agw/overleaf-cep - overleaf-cep - Gitea

agw/overleaf-cep

mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-30 20:31:34 +02:00

Author	SHA1	Message	Date
Antoine Clausse	fb114a7c44	Merge pull request #19545 from overleaf/ac-remove-login-route-override [web] Remove `/login` route override from overleaf-integration GitOrigin-RevId: a22d0698e5039a8e77fb7ebb620500ad40a9a630	2024-08-14 08:04:26 +00:00
Antoine Clausse	1e36db524f	[web] Merge authentication error handling (V1LoginController & AuthenticationController) (#19457 ) * Promisify `AuthenticationController.doPassportLogin` * Update tests `AuthenticationController.doPassportLogin` * Add test on error handling for `AuthenticationController.doPassportLogin` * Add test on error handling for `V1LoginController.doLogin` * Extract error handling to `getErrorObject` function * Simplify code * Add `Metrics` calls * Add `password is too long` in AuthenticationController * Make `info` object consistent with the rest of the codebase * Move error handling to `AuthenticationManager.handleAuthenticateErrors` * Move `handleAuthenticateErrors` to other file I moved this solely because I didn't manage to test it otherwise * Update tests * Remove `preDoPassportLogin` hook call * Remove test on `preDoPassportLogin` * Use try/catch block instead of `.catch()` * Revert "Use try/catch block instead of `.catch()`" This reverts commit 3475afa93ce4af7ad55c91bfc1d7ad3317600ea5. * Replace `.catch` by `try/catch` GitOrigin-RevId: 3fba65c30a2c5fc6e5abcd5b83c52801852ed462	2024-07-31 08:05:07 +00:00
Antoine Clausse	5f2718cf29	[web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555 ) * Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware` * Lowercase the email to avoid rate-limit bypass * Remove unit test "when the users rate limit" * Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest` This should address the `trim()` bypass * Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail` We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email" * Add acceptance test for rate limit * Add comment on rate limits * Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity * Make the login rate limits configurable from the settings GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7	2024-07-30 08:04:26 +00:00
Antoine Clausse	e452f1df5b	[web] Promisify LdapController (#18500 ) * Promisify LdapController * Update tests LdapControllerTests.js * Promisify `AuthenticationController.finishLogin` * Simplify null checks in LdapController * Fix: don't use spread operator in module.exports * Make `AuthenticationController.promises.finishLogin` a promise that resolves * Fixup: `finishLogin` does not call `next` then the promise finishes, it calls it only on errors * Use `Modules.promises.hooks.fire` * Revert `processPassportLogin` callback style * Update error handling: Use `OError.tag` instead of `logger.err` * Fix unit tests: Rely on callbacks rather than promises * Fix: Actually call `passport.authenticate` (!!) * Update test: fixup `passport.authenticate` mocks This would have caught the bugs that the previous commit is solving * Remove `.then(() => next())` in `processPassportLogin` Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com> --------- Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com> GitOrigin-RevId: a7eab5f5289956aeb8f2418408958daef3511ab7	2024-06-06 08:04:23 +00:00
