agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-29 20:11:32 +02:00
Code Issues Packages Projects Releases Wiki Activity
27,806 Commits 3 Branches 19 Tags
d73e2b063af3af9750e798e2a2e583b72f5dfd52
Commit Graph

53 Commits

Author SHA1 Message Date
Antoine Clausse
6eefe6dda4 [web] Create CIAM versions of the password reset screens (#30087) 
* Make CIAM copies of Pug files

passwordResetCiam.pug
setPasswordCiam.pug

* Update controller with split test assignment

* Use CIAM layout in passwordResetCiam.pug

* Style passwordResetCiam according to designs

* Use CIAM layout in setPasswordCiam.pug

* Style setPasswordCiam according to designs

* Use settings value in registration screen for must_be_at_least_n_characters

* Retrieve email input with a script

* Replace mb-4 by --ds-spacing-800

* Add eye icon to toggle password visibility

* Avoid double dots after some translated strings

* Use `ciamCustomFormDangerMessage`

* Use `ciamErrorNotification`

* Use `ciamButtonContentLoading`

* Replace remaining "mb" classes

* Move new password errors to the top of the form

* Fix CIAM mixins path after rebase

* Use `ciamCustomFormDangerMessage`

* Add `data-ol-spinner-inflight` to buttons

* Replace classname ciam-notification by notification-ds

Remove borders from CIAM notifications
Fix font size

* Revert "Use settings value in registration screen for must_be_at_least_n_characters"

This reverts commit a0af95c11e171097750ad7ee871f6baf89d5c0cb.

(It's Friday afternoon so I don't want to update unrelated stuff :D)

* Update: check_your_inbox

* Remove `.ciam-card` min-height.

Unnecessary thanks to `.confirm-email-success-form`'s min-height: 400px;

* Use phosphor icons

* Style `formMessagesNewStyle` with DS notifications within CIAM pages

Alternatively, we could extend/duplicate `showMessagesNewStyle` with a CIAM variant

* Revert "Style `formMessagesNewStyle` with DS notifications within CIAM pages"

This reverts commit ed382dc1e8cdf5b916c1527f4da0a825167e9675.

* Fix styling of dynamically-created DS notifications

* Set password length info to secondary color

* Move `ciamSamlErrorNotLoggedIn` to saas-authentication module

Prevents errors in CE:

Error: ENOENT: no such file or directory, open '/overleaf/services/web/modules/saas-authentication/app/views/_mixins.pug'
    at /overleaf/services/web/app/views/_mixins/ciam_mixins.pug line 3

---------

Co-authored-by: Tim Down <158919+timdown@users.noreply.github.com>
GitOrigin-RevId: afe58f18ecee92460ab628a285b6edb48a5c678d
 2025-12-09 09:05:31 +00:00
Andrew Rumble
f1e788d9b3 Merge pull request #29967 from overleaf/ar/web-remove-mocha-unit-tests 
[web] remove mocha unit tests

GitOrigin-RevId: eda753af3470dbd1f385cb0bc3f06d78ade8a764
 2025-12-03 09:05:37 +00:00
Andrew Rumble
ddce996d78 Update test to reflect new behaviour 
The affected values shouldn't ever have got past the validation in the
router (so the old behaviour should be unused)

GitOrigin-RevId: 3afbd09bd12279125b65fb0d3ec1242f0b456d6f
 2025-09-23 08:07:23 +00:00
Andrew Rumble
c3999d952a Use valid input in test suites 
GitOrigin-RevId: 3529a169062df54af54ca32f00804c211a129bf1
 2025-09-23 08:07:18 +00:00
Rebeka Dekany
e35f79bf32 Tear down bs5-auth-pages feature flag (#27035) 
* Remove auth-pages-bs5 test assignment setPassword

* Remove auth-pages-bs5 test assignment passwordReset

* Remove auth-pages-bs5 test assignment primaryEmailCheck

* Remove auth-pages-bs5 test assignment reconfirm

* Remove - bootstrap5PageStatus = 'enabled'

