
   "requires": true,
+  "packages": {
+    "": {
+      "name": "linkding",
+      "version": "1.8.6",
+      "license": "ISC",
+      "dependencies": {
+        "@rollup/plugin-commonjs": "^21.0.2",
+        "@rollup/plugin-node-resolve": "^13.1.3",
+        "rollup": "^2.70.1",
+        "rollup-plugin-svelte": "^7.1.0",
+        "rollup-plugin-terser": "^7.0.2",
+        "spectre.css": "^0.5.8",
+        "svelte": "^3.46.4"
+      }
+    },
+    "node_modules/@babel/code-frame": {
+      "version": "7.12.11",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz",
+      "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==",
+      "dependencies": {
+        "@babel/highlight": "^7.10.4"
+      }
+    },
+    "node_modules/@babel/helper-validator-identifier": {
+      "version": "7.12.11",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.12.11.tgz",
+      "integrity": "sha512-np/lG3uARFybkoHokJUmf1QfEvRVCPbmQeUQpKow5cQ3xWrV9i3rUHodKDJPQfTVX61qKi+UdYk8kik84n7XOw=="
+    },
+    "node_modules/@babel/highlight": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz",
+      "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==",
+      "dependencies": {
+        "@babel/helper-validator-identifier": "^7.10.4",
+        "chalk": "^2.0.0",
+        "js-tokens": "^4.0.0"
+      }
+    },
+    "node_modules/@rollup/plugin-commonjs": {
+      "version": "21.0.2",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-commonjs/-/plugin-commonjs-21.0.2.tgz",
+      "integrity": "sha512-d/OmjaLVO4j/aQX69bwpWPpbvI3TJkQuxoAk7BH8ew1PyoMBLTOuvJTjzG8oEoW7drIIqB0KCJtfFLu/2GClWg==",
+      "dependencies": {
+        "@rollup/pluginutils": "^3.1.0",
+        "commondir": "^1.0.1",
+        "estree-walker": "^2.0.1",
+        "glob": "^7.1.6",
+        "is-reference": "^1.2.1",
+        "magic-string": "^0.25.7",
+        "resolve": "^1.17.0"
+      },
+      "engines": {
+        "node": ">= 8.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^2.38.3"
+      }
+    },
+    "node_modules/@rollup/plugin-node-resolve": {
+      "version": "13.1.3",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-13.1.3.tgz",
+      "integrity": "sha512-BdxNk+LtmElRo5d06MGY4zoepyrXX1tkzX2hrnPEZ53k78GuOMWLqmJDGIIOPwVRIFZrLQOo+Yr6KtCuLIA0AQ==",
+      "dependencies": {
+        "@rollup/pluginutils": "^3.1.0",
+        "@types/resolve": "1.17.1",
+        "builtin-modules": "^3.1.0",
+        "deepmerge": "^4.2.2",
+        "is-module": "^1.0.0",
+        "resolve": "^1.19.0"
+      },
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^2.42.0"
+      }
+    },
+    "node_modules/@rollup/pluginutils": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz",
+      "integrity": "sha512-GksZ6pr6TpIjHm8h9lSQ8pi8BE9VeubNT0OMJ3B5uZJ8pz73NPiqOtCog/x2/QzM1ENChPKxMDhiQuRHsqc+lg==",
+      "dependencies": {
+        "@types/estree": "0.0.39",
+        "estree-walker": "^1.0.1",
+        "picomatch": "^2.2.2"
+      },
+      "engines": {
+        "node": ">= 8.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^1.20.0||^2.0.0"
+      }
+    },
+    "node_modules/@rollup/pluginutils/node_modules/estree-walker": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-1.0.1.tgz",
+      "integrity": "sha512-1fMXF3YP4pZZVozF8j/ZLfvnR8NSIljt56UhbZ5PeeDmmGHpgpdwQt7ITlGvYaQukCvuBRMLEiKiYC+oeIg4cg=="
+    },
+    "node_modules/@types/estree": {
+      "version": "0.0.39",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.39.tgz",
+      "integrity": "sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw=="
+    },
+    "node_modules/@types/node": {
+      "version": "13.1.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-13.1.1.tgz",
+      "integrity": "sha512-hx6zWtudh3Arsbl3cXay+JnkvVgCKzCWKv42C9J01N2T2np4h8w5X8u6Tpz5mj38kE3M9FM0Pazx8vKFFMnjLQ=="
+    },
+    "node_modules/@types/resolve": {
+      "version": "1.17.1",
+      "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.17.1.tgz",
+      "integrity": "sha512-yy7HuzQhj0dhGpD8RLXSZWEkLsV9ibvxvi6EiJ3bkqLAO1RGo0WbkWQiwpRlSFymTJRz0d3k5LM3kkx8ArDbLw==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dependencies": {
+        "color-convert": "^1.9.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c="
+    },
+    "node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/buffer-from": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
+      "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A=="
+    },
+    "node_modules/builtin-modules": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.2.0.tgz",
