agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-31 04:41:32 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,973 Commits 3 Branches 19 Tags
868be19e45dc7f9e28ab25b4e8ebf40e99700388
Commit Graph

115 Commits

Author SHA1 Message Date
Antoine Clausse
350941830f [web] Promisify LdapController (#18500) 
* Promisify LdapController

* Update tests LdapControllerTests.js

* Promisify `AuthenticationController.finishLogin`

* Simplify null checks in LdapController

* Fix: don't use spread operator in module.exports

* Make `AuthenticationController.promises.finishLogin` a promise that resolves

* Fixup: `finishLogin` does not call `next` then the promise finishes, it calls it only on errors

* Use `Modules.promises.hooks.fire`

* Revert `processPassportLogin` callback style

* Update error handling: Use `OError.tag` instead of `logger.err`

* Fix unit tests: Rely on callbacks rather than promises

* Fix: Actually call `passport.authenticate` (!!)

* Update test: fixup `passport.authenticate` mocks

This would have caught the bugs that the previous commit is solving

* Remove `.then(() => next())` in `processPassportLogin`

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>

---------

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: a7eab5f5289956aeb8f2418408958daef3511ab7
 2024-06-06 08:04:23 +00:00
Eric Mc Sween
01e2a29766 Merge pull request #18225 from overleaf/em-typescript-eslint 
Add typescript-eslint rule: no-floating-promises

GitOrigin-RevId: 8c3decdff537c885f5bfeb5250b7805480bc6602
 2024-05-27 10:22:20 +00:00
Jakob Ackermann
d8055e6749 Merge pull request #18294 from overleaf/jpa-td-invite-details 
[web] avoid content reflection via query parameter on register page

GitOrigin-RevId: 43e7ba6069e0d9f3f12e5e9e680b5960b0673782
 2024-05-16 08:05:09 +00:00
Jakob Ackermann
2980849dc4 Merge pull request #18153 from overleaf/jpa-validate-session-in-store 
[web] check for redis connection being out of sync in session store

GitOrigin-RevId: c271e88d4e1fbcb0f7a57f4775e8ef88b70b16a8
 2024-05-03 08:04:25 +00:00
Brian Gough
4474adb10f Merge pull request #17732 from overleaf/bg-session-mitigation-initial-protoype 
anonymous cookie-based sessions module

GitOrigin-RevId: 75fe2d48fa384ba8d07c0b478a9a5a907a2b3b67
 2024-04-26 08:04:54 +00:00
David
1f6afacce5 Merge pull request #18011 from overleaf/dp-make-_getRedirectFromSession-public 
Make _getRedirectFromSession a public method

GitOrigin-RevId: 6538e4ec25e607d32beb944370d151d4f1a3709c
 2024-04-24 08:04:13 +00:00
David
07bd66438b Merge pull request #17810 from overleaf/dp-compormised-password-prompt 
Add compromised password prompt

GitOrigin-RevId: 7910a220943fcb3aa191da6d514d5bc3ae20f5a3
 2024-04-19 08:03:58 +00:00
roo hutton
e97eea1a3e Merge pull request #17830 from overleaf/rh-reduce-staff-access-session 
[web] Reduce size of staffAccess field in session

GitOrigin-RevId: 7745dc595e8096caef04fd140b47532f0775f165
 2024-04-12 08:06:35 +00:00
Alf Eaton
e0e8a2ffaa Merge pull request #17525 from overleaf/ae-upgrade-prettier 
Upgrade Prettier to v3

GitOrigin-RevId: 6f1338f196408f3edb4892d5220ad3665ff1a5bc
 2024-03-26 09:04:05 +00:00
Brian Gough
908856aaea Merge pull request #17593 from overleaf/bg-account-security-update-hibp-links 
Update haveibeenpwnd links to use the password check form

GitOrigin-RevId: f67b1ed689c851ad3684becc38cd5eb82b0018a2
 2024-03-22 09:03:13 +00:00
Thomas
71324dc691 Merge pull request #17569 from overleaf/tm-account-suspension 
Add the ability to suspend user accounts

GitOrigin-RevId: 5e57f29941434c78a47354baca83527213f9b9b5
 2024-03-22 09:03:06 +00:00
David
914dcf5de5 Merge pull request #17408 from overleaf/dp-mongoose-callback-autherntication-manager 
Promisify AuthenticationManager and AuthenticationManagerTests

GitOrigin-RevId: 8120bf55d19380a6ecf5241ffab8722eff2d4fe3
 2024-03-12 09:03:14 +00:00
Jakob Ackermann
e729e0c874 Merge pull request #17409 from overleaf/jpa-check-before-hibp 
[web] check user password before HIBP check

GitOrigin-RevId: 7c1bdc220fb9369733a1ff3bf26bed8cacc8e8d4
 2024-03-05 09:03:46 +00:00
Jakob Ackermann
130f593986 Merge pull request #17401 from overleaf/jpa-skip-hibp-known-device 
[web] skip HIBP check from known devices

GitOrigin-RevId: 897df02492aafeac010753c7c306e02bde5b1fd8
 2024-03-05 09:03:37 +00:00
Jakob Ackermann
b35fe196db Merge pull request #17399 from overleaf/jpa-hibp-login 
[web] check HIBP on login