* Remove primary-email-check.less

* Fix spacing

* Remove unused translations

* Removed unused SplitTestHandler

* Update password_reset_sentence_case to password_reset

GitOrigin-RevId: d5a5c9a1576f325186aa103c4b7ad8fb819b790a
 2025-07-14 08:05:56 +00:00
Andrew Rumble
e76a8ff267 Convert return new Promise to await new Promise 
GitOrigin-RevId: 49404748cc90cb7bdef0460f7e9837196f81cae8
 2025-06-25 08:06:59 +00:00
Andrew Rumble
c0b7efea10 Change imports that use chai to use vitest 
GitOrigin-RevId: 59d780f754adbb5160a2de8e5eca1def6968584b
 2025-06-10 08:05:18 +00:00
Andrew Rumble
873068a187 Update test files with vitest compat changes 
GitOrigin-RevId: 494f906089d250268a5ff8c8a2150ff2692c37e2
 2025-05-29 08:05:06 +00:00
Andrew Rumble
51dcc88f27 Rename test files for vitest 
GitOrigin-RevId: f8792c0ce5eeb4843a534d3ff83e011d25fb65e0
 2025-05-29 08:05:00 +00:00
M Fahru
7fbcca6ed1 Merge pull request #22609 from overleaf/mf-migrate-aux-password-pages-to-bs5 
[web] Migrate reset password page to bootstrap 5 and website redesign

GitOrigin-RevId: 613865379d094b305c6dc78f74dc70341214f4ed
 2025-01-28 09:05:35 +00:00
Antoine Clausse
b0419a86f2 [web] Add audit logs for clear_sessions_set_must_reconfirm script, "must-reset-password-set" and "must-reset-password-unset" (#21776) 
* Promisify clear_sessions_set_must_reconfirm.mjs

* Add test on PasswordResetTests.mjs

* Add `must-reset-password-unset` audit log

* Add `must-reset-password-set` audit log

* Add test ClearSessionsSetMustReconfirmTests.mjs

* Fixup bad copy-paste in test: `must-reset-password-set` -> `must-reset-password-unset`

* Check `must_reconfirm` before calling `removeReconfirmFlag`

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* Fix unit test

* Use `promiseMapWithLimit`

* Add `{ script: true }` to AuditLog. Also use `undefined` instead of `null` for consistency

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 522026c82196d263c196503d899b8c57b05b31dd
 2024-11-15 09:05:21 +00:00
Andrew Rumble
2bfb55a305 Update tests 
GitOrigin-RevId: 9272720e0f6865c54257c43bd98d8e6003251aa2
 2024-10-17 08:06:17 +00:00
Jimmy Domagala-Tang
007cc42477 Merge pull request #19152 from overleaf/jdt-project-permissions 
Allow checking permissions for all users on a project and rename checkPermissions -> AssertPermissions

GitOrigin-RevId: 511356cf2fe68367e284347e68e59f6116bd0f80
 2024-07-03 08:04:19 +00:00
Antoine Clausse
25d8e053be [web] Update revokeAllUserSessions and rename it to removeSessionsFromRedis (#18360) 
* Fix `revokeAllUserSessions` call in `_cleanupUser`

The user object should be passed, not the _id

* Change `revokeAllUserSessions` signature, take `req` and `stayLoggedIn` arguments

* Update uses of `revokeAllUserSessions`

* Fix promisified `revokeAllUserSessions` args

* Update tests

* Destroy or Regenerate the session in the end of `revokeAllUserSessions`

Per https://github.com/overleaf/internal/issues/17036#issuecomment-1938398570

* Revert "Destroy or Regenerate the session in the end of `revokeAllUserSessions`"

This reverts commit fe30734dbe45b27d2931d2e43a711d591bb85787.

* Rename `revokeAllUserSessions` to `removeSessionsFromRedis`

* Fixup tests

* Fix: add optional chaining in `req.sessionID` (!!)

