agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-04 22:59:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,120 Commits 3 Branches 19 Tags
4e63657a47ef50ee598ea9fa2245fc9ebe9ecd21
Commit Graph

27 Commits

Author SHA1 Message Date
Shane Kilkelly 7d5dc34b3e fix the set-password form for new (admin-created) users 2017-02-06 14:58:54 +00:00
Shane Kilkelly 6e282ab308 clear sessions on password reset 2016-07-05 14:19:59 +01:00
James Allen 1e8ab5357b Improve pre-registered account activation process 2015-12-11 11:30:06 +00:00
Shane Kilkelly 0aaeb6671e Keep password reset token in session, and strip it from reset page url. 
This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.

Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.
 2015-08-24 11:53:33 +01:00
Henry Oswald 3ecf201eda send -> sendStatus 2015-07-08 16:56:38 +01:00
Henry Oswald 4773d6d22f added tests around new endpoints for joining groups 2015-05-27 20:50:16 +01:00
Henry Oswald 841231dbf8 make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 15:24:09 +01:00
Henry Oswald 9764ab258b added complex password validation to password resets 2015-04-30 12:05:46 +01:00
James Allen 893ff85521 Don't allow password resets for holding accounts 2015-04-14 13:11:49 +01:00
James Allen 9b8cf7bcfa Remove public registration and require that a user be registered by an admin 2015-03-19 14:22:48 +00:00
James Allen accd8207b2 Show password reset expired message rather than server error if that's what has happened 2014-10-08 17:18:24 +01:00
Henry Oswald 0d056434e6 fixed tests 2014-09-26 17:49:31 +01:00
James Allen 10021986c5 Don't error on password reset if no email found, and translate error messages 2014-08-08 11:41:54 +01:00
Henry Oswald d047d44079 Changed the error messages which are sent down to the client to be translated first 
fixed up tests from titles we check when rendering, deleted them as they never
catch anything important, more hastle than they are worth imo.
 2014-08-01 14:03:38 +01:00
Henry Oswald dabed896be lowercase password reset email 2014-06-10 17:54:29 +01:00
Henry Oswald 50df82697a Merge branch 'master' of github.com:sharelatex/web-sharelatex 2014-05-16 11:27:09 +01:00
Henry Oswald 9419d3a0e5 hooked up the frount end ui to show the email can not be found, 
added client side valdidation on password, removed server side min
length check. Just check that it is not 0 len
 2014-05-16 11:26:29 +01:00
James Allen e9c164dc73 Fix test that could never fail 2014-05-16 11:01:36 +01:00
James Allen 240dc2e319 Use crypto.randomBytes 2014-05-16 10:52:31 +01:00
Henry Oswald 9c3c57f2a8 renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 10:43:55 +01:00
Henry Oswald bf1bb22afd added rate limiting to password reset endpoint 2014-05-16 10:31:33 +01:00
Henry Oswald 133c4759f8 fix tests, whoops 2014-05-15 18:26:00 +01:00
Henry Oswald 96d98329f1 token based reset works 2014-05-15 17:58:25 +01:00
Henry Oswald 1ffd19099b writen getUserIdFromToken 2014-05-15 17:20:42 +01:00
Henry Oswald 9f901fb1ba added the token generator and its getNewToken function 2014-05-15 17:16:20 +01:00
Henry Oswald 64688e661d written password reset controller 2014-05-15 16:50:38 +01:00
Henry Oswald 551e1d465a written password reset handler 2014-05-15 16:20:23 +01:00