agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-25 02:00:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
27,311 Commits 3 Branches 19 Tags
498c89c6edb00a657c8679f8a802155e9de7bf5a
Commit Graph

40 Commits

Author SHA1 Message Date
Andrew Rumble
07c827e9fd Merge pull request #29928 from overleaf/ar-last-infrastructure-conversions 
[web] last infrastructure conversions

GitOrigin-RevId: ad1aff9b7df0610ed0303157d9e2c8032f32c02b
 2025-11-28 09:05:56 +00:00
Andrew Rumble
18f44866e5 Merge pull request #29919 from overleaf/revert-29795-ar-last-infrastructure-conversions 
Revert "[web] last infrastructure conversions"

GitOrigin-RevId: 48dc64553012afb5d2db4b2eb9c9898489b7e5ef
 2025-11-27 09:05:54 +00:00
Andrew Rumble
d748d8d606 Merge pull request #29795 from overleaf/ar-last-infrastructure-conversions 
[web] last infrastructure conversions

GitOrigin-RevId: 68aa11625a9bc6d0d5324ecd95bb5ac52af8ee96
 2025-11-27 09:05:30 +00:00
Andrew Rumble
beb6f6d484 Merge pull request #29597 from overleaf/ar-last-features-esm-conversion 
[web] last features esm conversion

GitOrigin-RevId: a35ab995bf654f1cdfe0e0062d8806761ecccf2d
 2025-11-21 09:05:36 +00:00
Andrew Rumble
394c60f2cf Merge pull request #29659 from overleaf/revert-29656-revert-29521-ar-models-es-conversion 
Revert "Revert "[web] Convert models and self-referential test files to ESM ""

GitOrigin-RevId: f64000ae31d298b075a8722dfc51f294c71bc021
 2025-11-18 09:04:56 +00:00
Andrew Rumble
ae6dec9dcb Merge pull request #29656 from overleaf/revert-29521-ar-models-es-conversion 
Revert "[web] Convert models and self-referential test files to ESM "

GitOrigin-RevId: 5455cccbb513bd9ca36ce526ff1553065f83d233
 2025-11-13 09:06:36 +00:00
Andrew Rumble
7c9fea64ac [web] Convert models and self-referential test files to ESM (#29521) 
from overleaf/ar-models-es-conversion

GitOrigin-RevId: a92ab8342c0f3e23155eacc0570458fc910c3d71
 2025-11-13 09:06:13 +00:00
Andrew Rumble
4f02a85aa4 Update paths 
GitOrigin-RevId: 399c594dd1bbf739d91874df6be3b70e57fe01e3
 2025-11-06 09:05:57 +00:00
Antoine Clausse
33e63d79fc Merge pull request #28584 from overleaf/ac-some-web-esm-migration-5 
[web] Convert some Features files to ES modules (part 5)

GitOrigin-RevId: 0cad67f9afe0095e2b066bf2f4d3717c00540dab
 2025-10-08 08:06:15 +00:00
David
6715b0a6f8 Merge pull request #28801 from overleaf/dp-promisify-login-rate-limiter 
Promisify LoginRateLimiter

GitOrigin-RevId: e7247258147635019fe229a6bc6aab3a6cc64f75
 2025-10-08 08:05:36 +00:00
roo hutton
c8d4edfa85 Merge pull request #28824 from overleaf/rh-promisify-ott-handler 
Convert OneTimeTokenHandler to async/await

GitOrigin-RevId: 4fb3187ed2003add695b8c6a5e95c9a380dab9f7
 2025-10-06 08:05:36 +00:00
Miguel Serrano
42ee56ecd4 Merge pull request #23810 from overleaf/msm-ldap-login-rate-limiter 
[SP] LDAP login rate limiter

GitOrigin-RevId: dedab17da85c0f91b280d002cdad796e95b9fd4f
 2025-03-06 09:04:55 +00:00
andrew rumble
5f699ac5ef Fix findOneAnd* usages 
findOneAnd* now returns either a document or null rather than a result
set (unless the result set is requested explicitly). See
https://www.mongodb.com/blog/post/behavioral-changes-find-one-family-apis-node-js-driver-6-0-0.

GitOrigin-RevId: 93dc64cbcc663217f914cf9e9821e2b9642154db
 2024-09-24 08:06:28 +00:00
Antoine Clausse
5f2718cf29 [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555) 
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`

* Lowercase the email to avoid rate-limit bypass

* Remove unit test "when the users rate limit"

* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`

This should address the `trim()` bypass

* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`

We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"

* Add acceptance test for rate limit

* Add comment on rate limits

* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity

* Make the login rate limits configurable from the settings

GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
 2024-07-30 08:04:26 +00:00
Jessica Lawshe
7a9c2fd644 Merge pull request #17329 from overleaf/jel-async-peekValueFromToken 
[web] Promisify peekValueFromToken

GitOrigin-RevId: 4a7f6ae793ff0a1bd22c89c963881ef0957e29e8
 2024-03-12 09:03:32 +00:00
David
32d2603adb Merge pull request #16731 from overleaf/dp-ip-rate-metrics 
Add tracking of rate limit method to metrics

GitOrigin-RevId: 3996c2a0ccb747018571ce402120be46fc52eace
 2024-02-13 09:04:09 +00:00
Jakob Ackermann
880087945e Merge pull request #16854 from overleaf/jpa-overleaf-integration-core-tests 
[web] enable overleaf-integration module when running SaaS tests

