agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-23 09:09:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
27,951 Commits 3 Branches 19 Tags
7265a1a3ee3284455ac98747bfea246a608d8fdc
Commit Graph

27951 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yu-i-i
7265a1a3ee Allow EXTERNAL_AUTH to be undefined, fixes #26 2026-05-19 15:49:15 +02:00
yu-i-i
2edea59e1d Symbol palette: switch to 'OL' UI components and apply minor cosmetic changes 2026-05-19 15:49:15 +02:00
yu-i-i
de45db17fa Make OVERLEAF_OIDC_USER_ID_FIELD support 'email' as a value 2026-05-19 15:49:15 +02:00
yu-i-i
392f94e93e See upstream commit 42ee56e 2026-05-19 15:49:14 +02:00
yu-i-i
24a0a0f696 Fix glitches in symbol palette after switching to Bootstrap 5 2026-05-19 15:49:14 +02:00
yu-i-i
90b7b15d7a Whitelist /oidc/login endpoint, fixes #21 2026-05-19 15:49:14 +02:00
yu-i-i
7622b8ec55 Add ENV variables to control SAML signature validation 2026-05-19 15:49:14 +02:00
yu-i-i
fb3d7c9424 Re-export doLogout (was removed from exports in commit b9fb636). 2026-05-19 15:49:14 +02:00
yu-i-i
fb3570054e Refactor authentication code; add OIDC support 2026-05-19 15:49:14 +02:00
yu-i-i
fa145af363 Allow adding extra flags to LaTeX compiler through environment variable 2026-05-19 15:49:13 +02:00
yu-i-i
54368fe945 Enable LDAP and SAML authentication support 2026-05-19 15:49:13 +02:00
yu-i-i
2f5c04e820 Enable Symbol Palette 2026-05-19 15:49:13 +02:00
yu-i-i
a76b4019d7 Allow selecting a TeX Live image for a project 2026-05-19 15:49:13 +02:00
Sam Van den Vonder
098b649aa3 Enable Sandboxed Compiles feature 2026-05-19 15:49:12 +02:00
yu-i-i
e67a09e253 Enable autocomplete of reference keys feature 2026-05-19 15:49:12 +02:00
yu-i-i
2f14135b95 Enable track changes and comments feature 2026-05-19 15:49:12 +02:00
yu-i-i
38c70877ef Redirect non-existing links to Overleaf page 2026-05-19 15:49:12 +02:00
Evelyn
b5654c5a01 fix: chown /var/lib/overleaf mount point to www-data (#33764) 
The init script chowns all subdirectories but not the mount point
itself. When the host volume is owned by a non-www-data user with
restrictive permissions (e.g. 770), the web process cannot traverse
the directory and crashes with EACCES, causing a 502.

Fixes #1325 and #1465

COPYBARA_INTEGRATE_REVIEW=https://github.com/overleaf/overleaf/pull/1475 from ev-not-eve:patch-1 269a80500ff38f584a2cdef7df07a9fc0ea9408d

Co-authored-by: Evelyn <evansvevelyn@gmail.com>
GitOrigin-RevId: 959051861246c9f3958e56861821b92d84167926
 2026-05-19 08:04:55 +00:00
Mathias Jakobsen
ce6f9b8e8c Merge pull request #33705 from overleaf/mj-clsi-cwd-for-conversions 
[clsi] Add cwd argument to CommandRunner and use to simplify conversions

GitOrigin-RevId: 5333e3262a99e602ab5470ae1e23facb5b28a170
 2026-05-19 08:04:51 +00:00
Jakob Ackermann
c0111fec29 [monorepo] run format_fix and trigger prettier on .agents changes (#33759) 
* [monorepo] run format_fix and trigger prettier on .agents changes

