agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-01 05:11:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
26,408 Commits 3 Branches 19 Tags
ddce996d780dc7cd2e36a8ee558cfdc8e4675314
Commit Graph

51 Commits

Author SHA1 Message Date
Andrew Rumble
ddce996d78 Update test to reflect new behaviour 
The affected values shouldn't ever have got past the validation in the
router (so the old behaviour should be unused)

GitOrigin-RevId: 3afbd09bd12279125b65fb0d3ec1242f0b456d6f
 2025-09-23 08:07:23 +00:00
Andrew Rumble
c3999d952a Use valid input in test suites 
GitOrigin-RevId: 3529a169062df54af54ca32f00804c211a129bf1
 2025-09-23 08:07:18 +00:00
Rebeka Dekany
e35f79bf32 Tear down bs5-auth-pages feature flag (#27035) 
* Remove auth-pages-bs5 test assignment setPassword

* Remove auth-pages-bs5 test assignment passwordReset

* Remove auth-pages-bs5 test assignment primaryEmailCheck

* Remove auth-pages-bs5 test assignment reconfirm

* Remove - bootstrap5PageStatus = 'enabled'

* Remove primary-email-check.less

* Fix spacing

* Remove unused translations

* Removed unused SplitTestHandler

* Update password_reset_sentence_case to password_reset

GitOrigin-RevId: d5a5c9a1576f325186aa103c4b7ad8fb819b790a
 2025-07-14 08:05:56 +00:00
Andrew Rumble
e76a8ff267 Convert return new Promise to await new Promise 
GitOrigin-RevId: 49404748cc90cb7bdef0460f7e9837196f81cae8
 2025-06-25 08:06:59 +00:00
Andrew Rumble
c0b7efea10 Change imports that use chai to use vitest 
GitOrigin-RevId: 59d780f754adbb5160a2de8e5eca1def6968584b
 2025-06-10 08:05:18 +00:00
Andrew Rumble
873068a187 Update test files with vitest compat changes 
GitOrigin-RevId: 494f906089d250268a5ff8c8a2150ff2692c37e2
 2025-05-29 08:05:06 +00:00
Andrew Rumble
51dcc88f27 Rename test files for vitest 
GitOrigin-RevId: f8792c0ce5eeb4843a534d3ff83e011d25fb65e0
 2025-05-29 08:05:00 +00:00
M Fahru
7fbcca6ed1 Merge pull request #22609 from overleaf/mf-migrate-aux-password-pages-to-bs5 
[web] Migrate reset password page to bootstrap 5 and website redesign

GitOrigin-RevId: 613865379d094b305c6dc78f74dc70341214f4ed
 2025-01-28 09:05:35 +00:00
Antoine Clausse
b0419a86f2 [web] Add audit logs for clear_sessions_set_must_reconfirm script, "must-reset-password-set" and "must-reset-password-unset" (#21776) 
* Promisify clear_sessions_set_must_reconfirm.mjs

* Add test on PasswordResetTests.mjs

* Add `must-reset-password-unset` audit log

* Add `must-reset-password-set` audit log

* Add test ClearSessionsSetMustReconfirmTests.mjs

* Fixup bad copy-paste in test: `must-reset-password-set` -> `must-reset-password-unset`

* Check `must_reconfirm` before calling `removeReconfirmFlag`

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* Fix unit test

* Use `promiseMapWithLimit`

* Add `{ script: true }` to AuditLog. Also use `undefined` instead of `null` for consistency

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 522026c82196d263c196503d899b8c57b05b31dd
 2024-11-15 09:05:21 +00:00
Andrew Rumble
2bfb55a305 Update tests 
GitOrigin-RevId: 9272720e0f6865c54257c43bd98d8e6003251aa2
 2024-10-17 08:06:17 +00:00
Jimmy Domagala-Tang
007cc42477 Merge pull request #19152 from overleaf/jdt-project-permissions 
Allow checking permissions for all users on a project and rename checkPermissions -> AssertPermissions

GitOrigin-RevId: 511356cf2fe68367e284347e68e59f6116bd0f80
 2024-07-03 08:04:19 +00:00
Antoine Clausse
25d8e053be [web] Update revokeAllUserSessions and rename it to removeSessionsFromRedis (#18360) 
* Fix `revokeAllUserSessions` call in `_cleanupUser`

The user object should be passed, not the _id

* Change `revokeAllUserSessions` signature, take `req` and `stayLoggedIn` arguments

* Update uses of `revokeAllUserSessions`

* Fix promisified `revokeAllUserSessions` args

* Update tests

* Destroy or Regenerate the session in the end of `revokeAllUserSessions`

Per https://github.com/overleaf/internal/issues/17036#issuecomment-1938398570

* Revert "Destroy or Regenerate the session in the end of `revokeAllUserSessions`"

This reverts commit fe30734dbe45b27d2931d2e43a711d591bb85787.

