agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-25 10:10:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
27,217 Commits 3 Branches 19 Tags
3649832fc8b70e734ba7e127714572303a2383ce
Commit Graph

143 Commits

Author SHA1 Message Date
Anna Claire Fields
ff8f77d85c replace staff access with role based sytem (#30004) 
- remove references to staff access

GitOrigin-RevId: 5d7df3ae8bc78aa02b65ec0dac0a323520c3df15
 2026-01-19 09:06:59 +00:00
Alf Eaton
03a3518aae Merge pull request #30703 from overleaf/ae-prettier 
Upgrade Prettier to v3.7.4

GitOrigin-RevId: 0f4434019bc7d12f2d5b7ecbb833ee20570d0706
 2026-01-16 09:56:07 +00:00
Andrew Rumble
07c827e9fd Merge pull request #29928 from overleaf/ar-last-infrastructure-conversions 
[web] last infrastructure conversions

GitOrigin-RevId: ad1aff9b7df0610ed0303157d9e2c8032f32c02b
 2025-11-28 09:05:56 +00:00
Andrew Rumble
18f44866e5 Merge pull request #29919 from overleaf/revert-29795-ar-last-infrastructure-conversions 
Revert "[web] last infrastructure conversions"

GitOrigin-RevId: 48dc64553012afb5d2db4b2eb9c9898489b7e5ef
 2025-11-27 09:05:54 +00:00
Andrew Rumble
d748d8d606 Merge pull request #29795 from overleaf/ar-last-infrastructure-conversions 
[web] last infrastructure conversions

GitOrigin-RevId: 68aa11625a9bc6d0d5324ecd95bb5ac52af8ee96
 2025-11-27 09:05:30 +00:00
Andrew Rumble
beb6f6d484 Merge pull request #29597 from overleaf/ar-last-features-esm-conversion 
[web] last features esm conversion

GitOrigin-RevId: a35ab995bf654f1cdfe0e0062d8806761ecccf2d
 2025-11-21 09:05:36 +00:00
Andrew Rumble
394c60f2cf Merge pull request #29659 from overleaf/revert-29656-revert-29521-ar-models-es-conversion 
Revert "Revert "[web] Convert models and self-referential test files to ESM ""

GitOrigin-RevId: f64000ae31d298b075a8722dfc51f294c71bc021
 2025-11-18 09:04:56 +00:00
Andrew Rumble
ae6dec9dcb Merge pull request #29656 from overleaf/revert-29521-ar-models-es-conversion 
Revert "[web] Convert models and self-referential test files to ESM "

GitOrigin-RevId: 5455cccbb513bd9ca36ce526ff1553065f83d233
 2025-11-13 09:06:36 +00:00
Andrew Rumble
7c9fea64ac [web] Convert models and self-referential test files to ESM (#29521) 
from overleaf/ar-models-es-conversion

GitOrigin-RevId: a92ab8342c0f3e23155eacc0570458fc910c3d71
 2025-11-13 09:06:13 +00:00
Andrew Rumble
f5eb8e9ba4 Update paths 
GitOrigin-RevId: 5bc9bccf2cd10631cb88412f426a8e3c73c9f689
 2025-11-06 09:07:09 +00:00
Andrew Rumble
4f02a85aa4 Update paths 
GitOrigin-RevId: 399c594dd1bbf739d91874df6be3b70e57fe01e3
 2025-11-06 09:05:57 +00:00
Andrew Rumble
912324f560 Convert to ESM 
GitOrigin-RevId: b58b02f9e9c8d47909e95c3ade8e1bf33ed46c80
 2025-11-06 09:05:47 +00:00
Andrew Rumble
0f4d5a7be6 Rename files 
GitOrigin-RevId: 80b975b03ebca16328b84fabf11e71bbea87c8bc
 2025-11-06 09:05:41 +00:00
Andrew Rumble
7bda755d0e Convert to ESM 
GitOrigin-RevId: 572dafeaddea99be28ec1e1116e49aaf203be340
 2025-10-23 08:06:20 +00:00
Andrew Rumble
0d73904c4b Rename files 
GitOrigin-RevId: 7e8fde9258e71ab3649d1d83addeb5164d8b4251
 2025-10-23 08:06:05 +00:00
Antoine Clausse
2413a93c5e [web] Promisify NotificationsBuilder.js (#28792) 
* Replace request by fetch