+      "integrity": "sha512-lGzLKcioL90C7wMczpkY0n/oART3MbBa8R9OFGE1rJxoVI86u4WAGfEk8Wjv10eKSyTHVGkSo3bvBylCEtk7LA==",
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dependencies": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dependencies": {
+        "color-name": "1.1.3"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
+    },
+    "node_modules/commander": {
+      "version": "2.20.3",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
+      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
+    },
+    "node_modules/commondir": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz",
+      "integrity": "sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs="
+    },
+    "node_modules/concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+    },
+    "node_modules/deepmerge": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz",
+      "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/estree-walker": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz",
+      "integrity": "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w=="
+    },
+    "node_modules/fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "hasInstallScript": true,
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
+      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
+    },
+    "node_modules/glob": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
+      "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/has": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
+      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
+      "dependencies": {
+        "function-bind": "^1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "dependencies": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+    },
+    "node_modules/is-core-module": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.2.0.tgz",
+      "integrity": "sha512-XRAfAdyyY5F5cOXn7hYQDqh2Xmii+DEfIcQGxK/uNwMHhIkPWO0g8msXcbzLe+MpGoR951MlqM/2iIlU4vKDdQ==",
+      "dependencies": {
+        "has": "^1.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-module": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-module/-/is-module-1.0.0.tgz",
+      "integrity": "sha1-Mlj7afeMFNW4FdZkM2tM/7ZEFZE="
+    },
+    "node_modules/is-reference": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/is-reference/-/is-reference-1.2.1.tgz",
+      "integrity": "sha512-U82MsXXiFIrjCK4otLT+o2NA2Cd2g5MLoOVXUZjIOhLurrRxpEXzI8O0KZHr3IjLvlAH1kTPYSuqer5T9ZVBKQ==",
+      "dependencies": {
+        "@types/estree": "*"
+      }
+    },
+    "node_modules/jest-worker": {
+      "version": "26.6.2",
+      "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz",
+      "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==",
+      "dependencies": {
+        "@types/node": "*",
+        "merge-stream": "^2.0.0",
+        "supports-color": "^7.0.0"
+      },
+      "engines": {
+        "node": ">= 10.13.0"
+      }
+    },
+    "node_modules/jest-worker/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-worker/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ=="
+    },
+    "node_modules/magic-string": {
+      "version": "0.25.7",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.7.tgz",
+      "integrity": "sha512-4CrMT5DOHTDk4HYDlzmwu4FVCcIYI8gauveasrdCu2IKIFOJ3f0v/8MDGJCDL9oD2ppz/Av1b0Nj345H9M+XIA==",
+      "dependencies": {
+        "sourcemap-codec": "^1.4.4"
+      }
+    },
+    "node_modules/merge-stream": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz",
+      "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w=="
+    },
+    "node_modules/minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "node_modules/path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
+    },
+    "node_modules/picomatch": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz",
+      "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/randombytes": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
+      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
+      "dependencies": {
+        "safe-buffer": "^5.1.0"
+      }
+    },
+    "node_modules/require-relative": {
+      "version": "0.8.7",
+      "resolved": "https://registry.npmjs.org/require-relative/-/require-relative-0.8.7.tgz",
+      "integrity": "sha1-eZlTn8ngR6N5KPoZb44VY9q9Nt4="
+    },
+    "node_modules/resolve": {
+      "version": "1.19.0",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.19.0.tgz",