* Rename `revokeAllUserSessions` to `removeSessionsFromRedis`

* Fixup tests

* Fix: add optional chaining in `req.sessionID` (!!)

GitOrigin-RevId: d41676bf00f463230af495e09c65fb9ee521f49f
 2024-05-20 08:04:12 +00:00
Jessica Lawshe
94e9456a4b Merge pull request #17793 from overleaf/jel-password-token-when-managed-linked 
[web] Check permissions when using password reset token

GitOrigin-RevId: b5339d5ad5322fcae7beaa99fb40a87ffb938b52
 2024-04-25 08:04:58 +00:00
M Fahru
d836631902 Merge pull request #17548 from overleaf/mf-promisify-render-set-password-form 
[web] promisify renderSetPasswordForm

GitOrigin-RevId: 3a79a7fd23de2d7ff87a833204298aed6cc303a5
 2024-03-29 09:04:26 +00:00
Jessica Lawshe
814ee0ac62 Merge pull request #17351 from overleaf/jel-async-getUserForPasswordResetToken 
[web] Promisify getUserForPasswordResetToken

GitOrigin-RevId: 4b0363b390af155f1bae4332fba7cf10c130e1c6
 2024-03-12 09:03:35 +00:00
Jessica Lawshe
7a9c2fd644 Merge pull request #17329 from overleaf/jel-async-peekValueFromToken 
[web] Promisify peekValueFromToken

GitOrigin-RevId: 4a7f6ae793ff0a1bd22c89c963881ef0957e29e8
 2024-03-12 09:03:32 +00:00
Jessica Lawshe
4ad6d3cb5f Merge pull request #17091 from overleaf/jel-promisify-password-reset 
[web] Promisify password reset

GitOrigin-RevId: bc8399727a86276b1d5baa380369d988772c268a
 2024-02-19 09:04:29 +00:00
Mathias Jakobsen
9ca43ebc4e Merge pull request #15822 from overleaf/mj-audit-log-tokens 
[web] Add audit logs for token expiration operations

GitOrigin-RevId: 220fe017cf508ead986a4cd2bd9009035418ce43
 2023-11-21 09:03:59 +00:00
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Henry Oswald
5f1abee345 Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly
d04ea76081 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00
Jakob Ackermann
f0bd6dda23 Merge pull request #7986 from overleaf/jpa-eslint-8 
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
 2022-05-17 08:05:59 +00:00
June Kelly
c72ec548bb Merge pull request #5976 from overleaf/jk-login-audit-log-type 
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
 2022-01-14 09:02:28 +00:00
Alf Eaton
50df230846 [web] Upgrade Prettier to match version in monorepo root (#6231) 
GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d
 2022-01-11 09:03:23 +00:00
Hugh O'Brien
3b95ac6d88 Merge pull request #5688 from overleaf/jpa-invalid-password-message 
[web] password reset: validate user password ahead of invalidating token

GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
 2021-11-10 09:02:38 +00:00
Jakob Ackermann
358e8b7424 Merge pull request #5349 from overleaf/jpa-no-depreacted-api 
[misc] fix eslint violations for node/no-depreacted-api

GitOrigin-RevId: 0f7d64984da9e789c4ab95381db34afb89fa1a94
 2021-10-21 08:03:18 +00:00
June Kelly
7292cfbd02 Merge pull request #5366 from overleaf/jk-move-password-reset-audit-log 
[web] audit password reset before taking action

GitOrigin-RevId: 672f712658b4669a5a750dbc6f97d24ce35c332d
 2021-10-21 08:03:00 +00:00
Jakob Ackermann
891947770c Merge pull request #5124 from overleaf/jk-de-ng-set-password-page 
[web] de-ng set password form

GitOrigin-RevId: d8ebf9f794454d5772e13ab783892d2bba6eed87
 2021-09-24 08:03:23 +00:00
June Kelly
0ae8f37629 Merge pull request #5107 from overleaf/jk-de-ng-reconfirm-and-pw-reset 
[web] de-ng password reset and must-reconfirm forms

GitOrigin-RevId: 2101493ff017ba56214c6f981129f94eb9db46aa
 2021-09-17 08:03:02 +00:00
Jakob Ackermann
9d00c351a8 Merge pull request #4327 from overleaf/jpa-pw-reset-captcha 
[misc] add captcha on password reset requests