* Promisify `dropboxDuplicateProjectNames`

* Promisify `dropboxUnlinkedDueToLapsedReconfirmation`

* Promisify `featuresUpgradedByAffiliation`

* Promisify `redundantPersonalSubscription`

* Promisify `projectInvite`

* Promisify `ipMatcherAffiliation`

* Promisify `tpdsFileLimit`

* Promisify `groupInvitation`

* Promisify `personalAndGroupSubscriptions`

* Sanitize URL

* Add default fetch timeout

* Update tests

* Update tests with fetch-utils

* Update external usage

* Import `ObjectId` from `mongodb-legacy`

Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>

* Add `toString()` to userId in `ipMatcherAffiliation` calls

* [v1] Return "200 null" instead of no content in `v2/api/v2/users/:userId/ip_matcher` when there is no data, so it can be read as JSON in the frontend

Can't be 204 because of lint: "Do not specify body content for a response with a non-content status code"

* Temporarily remove `enrolment_ad_html` test to test notifications

* Revert "Temporarily remove `enrolment_ad_html` test to test notifications"

This reverts commit fb8b0c26a3adbbc64053cd3f5f2570ccc97328fb.

* Use `return await`

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

---------

Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 17ee861852aa4ac15d3b46b1b28c763fad5333d2
 2025-10-23 08:05:30 +00:00
ilkin-overleaf
22b38d02b0 Merge pull request #28808 from overleaf/ii-await-user-handler 
[web] Promisify UserHandler

GitOrigin-RevId: 2daa6f74ec566851d208bf1b3d12d89ecf183383
 2025-10-09 08:07:17 +00:00
Domagoj Kriskovic
868d562d96 Support password-fallbackPassword array in requireBasicAuth (#27237) 
GitOrigin-RevId: 33b15a05996bfa0190041f347772867a9667e2ca
 2025-07-22 08:05:51 +00:00
Jimmy Domagala-Tang
d5e00845c6 Revert "Merge pull request #27060 from overleaf/em-log-oauth-authenticate-errors" (#27062) 
This reverts commit 32bb3c66b61d0de8cbbfe1da08042f06b4f4342a, reversing
changes made to 5e87b704cd90478aedc8d8befa0aa5787a53177b.

Co-authored-by: Eric Mc Sween <5454374+emcsween@users.noreply.github.com>
GitOrigin-RevId: 10b51500e3429a637dc76e3cec7d6b2764708ddb
 2025-07-11 08:07:27 +00:00
Eric Mc Sween
bc49968908 Merge pull request #27060 from overleaf/em-log-oauth-authenticate-errors 
Log OAuth authentication errors

GitOrigin-RevId: 32bb3c66b61d0de8cbbfe1da08042f06b4f4342a
 2025-07-11 08:07:23 +00:00
Jakob Ackermann
457d61fa9a [web] avoid logging when password is too similar to email (#24914) 
GitOrigin-RevId: 122e1790e4827aa26da712011e946ea025a08300
 2025-04-16 08:06:11 +00:00
Eric Mc Sween
71c2dc7d2d Merge pull request #22970 from overleaf/em-log-user-id 
Add userId to request logs when user is logged in

GitOrigin-RevId: c7c907375af20c83f2ac762aa634b8d8cd1d9404
 2025-01-21 09:05:44 +00:00
Eric Mc Sween
b2d991d74a Merge pull request #21212 from overleaf/revert-20969-ac-subscription-layout-react 
Revert "[web] Set Subscription pages to have `layout-react`"

GitOrigin-RevId: eaf3a651160e278adcb103864c5ea81ea3e35aa7
 2024-10-18 08:06:05 +00:00
Antoine Clausse
2c7530a6cf [web] Set Subscription pages to have layout-react (#20969) 
* [web] Set Subscription pages to have `layout-react`

* [web] import `header-footer-react` in Subscription pages (!!)

* [web] Add `ol-user` meta tag to the subscription pages (!!)

⚠️ invite_logged_out.pug should be updated instead of setting the user as `{}`

* [web] Fix unit test

* [web] Update User types to handle a logged out user, add `LOGGED_OUT_USER` const

* [web] Add type `User` to `getSessionUser`

* [web] Remove `LOGGED_OUT_USER` const

* [web] Just pass `{ id: null }` as the user

* [web] Remove comment in pugs, it breaks things

* [web] Don't pass the full user to the frontend!!!

