agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-27 19:11:56 +02:00
Code Issues Packages Projects Releases Wiki Activity
23,102 Commits 3 Branches 19 Tags
fb114a7c44103e4865110df2f243e5b82037c80b
Commit Graph

83 Commits

Author SHA1 Message Date
Antoine Clausse
fb114a7c44 Merge pull request #19545 from overleaf/ac-remove-login-route-override 
[web] Remove `/login` route override from overleaf-integration

GitOrigin-RevId: a22d0698e5039a8e77fb7ebb620500ad40a9a630
 2024-08-14 08:04:26 +00:00
Antoine Clausse
1e36db524f [web] Merge authentication error handling (V1LoginController & AuthenticationController) (#19457) 
* Promisify `AuthenticationController.doPassportLogin`

* Update tests `AuthenticationController.doPassportLogin`

* Add test on error handling for `AuthenticationController.doPassportLogin`

* Add test on error handling for `V1LoginController.doLogin`

* Extract error handling to `getErrorObject` function

* Simplify code

* Add `Metrics` calls

* Add `password is too long` in AuthenticationController

* Make `info` object consistent with the rest of the codebase

* Move error handling to `AuthenticationManager.handleAuthenticateErrors`

* Move `handleAuthenticateErrors` to other file

I moved this solely because I didn't manage to test it otherwise

* Update tests

* Remove `preDoPassportLogin` hook call

* Remove test on `preDoPassportLogin`

* Use try/catch block instead of `.catch()`

* Revert "Use try/catch block instead of `.catch()`"

This reverts commit 3475afa93ce4af7ad55c91bfc1d7ad3317600ea5.

* Replace `.catch` by `try/catch`

GitOrigin-RevId: 3fba65c30a2c5fc6e5abcd5b83c52801852ed462
 2024-07-31 08:05:07 +00:00
Antoine Clausse
5f2718cf29 [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555) 
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`

* Lowercase the email to avoid rate-limit bypass

* Remove unit test "when the users rate limit"

* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`

This should address the `trim()` bypass

* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`

We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"

* Add acceptance test for rate limit

* Add comment on rate limits

* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity

* Make the login rate limits configurable from the settings

GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
 2024-07-30 08:04:26 +00:00
Antoine Clausse
e452f1df5b [web] Promisify LdapController (#18500) 
* Promisify LdapController

* Update tests LdapControllerTests.js

* Promisify `AuthenticationController.finishLogin`

* Simplify null checks in LdapController

* Fix: don't use spread operator in module.exports

* Make `AuthenticationController.promises.finishLogin` a promise that resolves

* Fixup: `finishLogin` does not call `next` then the promise finishes, it calls it only on errors

* Use `Modules.promises.hooks.fire`

* Revert `processPassportLogin` callback style

* Update error handling: Use `OError.tag` instead of `logger.err`

* Fix unit tests: Rely on callbacks rather than promises

* Fix: Actually call `passport.authenticate` (!!)

* Update test: fixup `passport.authenticate` mocks

This would have caught the bugs that the previous commit is solving

* Remove `.then(() => next())` in `processPassportLogin`

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>

---------

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: a7eab5f5289956aeb8f2418408958daef3511ab7
 2024-06-06 08:04:23 +00:00
Eric Mc Sween
876ee4d967 Merge pull request #18225 from overleaf/em-typescript-eslint 
Add typescript-eslint rule: no-floating-promises

GitOrigin-RevId: 8c3decdff537c885f5bfeb5250b7805480bc6602
 2024-05-27 10:22:20 +00:00
Jakob Ackermann
dfe587f297 Merge pull request #18294 from overleaf/jpa-td-invite-details 
[web] avoid content reflection via query parameter on register page

GitOrigin-RevId: 43e7ba6069e0d9f3f12e5e9e680b5960b0673782
 2024-05-16 08:05:09 +00:00
Jakob Ackermann
4c49841637 Merge pull request #18153 from overleaf/jpa-validate-session-in-store 
[web] check for redis connection being out of sync in session store