GitOrigin-RevId: 36eda6ef448604a55f8dc8daac5ce29af23b6b0b
 2024-02-05 09:04:05 +00:00
Tim Down
2807a35e24 Merge pull request #15728 from overleaf/td-lg-expire-password-tokens 
Expire user password reset tokens when user changes their password

GitOrigin-RevId: 2d303eba947c224e71ebe60083abc7a8ff5207a5
 2023-11-22 09:04:30 +00:00
Eric Mc Sween
680ebae30b Merge pull request #15172 from overleaf/em-promise-utils 
Move util/promises from web into a shared library

GitOrigin-RevId: fe1980dc57b9dc8ce86fa1fad6a8a817e9505b3d
 2023-10-20 08:04:05 +00:00
Eric Mc Sween
75abea72b0 Merge pull request #11492 from overleaf/em-rate-limiter 
Move all remaining rate limiters to rate-limiter-flexible

GitOrigin-RevId: 163ab2aebecb281057e552dc75591dd02028990c
 2023-01-31 09:03:44 +00:00
Eric Mc Sween
f97a543d41 Merge pull request #11255 from overleaf/em-rate-limiter 
Introduce rate-limiter-flexible

GitOrigin-RevId: c787397e276fb81015c7d045d191f2ad81ef542d
 2023-01-18 09:04:51 +00:00
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Jakob Ackermann
2117d24bda Merge pull request #7294 from overleaf/jpa-ratelimit-2fa-check 
[web] rate-limit 2fa check requests

GitOrigin-RevId: da3d2f15c68cff101de807c1eae91edbd86481e7
 2022-04-05 12:18:01 +00:00
Eric Mc Sween
5fc6d7dcb3 Merge pull request #5740 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: b304c87a3fe46c29189f665eb3daf22c23d6eb8f
 2021-11-11 09:03:09 +00:00
Eric Mc Sween
e5676a9643 Merge pull request #5648 from overleaf/em-revert-gcp-logging-web 
Revert "Improve GCP logging for web"

GitOrigin-RevId: 92d446baf62108da1df92146eec12a2fe69d30ee
 2021-11-02 09:03:29 +00:00
Eric Mc Sween
641b10cceb Merge pull request #5632 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: 1198fab2e821a55563058171cfa435605216e337
 2021-11-02 09:03:22 +00:00
Hugh O'Brien
f7900b474b Merge pull request #4799 from overleaf/hb-eslint-rules 
Re-enable some eslint rules

GitOrigin-RevId: 16153adb839bb61784bb40fbc8e43da281fe090d
 2021-09-15 08:03:43 +00:00
Alexandre Bourdin
9468e5cb4f Merge pull request #4338 from overleaf/ab-session-manager 
Extract functions from AuthenticationController to SessionManager

GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883
 2021-07-28 12:36:22 +00:00
Jakob Ackermann
5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Alf Eaton
1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Jakob Ackermann
4f8a905e9b Merge pull request #3909 from overleaf/jel-reconfirm-email-template 
Add reconfirm email template

GitOrigin-RevId: 2488c79c25a7148f601e3e3e2021cdbee4be7b4c
 2021-04-16 02:05:33 +00:00
Alf Eaton
1ebc8a79cb Merge pull request #3495 from overleaf/ae-prettier-2 
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
 2021-04-15 02:05:22 +00:00
Alf Eaton
2ff1cf43d6 Merge pull request #3470 from overleaf/eslint 
Upgrade and configure ESLint

GitOrigin-RevId: ad5aeaf85e72c847a125ff3a9db99a12855e38aa
 2020-12-16 03:08:28 +00:00
Jakob Ackermann
e3c6637339 Merge pull request #3187 from overleaf/jpa-mongodb-native 
[misc] migrate the app to the native mongo driver

GitOrigin-RevId: 9030b18c4cf62e3a01d3d8f450bf0e02f9f89c22
 2020-10-02 02:04:18 +00:00
Ersun Warncke
77b7b03ead add api rate limiting based on client_ip url param 
GitOrigin-RevId: 2fffcce053d5bf452508774b555959610db9a2c7
 2019-11-27 19:16:14 +00:00
Ersun Warncke
2c335802ca remove excessive logging 
GitOrigin-RevId: 62024bbe0415a4fdae66eb1b9c6707e5faec7cd1
 2019-11-27 12:17:32 +00:00
Ersun Warncke
af63c8de97 add email rate limiter on login 
GitOrigin-RevId: a0da310e5537b420e46c9ed48f8b97051e7e933a
 2019-11-13 12:55:30 +00:00
Eric Mc Sween
16ac5126cb Merge pull request #2181 from overleaf/sk-exclude-smoketest-user-from-rate-limits 
Exclude smokeTest user from rate limits

GitOrigin-RevId: 01197ce9971477550e73989067adc631189382b1
 2019-09-26 14:38:13 +00:00
Simon Detheridge
b86f46a4f8 Merge pull request #1885 from overleaf/sk-dep-upgrades-2019-06 
Update logger, metrics, and redis client

GitOrigin-RevId: fa425f37c9065dc644da44f62e89a9955ce09f66
 2019-07-02 09:16:23 +00:00
Alasdair Smith
0ca81de78c Merge pull request #1717 from overleaf/as-decaffeinate-backend 
Decaffeinate backend

GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa
 2019-05-29 09:32:21 +00:00