agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-02 13:49:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
19,281 Commits 3 Branches 19 Tags
0dfaf145ac2f22caebf4f66c3a1558de538072f1
Commit Graph

18 Commits

Author SHA1 Message Date
June Kelly 0dfaf145ac [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Henry Oswald 68b61bbcaf Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly f83ea0eae9 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00
Jakob Ackermann 23e9f8bf1a Merge pull request #6457 from overleaf/jpa-harden-login 
[web] harden login process

GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d
 2022-01-27 09:03:38 +00:00
Jakob Ackermann 86741fc86f Merge pull request #6349 from overleaf/jpa-password-strength-checking 
[web] data collection for password strength using HaveIBeenPwned api

GitOrigin-RevId: 7e4d57a979c29027fb7ca5294f3935500a0b4cf3
 2022-01-20 09:03:07 +00:00
Jakob Ackermann 5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Alf Eaton 1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Alf Eaton 1ebc8a79cb Merge pull request #3495 from overleaf/ae-prettier-2 
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
 2021-04-15 02:05:22 +00:00
Shane Kilkelly e9f7a17093 Merge pull request #3234 from overleaf/sk-fix-password-validation-email 
Overhaul password validation

GitOrigin-RevId: a591c4e192e30a0ac053eab6f80627543a8a92fe
 2020-10-23 02:04:39 +00:00
Jakob Ackermann e3c6637339 Merge pull request #3187 from overleaf/jpa-mongodb-native 
[misc] migrate the app to the native mongo driver

GitOrigin-RevId: 9030b18c4cf62e3a01d3d8f450bf0e02f9f89c22
 2020-10-02 02:04:18 +00:00
Jessica Lawshe 7eee20f914 Merge pull request #3079 from overleaf/jel-log-password-update 
Update audit log when password updated

GitOrigin-RevId: 3228e39e8a3682d6e77264cd6ee580f3fc40642a
 2020-08-10 15:56:11 +00:00
Ersun Warncke 3a7384c83f new UserHelper class for acceptance tests 
GitOrigin-RevId: 194593b8b70c74d2771f8e6f695faa47c84beeca
 2019-10-08 08:58:12 +00:00
Jessica Lawshe 6737637b39 Merge pull request #2190 from overleaf/as-invalid-password-errors 
Throw Error instead of plain object if email/password is invalid

GitOrigin-RevId: 2a1b040b07834064d547cef7890676ca014ec0ae
 2019-10-02 14:22:34 +00:00
Timothée Alby 44d3b8b92e Merge pull request #2161 from overleaf/ta-decaf-cleanup-authentication 
Decafeinate AuthenticationManager

GitOrigin-RevId: 491c7fbeb7f83e81783beadfdd0d4cb510f7d429
 2019-09-24 08:57:59 +00:00
Ersun Warncke d624c29b6f remove v1 deps for password change/reset 
GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7
 2019-07-17 15:09:24 +00:00
Timothée Alby 109585d20c Merge pull request #1947 from overleaf/ta-cleanup-guard-1 
Remove __guard__ Function Used to Access Settings

GitOrigin-RevId: 15e3749990a9fc68f8d344390b1bf0d09d839106
 2019-07-15 13:23:38 +00:00
Ersun Warncke 8cc9bc5335 write to v1/v2 on register, password change and reset 
GitOrigin-RevId: 29045912319d1d387613ec55c6620852d8857614
 2019-06-19 11:06:21 +00:00
Alasdair Smith 0ca81de78c Merge pull request #1717 from overleaf/as-decaffeinate-backend 
Decaffeinate backend

GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa
 2019-05-29 09:32:21 +00:00