* [monorepo] cleanup stale prettier ignore rule

* [monorepo] tweak format:monorepo-check:fix

GitOrigin-RevId: e6c29a0c601fbf388a048eb42706f9bd0a18344f
 2026-05-19 08:04:48 +00:00
Jakob Ackermann
1f8371e0a3 [document-updater] flush_all: log progress after every 1k projects (#33757) 
GitOrigin-RevId: b5b68f6f53bece51234799fb626d0d6a2a5b590c
 2026-05-19 08:04:41 +00:00
Jakob Ackermann
293d89a4cb [web] inline contacts service into web (#33546) 
GitOrigin-RevId: d5e84d4f80f5ad4e951934d6dcdc332b0d26f3d0
 2026-05-19 08:04:34 +00:00
Miguel Serrano
b79d432deb [web] Conditionally show items in insert figure toolbar (#33721) 
Removes the options for inserting an image from another project or by downloading an external URL if the features are disabled.

GitOrigin-RevId: ffa64e5929e254d8a236c8e9aca4eb8210f444c9
 2026-05-19 08:04:21 +00:00
Jakob Ackermann
99148d5956 [web] silence customer.io integration when not configured in dev/CI (#33731) 
GitOrigin-RevId: c9498f57f0dacb3d18cd7617388df11d5cf029de
 2026-05-19 08:04:17 +00:00
Brian Gough
60860aa202 Merge pull request #33576 from overleaf/bg-jpa-convert-document-to-file 
Modify convertDocToFile to bypass docstore

GitOrigin-RevId: 3ec789034a369d39d223450462394c8f303caa07
 2026-05-19 08:04:13 +00:00
Jakob Ackermann
b1a0bb16db [migrations] delete expired oauth access tokens after 24h (#33575) 
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: 7f67a7e6949472c66f5f75a6053161d8e359f5df
 2026-05-19 08:04:09 +00:00
Kristina
2f5d838e0f Merge pull request #33704 from overleaf/kh-add-reject-change-preference-check 
[web] add reject tracked change preference check

GitOrigin-RevId: b55dba21b3d4f42e68528d2b5906862c57794cd1
 2026-05-18 08:06:57 +00:00
Andrew Rumble
e9aedce4ab Merge pull request #33625 from overleaf/ar-update-vitest 
[monorepo] bump vitest to 4.1.5

GitOrigin-RevId: 22ba2249ae384fd59347c9aa45c70f51ccdf8890
 2026-05-18 08:06:49 +00:00
Andrew Rumble
19ad00c329 Merge pull request #33743 from overleaf/lg-systeminformation-upgrade 
[Security Upgrade] Upgrade systeminformation to 5.31.6 (GHSA-hvx9-hwr7-wjj9)

GitOrigin-RevId: bd75d2bc59e183d23972e367f40f753c08ca6967
 2026-05-18 08:06:41 +00:00
Eric Mc Sween
2913e462ec Merge pull request #33665 from overleaf/copilot/fix-error-logging-in-git-bridge 
git-bridge: Log WrongBranchException and ForcedPushException at WARN instead of ERROR
GitOrigin-RevId: 7aaa934a0df614e336ce3c20b892af1af0cd070f
 2026-05-18 08:06:29 +00:00
Eric Mc Sween
a3682af6e4 Merge pull request #33710 from overleaf/em-tpds-config 
Clean up tpdsworker config from web and third-party-datastore

GitOrigin-RevId: 3856126d9dc856fea4bc4133b11402c35b10630b
 2026-05-18 08:06:25 +00:00
Antoine Clausse
9e42d3a530 [web] Address design QA items on pricing page (#33682) 
- pricing table: integration icons gap uses --spacing-06 (horizontal),
  integrations content gap uses --spacing-04 (vertical)
- Student card no longer renders with the green stroke highlight
- Interstitial H1 wrapped in .main-heading-section so its spacing
  matches the pricing page

Part of #33619.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
GitOrigin-RevId: 12ddd223f68c776c06a3d5dc5faa841819baae90
 2026-05-18 08:06:17 +00:00
Antoine Clausse
0089c0af08 [web] Space skip link from disclaimer on interstitial (#33464) 
The "continue with free plan" skip link sat directly under the
disclaimer with no separation. Add spacing-08 margin-top to match
the disclaimer's own padding-top above the cards.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
GitOrigin-RevId: ba7334785757a39ca0bdff309ded224e6cb8e3bf
 2026-05-18 08:06:09 +00:00
Olzhas Askar
868da835b6 Merge pull request #32434 from overleaf/oa-babelfish 
[web] Project Babelfish

