overleaf-cep

mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-27 02:51:57 +02:00

Author	SHA1	Message	Date
roo hutton	e97eea1a3e	Merge pull request #17830 from overleaf/rh-reduce-staff-access-session [web] Reduce size of staffAccess field in session GitOrigin-RevId: 7745dc595e8096caef04fd140b47532f0775f165	2024-04-12 08:06:35 +00:00
Thomas	71324dc691	Merge pull request #17569 from overleaf/tm-account-suspension Add the ability to suspend user accounts GitOrigin-RevId: 5e57f29941434c78a47354baca83527213f9b9b5	2024-03-22 09:03:06 +00:00
David	914dcf5de5	Merge pull request #17408 from overleaf/dp-mongoose-callback-autherntication-manager Promisify AuthenticationManager and AuthenticationManagerTests GitOrigin-RevId: 8120bf55d19380a6ecf5241ffab8722eff2d4fe3	2024-03-12 09:03:14 +00:00
Jakob Ackermann	130f593986	Merge pull request #17401 from overleaf/jpa-skip-hibp-known-device [web] skip HIBP check from known devices GitOrigin-RevId: 897df02492aafeac010753c7c306e02bde5b1fd8	2024-03-05 09:03:37 +00:00
Miguel Serrano	af1bd5696d	[web] upgrade @node-oauth/oauth2-server to ^5.1.0, (#16705 ) * [web] upgrade @node-oauth/oauth2-server to ^5.1.0, * Added `expressify` to middleware returned by Authentication.requireOauth() * Extracted OAuth2 scope transformation to utilities * Throw an error with undefined SAML scopes GitOrigin-RevId: 00dfe81c707e9a3fcf9bb10e007c1fc646f7b9dd	2024-02-09 09:05:20 +00:00
Jakob Ackermann	003182b1da	Merge pull request #16859 from overleaf/jpa-sharelatex-cleanup [misc] ShareLaTeX cleanup - high impact GitOrigin-RevId: 6dcce9b0f15e30f7afcf6d69c3df36a369f38120	2024-02-09 09:04:11 +00:00
Jakob Ackermann	d39a6c3182	Merge pull request #16854 from overleaf/jpa-overleaf-integration-core-tests [web] enable overleaf-integration module when running SaaS tests GitOrigin-RevId: 36eda6ef448604a55f8dc8daac5ce29af23b6b0b	2024-02-05 09:04:05 +00:00
Jakob Ackermann	5adc858704	Merge pull request #16514 from overleaf/jpa-enforce-oauth-scope [web] restrict access to oauth endpoints to their respective clients GitOrigin-RevId: 6ffa6008130588e44d336e2af32584ee20ad3ffc	2024-01-18 09:04:28 +00:00
Mathias Jakobsen	2a78b68c78	Merge pull request #16186 from overleaf/mj-mongo-object-id [web] Use constructor for ObjectId GitOrigin-RevId: 9eb8b377ea599605b72af237d1ab12f4d8287162	2023-12-19 09:04:02 +00:00
Miguel Serrano	4c134f3a28	Merge pull request #16202 from overleaf/msm-passport-upgrade-2 [web] passport + passport-saml updates (post revert) GitOrigin-RevId: e1fa5757e15b3ac733511570637d39297247e050	2023-12-14 09:03:24 +00:00
Miguel Serrano	84c2886a28	Merge pull request #16190 from overleaf/revert-15519-em-upgrade-passport Revert "Upgrade passport" GitOrigin-RevId: 34a5442d6dae9623463908f92ab103bdc16f1b67	2023-12-12 09:04:23 +00:00
Miguel Serrano	8989212173	Merge pull request #15519 from overleaf/em-upgrade-passport Upgrade passport GitOrigin-RevId: b93bfcab39ba3d2ab4efb4814371defec8ca95c4	2023-12-12 09:04:08 +00:00
Jakob Ackermann	45c9d805dd	Merge pull request #14606 from overleaf/jpa-bcrypt-metrics [web] add metrics for bcrypt operations GitOrigin-RevId: 42bf9bedb84295ceea7f660f1daac3adb7b853d9	2023-09-05 08:04:56 +00:00
June Kelly	87f6145d36	Merge pull request #12269 from overleaf/jk-enable-password-similarity-check [web] Enforce password similarity check GitOrigin-RevId: 1bc4efebba401663c1db9d209dc560560f160ce0	2023-03-23 09:04:12 +00:00
Eric Mc Sween	54957e5fcc	Merge pull request #12219 from overleaf/em-camel-case-web Camel case variables in web GitOrigin-RevId: 28e61b759b27f71265f33ab64f588374dba610e0	2023-03-22 09:05:04 +00:00
June Kelly	98cd68d085	Merge pull request #12261 from overleaf/jk-alter-password-similarity [web] Alter password-similarity check/metric GitOrigin-RevId: e9a55b4a86d2b69d6f34c1e2339d32321e08341d	2023-03-20 09:03:10 +00:00
Eric Mc Sween	73c327ae01	Merge pull request #11869 from overleaf/em-upgrade-mongoose-web Upgrade Mongoose and the Mongo driver in web GitOrigin-RevId: 2cad1aabe57eae424a9e4c68b2e0062f0e78ffaf	2023-03-01 09:03:27 +00:00
