agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-03 14:19:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
19,803 Commits 3 Branches 19 Tags
f68dfeb50dde2f4f2fbdd3bfde2003b61db959b3
Commit Graph

547 Commits

Author SHA1 Message Date
Tim Down 4fe3290907 Merge pull request #10966 from overleaf/td-add-coop-header 
Upgrade Helmet to add some security-related response headers, including COOP

GitOrigin-RevId: fce8538b004f7b3ba6c6ca65ad311957d75b496a
 2023-01-24 09:05:27 +00:00
Miguel Serrano c7455de6e6 Merge pull request #11346 from overleaf/msm-config-history-v1-sp 
Configuration changes for FPH in CE/SP

GitOrigin-RevId: 990eb0fa6158d4815740413da085759d2cc5e231
 2023-01-20 14:13:46 +00:00
Mathias Jakobsen 3bf630431d Merge pull request #11036 from overleaf/jpa-cdn-blocked-metric 
[web] add metric for blocked cdn

GitOrigin-RevId: bee0fa5af0cc3c5d91deb64c8e32bb7e04dbcc2b
 2023-01-05 09:04:04 +00:00
Mathias Jakobsen 0dc67a7ed9 Merge pull request #10793 from overleaf/mj-split-test-cleanup 
Split test clean-up

GitOrigin-RevId: 7dd6178487022cbefcbc85797dacc3f3fbfa17e2
 2022-12-21 09:04:04 +00:00
ilkin-overleaf 1649385e9f Merge pull request #10394 from overleaf/ii-password-reset-and-strength-checking 
[web] Password reset strength checking and UI updates

GitOrigin-RevId: 442a5c9e7e9d0a61d3ae649f3526bc3c02fd5704
 2022-12-07 09:03:36 +00:00
Brian Gough 68feebcc16 Merge pull request #10715 from overleaf/jpa-web-share-mongo-pool 
[web] share mongo connection pool between Mongoose and native db

GitOrigin-RevId: 8bb2a9dc76880144a8681cb564183906df624cc0
 2022-12-02 09:04:02 +00:00
Brian Gough ecd6959c85 Merge pull request #10637 from overleaf/bg-delete-user-from-dropbox 
delete user data from dropbox

GitOrigin-RevId: d586c73b4500f4fe718927f537ae770356eaefc1
 2022-11-29 09:04:33 +00:00
Jakob Ackermann 294a497e6b Merge pull request #10442 from overleaf/jpa-convert-archived-trashed 
[web] add migration for convert_archived_state script

GitOrigin-RevId: aeea3601a0c5f96e978c3f2a85458687d6d6678e
 2022-11-15 09:07:09 +00:00
June Kelly 1c2fcb45b0 Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts 
[web] Audit failed login attempts

GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9
 2022-10-20 08:03:44 +00:00
Eric Mc Sween 1405705f65 Merge pull request #9956 from overleaf/em-node-fetch-web 
Replace request-promise with fetch in web acceptance tests

GitOrigin-RevId: f50357cdea2d1353d7a82c5346b149018f91823f
 2022-10-18 08:03:25 +00:00
Miguel Serrano 694cb665da Merge pull request #9617 from overleaf/msm-audit-log-collections 
Move project/user audit logs to their own collections

GitOrigin-RevId: f6f89b3e2815c0fe5691a79eceb35b77b3c370d8
 2022-09-30 08:04:17 +00:00
June Kelly 0dfaf145ac [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Alf Eaton 0b9d2cc99a Remove deprecated grunt code (#9506) 
GitOrigin-RevId: 2b19d73c593545aaa9f6eb88143d08c5df39a1be
 2022-09-16 08:05:37 +00:00
Eric Mc Sween 0f9d805921 Merge pull request #9563 from overleaf/em-tpds-merge-metadata 
Return metadata from TPDS update endpoint in web

GitOrigin-RevId: 9154be67f7f975807c6e986a5d6fb66013c9a384
 2022-09-13 08:05:50 +00:00
Alf Eaton 2c21fbd3ad Remove mkdirp from web dependencies (#7427) 
GitOrigin-RevId: b170371e538ca65fccd5c21f76dc25feec909190
 2022-08-22 08:03:41 +00:00
Simon Detheridge 53dd89a826 Merge pull request #6661 from overleaf/spd-local-tests 
Move acceptance test mocks to nonstandard ports and add options for running locally

GitOrigin-RevId: bd8f70ac8d80599daccc51cfe7b90a2ad8d8c3d8
 2022-08-10 08:03:45 +00:00
Jakob Ackermann 4b884732c9 Merge pull request #9099 from overleaf/jpa-web-graceful-shutdown 
[web] introduce graceful shutdown