GitOrigin-RevId: da8c47c0831eaab3e2c74a9507892ae9571919e8
 2026-05-18 08:05:57 +00:00
Olzhas Askar
d388e48a99 Merge pull request #33679 from overleaf/oa-plan-names 
[web] Get plan names from the settings

GitOrigin-RevId: 1e61975c3306c025f33e05686f9d2b57964b4f65
 2026-05-18 08:05:52 +00:00
Olzhas Askar
6c267e68d3 Merge pull request #33707 from overleaf/oa-learn-links 
[web] Learn Overleaf links

GitOrigin-RevId: af9f72da008ad8b8c86e4c355268123eb6c40bcd
 2026-05-18 08:05:48 +00:00
Andrew Rumble
25dfaab2a1 Merge pull request #33641 from overleaf/lg-fast-xml-builder-resolution 
[Security upgrade] Pin fast-xml-builder to 1.1.7 via resolutions (GHSA-5wm8-gmm8-39j9, GHSA-45c6-75p6-83cc)

GitOrigin-RevId: ab13841bd8c20da98a136567cf7436ebb9f73722
 2026-05-15 08:08:40 +00:00
Noel Schenk
ba016d798e Upgrade MongoDB image from 6.0 to 8.0 (#33579) 
sharelatex  | The MongoDB server has version 6.0.27, but Overleaf requires at least version 8.0. Aborting.

COPYBARA_INTEGRATE_REVIEW=https://github.com/overleaf/overleaf/pull/1480 from noel-schenk:patch-1 4a13e4fbcdbc6c2683dc0595767426f40bf0093d

Co-authored-by: Noel Schenk <schenknoel@gmail.com>
GitOrigin-RevId: 9035d16f2c34edcb39c0da99e9d02b9ed8a9f6fa
 2026-05-15 08:08:35 +00:00
Mathias Jakobsen
ac961f1d40 Merge pull request #33687 from overleaf/mj-temporary-tabs-fix 
[web] Only consider real key presses to make tab permanent

GitOrigin-RevId: 50ab453445e111de2b317f50470f9f4eec39a66f
 2026-05-15 08:08:28 +00:00
Mathias Jakobsen
6538c00742 Merge pull request #33690 from overleaf/mj-prune-deleted-tabs 
[web] Prune non-existent tabs when file tree changes

GitOrigin-RevId: 97e68a88a201acc2d1e582911ca64e1f72f9bfe1
 2026-05-15 08:08:19 +00:00
Copilot
3980b9e580 Fix IDOR in exports by adding token verification (Issue #31637) (#32883) 
* Fix IDOR in exports by adding token verification

Implement jdleesmiller's suggested fix for Issue #31637:
- V1: Return export token in create response
- V1: Verify token in get_export using secure_compare
- Web: Pass token through fetchExport and fetchDownload
- Web: Return token from exportProject to frontend
- Frontend: Pass token as query param on status/download requests
- Add tests for both services

Agent-Logs-Url: https://github.com/overleaf/internal/sessions/7ba5f535-fba2-49a8-91d4-c87bd332d3a0

Co-authored-by: briangough <7457354+briangough@users.noreply.github.com>

Fix window.location.pathname to .href to preserve query params

Code review correctly identified that window.location.pathname strips
query parameters. Switch to window.location.href so the token query
parameter is preserved in download URLs.