ilkin-overleaf	f046c7d2da	Merge pull request #11943 from overleaf/jk-another-password-similarity-metric [web] Add another metric for password similarity GitOrigin-RevId: 6d44796a63f3be85bfee86056e03cfd3bb47066c	2023-03-01 09:03:02 +00:00
Jakob Ackermann	ded855a47a	Merge pull request #11817 from overleaf/jk-password-too-similar-metric-refinement [web] Refine metrics on password-too-similar validation GitOrigin-RevId: f644e50e4815b34ad9af5215ebc3c9a082572681	2023-02-17 09:03:52 +00:00
June Kelly	f4834b630f	Merge pull request #11508 from overleaf/jk-password-disallow-substring [web] Metric for passwords too similar to email GitOrigin-RevId: cf8320fc3c9561b4dc6d54a3e97db96400ece2a9	2023-02-02 18:22:17 +00:00
June Kelly	2b816a6541	Merge pull request #11436 from overleaf/jk-increase-password-min-length-to-8 [web] Increase the minimum password length to 8 characters GitOrigin-RevId: 94eb3c5605183b5e189babd3342dc308f403ebbd	2023-02-02 09:02:56 +00:00
ilkin-overleaf	1649385e9f	Merge pull request #10394 from overleaf/ii-password-reset-and-strength-checking [web] Password reset strength checking and UI updates GitOrigin-RevId: 442a5c9e7e9d0a61d3ae649f3526bc3c02fd5704	2022-12-07 09:03:36 +00:00
June Kelly	1c2fcb45b0	Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts [web] Audit failed login attempts GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9	2022-10-20 08:03:44 +00:00
Timothée Alby	5a3ca2667e	Merge pull request #9983 from overleaf/jpa-web-fix-password-upgrade [web] fix process for upgrading of password hashes GitOrigin-RevId: 3bc99dbd8601c190d758080d70ea1a465bd9e542	2022-10-18 08:03:11 +00:00
June Kelly	0dfaf145ac	[web] Password set/reset: reject current password (redux) (#8956 ) * [web] set-password: reject same as current password * [web] Add 'peek' operation on tokens This allows us to improve the UX of the reset-password form, by not invalidating the token in the case where the new password will be rejected by validation logic. We give up to three attempts before invalidating the token. * [web] Add hide-on-error feature to async forms This allows us to hide the form elements when certain named error conditions occur. * [web] reset-password: handle same-password rejection We also change the implementation to use the new peekValueFromToken API, and to expire the token explicitely after it has been used to set the new password. * [web] Validate OneTimeToken when loading password reset form * [web] Rate limit GET: /user/password/set Now that we are peeking at OneTimeToken when accessing this page, we add rate to the GET request, matching that of the POST request. * [web] Tidy up pug layout and mongo query for token peeking Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com> GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a	2022-09-28 08:06:54 +00:00
Henry Oswald	68b61bbcaf	Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password Revert "[web] Password set/reset: reject current password" GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751	2022-07-20 08:04:00 +00:00
June Kelly	f83ea0eae9	Merge pull request #8882 from overleaf/jk-web-reject-same-password [web] Password set/reset: reject current password GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661	2022-07-20 08:03:36 +00:00
Eric Mc Sween	7527da7c29	Merge pull request #7906 from overleaf/em-downgrade-logs Downgrade all INFO logs to DEBUG GitOrigin-RevId: 05ed582ef0721fcada059f0ad158565f50feca27	2022-05-17 08:05:26 +00:00
Jakob Ackermann	c6f638023f	Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459	2022-04-05 12:18:24 +00:00
Jakob Ackermann	23e9f8bf1a	Merge pull request #6457 from overleaf/jpa-harden-login [web] harden login process GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d	2022-01-27 09:03:38 +00:00
Jakob Ackermann	86741fc86f	Merge pull request #6349 from overleaf/jpa-password-strength-checking [web] data collection for password strength using HaveIBeenPwned api GitOrigin-RevId: 7e4d57a979c29027fb7ca5294f3935500a0b4cf3	2022-01-20 09:03:07 +00:00