GitOrigin-RevId: e052926e4d970f9a15821f1ea9c8af46bdab90cb
 2024-03-05 09:03:34 +00:00
Miguel Serrano
af1bd5696d [web] upgrade @node-oauth/oauth2-server to ^5.1.0, (#16705) 
* [web] upgrade @node-oauth/oauth2-server to ^5.1.0,

* Added `expressify` to middleware returned by Authentication.requireOauth()

* Extracted OAuth2 scope transformation to utilities

* Throw an error with undefined SAML scopes

GitOrigin-RevId: 00dfe81c707e9a3fcf9bb10e007c1fc646f7b9dd
 2024-02-09 09:05:20 +00:00
Jakob Ackermann
d39a6c3182 Merge pull request #16854 from overleaf/jpa-overleaf-integration-core-tests 
[web] enable overleaf-integration module when running SaaS tests

GitOrigin-RevId: 36eda6ef448604a55f8dc8daac5ce29af23b6b0b
 2024-02-05 09:04:05 +00:00
Jakob Ackermann
5adc858704 Merge pull request #16514 from overleaf/jpa-enforce-oauth-scope 
[web] restrict access to oauth endpoints to their respective clients

GitOrigin-RevId: 6ffa6008130588e44d336e2af32584ee20ad3ffc
 2024-01-18 09:04:28 +00:00
Mathias Jakobsen
2a78b68c78 Merge pull request #16186 from overleaf/mj-mongo-object-id 
[web] Use constructor for ObjectId

GitOrigin-RevId: 9eb8b377ea599605b72af237d1ab12f4d8287162
 2023-12-19 09:04:02 +00:00
Miguel Serrano
4c134f3a28 Merge pull request #16202 from overleaf/msm-passport-upgrade-2 
[web] passport + passport-saml updates (post revert)

GitOrigin-RevId: e1fa5757e15b3ac733511570637d39297247e050
 2023-12-14 09:03:24 +00:00
Miguel Serrano
84c2886a28 Merge pull request #16190 from overleaf/revert-15519-em-upgrade-passport 
Revert "Upgrade passport"

GitOrigin-RevId: 34a5442d6dae9623463908f92ab103bdc16f1b67
 2023-12-12 09:04:23 +00:00
Miguel Serrano
8989212173 Merge pull request #15519 from overleaf/em-upgrade-passport 
Upgrade passport

GitOrigin-RevId: b93bfcab39ba3d2ab4efb4814371defec8ca95c4
 2023-12-12 09:04:08 +00:00
Jimmy Domagala-Tang
ced5c90625 Merge pull request #16069 from overleaf/jdt-add-staging-trusted-writefull 
Add writeful to trusted users, and fix trusted logic

GitOrigin-RevId: 526d8a77e8d5c56e94a6d671e811bfdbb74e2ac6
 2023-12-04 09:03:01 +00:00
Jimmy Domagala-Tang
8206dca03f Merge pull request #16015 from overleaf/jdt-trust-captcha-on-login 
Add trusted case for captchaRequiredForLogin

GitOrigin-RevId: 45cd93b46515ced034f1514f5454767383f3a17a
 2023-11-29 09:04:56 +00:00
Jakob Ackermann
583cab0e3a Merge pull request #15383 from overleaf/jpa-remove-unused-angular-deps 
[web] remove unused angular dependencies

GitOrigin-RevId: 58efeb5755b5f7d0f893e343b319bc4f1a6a3d76
 2023-10-25 08:04:08 +00:00
Jakob Ackermann
8aefa058b8 Merge pull request #14825 from overleaf/jpa-debug-bcrypt-get-rounds 
[web] add debug logging for bcrypt.getRounds calls

GitOrigin-RevId: 3fe8dca1d188f4e65d666da19f4bd4697623b7a6
 2023-09-14 08:04:45 +00:00
Jakob Ackermann
17d5a73d99 Merge pull request #14803 from overleaf/jpa-split-test-cache-alpha-beta 
[web] invalidate split test cache when alpha/beta program status changes

GitOrigin-RevId: 3023d2adf8466b48490c51497f5c80e7b0a1fe3d
 2023-09-14 08:04:12 +00:00
Jakob Ackermann
45c9d805dd Merge pull request #14606 from overleaf/jpa-bcrypt-metrics 
[web] add metrics for bcrypt operations

GitOrigin-RevId: 42bf9bedb84295ceea7f660f1daac3adb7b853d9
 2023-09-05 08:04:56 +00:00
Eric Mc Sween
39a396f3a2 Merge pull request #13760 from overleaf/em-fetch-utils-web 
Use fetch-utils in web

GitOrigin-RevId: cbd0298200bbe42567c6e94934bfb5114fa9b66f
 2023-07-17 11:02:40 +00:00
June Kelly
c169797795 Merge pull request #12342 from overleaf/jk-password-ux-please-use-another-password 
[web] Password UX: 'Please use another password'