Agent-Logs-Url: https://github.com/overleaf/internal/sessions/7ba5f535-fba2-49a8-91d4-c87bd332d3a0

Co-authored-by: briangough <7457354+briangough@users.noreply.github.com>

Fix test mocks to include token in POST responses

Agent-Logs-Url: https://github.com/overleaf/internal/sessions/0350c6ef-0fff-4e98-8464-812cd92c523f

Co-authored-by: briangough <7457354+briangough@users.noreply.github.com>

fix formatting

Fix token assignment in initiateExport to use pollResponse token if available

Add requireExportToken config setting and tests for invalid/missing token cases

Agent-Logs-Url: https://github.com/overleaf/internal/sessions/059bdba2-4f7a-4407-a5a5-cfcffd888739

Co-authored-by: briangough <7457354+briangough@users.noreply.github.com>

fix formatting

Add tests for export status and token validation in ExportsController and MockV1Api

Co-authored-by: Copilot <copilot@github.com>

* Update services/v1/main/app/controllers/api/v1/overleaf/exports_controller.rb

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix linting

* fix fetchString response handling in ExportsHandler tests

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Brian Gough <briangough@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: 399aef8eaa15ab3655f0905482f3a31fe94e2251
 2026-05-15 08:08:04 +00:00
Miguel Serrano
5a886aa9fb [web] Add extra details to flexible license sales email (#32929) 
* [web] Add extra details to flexible license sales email

GitOrigin-RevId: fbd41adae21c55c5e97f9531565100e1ae911808
 2026-05-15 08:07:56 +00:00
Tim Down
248e149701 Default interstitial to monthly plans (#33706) 
* Default interstitial to monthly plans except for upgrade, which defaults to user's existing subscription period

* Add tests for interstitial page period toggle defaults

GitOrigin-RevId: fa0ac41e7d8a7bf858b53e0940287b28ef21253d
 2026-05-15 08:07:49 +00:00
Eric Mc Sween
529c332159 Merge pull request #33658 from overleaf/em-fix-docker-tag-length 
build: truncate branch names to 96 chars for Docker image tags
GitOrigin-RevId: 9db313244e78a6d4e0aa5d8c08d25f1aac83318b
 2026-05-14 08:06:45 +00:00
Jakob Ackermann
0c8e93bb33 [server-pro] fix tag name for branches with slash (#33685) 
GitOrigin-RevId: 25ee2d340b17ce7c758ec8c7e156a67928ab6c73
 2026-05-14 08:06:38 +00:00
Davinder Singh
a3a508d193 [WEB] Add analytics events for importing and exporting to different file types (#33614) 
* adding events for success and failure for import and export from latex

* adding the operation property to capture the import/export keyword

GitOrigin-RevId: 2e5482b3c7517b402fc151966975ca8718729683
 2026-05-14 08:06:30 +00:00
Jakob Ackermann
75a12dda17 [web] resync_projects: use the secondaries for all reads (#33684) 
* [docstore] add useSecondary flag to projectHasRanges

The rev-check for unarchiving always consults with the primary.

Two extra changes:
- Add a projection argument to peekDoc in order to skip lines download
   from projectHasRanges.
- Add one retry to peekDoc to reduce chances of surfacing a rev-check
   violation.

* [web] resync_projects: use the secondaries for all reads

* [web] add default value for useSecondary

* [docstore] add default value for useSecondary

* [k8s] docstore: set MONGO_HAS_SECONDARIES=true

GitOrigin-RevId: f15ec4fdc1cabe74c1eab87bec85f28d6f7a587d
 2026-05-14 08:06:26 +00:00
Domagoj Kriskovic
ff53705bfa Refactor Python output pane toolbar for improved layout and styling 
GitOrigin-RevId: b6d838e5c9bd8023bf12df976dad0c50564a0b2f
 2026-05-14 08:06:22 +00:00
renovate[bot]
fc66bbfb26 [CoreI] Update dependency axios to v1.15.2 from 1.15.0 [SECURITY] (#33398) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
GitOrigin-RevId: 567d0e7463084e872187a72085714f68d84dc5b6
 2026-05-14 08:06:04 +00:00
Alf Eaton
d203a62834 Fix (un)fold all shortcuts on macOS (#33630) 
GitOrigin-RevId: db0911cdfdeb19c90bd601e6173973d884859b09
 2026-05-14 08:06:00 +00:00