Jakob Ackermann	d902505ac9	Merge pull request #6317 from overleaf/jpa-send-explicit-content-type [web] send explicit content type in responses GitOrigin-RevId: d5aeaba57a7d2fc053fbf5adc2299fb46e435341	2022-01-18 09:03:18 +00:00
June Kelly	b49c6cd8c5	Merge pull request #5976 from overleaf/jk-login-audit-log-type [web] Add 'method' info to login audit log GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4	2022-01-14 09:02:28 +00:00
Alf Eaton	01042eb030	[web] Upgrade Prettier to match version in monorepo root (#6231 ) GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d	2022-01-11 09:03:23 +00:00
Brian Gough	ccfa37b49c	Merge pull request #6141 from overleaf/bg-update-basic-auth [web] remove deprecated basic-auth-connect module GitOrigin-RevId: b18435c98696858da70f3a715258c3c7a86c3b54	2021-12-20 09:03:06 +00:00
Alexandre Bourdin	79ceacd09f	Merge pull request #5051 from overleaf/ab-web-mono-analytics-id Analytics ID Support (v2) GitOrigin-RevId: 707f62697f6566d8aad22e424684d97f7bc147df	2021-09-13 08:03:14 +00:00
Alexandre Bourdin	a3a04dddd9	Merge pull request #5050 from overleaf/revert-4639-ab-web-mono-analytics-id Revert "Analytics ID support" GitOrigin-RevId: cc5da762ba1bafcbcea65ed0dd86342896b6d1eb	2021-09-10 08:04:47 +00:00
Alexandre Bourdin	44a8883b6d	Merge pull request #4639 from overleaf/ab-web-mono-analytics-id Analytics ID support GitOrigin-RevId: 820a6c0f4d19f046f6c791ce4dc64dbc80748924	2021-09-10 08:04:31 +00:00
Alexandre Bourdin	9468e5cb4f	Merge pull request #4338 from overleaf/ab-session-manager Extract functions from AuthenticationController to SessionManager GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883	2021-07-28 12:36:22 +00:00
Jakob Ackermann	5e773ce950	Merge pull request #4101 from overleaf/ae-settings-module Migrate from `settings-sharelatex` to `@overleaf/settings` GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6	2021-07-08 02:08:28 +00:00
Jakob Ackermann	95c83866c5	Merge pull request #4112 from overleaf/tm-private-api-basic-auth Add requireBasicAuth middleware and refactor httpAuth to use it GitOrigin-RevId: 7f68c0dc4a40102bfe4a97711def517e465ec7fd	2021-06-01 02:05:46 +00:00
Alf Eaton	1be43911b4	Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5	2021-04-28 02:10:01 +00:00
Alf Eaton	1ebc8a79cb	Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33	2021-04-15 02:05:22 +00:00
Shane Kilkelly	04fa863f9f	Merge pull request #3892 from overleaf/sk-reroll-csrf Regenerate CSRF token on login GitOrigin-RevId: 501582b34794a822f4c9fe3af2575b5756511e06	2021-04-10 02:05:13 +00:00
Eric Mc Sween	9ddaa8c9f6	Merge pull request #3830 from overleaf/em-upgrade-node-12 Upgrade to Node 12 GitOrigin-RevId: 19870922884b7c98e7e5f2c94df21829672d2db5	2021-04-01 02:05:52 +00:00
Timothée Alby	8ec7ebe645	Merge pull request #3713 from overleaf/jpa-login-event-drop-pii [AuthenticationController] do not include PII as part of login event GitOrigin-RevId: 274378b3a21945637dc33d2cfb39a53e9aaad9b7	2021-03-30 02:05:09 +00:00
Jakob Ackermann	0ca9d0236c	Merge pull request #3750 from overleaf/jpa-req-ip-in-unit-tests [misc] test/unit: add req.ip to MockRequest helper GitOrigin-RevId: 07b1cf11f20eccb4c002a21f4a59588d201a3f0c	2021-03-27 03:05:10 +00:00
Alasdair Smith	7cbf2cdd9e	Merge pull request #3496 from overleaf/ae-eslint-dot-notation Enable the eslint dot-notation rule GitOrigin-RevId: e11cbad3e8a77a4a60590d3674fbf34feccc5bc9	2020-12-17 03:07:31 +00:00
Jakob Ackermann	6eeb7857e3	Merge pull request #3390 from overleaf/jpa-faster-unit-tests [perf] faster unit tests GitOrigin-RevId: 188b8f3752638fde7a27a8d83b416bb9a6e3c95e	2020-11-28 03:04:01 +00:00
Christopher Hoskin	1e8598a8d9	Merge pull request #3331 from overleaf/csh-issue-3661-bump-agents Update metrics module GitOrigin-RevId: bdef141035f277ce4863f14f8a6e166d710b1111	2020-10-31 03:05:30 +00:00

1 2

76 Commits