agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-27 02:51:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
19,408 Commits 3 Branches 19 Tags
aa009c1e7828eaae9dca58dff3fa8caa4a378fd3
Commit Graph

539 Commits

Author SHA1 Message Date
June Kelly
1c2fcb45b0 Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts 
[web] Audit failed login attempts

GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9
 2022-10-20 08:03:44 +00:00
Eric Mc Sween
1405705f65 Merge pull request #9956 from overleaf/em-node-fetch-web 
Replace request-promise with fetch in web acceptance tests

GitOrigin-RevId: f50357cdea2d1353d7a82c5346b149018f91823f
 2022-10-18 08:03:25 +00:00
Miguel Serrano
694cb665da Merge pull request #9617 from overleaf/msm-audit-log-collections 
Move project/user audit logs to their own collections

GitOrigin-RevId: f6f89b3e2815c0fe5691a79eceb35b77b3c370d8
 2022-09-30 08:04:17 +00:00
June Kelly
0dfaf145ac [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Alf Eaton
0b9d2cc99a Remove deprecated grunt code (#9506) 
GitOrigin-RevId: 2b19d73c593545aaa9f6eb88143d08c5df39a1be
 2022-09-16 08:05:37 +00:00
Eric Mc Sween
0f9d805921 Merge pull request #9563 from overleaf/em-tpds-merge-metadata 
Return metadata from TPDS update endpoint in web

GitOrigin-RevId: 9154be67f7f975807c6e986a5d6fb66013c9a384
 2022-09-13 08:05:50 +00:00
Alf Eaton
2c21fbd3ad Remove mkdirp from web dependencies (#7427) 
GitOrigin-RevId: b170371e538ca65fccd5c21f76dc25feec909190
 2022-08-22 08:03:41 +00:00
Simon Detheridge
53dd89a826 Merge pull request #6661 from overleaf/spd-local-tests 
Move acceptance test mocks to nonstandard ports and add options for running locally

GitOrigin-RevId: bd8f70ac8d80599daccc51cfe7b90a2ad8d8c3d8
 2022-08-10 08:03:45 +00:00
Jakob Ackermann
4b884732c9 Merge pull request #9099 from overleaf/jpa-web-graceful-shutdown 
[web] introduce graceful shutdown

GitOrigin-RevId: f42793a96f1e0304c57a855241bffa32bb291864
 2022-08-05 08:03:27 +00:00
Timothée Alby
c56ad54646 Merge pull request #9009 from overleaf/ab-split-tests-saas-check 
[web] Skip split test assignment logic when not in SaaS mode

GitOrigin-RevId: 4c370bbc78c5a6828207f3336dfa6af9f4d71e17
 2022-07-29 08:04:03 +00:00
Timothée Alby
03c95d2603 Merge pull request #8897 from overleaf/ta-token-access-anonymous-redirect 
Redirect Early on Anonymous Write Token Access Attempts

GitOrigin-RevId: 55e1839c3171a0a6a677ecca2f6bec87aad802bd
 2022-07-29 08:03:45 +00:00
Timothée Alby
2b404fe926 Merge pull request #8571 from overleaf/ta-token-access-page 
Require User Interaction on Token Access Page

GitOrigin-RevId: 2f4c00ba75ebd6bd87d3e770ec8223d736344f5b
 2022-07-29 08:03:39 +00:00
Alexandre Bourdin
1e53682afc Merge pull request #8957 from overleaf/ab-split-test-controls-badge 
[web] SplitTestBadge based on split test phase and badge config

GitOrigin-RevId: e178ca864fd6619ff61a2a84fc1ccb5d54e0a814
 2022-07-26 08:04:28 +00:00
M Fahru
fbde960690 Improve error message when a collaborator tries to refresh a linked file without access to the project (#8884) 
* Improve error message when a collaborator tries to refresh a linked file without access to the project

* Move the AccessDeniedError hardcoded error message to translation file

* apply prettier

* remove period (dot) in test hardcoded string

* revert unintended changes

GitOrigin-RevId: 50a5bf46428a96e629e9091cc18068f3ee7084e3
 2022-07-21 08:03:32 +00:00
Henry Oswald
68b61bbcaf Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly
f83ea0eae9 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00
Alexandre Bourdin
29cd233c29 Merge pull request #8426 from overleaf/ta-error-pages-style 
Update General Error Pages Style

GitOrigin-RevId: 04346784c94d5ce6bf3257fd128a3f00da4c4e9e
 2022-06-23 08:02:34 +00:00
Miguel Serrano
d51034d698 Fixed tests by removing stdout checks that are no longer valid (#8337) 
* Fixed tests by removing stdout checks that are no longer valid

script verbosity was updated in c73b46599b, this checks are no longer valid. After the deleted line there's an extra check that should be good enough for the test case.