GitOrigin-RevId: 9a23b9c9dee2c56345e9c1846861c05c25126802
 2021-07-28 02:06:02 +00:00
Jakob Ackermann
5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Alf Eaton
1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Alf Eaton
1ebc8a79cb Merge pull request #3495 from overleaf/ae-prettier-2 
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
 2021-04-15 02:05:22 +00:00
Eric Mc Sween
9ddaa8c9f6 Merge pull request #3830 from overleaf/em-upgrade-node-12 
Upgrade to Node 12

GitOrigin-RevId: 19870922884b7c98e7e5f2c94df21829672d2db5
 2021-04-01 02:05:52 +00:00
Miguel Serrano
d65db1acf0 Merge pull request #3824 from overleaf/jpa-password-reset-email-forwarding 
[misc] fix passing around of users email as part of password reset

GitOrigin-RevId: 54e8cde9867a2ce735bc7ebe281ead19ef49e6cd
 2021-04-01 02:05:04 +00:00
Alf Eaton
2ff1cf43d6 Merge pull request #3470 from overleaf/eslint 
Upgrade and configure ESLint

GitOrigin-RevId: ad5aeaf85e72c847a125ff3a9db99a12855e38aa
 2020-12-16 03:08:28 +00:00
Shane Kilkelly
e9f7a17093 Merge pull request #3234 from overleaf/sk-fix-password-validation-email 
Overhaul password validation

GitOrigin-RevId: a591c4e192e30a0ac053eab6f80627543a8a92fe
 2020-10-23 02:04:39 +00:00
Simon Detheridge
fdcf327ae7 Merge pull request #3231 from overleaf/jpa-hide-internal-error-messages 
[misc] PasswordResetController: do not expose internal error messages

GitOrigin-RevId: 9eca5e7f5367559d5340363ef859589e218e817f
 2020-09-29 02:05:30 +00:00
Jessica Lawshe
552fb56b74 Merge pull request #3078 from overleaf/jel-log-password-reset-by-token 
Update audit log when password reset by token

GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf
 2020-08-13 15:46:10 +00:00
Miguel Serrano
0583f7a667 Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods 
[misc] fix express deprecations

GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5
 2020-05-07 03:27:56 +00:00
Eric Mc Sween
1dc325d1c7 Merge pull request #2750 from overleaf/ta-activate-finish-login 
Don't Bypass FinishLogin on Password Reset

GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71
 2020-04-24 03:30:45 +00:00
Eric Mc Sween
93fe30a451 Merge pull request #2412 from overleaf/em-password-trim 
Preserve spaces in password in password reset flow

GitOrigin-RevId: 9a2dfb2988ae99be73934b722e635056b5ab1a18
 2019-12-02 14:09:57 +00:00
Eric Mc Sween
2603597150 Merge pull request #2221 from overleaf/em-ownership-transfer-emails 
Project ownership transfer emails

GitOrigin-RevId: 3d33147c18e2d652976b3dac7453c0407c81314e
 2019-10-15 13:30:10 +00:00
Simon Detheridge
7588393580 Merge pull request #2047 from overleaf/spd-eslint-mocha-arrows 
Enforce consistent callback style in mocha tests

GitOrigin-RevId: a64c293dae6926ef5831abe97eaf2044942a5c85
 2019-08-07 15:29:25 +00:00
Ersun Warncke
d624c29b6f remove v1 deps for password change/reset 
GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7
 2019-07-17 15:09:24 +00:00
Eric Mc Sween
d7549544d6 Merge pull request #1950 from overleaf/em-password-reset 
Fetch user by email when validating password reset

GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d
 2019-07-16 09:22:15 +00:00
Shane Kilkelly
238e2b2565 Merge pull request #1937 from overleaf/spd-sandboxedmodule-global-console 
Add 'console' to SandboxedModule globals

GitOrigin-RevId: fad442ca128561a4fa193b929f217cf31ad0f043
 2019-07-15 10:44:47 +00:00
Eric Mc Sween
a31090daab Merge pull request #1944 from overleaf/em-password-reset 
Store the email address in the password reset token data

GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a
 2019-07-04 12:51:16 +00:00
Simon Detheridge
757ae39487 Merge pull request #1899 from overleaf/spd-implicit-return-tests 
Decaf cleanup: Remove implicit return from 'it' and 'describe' in tests

GitOrigin-RevId: f297820e6212dddc0d60697a2fe1612ef27403b6
 2019-06-21 13:58:57 +00:00
Ersun Warncke
8cc9bc5335 write to v1/v2 on register, password change and reset 
GitOrigin-RevId: 29045912319d1d387613ec55c6620852d8857614
 2019-06-19 11:06:21 +00:00