+      "integrity": "sha512-rArEXAgsBG4UgRGcynxWIWKFvh/XZCcS8UJdHhwy91zwAvCZIbcs+vAbflgBnNjYMs/i/i+/Ux6IZhML1yPvxg==",
+      "dependencies": {
+        "is-core-module": "^2.1.0",
+        "path-parse": "^1.0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/rollup": {
+      "version": "2.70.1",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.70.1.tgz",
+      "integrity": "sha512-CRYsI5EuzLbXdxC6RnYhOuRdtz4bhejPMSWjsFLfVM/7w/85n2szZv6yExqUXsBdz5KT8eoubeyDUDjhLHEslA==",
+      "bin": {
+        "rollup": "dist/bin/rollup"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/rollup-plugin-svelte": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/rollup-plugin-svelte/-/rollup-plugin-svelte-7.1.0.tgz",
+      "integrity": "sha512-vopCUq3G+25sKjwF5VilIbiY6KCuMNHP1PFvx2Vr3REBNMDllKHFZN2B9jwwC+MqNc3UPKkjXnceLPEjTjXGXg==",
+      "dependencies": {
+        "require-relative": "^0.8.7",
+        "rollup-pluginutils": "^2.8.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "rollup": ">=2.0.0",
+        "svelte": ">=3.5.0"
+      }
+    },
+    "node_modules/rollup-plugin-terser": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/rollup-plugin-terser/-/rollup-plugin-terser-7.0.2.tgz",
+      "integrity": "sha512-w3iIaU4OxcF52UUXiZNsNeuXIMDvFrr+ZXK6bFZ0Q60qyVfq4uLptoS4bbq3paG3x216eQllFZX7zt6TIImguQ==",
+      "dependencies": {
+        "@babel/code-frame": "^7.10.4",
+        "jest-worker": "^26.2.1",
+        "serialize-javascript": "^4.0.0",
+        "terser": "^5.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^2.0.0"
+      }
+    },
+    "node_modules/rollup-pluginutils": {
+      "version": "2.8.2",
+      "resolved": "https://registry.npmjs.org/rollup-pluginutils/-/rollup-pluginutils-2.8.2.tgz",
+      "integrity": "sha512-EEp9NhnUkwY8aif6bxgovPHMoMoNr2FulJziTndpt5H9RdwC47GSGuII9XxpSdzVGM0GWrNPHV6ie1LTNJPaLQ==",
+      "dependencies": {
+        "estree-walker": "^0.6.1"
+      }
+    },
+    "node_modules/rollup-pluginutils/node_modules/estree-walker": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-0.6.1.tgz",
+      "integrity": "sha512-SqmZANLWS0mnatqbSfRP5g8OXZC12Fgg1IwNtLsyHDzJizORW4khDfjPqJZsemPWBB2uqykUah5YpQ6epsqC/w=="
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/serialize-javascript": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-4.0.0.tgz",
+      "integrity": "sha512-GaNA54380uFefWghODBWEGisLZFj00nS5ACs6yHa9nLqlLpVLO8ChDGeKRjZnV4Nh4n0Qi7nhYZD/9fCPzEqkw==",
+      "dependencies": {
+        "randombytes": "^2.1.0"
+      }
+    },
+    "node_modules/source-map": {
+      "version": "0.7.3",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
+      "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/source-map-support": {
+      "version": "0.5.19",
+      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.19.tgz",
+      "integrity": "sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==",
+      "dependencies": {
+        "buffer-from": "^1.0.0",
+        "source-map": "^0.6.0"
+      }
+    },
+    "node_modules/source-map-support/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/sourcemap-codec": {
+      "version": "1.4.8",
+      "resolved": "https://registry.npmjs.org/sourcemap-codec/-/sourcemap-codec-1.4.8.tgz",
+      "integrity": "sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA=="
+    },
+    "node_modules/spectre.css": {
+      "version": "0.5.8",
+      "resolved": "https://registry.npmjs.org/spectre.css/-/spectre.css-0.5.8.tgz",
+      "integrity": "sha512-3N4WocWY+Dl6b3e5v3nsZYyp+VSDcBfGDzyyHw/H78ie9BoAhHkxmrhLxo9y8RadxYzVrPjfPdlev3hXEUzR2w=="
+    },
+    "node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/svelte": {
+      "version": "3.46.4",
+      "resolved": "https://registry.npmjs.org/svelte/-/svelte-3.46.4.tgz",
+      "integrity": "sha512-qKJzw6DpA33CIa+C/rGp4AUdSfii0DOTCzj/2YpSKKayw5WGSS624Et9L1nU1k2OVRS9vaENQXp2CVZNU+xvIg==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/terser": {
+      "version": "5.5.1",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.5.1.tgz",
+      "integrity": "sha512-6VGWZNVP2KTUcltUQJ25TtNjx/XgdDsBDKGt8nN0MpydU36LmbPPcMBd2kmtZNNGVVDLg44k7GKeHHj+4zPIBQ==",
+      "dependencies": {
+        "commander": "^2.20.0",
+        "source-map": "~0.7.2",
+        "source-map-support": "~0.5.19"
+      },
+      "bin": {
+        "terser": "bin/terser"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
+    }
+  },
   "dependencies": {
     "@babel/code-frame": {