GitOrigin-RevId: 2756d11cad97fdbeca44f35c24ee192e582a52c1
 2022-06-09 08:02:27 +00:00
Eric Mc Sween
c6ec417a3c Merge pull request #8035 from overleaf/em-remove-chaid 
Remove the chaid package from tests

GitOrigin-RevId: 61b541eebcf1982137aa10ad51940547c649e68d
 2022-05-23 08:04:07 +00:00
Jakob Ackermann
b027ef95e5 Merge pull request #7986 from overleaf/jpa-eslint-8 
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
 2022-05-17 08:05:59 +00:00
Tim Down
b4d78ddfb6 Merge pull request #7545 from overleaf/td-split-test-data-sentry 
Record split-test state in Sentry metadata from web clients

GitOrigin-RevId: 66dd195c546bd9fb0aedac52844200846c5012ca
 2022-04-25 08:04:45 +00:00
ilkin-overleaf
54515152a2 Merge pull request #7225 from overleaf/ta-leave-modal 
[DeleteAccount] Create Modal with Form

GitOrigin-RevId: 611f08c7253f59d91c6937b79c80a386b9d21ccd
 2022-04-11 08:03:36 +00:00
Eric Mc Sween
7e76f94e17 Merge pull request #7228 from overleaf/em-node-16 
Upgrade to Node 16

GitOrigin-RevId: 3db1ae57ffb02f8a2b9012ffbb3efecfc01d2b04
 2022-04-05 12:20:52 +00:00
Jakob Ackermann
3ce46557be Merge pull request #7094 from overleaf/jpa-redirect-admin-requests 
[web] redirect admin users from admin endpoints to the admin domain

GitOrigin-RevId: a4bd7d4f998615efcb46ae9866868af9489c94f5
 2022-04-05 12:18:51 +00:00
Jakob Ackermann
ff2bf58a84 Merge pull request #6712 from overleaf/jpa-redirect-token-access 
[web] redirect admin users from token access gateway to admin panel

GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f
 2022-04-05 12:18:29 +00:00
Jakob Ackermann
c6f638023f Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app 
[misc] move admin capability from www. to admin. subdomain

GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459
 2022-04-05 12:18:24 +00:00
Thomas
502e7c1d2f Send delete request to chat when expiring deleted projects (#6997) 
* Send delete request to chat when expiring deleted projects

* Add script to clean-up orphaned chat of previously expired projects

GitOrigin-RevId: 157d100bd51b6204a9e31733b5164b8e7036ef01
 2022-03-28 08:04:29 +00:00
Eric Mc Sween
854d798d66 Merge pull request #6785 from overleaf/em-split-tests-analytics-enabled 
Add "analytics enabled" setting to split tests

GitOrigin-RevId: 9ddfda9e246cac7a13361b2d3df6884212583000
 2022-03-01 09:04:15 +00:00
Jessica Lawshe
631ce958e4 Merge pull request #6886 from overleaf/jpa-less-verbose-ci 
[web] skip HIBP check for all tests but the HIBP specific ones

GitOrigin-RevId: 714e69cc2220e7edcef875d6be487ded571cd977
 2022-02-25 09:03:23 +00:00
Miguel Serrano
719542f9f7 Primary Email Check (#6471) 
* added primary-email-check page, route and controllers
* add `#add-email` internal link in settings to display new email form
* added primary-email-check redirection with split test
* update `lastPrimaryEmailCheck` when the default email address is set
* added `lastPrimaryCheck` to admin panel
* translations for primary-email-check
* acceptance tests for primary-email-check
* [web] multi-submit for primary email check
* Using `confirmedAt` to prevent from displaying primary-email-check page

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
Co-Authored-By: Miguel Serrano <mserranom@gmail.com>
GitOrigin-RevId: d8e3a280439da08038a4487d8bfd7b3b0596e3b5
 2022-02-04 09:03:34 +00:00
Jakob Ackermann
3124da4bf3 Merge pull request #6493 from overleaf/jpa-flaky-delay 
[web] HaveIBeenPwnedApiTests: give background check more time

GitOrigin-RevId: 761b3f402f9284eb56bee29e6e78e759ac42ba86
 2022-01-27 09:03:53 +00:00
Jakob Ackermann
23e9f8bf1a Merge pull request #6457 from overleaf/jpa-harden-login 
[web] harden login process

GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d
 2022-01-27 09:03:38 +00:00
Jakob Ackermann
b4156cb3be Merge pull request #6417 from overleaf/jpa-device-history 
[web] add cookie/JWE based device history for skipping captcha challenge

