agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-08 16:50:44 +02:00
Code Issues Packages Projects Releases Wiki Activity
25,515 Commits 3 Branches 19 Tags
3b684e08caa8a686c3d5096b8a08f91079eb7747
Commit Graph

52 Commits

Author SHA1 Message Date
Tim Down a77f218a77 Merge pull request #25805 from overleaf/td-bs5-rename-auth-pages-feature-flag 
Change auth pages feature flag

GitOrigin-RevId: 091b2cde7cc4f91e2ce7533d610db773fc622bb5
 2025-05-23 08:05:14 +00:00
M Fahru 0558761482 Merge pull request #22610 from overleaf/mf-migrate-setpassword-page-bs5 
[web] Migrate set password page to bootstrap 5 and website-redesign styling

GitOrigin-RevId: a9168b4171739cd49d0b76505800bcd171bd9572
 2025-01-28 09:05:39 +00:00
M Fahru 7fbcca6ed1 Merge pull request #22609 from overleaf/mf-migrate-aux-password-pages-to-bs5 
[web] Migrate reset password page to bootstrap 5 and website redesign

GitOrigin-RevId: 613865379d094b305c6dc78f74dc70341214f4ed
 2025-01-28 09:05:35 +00:00
Antoine Clausse b0419a86f2 [web] Add audit logs for clear_sessions_set_must_reconfirm script, "must-reset-password-set" and "must-reset-password-unset" (#21776) 
* Promisify clear_sessions_set_must_reconfirm.mjs

* Add test on PasswordResetTests.mjs

* Add `must-reset-password-unset` audit log

* Add `must-reset-password-set` audit log

* Add test ClearSessionsSetMustReconfirmTests.mjs

* Fixup bad copy-paste in test: `must-reset-password-set` -> `must-reset-password-unset`

* Check `must_reconfirm` before calling `removeReconfirmFlag`

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* Fix unit test

* Use `promiseMapWithLimit`

* Add `{ script: true }` to AuditLog. Also use `undefined` instead of `null` for consistency

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 522026c82196d263c196503d899b8c57b05b31dd
 2024-11-15 09:05:21 +00:00
Antoine Clausse eea27a36a4 [web] Add prefer-node-protocol ESLint rule (#21523) 
* Add `unicorn/prefer-node-protocol`

* Revert non-web changes

* Run `npm run lint:fix` (prefer-node-protocol)

GitOrigin-RevId: c3cdd88ff9e6b3de6a4397d45935c4d026c1c1ed
 2024-11-05 09:04:33 +00:00
Andrew Rumble c6c62088cc Migrate Features to ES modules 
GitOrigin-RevId: 4e9d3176b4b5a5504afc102e569a27d7788864a3
 2024-10-17 08:06:08 +00:00
Jimmy Domagala-Tang 007cc42477 Merge pull request #19152 from overleaf/jdt-project-permissions 
Allow checking permissions for all users on a project and rename checkPermissions -> AssertPermissions

GitOrigin-RevId: 511356cf2fe68367e284347e68e59f6116bd0f80
 2024-07-03 08:04:19 +00:00
Antoine Clausse 25d8e053be [web] Update revokeAllUserSessions and rename it to removeSessionsFromRedis (#18360) 
* Fix `revokeAllUserSessions` call in `_cleanupUser`

The user object should be passed, not the _id

* Change `revokeAllUserSessions` signature, take `req` and `stayLoggedIn` arguments

* Update uses of `revokeAllUserSessions`

* Fix promisified `revokeAllUserSessions` args

* Update tests

* Destroy or Regenerate the session in the end of `revokeAllUserSessions`

Per https://github.com/overleaf/internal/issues/17036#issuecomment-1938398570

* Revert "Destroy or Regenerate the session in the end of `revokeAllUserSessions`"

This reverts commit fe30734dbe45b27d2931d2e43a711d591bb85787.

* Rename `revokeAllUserSessions` to `removeSessionsFromRedis`

* Fixup tests

* Fix: add optional chaining in `req.sessionID` (!!)

GitOrigin-RevId: d41676bf00f463230af495e09c65fb9ee521f49f
 2024-05-20 08:04:12 +00:00
Jessica Lawshe 94e9456a4b Merge pull request #17793 from overleaf/jel-password-token-when-managed-linked 
[web] Check permissions when using password reset token

GitOrigin-RevId: b5339d5ad5322fcae7beaa99fb40a87ffb938b52
 2024-04-25 08:04:58 +00:00
M Fahru d836631902 Merge pull request #17548 from overleaf/mf-promisify-render-set-password-form 
[web] promisify renderSetPasswordForm