GitOrigin-RevId: ca9b26cbcf2dabb27c716da314764ee40ffc83dd
 2023-04-12 08:04:13 +00:00
June Kelly
87f6145d36 Merge pull request #12269 from overleaf/jk-enable-password-similarity-check 
[web] Enforce password similarity check

GitOrigin-RevId: 1bc4efebba401663c1db9d209dc560560f160ce0
 2023-03-23 09:04:12 +00:00
Eric Mc Sween
54957e5fcc Merge pull request #12219 from overleaf/em-camel-case-web 
Camel case variables in web

GitOrigin-RevId: 28e61b759b27f71265f33ab64f588374dba610e0
 2023-03-22 09:05:04 +00:00
June Kelly
98cd68d085 Merge pull request #12261 from overleaf/jk-alter-password-similarity 
[web] Alter password-similarity check/metric

GitOrigin-RevId: e9a55b4a86d2b69d6f34c1e2339d32321e08341d
 2023-03-20 09:03:10 +00:00
Eric Mc Sween
73c327ae01 Merge pull request #11869 from overleaf/em-upgrade-mongoose-web 
Upgrade Mongoose and the Mongo driver in web

GitOrigin-RevId: 2cad1aabe57eae424a9e4c68b2e0062f0e78ffaf
 2023-03-01 09:03:27 +00:00
ilkin-overleaf
f046c7d2da Merge pull request #11943 from overleaf/jk-another-password-similarity-metric 
[web] Add another metric for password similarity

GitOrigin-RevId: 6d44796a63f3be85bfee86056e03cfd3bb47066c
 2023-03-01 09:03:02 +00:00
Eric Mc Sween
5fb275392f Merge pull request #11995 from overleaf/em-unnecessary-returns 
Decaf cleanup: unnecessary returns

GitOrigin-RevId: e3c006b0e15095c8cbed2911269f704a7fdd1d57
 2023-02-28 09:03:46 +00:00
Jakob Ackermann
ded855a47a Merge pull request #11817 from overleaf/jk-password-too-similar-metric-refinement 
[web] Refine metrics on password-too-similar validation

GitOrigin-RevId: f644e50e4815b34ad9af5215ebc3c9a082572681
 2023-02-17 09:03:52 +00:00
June Kelly
f4834b630f Merge pull request #11508 from overleaf/jk-password-disallow-substring 
[web] Metric for passwords too similar to email

GitOrigin-RevId: cf8320fc3c9561b4dc6d54a3e97db96400ece2a9
 2023-02-02 18:22:17 +00:00
June Kelly
2b816a6541 Merge pull request #11436 from overleaf/jk-increase-password-min-length-to-8 
[web] Increase the minimum password length to 8 characters

GitOrigin-RevId: 94eb3c5605183b5e189babd3342dc308f403ebbd
 2023-02-02 09:02:56 +00:00
ilkin-overleaf
1649385e9f Merge pull request #10394 from overleaf/ii-password-reset-and-strength-checking 
[web] Password reset strength checking and UI updates

GitOrigin-RevId: 442a5c9e7e9d0a61d3ae649f3526bc3c02fd5704
 2022-12-07 09:03:36 +00:00
ilkin-overleaf
c5cd8b4066 Merge pull request #10193 from overleaf/ii-check-password-for-reuse-remove-samplerate 
Remove sampleRate from metrics.inc when checking password

GitOrigin-RevId: 830383208039e239bb15a1172fea2ff9fb97373f
 2022-10-28 08:04:51 +00:00
June Kelly
1c2fcb45b0 Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts 
[web] Audit failed login attempts

GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9
 2022-10-20 08:03:44 +00:00
Timothée Alby
5a3ca2667e Merge pull request #9983 from overleaf/jpa-web-fix-password-upgrade 
[web] fix process for upgrading of password hashes

GitOrigin-RevId: 3bc99dbd8601c190d758080d70ea1a465bd9e542
 2022-10-18 08:03:11 +00:00
Eric Mc Sween
a79aa95d88 Merge pull request #9894 from overleaf/em-node-fetch-web 
Replace request-promise with node-fetch in web

GitOrigin-RevId: 07dbb6db7fd42326807aaeb18e5ee39f7c3d4668
 2022-10-13 08:04:24 +00:00
Eric Mc Sween
869a68a8e3 Merge pull request #9062 from overleaf/pairining-patch 
[web] fix async form redirect handling for institutional SSO flow

GitOrigin-RevId: 35664e101e43b05771961ac4b6dc49d7ebd8fa44
 2022-10-12 08:04:29 +00:00
June Kelly
0dfaf145ac [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
June Kelly
a831286b2c Merge pull request #9679 from overleaf/jk-fix-the-module-system 
[web] Fix how imports work in the Module system

GitOrigin-RevId: 00cb3bfa19c6af979216b9d5e6104d489c18244b
 2022-09-23 08:04:15 +00:00
Timothée Alby
3bbfbaf215 Merge pull request #9297 from overleaf/ta-galileo-module 
Create Galileo Module

GitOrigin-RevId: 0d9dfeebc150bd6a0d828f55be47f9d9f1a70d66
 2022-08-19 08:04:56 +00:00
Henry Oswald
68b61bbcaf Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly
f83ea0eae9 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00