GitOrigin-RevId: f42793a96f1e0304c57a855241bffa32bb291864
 2022-08-05 08:03:27 +00:00
Timothée Alby c56ad54646 Merge pull request #9009 from overleaf/ab-split-tests-saas-check 
[web] Skip split test assignment logic when not in SaaS mode

GitOrigin-RevId: 4c370bbc78c5a6828207f3336dfa6af9f4d71e17
 2022-07-29 08:04:03 +00:00
Timothée Alby 03c95d2603 Merge pull request #8897 from overleaf/ta-token-access-anonymous-redirect 
Redirect Early on Anonymous Write Token Access Attempts

GitOrigin-RevId: 55e1839c3171a0a6a677ecca2f6bec87aad802bd
 2022-07-29 08:03:45 +00:00
Timothée Alby 2b404fe926 Merge pull request #8571 from overleaf/ta-token-access-page 
Require User Interaction on Token Access Page

GitOrigin-RevId: 2f4c00ba75ebd6bd87d3e770ec8223d736344f5b
 2022-07-29 08:03:39 +00:00
Alexandre Bourdin 1e53682afc Merge pull request #8957 from overleaf/ab-split-test-controls-badge 
[web] SplitTestBadge based on split test phase and badge config

GitOrigin-RevId: e178ca864fd6619ff61a2a84fc1ccb5d54e0a814
 2022-07-26 08:04:28 +00:00
M Fahru fbde960690 Improve error message when a collaborator tries to refresh a linked file without access to the project (#8884) 
* Improve error message when a collaborator tries to refresh a linked file without access to the project

* Move the AccessDeniedError hardcoded error message to translation file

* apply prettier

* remove period (dot) in test hardcoded string

* revert unintended changes

GitOrigin-RevId: 50a5bf46428a96e629e9091cc18068f3ee7084e3
 2022-07-21 08:03:32 +00:00
Henry Oswald 68b61bbcaf Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly f83ea0eae9 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00
Alexandre Bourdin 29cd233c29 Merge pull request #8426 from overleaf/ta-error-pages-style 
Update General Error Pages Style

GitOrigin-RevId: 04346784c94d5ce6bf3257fd128a3f00da4c4e9e
 2022-06-23 08:02:34 +00:00
Miguel Serrano d51034d698 Fixed tests by removing stdout checks that are no longer valid (#8337) 
* Fixed tests by removing stdout checks that are no longer valid

script verbosity was updated in https://github.com/overleaf/internal/commit/c73b46599b51fadb8054cdd7d05e25beb702533d, this checks are no longer valid. After the deleted line there's an extra check that should be good enough for the test case.

GitOrigin-RevId: 2756d11cad97fdbeca44f35c24ee192e582a52c1
 2022-06-09 08:02:27 +00:00
Eric Mc Sween c6ec417a3c Merge pull request #8035 from overleaf/em-remove-chaid 
Remove the chaid package from tests

GitOrigin-RevId: 61b541eebcf1982137aa10ad51940547c649e68d
 2022-05-23 08:04:07 +00:00
Jakob Ackermann b027ef95e5 Merge pull request #7986 from overleaf/jpa-eslint-8 
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
 2022-05-17 08:05:59 +00:00
Tim Down b4d78ddfb6 Merge pull request #7545 from overleaf/td-split-test-data-sentry 
Record split-test state in Sentry metadata from web clients

GitOrigin-RevId: 66dd195c546bd9fb0aedac52844200846c5012ca
 2022-04-25 08:04:45 +00:00
ilkin-overleaf 54515152a2 Merge pull request #7225 from overleaf/ta-leave-modal 
[DeleteAccount] Create Modal with Form

GitOrigin-RevId: 611f08c7253f59d91c6937b79c80a386b9d21ccd
 2022-04-11 08:03:36 +00:00
Eric Mc Sween 7e76f94e17 Merge pull request #7228 from overleaf/em-node-16 
Upgrade to Node 16

GitOrigin-RevId: 3db1ae57ffb02f8a2b9012ffbb3efecfc01d2b04
 2022-04-05 12:20:52 +00:00
Jakob Ackermann 3ce46557be Merge pull request #7094 from overleaf/jpa-redirect-admin-requests 
[web] redirect admin users from admin endpoints to the admin domain

GitOrigin-RevId: a4bd7d4f998615efcb46ae9866868af9489c94f5
 2022-04-05 12:18:51 +00:00
Jakob Ackermann ff2bf58a84 Merge pull request #6712 from overleaf/jpa-redirect-token-access 
[web] redirect admin users from token access gateway to admin panel

GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f
 2022-04-05 12:18:29 +00:00
Jakob Ackermann c6f638023f Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app 
[misc] move admin capability from www. to admin. subdomain

GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459
 2022-04-05 12:18:24 +00:00
Thomas 502e7c1d2f Send delete request to chat when expiring deleted projects (#6997) 
* Send delete request to chat when expiring deleted projects

