* Promisify `AuthenticationController.doPassportLogin`
* Update tests `AuthenticationController.doPassportLogin`
* Add test on error handling for `AuthenticationController.doPassportLogin`
* Add test on error handling for `V1LoginController.doLogin`
* Extract error handling to `getErrorObject` function
* Simplify code
* Add `Metrics` calls
* Add `password is too long` in AuthenticationController
* Make `info` object consistent with the rest of the codebase
* Move error handling to `AuthenticationManager.handleAuthenticateErrors`
* Move `handleAuthenticateErrors` to other file
I moved this solely because I didn't manage to test it otherwise
* Update tests
* Remove `preDoPassportLogin` hook call
* Remove test on `preDoPassportLogin`
* Use try/catch block instead of `.catch()`
* Revert "Use try/catch block instead of `.catch()`"
This reverts commit 3475afa93ce4af7ad55c91bfc1d7ad3317600ea5.
* Replace `.catch` by `try/catch`
GitOrigin-RevId: 3fba65c30a2c5fc6e5abcd5b83c52801852ed462
* [web] set-password: reject same as current password
* [web] Add 'peek' operation on tokens
This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.
We give up to three attempts before invalidating the token.
* [web] Add hide-on-error feature to async forms
This allows us to hide the form elements when certain
named error conditions occur.
* [web] reset-password: handle same-password rejection
We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.
* [web] Validate OneTimeToken when loading password reset form
* [web] Rate limit GET: /user/password/set
Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.
* [web] Tidy up pug layout and mongo query for token peeking
Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
Antoine Clausse