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 1768f1f13de924a18be43c1a08614000500dcbec
 2024-10-18 08:05:53 +00:00
Miguel Serrano
3ff142d478 [web] Expose metric for active users in SP (#20130) 
* [web] Expose metric for active users in SP

* Removed redundant UserHandler.setupLoginData()

In the past this method was also calling
a now deleted notifyDomainLicence(), but now
this is just an alias for populateTeamInvites()

* Added migration for `lastActive`

* Added secondary read precedence to count active users

GitOrigin-RevId: 86d6db31e1ae74ae40c6599e6acb731d8c4a04bd
 2024-10-14 10:57:28 +00:00
Antoine Clausse
fb114a7c44 Merge pull request #19545 from overleaf/ac-remove-login-route-override 
[web] Remove `/login` route override from overleaf-integration

GitOrigin-RevId: a22d0698e5039a8e77fb7ebb620500ad40a9a630
 2024-08-14 08:04:26 +00:00
Antoine Clausse
1e36db524f [web] Merge authentication error handling (V1LoginController & AuthenticationController) (#19457) 
* Promisify `AuthenticationController.doPassportLogin`

* Update tests `AuthenticationController.doPassportLogin`

* Add test on error handling for `AuthenticationController.doPassportLogin`

* Add test on error handling for `V1LoginController.doLogin`

* Extract error handling to `getErrorObject` function

* Simplify code

* Add `Metrics` calls

* Add `password is too long` in AuthenticationController

* Make `info` object consistent with the rest of the codebase

* Move error handling to `AuthenticationManager.handleAuthenticateErrors`

* Move `handleAuthenticateErrors` to other file

I moved this solely because I didn't manage to test it otherwise

* Update tests

* Remove `preDoPassportLogin` hook call

* Remove test on `preDoPassportLogin`

* Use try/catch block instead of `.catch()`

* Revert "Use try/catch block instead of `.catch()`"

This reverts commit 3475afa93ce4af7ad55c91bfc1d7ad3317600ea5.

* Replace `.catch` by `try/catch`

GitOrigin-RevId: 3fba65c30a2c5fc6e5abcd5b83c52801852ed462
 2024-07-31 08:05:07 +00:00
Antoine Clausse
5f2718cf29 [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555) 
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`

* Lowercase the email to avoid rate-limit bypass

* Remove unit test "when the users rate limit"

* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`

This should address the `trim()` bypass

* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`

We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"

* Add acceptance test for rate limit

* Add comment on rate limits

* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity

* Make the login rate limits configurable from the settings

GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
 2024-07-30 08:04:26 +00:00
Antoine Clausse
e452f1df5b [web] Promisify LdapController (#18500) 
* Promisify LdapController

* Update tests LdapControllerTests.js

* Promisify `AuthenticationController.finishLogin`

* Simplify null checks in LdapController

* Fix: don't use spread operator in module.exports

* Make `AuthenticationController.promises.finishLogin` a promise that resolves

* Fixup: `finishLogin` does not call `next` then the promise finishes, it calls it only on errors

* Use `Modules.promises.hooks.fire`

* Revert `processPassportLogin` callback style

* Update error handling: Use `OError.tag` instead of `logger.err`

* Fix unit tests: Rely on callbacks rather than promises

* Fix: Actually call `passport.authenticate` (!!)

* Update test: fixup `passport.authenticate` mocks

This would have caught the bugs that the previous commit is solving

* Remove `.then(() => next())` in `processPassportLogin`

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>

---------

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: a7eab5f5289956aeb8f2418408958daef3511ab7
 2024-06-06 08:04:23 +00:00
Eric Mc Sween
876ee4d967 Merge pull request #18225 from overleaf/em-typescript-eslint 
Add typescript-eslint rule: no-floating-promises

GitOrigin-RevId: 8c3decdff537c885f5bfeb5250b7805480bc6602
 2024-05-27 10:22:20 +00:00
Jakob Ackermann
dfe587f297 Merge pull request #18294 from overleaf/jpa-td-invite-details 
[web] avoid content reflection via query parameter on register page

GitOrigin-RevId: 43e7ba6069e0d9f3f12e5e9e680b5960b0673782
 2024-05-16 08:05:09 +00:00
Jakob Ackermann
4c49841637 Merge pull request #18153 from overleaf/jpa-validate-session-in-store 
[web] check for redis connection being out of sync in session store

GitOrigin-RevId: c271e88d4e1fbcb0f7a57f4775e8ef88b70b16a8
 2024-05-03 08:04:25 +00:00
Brian Gough
29105911c5 Merge pull request #17732 from overleaf/bg-session-mitigation-initial-protoype 
anonymous cookie-based sessions module

GitOrigin-RevId: 75fe2d48fa384ba8d07c0b478a9a5a907a2b3b67
 2024-04-26 08:04:54 +00:00
David
ce00af7838 Merge pull request #18011 from overleaf/dp-make-_getRedirectFromSession-public 
Make _getRedirectFromSession a public method

GitOrigin-RevId: 6538e4ec25e607d32beb944370d151d4f1a3709c
 2024-04-24 08:04:13 +00:00
David
0cf17478fe Merge pull request #17810 from overleaf/dp-compormised-password-prompt 
Add compromised password prompt

GitOrigin-RevId: 7910a220943fcb3aa191da6d514d5bc3ae20f5a3
 2024-04-19 08:03:58 +00:00
roo hutton
754609f379 Merge pull request #17830 from overleaf/rh-reduce-staff-access-session 
[web] Reduce size of staffAccess field in session