GitOrigin-RevId: c271e88d4e1fbcb0f7a57f4775e8ef88b70b16a8
 2024-05-03 08:04:25 +00:00
Brian Gough
29105911c5 Merge pull request #17732 from overleaf/bg-session-mitigation-initial-protoype 
anonymous cookie-based sessions module

GitOrigin-RevId: 75fe2d48fa384ba8d07c0b478a9a5a907a2b3b67
 2024-04-26 08:04:54 +00:00
David
ce00af7838 Merge pull request #18011 from overleaf/dp-make-_getRedirectFromSession-public 
Make _getRedirectFromSession a public method

GitOrigin-RevId: 6538e4ec25e607d32beb944370d151d4f1a3709c
 2024-04-24 08:04:13 +00:00
David
0cf17478fe Merge pull request #17810 from overleaf/dp-compormised-password-prompt 
Add compromised password prompt

GitOrigin-RevId: 7910a220943fcb3aa191da6d514d5bc3ae20f5a3
 2024-04-19 08:03:58 +00:00
roo hutton
754609f379 Merge pull request #17830 from overleaf/rh-reduce-staff-access-session 
[web] Reduce size of staffAccess field in session

GitOrigin-RevId: 7745dc595e8096caef04fd140b47532f0775f165
 2024-04-12 08:06:35 +00:00
Brian Gough
f2a1b49d48 Merge pull request #17593 from overleaf/bg-account-security-update-hibp-links 
Update haveibeenpwnd links to use the password check form

GitOrigin-RevId: f67b1ed689c851ad3684becc38cd5eb82b0018a2
 2024-03-22 09:03:13 +00:00
Thomas
811173d32d Merge pull request #17569 from overleaf/tm-account-suspension 
Add the ability to suspend user accounts

GitOrigin-RevId: 5e57f29941434c78a47354baca83527213f9b9b5
 2024-03-22 09:03:06 +00:00
Jakob Ackermann
84a2b25a3c Merge pull request #17401 from overleaf/jpa-skip-hibp-known-device 
[web] skip HIBP check from known devices

GitOrigin-RevId: 897df02492aafeac010753c7c306e02bde5b1fd8
 2024-03-05 09:03:37 +00:00
Jakob Ackermann
001af76f15 Merge pull request #17399 from overleaf/jpa-hibp-login 
[web] check HIBP on login

GitOrigin-RevId: e052926e4d970f9a15821f1ea9c8af46bdab90cb
 2024-03-05 09:03:34 +00:00
Miguel Serrano
abe33de010 [web] upgrade @node-oauth/oauth2-server to ^5.1.0, (#16705) 
* [web] upgrade @node-oauth/oauth2-server to ^5.1.0,

* Added `expressify` to middleware returned by Authentication.requireOauth()

* Extracted OAuth2 scope transformation to utilities

* Throw an error with undefined SAML scopes

GitOrigin-RevId: 00dfe81c707e9a3fcf9bb10e007c1fc646f7b9dd
 2024-02-09 09:05:20 +00:00
Jakob Ackermann
880087945e Merge pull request #16854 from overleaf/jpa-overleaf-integration-core-tests 
[web] enable overleaf-integration module when running SaaS tests

GitOrigin-RevId: 36eda6ef448604a55f8dc8daac5ce29af23b6b0b
 2024-02-05 09:04:05 +00:00
Jakob Ackermann
797f2c518d Merge pull request #16514 from overleaf/jpa-enforce-oauth-scope 
[web] restrict access to oauth endpoints to their respective clients

GitOrigin-RevId: 6ffa6008130588e44d336e2af32584ee20ad3ffc
 2024-01-18 09:04:28 +00:00
Miguel Serrano
771f07d7ad Merge pull request #16202 from overleaf/msm-passport-upgrade-2 
[web] passport + passport-saml updates (post revert)

GitOrigin-RevId: e1fa5757e15b3ac733511570637d39297247e050
 2023-12-14 09:03:24 +00:00
Miguel Serrano
369d5cb406 Merge pull request #16190 from overleaf/revert-15519-em-upgrade-passport 
Revert "Upgrade passport"