GitOrigin-RevId: d41676bf00f463230af495e09c65fb9ee521f49f
 2024-05-20 08:04:12 +00:00
Jessica Lawshe
94e9456a4b Merge pull request #17793 from overleaf/jel-password-token-when-managed-linked 
[web] Check permissions when using password reset token

GitOrigin-RevId: b5339d5ad5322fcae7beaa99fb40a87ffb938b52
 2024-04-25 08:04:58 +00:00
M Fahru
d836631902 Merge pull request #17548 from overleaf/mf-promisify-render-set-password-form 
[web] promisify renderSetPasswordForm

GitOrigin-RevId: 3a79a7fd23de2d7ff87a833204298aed6cc303a5
 2024-03-29 09:04:26 +00:00
Jessica Lawshe
814ee0ac62 Merge pull request #17351 from overleaf/jel-async-getUserForPasswordResetToken 
[web] Promisify getUserForPasswordResetToken

GitOrigin-RevId: 4b0363b390af155f1bae4332fba7cf10c130e1c6
 2024-03-12 09:03:35 +00:00
Jessica Lawshe
7a9c2fd644 Merge pull request #17329 from overleaf/jel-async-peekValueFromToken 
[web] Promisify peekValueFromToken

GitOrigin-RevId: 4a7f6ae793ff0a1bd22c89c963881ef0957e29e8
 2024-03-12 09:03:32 +00:00
Jessica Lawshe
4ad6d3cb5f Merge pull request #17091 from overleaf/jel-promisify-password-reset 
[web] Promisify password reset

GitOrigin-RevId: bc8399727a86276b1d5baa380369d988772c268a
 2024-02-19 09:04:29 +00:00
Mathias Jakobsen
9ca43ebc4e Merge pull request #15822 from overleaf/mj-audit-log-tokens 
[web] Add audit logs for token expiration operations

GitOrigin-RevId: 220fe017cf508ead986a4cd2bd9009035418ce43
 2023-11-21 09:03:59 +00:00
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Henry Oswald
5f1abee345 Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly
d04ea76081 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00
Jakob Ackermann
f0bd6dda23 Merge pull request #7986 from overleaf/jpa-eslint-8 
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
 2022-05-17 08:05:59 +00:00
June Kelly
c72ec548bb Merge pull request #5976 from overleaf/jk-login-audit-log-type 
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
 2022-01-14 09:02:28 +00:00
Alf Eaton
50df230846 [web] Upgrade Prettier to match version in monorepo root (#6231) 
GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d
 2022-01-11 09:03:23 +00:00
Hugh O'Brien
3b95ac6d88 Merge pull request #5688 from overleaf/jpa-invalid-password-message 
[web] password reset: validate user password ahead of invalidating token

GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
 2021-11-10 09:02:38 +00:00
Jakob Ackermann
358e8b7424 Merge pull request #5349 from overleaf/jpa-no-depreacted-api 
[misc] fix eslint violations for node/no-depreacted-api

GitOrigin-RevId: 0f7d64984da9e789c4ab95381db34afb89fa1a94
 2021-10-21 08:03:18 +00:00
June Kelly
7292cfbd02 Merge pull request #5366 from overleaf/jk-move-password-reset-audit-log 
[web] audit password reset before taking action

GitOrigin-RevId: 672f712658b4669a5a750dbc6f97d24ce35c332d
 2021-10-21 08:03:00 +00:00
Jakob Ackermann
891947770c Merge pull request #5124 from overleaf/jk-de-ng-set-password-page 
[web] de-ng set password form

GitOrigin-RevId: d8ebf9f794454d5772e13ab783892d2bba6eed87
 2021-09-24 08:03:23 +00:00
June Kelly
0ae8f37629 Merge pull request #5107 from overleaf/jk-de-ng-reconfirm-and-pw-reset 
[web] de-ng password reset and must-reconfirm forms

GitOrigin-RevId: 2101493ff017ba56214c6f981129f94eb9db46aa
 2021-09-17 08:03:02 +00:00
Jakob Ackermann
9d00c351a8 Merge pull request #4327 from overleaf/jpa-pw-reset-captcha 
[misc] add captcha on password reset requests