GitOrigin-RevId: 7745dc595e8096caef04fd140b47532f0775f165
 2024-04-12 08:06:35 +00:00
Alf Eaton
6cc2db3cdd Merge pull request #17525 from overleaf/ae-upgrade-prettier 
Upgrade Prettier to v3

GitOrigin-RevId: 6f1338f196408f3edb4892d5220ad3665ff1a5bc
 2024-03-26 09:04:05 +00:00
Brian Gough
f2a1b49d48 Merge pull request #17593 from overleaf/bg-account-security-update-hibp-links 
Update haveibeenpwnd links to use the password check form

GitOrigin-RevId: f67b1ed689c851ad3684becc38cd5eb82b0018a2
 2024-03-22 09:03:13 +00:00
Thomas
811173d32d Merge pull request #17569 from overleaf/tm-account-suspension 
Add the ability to suspend user accounts

GitOrigin-RevId: 5e57f29941434c78a47354baca83527213f9b9b5
 2024-03-22 09:03:06 +00:00
David
1ba5b27e57 Merge pull request #17408 from overleaf/dp-mongoose-callback-autherntication-manager 
Promisify AuthenticationManager and AuthenticationManagerTests

GitOrigin-RevId: 8120bf55d19380a6ecf5241ffab8722eff2d4fe3
 2024-03-12 09:03:14 +00:00
Jakob Ackermann
9daacea6cb Merge pull request #17409 from overleaf/jpa-check-before-hibp 
[web] check user password before HIBP check

GitOrigin-RevId: 7c1bdc220fb9369733a1ff3bf26bed8cacc8e8d4
 2024-03-05 09:03:46 +00:00
Jakob Ackermann
84a2b25a3c Merge pull request #17401 from overleaf/jpa-skip-hibp-known-device 
[web] skip HIBP check from known devices

GitOrigin-RevId: 897df02492aafeac010753c7c306e02bde5b1fd8
 2024-03-05 09:03:37 +00:00
Jakob Ackermann
001af76f15 Merge pull request #17399 from overleaf/jpa-hibp-login 
[web] check HIBP on login

GitOrigin-RevId: e052926e4d970f9a15821f1ea9c8af46bdab90cb
 2024-03-05 09:03:34 +00:00
Miguel Serrano
abe33de010 [web] upgrade @node-oauth/oauth2-server to ^5.1.0, (#16705) 
* [web] upgrade @node-oauth/oauth2-server to ^5.1.0,

* Added `expressify` to middleware returned by Authentication.requireOauth()

* Extracted OAuth2 scope transformation to utilities

* Throw an error with undefined SAML scopes

GitOrigin-RevId: 00dfe81c707e9a3fcf9bb10e007c1fc646f7b9dd
 2024-02-09 09:05:20 +00:00
Jakob Ackermann
880087945e Merge pull request #16854 from overleaf/jpa-overleaf-integration-core-tests 
[web] enable overleaf-integration module when running SaaS tests

GitOrigin-RevId: 36eda6ef448604a55f8dc8daac5ce29af23b6b0b
 2024-02-05 09:04:05 +00:00
Jakob Ackermann
797f2c518d Merge pull request #16514 from overleaf/jpa-enforce-oauth-scope 
[web] restrict access to oauth endpoints to their respective clients

GitOrigin-RevId: 6ffa6008130588e44d336e2af32584ee20ad3ffc
 2024-01-18 09:04:28 +00:00
Mathias Jakobsen
c371732e6e Merge pull request #16186 from overleaf/mj-mongo-object-id 
[web] Use constructor for ObjectId

GitOrigin-RevId: 9eb8b377ea599605b72af237d1ab12f4d8287162
 2023-12-19 09:04:02 +00:00
Miguel Serrano
771f07d7ad Merge pull request #16202 from overleaf/msm-passport-upgrade-2 
[web] passport + passport-saml updates (post revert)

GitOrigin-RevId: e1fa5757e15b3ac733511570637d39297247e050
 2023-12-14 09:03:24 +00:00
Miguel Serrano
369d5cb406 Merge pull request #16190 from overleaf/revert-15519-em-upgrade-passport 
Revert "Upgrade passport"

GitOrigin-RevId: 34a5442d6dae9623463908f92ab103bdc16f1b67
 2023-12-12 09:04:23 +00:00
Miguel Serrano
d96283e593 Merge pull request #15519 from overleaf/em-upgrade-passport 
Upgrade passport

GitOrigin-RevId: b93bfcab39ba3d2ab4efb4814371defec8ca95c4
 2023-12-12 09:04:08 +00:00