GitOrigin-RevId: b091564bfd93f7e587d396c860fd864f220f4b63
 2022-01-27 09:03:34 +00:00
Jessica Lawshe
4b7d9807b6 Merge pull request #6375 from overleaf/jel-reconfirm-check 
[web] Use v1 date for reconfirm notification check

GitOrigin-RevId: e14f1b6a1a6ab629628858d962a3757a6078cf79
 2022-01-26 09:03:50 +00:00
Tim Alby
28cb844d5a rename price attributes to price_in_cents or price_in_unit 
GitOrigin-RevId: 8045472c96862078583fcb522099ad78926281dc
 2022-01-21 09:03:23 +00:00
Jakob Ackermann
86741fc86f Merge pull request #6349 from overleaf/jpa-password-strength-checking 
[web] data collection for password strength using HaveIBeenPwned api

GitOrigin-RevId: 7e4d57a979c29027fb7ca5294f3935500a0b4cf3
 2022-01-20 09:03:07 +00:00
Jakob Ackermann
d902505ac9 Merge pull request #6317 from overleaf/jpa-send-explicit-content-type 
[web] send explicit content type in responses

GitOrigin-RevId: d5aeaba57a7d2fc053fbf5adc2299fb46e435341
 2022-01-18 09:03:18 +00:00
June Kelly
b49c6cd8c5 Merge pull request #5976 from overleaf/jk-login-audit-log-type 
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
 2022-01-14 09:02:28 +00:00
Jessica Lawshe
e4b7ef7c62 Merge pull request #6254 from overleaf/jel-saml-entitlement 
[web] Always update entitlement in v1 after SAML callback

GitOrigin-RevId: 2569d6d8e6142786ad2875c62c9cd4568837654a
 2022-01-13 09:04:16 +00:00
Alf Eaton
01042eb030 [web] Upgrade Prettier to match version in monorepo root (#6231) 
GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d
 2022-01-11 09:03:23 +00:00
Jakob Ackermann
9a6e954e1f Merge pull request #6234 from overleaf/jpa-web-owns-spelling-preferences 
[misc] move ownership of spellingPreferences collection to web

GitOrigin-RevId: f2584a1119a578c3df15371c6798923a4f2d15ae
 2022-01-07 09:03:11 +00:00
Eric Mc Sween
e2be63e9ed Merge pull request #5740 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: b304c87a3fe46c29189f665eb3daf22c23d6eb8f
 2021-11-11 09:03:09 +00:00
Hugh O'Brien
d0e59b79a9 Merge pull request #5688 from overleaf/jpa-invalid-password-message 
[web] password reset: validate user password ahead of invalidating token

GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
 2021-11-10 09:02:38 +00:00
Jakob Ackermann
29ecc6e0d6 Merge pull request #5727 from overleaf/jpa-deprecation-warnings 
[misc] fix deprecation warnings

GitOrigin-RevId: aa103252e5918143bb1dacb19e87e47bb1784e83
 2021-11-09 09:04:44 +00:00
Jakob Ackermann
acc7ec73c3 Merge pull request #5622 from overleaf/jpa-less-verbose-ci 
[web] less verbose CI

GitOrigin-RevId: 4935fa7f10db9309376c548788277c79b9ec50db
 2021-11-03 09:03:04 +00:00
Eric Mc Sween
4d15360439 Merge pull request #5648 from overleaf/em-revert-gcp-logging-web 
Revert "Improve GCP logging for web"

GitOrigin-RevId: 92d446baf62108da1df92146eec12a2fe69d30ee
 2021-11-02 09:03:29 +00:00
Eric Mc Sween
5c4e116ad2 Merge pull request #5632 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: 1198fab2e821a55563058171cfa435605216e337
 2021-11-02 09:03:22 +00:00
Brian Gough
9e42b4a86f Merge pull request #5623 from overleaf/bg-initial-features-epoch 
[web] start using featuresEpoch in production

GitOrigin-RevId: b3cbbdc60677455fddbe9fff5e97d63f2239c59d
 2021-11-02 09:03:09 +00:00
Jakob Ackermann
18e89dd367 Merge pull request #5367 from overleaf/jpa-node-handle-callback-err 
[misc] fix eslint violations for node/handle-callback-err

GitOrigin-RevId: 83a4900e8861010df1917bff49382bd9c93375bd
 2021-10-28 08:03:26 +00:00
Jakob Ackermann
a7fe64e86c Merge pull request #5352 from overleaf/jpa-no-var 
[misc] fix eslint violations for `no-var`

GitOrigin-RevId: c52e82f3a8a993b8662cc5aa56e7b95ca3c55832
 2021-10-27 08:03:00 +00:00