GitOrigin-RevId: 9a23b9c9dee2c56345e9c1846861c05c25126802
 2021-07-28 02:06:02 +00:00
Jakob Ackermann
5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Alf Eaton
1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Alf Eaton
1ebc8a79cb Merge pull request #3495 from overleaf/ae-prettier-2 
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
 2021-04-15 02:05:22 +00:00
Eric Mc Sween
9ddaa8c9f6 Merge pull request #3830 from overleaf/em-upgrade-node-12 
Upgrade to Node 12

GitOrigin-RevId: 19870922884b7c98e7e5f2c94df21829672d2db5
 2021-04-01 02:05:52 +00:00
Miguel Serrano
d65db1acf0 Merge pull request #3824 from overleaf/jpa-password-reset-email-forwarding 
[misc] fix passing around of users email as part of password reset

GitOrigin-RevId: 54e8cde9867a2ce735bc7ebe281ead19ef49e6cd
 2021-04-01 02:05:04 +00:00
Alf Eaton
2ff1cf43d6 Merge pull request #3470 from overleaf/eslint 
Upgrade and configure ESLint

GitOrigin-RevId: ad5aeaf85e72c847a125ff3a9db99a12855e38aa
 2020-12-16 03:08:28 +00:00
Shane Kilkelly
e9f7a17093 Merge pull request #3234 from overleaf/sk-fix-password-validation-email 
Overhaul password validation

GitOrigin-RevId: a591c4e192e30a0ac053eab6f80627543a8a92fe
 2020-10-23 02:04:39 +00:00
Simon Detheridge
fdcf327ae7 Merge pull request #3231 from overleaf/jpa-hide-internal-error-messages 
[misc] PasswordResetController: do not expose internal error messages

GitOrigin-RevId: 9eca5e7f5367559d5340363ef859589e218e817f
 2020-09-29 02:05:30 +00:00
Jessica Lawshe
552fb56b74 Merge pull request #3078 from overleaf/jel-log-password-reset-by-token 
Update audit log when password reset by token

GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf
 2020-08-13 15:46:10 +00:00
Miguel Serrano
0583f7a667 Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods 
[misc] fix express deprecations

GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5
 2020-05-07 03:27:56 +00:00
Eric Mc Sween
1dc325d1c7 Merge pull request #2750 from overleaf/ta-activate-finish-login 
Don't Bypass FinishLogin on Password Reset

GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71
 2020-04-24 03:30:45 +00:00
Eric Mc Sween
93fe30a451 Merge pull request #2412 from overleaf/em-password-trim 
Preserve spaces in password in password reset flow

GitOrigin-RevId: 9a2dfb2988ae99be73934b722e635056b5ab1a18
 2019-12-02 14:09:57 +00:00
Eric Mc Sween
2603597150 Merge pull request #2221 from overleaf/em-ownership-transfer-emails 
Project ownership transfer emails

GitOrigin-RevId: 3d33147c18e2d652976b3dac7453c0407c81314e
 2019-10-15 13:30:10 +00:00
Simon Detheridge
7588393580 Merge pull request #2047 from overleaf/spd-eslint-mocha-arrows 
Enforce consistent callback style in mocha tests

GitOrigin-RevId: a64c293dae6926ef5831abe97eaf2044942a5c85
 2019-08-07 15:29:25 +00:00
Ersun Warncke
d624c29b6f remove v1 deps for password change/reset 
GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7
 2019-07-17 15:09:24 +00:00
Eric Mc Sween
d7549544d6 Merge pull request #1950 from overleaf/em-password-reset 
Fetch user by email when validating password reset

GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d
 2019-07-16 09:22:15 +00:00
Shane Kilkelly
238e2b2565 Merge pull request #1937 from overleaf/spd-sandboxedmodule-global-console 
Add 'console' to SandboxedModule globals

GitOrigin-RevId: fad442ca128561a4fa193b929f217cf31ad0f043
 2019-07-15 10:44:47 +00:00
Eric Mc Sween
a31090daab Merge pull request #1944 from overleaf/em-password-reset 
Store the email address in the password reset token data

GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a
 2019-07-04 12:51:16 +00:00