       "version": "7.12.11",
@@ -28,9 +624,9 @@
       }
     },
     "@rollup/plugin-commonjs": {
-      "version": "17.0.0",
-      "resolved": "https://registry.npmjs.org/@rollup/plugin-commonjs/-/plugin-commonjs-17.0.0.tgz",
-      "integrity": "sha512-/omBIJG1nHQc+bgkYDuLpb/V08QyutP9amOrJRUSlYJZP+b/68gM//D8sxJe3Yry2QnYIr3QjR3x4AlxJEN3GA==",
+      "version": "21.0.2",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-commonjs/-/plugin-commonjs-21.0.2.tgz",
+      "integrity": "sha512-d/OmjaLVO4j/aQX69bwpWPpbvI3TJkQuxoAk7BH8ew1PyoMBLTOuvJTjzG8oEoW7drIIqB0KCJtfFLu/2GClWg==",
       "requires": {
         "@rollup/pluginutils": "^3.1.0",
         "commondir": "^1.0.1",
@@ -42,9 +638,9 @@
       }
     },
     "@rollup/plugin-node-resolve": {
-      "version": "11.0.1",
-      "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-11.0.1.tgz",
-      "integrity": "sha512-ltlsj/4Bhwwhb+Nb5xCz/6vieuEj2/BAkkqVIKmZwC7pIdl8srmgmglE4S0jFlZa32K4qvdQ6NHdmpRKD/LwoQ==",
+      "version": "13.1.3",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-13.1.3.tgz",
+      "integrity": "sha512-BdxNk+LtmElRo5d06MGY4zoepyrXX1tkzX2hrnPEZ53k78GuOMWLqmJDGIIOPwVRIFZrLQOo+Yr6KtCuLIA0AQ==",
       "requires": {
         "@rollup/pluginutils": "^3.1.0",
         "@types/resolve": "1.17.1",
@@ -180,9 +776,9 @@
       "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
     },
     "fsevents": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.1.3.tgz",
-      "integrity": "sha512-Auw9a4AxqWpa9GUfj370BMPzzyncfBABW8Mab7BGWBYDj4Isgq+cDKtx0i6u9jcX9pQDnswsaaOTgTmA5pEjuQ==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
       "optional": true
     },
     "function-bind": {
@@ -316,9 +912,9 @@
       "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18="
     },
     "path-parse": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
-      "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw=="
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
     },
     "picomatch": {
       "version": "2.2.2",
@@ -348,17 +944,17 @@
       }
     },
     "rollup": {
-      "version": "2.35.1",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.35.1.tgz",
-      "integrity": "sha512-q5KxEyWpprAIcainhVy6HfRttD9kutQpHbeqDTWnqAFNJotiojetK6uqmcydNMymBEtC4I8bCYR+J3mTMqeaUA==",
+      "version": "2.70.1",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.70.1.tgz",
+      "integrity": "sha512-CRYsI5EuzLbXdxC6RnYhOuRdtz4bhejPMSWjsFLfVM/7w/85n2szZv6yExqUXsBdz5KT8eoubeyDUDjhLHEslA==",
       "requires": {
-        "fsevents": "~2.1.2"
+        "fsevents": "~2.3.2"
       }
     },
     "rollup-plugin-svelte": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/rollup-plugin-svelte/-/rollup-plugin-svelte-7.0.0.tgz",
-      "integrity": "sha512-cw4yv/5v1NQV3nPbpOJtikgkB+9mfSJaqKUdq7x5fVQJnwLtcdc2JOszBs5pBY+SemTs5pmJbdEMseEavbUtjQ==",
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/rollup-plugin-svelte/-/rollup-plugin-svelte-7.1.0.tgz",
+      "integrity": "sha512-vopCUq3G+25sKjwF5VilIbiY6KCuMNHP1PFvx2Vr3REBNMDllKHFZN2B9jwwC+MqNc3UPKkjXnceLPEjTjXGXg==",
       "requires": {
         "require-relative": "^0.8.7",
         "rollup-pluginutils": "^2.8.2"
@@ -443,9 +1039,9 @@
       }
     },
     "svelte": {
-      "version": "3.31.0",
-      "resolved": "https://registry.npmjs.org/svelte/-/svelte-3.31.0.tgz",
-      "integrity": "sha512-r+n8UJkDqoQm1b+3tA3Lh6mHXKpcfOSOuEuIo5gE2W9wQYi64RYX/qE6CZBDDsP/H4M+N426JwY7XGH4xASvGQ=="
+      "version": "3.46.4",
+      "resolved": "https://registry.npmjs.org/svelte/-/svelte-3.46.4.tgz",
+      "integrity": "sha512-qKJzw6DpA33CIa+C/rGp4AUdSfii0DOTCzj/2YpSKKayw5WGSS624Et9L1nU1k2OVRS9vaENQXp2CVZNU+xvIg=="
     },
     "terser": {
       "version": "5.5.1",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "linkding",
-  "version": "1.8.1",
+  "version": "1.8.7",
   "description": "",
   "main": "index.js",
   "scripts": {
@@ -19,12 +19,12 @@
   },
   "homepage": "https://github.com/sissbruecker/linkding#readme",
   "dependencies": {
-    "spectre.css": "^0.5.8",
-    "@rollup/plugin-commonjs": "^17.0.0",
-    "@rollup/plugin-node-resolve": "^11.0.1",
-    "rollup": "^2.35.1",
-    "rollup-plugin-svelte": "^7.0.0",
+    "@rollup/plugin-commonjs": "^21.0.2",
+    "@rollup/plugin-node-resolve": "^13.1.3",
+    "rollup": "^2.70.1",
+    "rollup-plugin-svelte": "^7.1.0",
     "rollup-plugin-terser": "^7.0.2",
-    "svelte": "^3.31.0"
+    "spectre.css": "^0.5.8",
+    "svelte": "^3.46.4"
   }
 }