GitOrigin-RevId: 3a79a7fd23de2d7ff87a833204298aed6cc303a5
 2024-03-29 09:04:26 +00:00
Alf Eaton 6cc2db3cdd Merge pull request #17525 from overleaf/ae-upgrade-prettier 
Upgrade Prettier to v3

GitOrigin-RevId: 6f1338f196408f3edb4892d5220ad3665ff1a5bc
 2024-03-26 09:04:05 +00:00
Jessica Lawshe 814ee0ac62 Merge pull request #17351 from overleaf/jel-async-getUserForPasswordResetToken 
[web] Promisify getUserForPasswordResetToken

GitOrigin-RevId: 4b0363b390af155f1bae4332fba7cf10c130e1c6
 2024-03-12 09:03:35 +00:00
Jessica Lawshe 7a9c2fd644 Merge pull request #17329 from overleaf/jel-async-peekValueFromToken 
[web] Promisify peekValueFromToken

GitOrigin-RevId: 4a7f6ae793ff0a1bd22c89c963881ef0957e29e8
 2024-03-12 09:03:32 +00:00
Jessica Lawshe b2b100d485 Merge pull request #17090 from overleaf/jel-block-password-reset 
[web] Block password reset request for managed users linked to SSO

GitOrigin-RevId: 9c990d9fcb7a3286fee733e0fd61c06c09d79367
 2024-03-12 09:03:29 +00:00
Jessica Lawshe 4ad6d3cb5f Merge pull request #17091 from overleaf/jel-promisify-password-reset 
[web] Promisify password reset

GitOrigin-RevId: bc8399727a86276b1d5baa380369d988772c268a
 2024-02-19 09:04:29 +00:00
Mathias Jakobsen 9ca43ebc4e Merge pull request #15822 from overleaf/mj-audit-log-tokens 
[web] Add audit logs for token expiration operations

GitOrigin-RevId: 220fe017cf508ead986a4cd2bd9009035418ce43
 2023-11-21 09:03:59 +00:00
Eric Mc Sween 680ebae30b Merge pull request #15172 from overleaf/em-promise-utils 
Move util/promises from web into a shared library

GitOrigin-RevId: fe1980dc57b9dc8ce86fa1fad6a8a817e9505b3d
 2023-10-20 08:04:05 +00:00
June Kelly 841df71a1d Merge pull request #12342 from overleaf/jk-password-ux-please-use-another-password 
[web] Password UX: 'Please use another password'

GitOrigin-RevId: ca9b26cbcf2dabb27c716da314764ee40ffc83dd
 2023-04-12 08:04:13 +00:00
June Kelly a140e3dc8c Merge pull request #12269 from overleaf/jk-enable-password-similarity-check 
[web] Enforce password similarity check

GitOrigin-RevId: 1bc4efebba401663c1db9d209dc560560f160ce0
 2023-03-23 09:04:12 +00:00
June Kelly 53b78ad68b Merge pull request #11590 from overleaf/jk-password-reset-ux-improvements 
[web] Password Reset UX Improvements

GitOrigin-RevId: d62575ff965e045823bfb7268db892188cf709ed
 2023-02-10 16:33:14 +00:00
Eric Mc Sween 75abea72b0 Merge pull request #11492 from overleaf/em-rate-limiter 
Move all remaining rate limiters to rate-limiter-flexible

GitOrigin-RevId: 163ab2aebecb281057e552dc75591dd02028990c
 2023-01-31 09:03:44 +00:00
ilkin-overleaf 2675cab92e Merge pull request #10394 from overleaf/ii-password-reset-and-strength-checking 
[web] Password reset strength checking and UI updates

GitOrigin-RevId: 442a5c9e7e9d0a61d3ae649f3526bc3c02fd5704
 2022-12-07 09:03:36 +00:00
June Kelly 3288f87dbe [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Henry Oswald 5f1abee345 Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly d04ea76081 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00
Jakob Ackermann f0bd6dda23 Merge pull request #7986 from overleaf/jpa-eslint-8 
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
 2022-05-17 08:05:59 +00:00
Timothée Alby 21c92a045d Merge pull request #6672 from overleaf/ta-router-apply-signature-fix 
Use Correct Router Apply Function Signature

GitOrigin-RevId: 567ff9a4c59834ae200bba860e265abe2e0173e5
 2022-02-16 11:34:37 +00:00
June Kelly c72ec548bb Merge pull request #5976 from overleaf/jk-login-audit-log-type 
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
 2022-01-14 09:02:28 +00:00
Hugh O'Brien 3b95ac6d88 Merge pull request #5688 from overleaf/jpa-invalid-password-message 
[web] password reset: validate user password ahead of invalidating token

GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
 2021-11-10 09:02:38 +00:00
June Kelly 7292cfbd02 Merge pull request #5366 from overleaf/jk-move-password-reset-audit-log 
[web] audit password reset before taking action