* Add script to clean-up orphaned chat of previously expired projects

GitOrigin-RevId: 157d100bd51b6204a9e31733b5164b8e7036ef01
 2022-03-28 08:04:29 +00:00
Eric Mc Sween 854d798d66 Merge pull request #6785 from overleaf/em-split-tests-analytics-enabled 
Add "analytics enabled" setting to split tests

GitOrigin-RevId: 9ddfda9e246cac7a13361b2d3df6884212583000
 2022-03-01 09:04:15 +00:00
Jessica Lawshe 631ce958e4 Merge pull request #6886 from overleaf/jpa-less-verbose-ci 
[web] skip HIBP check for all tests but the HIBP specific ones

GitOrigin-RevId: 714e69cc2220e7edcef875d6be487ded571cd977
 2022-02-25 09:03:23 +00:00
Miguel Serrano 719542f9f7 Primary Email Check (#6471) 
* added primary-email-check page, route and controllers
* add `#add-email` internal link in settings to display new email form
* added primary-email-check redirection with split test
* update `lastPrimaryEmailCheck` when the default email address is set
* added `lastPrimaryCheck` to admin panel
* translations for primary-email-check
* acceptance tests for primary-email-check
* [web] multi-submit for primary email check
* Using `confirmedAt` to prevent from displaying primary-email-check page

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
Co-Authored-By: Miguel Serrano <mserranom@gmail.com>
GitOrigin-RevId: d8e3a280439da08038a4487d8bfd7b3b0596e3b5
 2022-02-04 09:03:34 +00:00
Jakob Ackermann 3124da4bf3 Merge pull request #6493 from overleaf/jpa-flaky-delay 
[web] HaveIBeenPwnedApiTests: give background check more time

GitOrigin-RevId: 761b3f402f9284eb56bee29e6e78e759ac42ba86
 2022-01-27 09:03:53 +00:00
Jakob Ackermann 23e9f8bf1a Merge pull request #6457 from overleaf/jpa-harden-login 
[web] harden login process

GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d
 2022-01-27 09:03:38 +00:00
Jakob Ackermann b4156cb3be Merge pull request #6417 from overleaf/jpa-device-history 
[web] add cookie/JWE based device history for skipping captcha challenge

GitOrigin-RevId: b091564bfd93f7e587d396c860fd864f220f4b63
 2022-01-27 09:03:34 +00:00
Jessica Lawshe 4b7d9807b6 Merge pull request #6375 from overleaf/jel-reconfirm-check 
[web] Use v1 date for reconfirm notification check

GitOrigin-RevId: e14f1b6a1a6ab629628858d962a3757a6078cf79
 2022-01-26 09:03:50 +00:00
Tim Alby 28cb844d5a rename price attributes to price_in_cents or price_in_unit 
GitOrigin-RevId: 8045472c96862078583fcb522099ad78926281dc
 2022-01-21 09:03:23 +00:00
Jakob Ackermann 86741fc86f Merge pull request #6349 from overleaf/jpa-password-strength-checking 
[web] data collection for password strength using HaveIBeenPwned api

GitOrigin-RevId: 7e4d57a979c29027fb7ca5294f3935500a0b4cf3
 2022-01-20 09:03:07 +00:00
Jakob Ackermann d902505ac9 Merge pull request #6317 from overleaf/jpa-send-explicit-content-type 
[web] send explicit content type in responses

GitOrigin-RevId: d5aeaba57a7d2fc053fbf5adc2299fb46e435341
 2022-01-18 09:03:18 +00:00
June Kelly b49c6cd8c5 Merge pull request #5976 from overleaf/jk-login-audit-log-type 
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
 2022-01-14 09:02:28 +00:00
Jessica Lawshe e4b7ef7c62 Merge pull request #6254 from overleaf/jel-saml-entitlement 
[web] Always update entitlement in v1 after SAML callback

GitOrigin-RevId: 2569d6d8e6142786ad2875c62c9cd4568837654a
 2022-01-13 09:04:16 +00:00
Alf Eaton 01042eb030 [web] Upgrade Prettier to match version in monorepo root (#6231) 
GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d
 2022-01-11 09:03:23 +00:00
Jakob Ackermann 9a6e954e1f Merge pull request #6234 from overleaf/jpa-web-owns-spelling-preferences 
[misc] move ownership of spellingPreferences collection to web

GitOrigin-RevId: f2584a1119a578c3df15371c6798923a4f2d15ae
 2022-01-07 09:03:11 +00:00
Eric Mc Sween e2be63e9ed Merge pull request #5740 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: b304c87a3fe46c29189f665eb3daf22c23d6eb8f
 2021-11-11 09:03:09 +00:00