requirements.prod.txt

@@ -3,7 +3,7 @@ beautifulsoup4==4.7.1
 certifi==2019.6.16
 charset-normalizer==2.0.4
 confusable-homoglyphs==3.2.0
-Django==3.2.6
+Django==3.2.12
 django-background-tasks==1.2.5
 django-compat==1.0.15
 django-generate-secret-key==1.0.2
@@ -18,7 +18,7 @@ python-dateutil==2.8.1
 pytz==2021.1
 requests==2.26.0
 soupsieve==1.9.2
-sqlparse==0.4.1
+sqlparse==0.4.2
 supervisor==4.2.2
 typing-extensions==3.10.0.0
 urllib3==1.26.6

requirements.txt

@@ -4,7 +4,7 @@ certifi==2019.6.16
 charset-normalizer==2.0.4
 confusable-homoglyphs==3.2.0
 coverage==5.5
-Django==3.2.6
+Django==3.2.12
 django-appconf==1.0.4
 django-background-tasks==1.2.5
 django-compat==1.0.15
@@ -26,7 +26,7 @@ requests==2.26.0
 rjsmin==1.1.0
 six==1.16.0
 soupsieve==1.9.2
-sqlparse==0.4.1
+sqlparse==0.4.2
 typing-extensions==3.10.0.0
 urllib3==1.26.6
 waybackpy==2.4.3

siteroot/urls.py

@@ -25,11 +25,14 @@ urlpatterns = [
                                                 extra_context=dict(allow_registration=ALLOW_REGISTRATION)),
          name='login'),
     path('logout/', auth_views.LogoutView.as_view(), name='logout'),
+    path('change-password/', auth_views.PasswordChangeView.as_view(), name='change_password'),
+    path('password-change-done/', auth_views.PasswordChangeDoneView.as_view(), name='password_change_done'),
     path('', include('bookmarks.urls')),
 ]
 
 if DEBUG:
     import debug_toolbar
+
     urlpatterns.append(path('__debug__/', include(debug_toolbar.urls)))
 
 if ALLOW_REGISTRATION:

uwsgi.ini

@@ -1,5 +1,4 @@
 [uwsgi]
-http = :9090
 chdir = /etc/linkding
 module = siteroot.wsgi:application
 env = DJANGO_SETTINGS_MODULE=siteroot.settings.prod
@@ -11,6 +10,7 @@ vacuum=True
 stats = 127.0.0.1:9191
 uid = www-data
 gid = www-data
+buffer-size = 8192
 
 if-env = LD_REQUEST_TIMEOUT
 http-timeout = %(_)

version.txt

@@ -1 +1 @@
-1.8.1
+1.8.7