GitOrigin-RevId: 672f712658b4669a5a750dbc6f97d24ce35c332d
 2021-10-21 08:03:00 +00:00
Jakob Ackermann 891947770c Merge pull request #5124 from overleaf/jk-de-ng-set-password-page 
[web] de-ng set password form

GitOrigin-RevId: d8ebf9f794454d5772e13ab783892d2bba6eed87
 2021-09-24 08:03:23 +00:00
June Kelly 0ae8f37629 Merge pull request #5107 from overleaf/jk-de-ng-reconfirm-and-pw-reset 
[web] de-ng password reset and must-reconfirm forms

GitOrigin-RevId: 2101493ff017ba56214c6f981129f94eb9db46aa
 2021-09-17 08:03:02 +00:00
Alexandre Bourdin 9468e5cb4f Merge pull request #4338 from overleaf/ab-session-manager 
Extract functions from AuthenticationController to SessionManager

GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883
 2021-07-28 12:36:22 +00:00
Jakob Ackermann 9d00c351a8 Merge pull request #4327 from overleaf/jpa-pw-reset-captcha 
[misc] add captcha on password reset requests

GitOrigin-RevId: 9a23b9c9dee2c56345e9c1846861c05c25126802
 2021-07-28 02:06:02 +00:00
Jakob Ackermann 5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Miguel Serrano f9871103bf Merge pull request #3949 from overleaf/msm-reenable-eslint-const-rule 
Reenable eslint `prefer-const` rule

GitOrigin-RevId: 4f3825be8b8dff381095209085a36eaab76260d5
 2021-05-06 02:09:14 +00:00
Alf Eaton 1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Miguel Serrano d65db1acf0 Merge pull request #3824 from overleaf/jpa-password-reset-email-forwarding 
[misc] fix passing around of users email as part of password reset

GitOrigin-RevId: 54e8cde9867a2ce735bc7ebe281ead19ef49e6cd
 2021-04-01 02:05:04 +00:00
Eric Mc Sween 309163d444 Merge pull request #3595 from overleaf/ae-password-reset-request-validation 
Add request validation to the password reset endpoints

GitOrigin-RevId: 104444d0ebfea2b3d66285a8433e49c1134076b8
 2021-02-04 03:04:59 +00:00
Shane Kilkelly e9f7a17093 Merge pull request #3234 from overleaf/sk-fix-password-validation-email 
Overhaul password validation

GitOrigin-RevId: a591c4e192e30a0ac053eab6f80627543a8a92fe
 2020-10-23 02:04:39 +00:00
Simon Detheridge fdcf327ae7 Merge pull request #3231 from overleaf/jpa-hide-internal-error-messages 
[misc] PasswordResetController: do not expose internal error messages

GitOrigin-RevId: 9eca5e7f5367559d5340363ef859589e218e817f
 2020-09-29 02:05:30 +00:00
Jessica Lawshe 552fb56b74 Merge pull request #3078 from overleaf/jel-log-password-reset-by-token 
Update audit log when password reset by token

GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf
 2020-08-13 15:46:10 +00:00
Miguel Serrano 0583f7a667 Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods 
[misc] fix express deprecations

GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5
 2020-05-07 03:27:56 +00:00
Eric Mc Sween 1dc325d1c7 Merge pull request #2750 from overleaf/ta-activate-finish-login 
Don't Bypass FinishLogin on Password Reset

GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71
 2020-04-24 03:30:45 +00:00
Eric Mc Sween 93fe30a451 Merge pull request #2412 from overleaf/em-password-trim 
Preserve spaces in password in password reset flow

GitOrigin-RevId: 9a2dfb2988ae99be73934b722e635056b5ab1a18
 2019-12-02 14:09:57 +00:00
Ersun Warncke 2c335802ca remove excessive logging 
GitOrigin-RevId: 62024bbe0415a4fdae66eb1b9c6707e5faec7cd1
 2019-11-27 12:17:32 +00:00
Eric Mc Sween 2603597150 Merge pull request #2221 from overleaf/em-ownership-transfer-emails 
Project ownership transfer emails

GitOrigin-RevId: 3d33147c18e2d652976b3dac7453c0407c81314e
 2019-10-15 13:30:10 +00:00
Ersun Warncke d624c29b6f remove v1 deps for password change/reset 
GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7
 2019-07-17 15:09:24 +00:00
Eric Mc Sween d7549544d6 Merge pull request #1950 from overleaf/em-password-reset 
Fetch user by email when validating password reset

GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d
 2019-07-16 09:22:15 +00:00
Eric Mc Sween a31090daab Merge pull request #1944 from overleaf/em-password-reset 
Store the email address in the password reset token data

GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a
 2019-07-04 12:51:16 +00:00