GitOrigin-RevId: 34a5442d6dae9623463908f92ab103bdc16f1b67
 2023-12-12 09:04:23 +00:00
Miguel Serrano
d96283e593 Merge pull request #15519 from overleaf/em-upgrade-passport 
Upgrade passport

GitOrigin-RevId: b93bfcab39ba3d2ab4efb4814371defec8ca95c4
 2023-12-12 09:04:08 +00:00
Jimmy Domagala-Tang
7341c18e0f Merge pull request #16069 from overleaf/jdt-add-staging-trusted-writefull 
Add writeful to trusted users, and fix trusted logic

GitOrigin-RevId: 526d8a77e8d5c56e94a6d671e811bfdbb74e2ac6
 2023-12-04 09:03:01 +00:00
Jimmy Domagala-Tang
0a484bb325 Merge pull request #16015 from overleaf/jdt-trust-captcha-on-login 
Add trusted case for captchaRequiredForLogin

GitOrigin-RevId: 45cd93b46515ced034f1514f5454767383f3a17a
 2023-11-29 09:04:56 +00:00
Jakob Ackermann
1e4dcc84d9 Merge pull request #14803 from overleaf/jpa-split-test-cache-alpha-beta 
[web] invalidate split test cache when alpha/beta program status changes

GitOrigin-RevId: 3023d2adf8466b48490c51497f5c80e7b0a1fe3d
 2023-09-14 08:04:12 +00:00
Eric Mc Sween
21971956b7 Merge pull request #12219 from overleaf/em-camel-case-web 
Camel case variables in web

GitOrigin-RevId: 28e61b759b27f71265f33ab64f588374dba610e0
 2023-03-22 09:05:04 +00:00
June Kelly
9e824ac93c Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts 
[web] Audit failed login attempts

GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9
 2022-10-20 08:03:44 +00:00
Eric Mc Sween
59285d8a1f Merge pull request #9062 from overleaf/pairining-patch 
[web] fix async form redirect handling for institutional SSO flow

GitOrigin-RevId: 35664e101e43b05771961ac4b6dc49d7ebd8fa44
 2022-10-12 08:04:29 +00:00
June Kelly
8f44f69a80 Merge pull request #9679 from overleaf/jk-fix-the-module-system 
[web] Fix how imports work in the Module system

GitOrigin-RevId: 00cb3bfa19c6af979216b9d5e6104d489c18244b
 2022-09-23 08:04:15 +00:00
Timothée Alby
ac3bc987d9 Merge pull request #9297 from overleaf/ta-galileo-module 
Create Galileo Module

GitOrigin-RevId: 0d9dfeebc150bd6a0d828f55be47f9d9f1a70d66
 2022-08-19 08:04:56 +00:00
Jakob Ackermann
f0bd6dda23 Merge pull request #7986 from overleaf/jpa-eslint-8 
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
 2022-05-17 08:05:59 +00:00
Eric Mc Sween
e0d91eaa26 Merge pull request #7906 from overleaf/em-downgrade-logs 
Downgrade all INFO logs to DEBUG

GitOrigin-RevId: 05ed582ef0721fcada059f0ad158565f50feca27
 2022-05-17 08:05:26 +00:00
Eric Mc Sween
a1ff7d8274 Merge pull request #7752 from overleaf/em-promisify-user-updater 
Finish promisification of UserUpdater

GitOrigin-RevId: 8f32b2248cfd0db4232bd808f337c17bd7f7dbf4
 2022-04-28 08:03:54 +00:00
Alexandre Bourdin
62d5eda194 Merge pull request #7348 from overleaf/ab-login-events 
[web] Add events for login buttons clicks and segmentation to user-logged-in event

GitOrigin-RevId: 6283feb075e2d16c871d3f4ff54fe903937d3263
 2022-04-07 08:04:07 +00:00
Jakob Ackermann
e82a053c85 Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app 
[misc] move admin capability from www. to admin. subdomain

GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459
 2022-04-05 12:18:24 +00:00
Jakob Ackermann
d812b88e76 Merge pull request #6457 from overleaf/jpa-harden-login 
[web] harden login process

GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d
 2022-01-27 09:03:38 +00:00
Jakob Ackermann
8e77ada424 Merge pull request #6417 from overleaf/jpa-device-history 
[web] add cookie/JWE based device history for skipping captcha challenge

GitOrigin-RevId: b091564bfd93f7e587d396c860fd864f220f4b63
 2022-01-27 09:03:34 +00:00
June Kelly
c72ec548bb Merge pull request #5976 from overleaf/jk-login-audit-log-type 
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
 2022-01-14 09:02:28 +00:00
Brian Gough
108c99cf53 Merge pull request #6141 from overleaf/bg-update-basic-auth 
[web] remove deprecated basic-auth-connect module

GitOrigin-RevId: b18435c98696858da70f3a715258c3c7a86c3b54
 2021-12-20 09:03:06 +00:00
Eric Mc Sween
5fc6d7dcb3 Merge pull request #5740 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: b304c87a3fe46c29189f665eb3daf22c23d6eb8f
 2021-11-11 09:03:09 +00:00
Eric Mc Sween
e5676a9643 Merge pull request #5648 from overleaf/em-revert-gcp-logging-web 
Revert "Improve GCP logging for web"

GitOrigin-RevId: 92d446baf62108da1df92146eec12a2fe69d30ee
 2021-11-02 09:03:29 +00:00
Eric Mc Sween
641b10cceb Merge pull request #5632 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: 1198fab2e821a55563058171cfa435605216e337
 2021-11-02 09:03:22 +00:00
Jakob Ackermann
7f9fd00bda Merge pull request #5367 from overleaf/jpa-node-handle-callback-err 
[misc] fix eslint violations for node/handle-callback-err

GitOrigin-RevId: 83a4900e8861010df1917bff49382bd9c93375bd
 2021-10-28 08:03:26 +00:00
Jakob Ackermann
13b8321986 Merge pull request #5375 from overleaf/jpa-401-failed-login 
[web] send a non success status code for failed logins in Server CE/Pro

GitOrigin-RevId: 1aace4456c8602af26a362346bfc462e1476b0f7
 2021-10-07 08:04:49 +00:00
Alexandre Bourdin
3577f25ba2 Merge pull request #5051 from overleaf/ab-web-mono-analytics-id 
Analytics ID Support (v2)

GitOrigin-RevId: 707f62697f6566d8aad22e424684d97f7bc147df
 2021-09-13 08:03:14 +00:00
Alexandre Bourdin
5b8de28250 Merge pull request #5050 from overleaf/revert-4639-ab-web-mono-analytics-id 
Revert "Analytics ID support"

GitOrigin-RevId: cc5da762ba1bafcbcea65ed0dd86342896b6d1eb
 2021-09-10 08:04:47 +00:00
Alexandre Bourdin
6dd641e0e6 Merge pull request #4639 from overleaf/ab-web-mono-analytics-id 
Analytics ID support

GitOrigin-RevId: 820a6c0f4d19f046f6c791ce4dc64dbc80748924
 2021-09-10 08:04:31 +00:00
Alexandre Bourdin
9468e5cb4f Merge pull request #4338 from overleaf/ab-session-manager 
Extract functions from AuthenticationController to SessionManager

GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883
 2021-07-28 12:36:22 +00:00
Jakob Ackermann
5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Timothée Alby
0ed07ec0b6 Merge pull request #4214 from overleaf/ta-inbound-register 
Track Inbound Properties on Registration

GitOrigin-RevId: b7ff041ef6a2401683bdbf55756f332d78768f11
 2021-06-22 02:07:34 +00:00
Alf Eaton
29b92615ce Merge pull request #4156 from overleaf/ae-login-log 
Improve login error logging

GitOrigin-RevId: 0af1214890b014294077e585ec20f83fbb425c76
 2021-06-11 02:06:42 +00:00