Eric Mc Sween	876ee4d967	Merge pull request #18225 from overleaf/em-typescript-eslint Add typescript-eslint rule: no-floating-promises GitOrigin-RevId: 8c3decdff537c885f5bfeb5250b7805480bc6602	2024-05-27 10:22:20 +00:00
Antoine Clausse	25d8e053be	[web] Update `revokeAllUserSessions` and rename it to `removeSessionsFromRedis` (#18360 ) * Fix `revokeAllUserSessions` call in `_cleanupUser` The user object should be passed, not the _id * Change `revokeAllUserSessions` signature, take `req` and `stayLoggedIn` arguments * Update uses of `revokeAllUserSessions` * Fix promisified `revokeAllUserSessions` args * Update tests * Destroy or Regenerate the session in the end of `revokeAllUserSessions` Per https://github.com/overleaf/internal/issues/17036#issuecomment-1938398570 * Revert "Destroy or Regenerate the session in the end of `revokeAllUserSessions`" This reverts commit fe30734dbe45b27d2931d2e43a711d591bb85787. * Rename `revokeAllUserSessions` to `removeSessionsFromRedis` * Fixup tests * Fix: add optional chaining in `req.sessionID` (!!) GitOrigin-RevId: d41676bf00f463230af495e09c65fb9ee521f49f	2024-05-20 08:04:12 +00:00
Jakob Ackermann	dfe587f297	Merge pull request #18294 from overleaf/jpa-td-invite-details [web] avoid content reflection via query parameter on register page GitOrigin-RevId: 43e7ba6069e0d9f3f12e5e9e680b5960b0673782	2024-05-16 08:05:09 +00:00
Jakob Ackermann	4c49841637	Merge pull request #18153 from overleaf/jpa-validate-session-in-store [web] check for redis connection being out of sync in session store GitOrigin-RevId: c271e88d4e1fbcb0f7a57f4775e8ef88b70b16a8	2024-05-03 08:04:25 +00:00
Brian Gough	29105911c5	Merge pull request #17732 from overleaf/bg-session-mitigation-initial-protoype anonymous cookie-based sessions module GitOrigin-RevId: 75fe2d48fa384ba8d07c0b478a9a5a907a2b3b67	2024-04-26 08:04:54 +00:00
David	ce00af7838	Merge pull request #18011 from overleaf/dp-make-_getRedirectFromSession-public Make _getRedirectFromSession a public method GitOrigin-RevId: 6538e4ec25e607d32beb944370d151d4f1a3709c	2024-04-24 08:04:13 +00:00
roo hutton	754609f379	Merge pull request #17830 from overleaf/rh-reduce-staff-access-session [web] Reduce size of staffAccess field in session GitOrigin-RevId: 7745dc595e8096caef04fd140b47532f0775f165	2024-04-12 08:06:35 +00:00
Thomas	811173d32d	Merge pull request #17569 from overleaf/tm-account-suspension Add the ability to suspend user accounts GitOrigin-RevId: 5e57f29941434c78a47354baca83527213f9b9b5	2024-03-22 09:03:06 +00:00
Miguel Serrano	abe33de010	[web] upgrade @node-oauth/oauth2-server to ^5.1.0, (#16705 ) * [web] upgrade @node-oauth/oauth2-server to ^5.1.0, * Added `expressify` to middleware returned by Authentication.requireOauth() * Extracted OAuth2 scope transformation to utilities * Throw an error with undefined SAML scopes GitOrigin-RevId: 00dfe81c707e9a3fcf9bb10e007c1fc646f7b9dd	2024-02-09 09:05:20 +00:00
Jakob Ackermann	63520c7076	Merge pull request #16859 from overleaf/jpa-sharelatex-cleanup [misc] ShareLaTeX cleanup - high impact GitOrigin-RevId: 6dcce9b0f15e30f7afcf6d69c3df36a369f38120	2024-02-09 09:04:11 +00:00
Jakob Ackermann	880087945e	Merge pull request #16854 from overleaf/jpa-overleaf-integration-core-tests [web] enable overleaf-integration module when running SaaS tests GitOrigin-RevId: 36eda6ef448604a55f8dc8daac5ce29af23b6b0b	2024-02-05 09:04:05 +00:00
Jakob Ackermann	797f2c518d	Merge pull request #16514 from overleaf/jpa-enforce-oauth-scope [web] restrict access to oauth endpoints to their respective clients GitOrigin-RevId: 6ffa6008130588e44d336e2af32584ee20ad3ffc	2024-01-18 09:04:28 +00:00
Mathias Jakobsen	c371732e6e	Merge pull request #16186 from overleaf/mj-mongo-object-id [web] Use constructor for ObjectId GitOrigin-RevId: 9eb8b377ea599605b72af237d1ab12f4d8287162	2023-12-19 09:04:02 +00:00
Miguel Serrano	771f07d7ad	Merge pull request #16202 from overleaf/msm-passport-upgrade-2 [web] passport + passport-saml updates (post revert) GitOrigin-RevId: e1fa5757e15b3ac733511570637d39297247e050	2023-12-14 09:03:24 +00:00
Miguel Serrano	369d5cb406	Merge pull request #16190 from overleaf/revert-15519-em-upgrade-passport Revert "Upgrade passport" GitOrigin-RevId: 34a5442d6dae9623463908f92ab103bdc16f1b67	2023-12-12 09:04:23 +00:00
Miguel Serrano	d96283e593	Merge pull request #15519 from overleaf/em-upgrade-passport Upgrade passport GitOrigin-RevId: b93bfcab39ba3d2ab4efb4814371defec8ca95c4	2023-12-12 09:04:08 +00:00
Eric Mc Sween	21971956b7	Merge pull request #12219 from overleaf/em-camel-case-web Camel case variables in web GitOrigin-RevId: 28e61b759b27f71265f33ab64f588374dba610e0	2023-03-22 09:05:04 +00:00
June Kelly	9e824ac93c	Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts [web] Audit failed login attempts GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9	2022-10-20 08:03:44 +00:00
Eric Mc Sween	e0d91eaa26	Merge pull request #7906 from overleaf/em-downgrade-logs Downgrade all INFO logs to DEBUG GitOrigin-RevId: 05ed582ef0721fcada059f0ad158565f50feca27	2022-05-17 08:05:26 +00:00
Jakob Ackermann	e82a053c85	Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459	2022-04-05 12:18:24 +00:00
Jakob Ackermann	d812b88e76	Merge pull request #6457 from overleaf/jpa-harden-login [web] harden login process GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d	2022-01-27 09:03:38 +00:00
Jakob Ackermann	d720d6affa	Merge pull request #6317 from overleaf/jpa-send-explicit-content-type [web] send explicit content type in responses GitOrigin-RevId: d5aeaba57a7d2fc053fbf5adc2299fb46e435341	2022-01-18 09:03:18 +00:00
June Kelly	c72ec548bb	Merge pull request #5976 from overleaf/jk-login-audit-log-type [web] Add 'method' info to login audit log GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4	2022-01-14 09:02:28 +00:00
Alf Eaton	50df230846	[web] Upgrade Prettier to match version in monorepo root (#6231 ) GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d	2022-01-11 09:03:23 +00:00
Brian Gough	108c99cf53	Merge pull request #6141 from overleaf/bg-update-basic-auth [web] remove deprecated basic-auth-connect module GitOrigin-RevId: b18435c98696858da70f3a715258c3c7a86c3b54	2021-12-20 09:03:06 +00:00
Alexandre Bourdin	3577f25ba2	Merge pull request #5051 from overleaf/ab-web-mono-analytics-id Analytics ID Support (v2) GitOrigin-RevId: 707f62697f6566d8aad22e424684d97f7bc147df	2021-09-13 08:03:14 +00:00
Alexandre Bourdin	5b8de28250	Merge pull request #5050 from overleaf/revert-4639-ab-web-mono-analytics-id Revert "Analytics ID support" GitOrigin-RevId: cc5da762ba1bafcbcea65ed0dd86342896b6d1eb	2021-09-10 08:04:47 +00:00
Alexandre Bourdin	6dd641e0e6	Merge pull request #4639 from overleaf/ab-web-mono-analytics-id Analytics ID support GitOrigin-RevId: 820a6c0f4d19f046f6c791ce4dc64dbc80748924	2021-09-10 08:04:31 +00:00
Alexandre Bourdin	9468e5cb4f	Merge pull request #4338 from overleaf/ab-session-manager Extract functions from AuthenticationController to SessionManager GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883	2021-07-28 12:36:22 +00:00
Jakob Ackermann	5e773ce950	Merge pull request #4101 from overleaf/ae-settings-module Migrate from `settings-sharelatex` to `@overleaf/settings` GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6	2021-07-08 02:08:28 +00:00
Jakob Ackermann	95c83866c5	Merge pull request #4112 from overleaf/tm-private-api-basic-auth Add requireBasicAuth middleware and refactor httpAuth to use it GitOrigin-RevId: 7f68c0dc4a40102bfe4a97711def517e465ec7fd	2021-06-01 02:05:46 +00:00
Alf Eaton	1be43911b4	Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5	2021-04-28 02:10:01 +00:00
Alf Eaton	1ebc8a79cb	Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33	2021-04-15 02:05:22 +00:00
Shane Kilkelly	04fa863f9f	Merge pull request #3892 from overleaf/sk-reroll-csrf Regenerate CSRF token on login GitOrigin-RevId: 501582b34794a822f4c9fe3af2575b5756511e06	2021-04-10 02:05:13 +00:00
Eric Mc Sween	9ddaa8c9f6	Merge pull request #3830 from overleaf/em-upgrade-node-12 Upgrade to Node 12 GitOrigin-RevId: 19870922884b7c98e7e5f2c94df21829672d2db5	2021-04-01 02:05:52 +00:00
Timothée Alby	8ec7ebe645	Merge pull request #3713 from overleaf/jpa-login-event-drop-pii [AuthenticationController] do not include PII as part of login event GitOrigin-RevId: 274378b3a21945637dc33d2cfb39a53e9aaad9b7	2021-03-30 02:05:09 +00:00
Jakob Ackermann	0ca9d0236c	Merge pull request #3750 from overleaf/jpa-req-ip-in-unit-tests [misc] test/unit: add req.ip to MockRequest helper GitOrigin-RevId: 07b1cf11f20eccb4c002a21f4a59588d201a3f0c	2021-03-27 03:05:10 +00:00
Alasdair Smith	7cbf2cdd9e	Merge pull request #3496 from overleaf/ae-eslint-dot-notation Enable the eslint dot-notation rule GitOrigin-RevId: e11cbad3e8a77a4a60590d3674fbf34feccc5bc9	2020-12-17 03:07:31 +00:00
Christopher Hoskin	1e8598a8d9	Merge pull request #3331 from overleaf/csh-issue-3661-bump-agents Update metrics module GitOrigin-RevId: bdef141035f277ce4863f14f8a6e166d710b1111	2020-10-31 03:05:30 +00:00
Jessica Lawshe	1ca50eeb98	Merge pull request #3179 from overleaf/jel-remove-sudo-mode Remove SudoMode GitOrigin-RevId: 9419f9b28e5051a1c5abd29f498f72448d1afd33	2020-10-07 02:04:29 +00:00
Jakob Ackermann	018a44eeb5	Merge pull request #3185 from overleaf/jpa-normalize-mongo-imports [misc] normalize mongo imports GitOrigin-RevId: ac653d9982e0d36736b90f4c03d4c00be88ea76a	2020-09-25 02:04:20 +00:00
Jakob Ackermann	674954f96f	Merge pull request #3094 from overleaf/sk-restrict-admin-flag Check domain of emails on admin users GitOrigin-RevId: 75de9cff30e3c628249fcd0ea3446a33d51d39b4	2020-08-20 02:06:19 +00:00
Jakob Ackermann	1f6499b5ea	Merge pull request #3053 from overleaf/jpa-spd-accepts [misc] reland 3004: unify detection of json requests and skip issuing of redirects GitOrigin-RevId: fa43b3b4d23deb581496ed70ae8f28b805555d64	2020-07-28 02:06:27 +00:00
Timothée Alby	5d7fd2a9d8	Merge pull request #2751 from overleaf/ta-finish-login-private Don't Export `afterLoginSessionSetup` GitOrigin-RevId: 46818a70566b8ec56e1a40c7f0d9758d2ac2c100	2020-04-29 03:22:04 +00:00
Miguel Serrano	f39a650823	Merge pull request #2749 from overleaf/ew-ta-google-2fa-error fix ERR_HTTP_HEADERS_SENT error with oauth and 2fa GitOrigin-RevId: b70bd79fb544121337be27349a967d52da115930	2020-04-23 03:29:21 +00:00
Timothée Alby	05a2529881	Merge pull request #2689 from overleaf/ta-pre-finish-login-hook Add preFinishLogin Hook GitOrigin-RevId: 8379e0643866feef95c648a2db4d8665420e615b	2020-04-02 03:19:27 +00:00

1 2