Commit graph

536 commits

Author SHA1 Message Date
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956)
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
2022-09-28 08:06:54 +00:00
Alf Eaton
c41c14c697 Remove deprecated grunt code (#9506)
GitOrigin-RevId: 2b19d73c593545aaa9f6eb88143d08c5df39a1be
2022-09-16 08:05:37 +00:00
Eric Mc Sween
19c73cbd73 Merge pull request #9563 from overleaf/em-tpds-merge-metadata
Return metadata from TPDS update endpoint in web

GitOrigin-RevId: 9154be67f7f975807c6e986a5d6fb66013c9a384
2022-09-13 08:05:50 +00:00
Alf Eaton
7c20e7701b Remove mkdirp from web dependencies (#7427)
GitOrigin-RevId: b170371e538ca65fccd5c21f76dc25feec909190
2022-08-22 08:03:41 +00:00
Simon Detheridge
9953822175 Merge pull request #6661 from overleaf/spd-local-tests
Move acceptance test mocks to nonstandard ports and add options for running locally

GitOrigin-RevId: bd8f70ac8d80599daccc51cfe7b90a2ad8d8c3d8
2022-08-10 08:03:45 +00:00
Jakob Ackermann
e5e6be99f8 Merge pull request #9099 from overleaf/jpa-web-graceful-shutdown
[web] introduce graceful shutdown

GitOrigin-RevId: f42793a96f1e0304c57a855241bffa32bb291864
2022-08-05 08:03:27 +00:00
Timothée Alby
95a289b80b Merge pull request #9009 from overleaf/ab-split-tests-saas-check
[web] Skip split test assignment logic when not in SaaS mode

GitOrigin-RevId: 4c370bbc78c5a6828207f3336dfa6af9f4d71e17
2022-07-29 08:04:03 +00:00
Timothée Alby
ff3e659fbb Merge pull request #8897 from overleaf/ta-token-access-anonymous-redirect
Redirect Early on Anonymous Write Token Access Attempts

GitOrigin-RevId: 55e1839c3171a0a6a677ecca2f6bec87aad802bd
2022-07-29 08:03:45 +00:00
Timothée Alby
7f722a006c Merge pull request #8571 from overleaf/ta-token-access-page
Require User Interaction on Token Access Page

GitOrigin-RevId: 2f4c00ba75ebd6bd87d3e770ec8223d736344f5b
2022-07-29 08:03:39 +00:00
Alexandre Bourdin
e9e36737e6 Merge pull request #8957 from overleaf/ab-split-test-controls-badge
[web] SplitTestBadge based on split test phase and badge config

GitOrigin-RevId: e178ca864fd6619ff61a2a84fc1ccb5d54e0a814
2022-07-26 08:04:28 +00:00
M Fahru
574d0eab12 Improve error message when a collaborator tries to refresh a linked file without access to the project (#8884)
* Improve error message when a collaborator tries to refresh a linked file without access to the project

* Move the AccessDeniedError hardcoded error message to translation file

* apply prettier

* remove period (dot) in test hardcoded string

* revert unintended changes

GitOrigin-RevId: 50a5bf46428a96e629e9091cc18068f3ee7084e3
2022-07-21 08:03:32 +00:00
Henry Oswald
5f1abee345 Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
2022-07-20 08:04:00 +00:00
June Kelly
d04ea76081 Merge pull request #8882 from overleaf/jk-web-reject-same-password
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
2022-07-20 08:03:36 +00:00
Alexandre Bourdin
21c8b9a47a Merge pull request #8426 from overleaf/ta-error-pages-style
Update General Error Pages Style

GitOrigin-RevId: 04346784c94d5ce6bf3257fd128a3f00da4c4e9e
2022-06-23 08:02:34 +00:00
Miguel Serrano
6549b93caa Fixed tests by removing stdout checks that are no longer valid (#8337)
* Fixed tests by removing stdout checks that are no longer valid

script verbosity was updated in c73b46599b, this checks are no longer valid. After the deleted line there's an extra check that should be good enough for the test case.

GitOrigin-RevId: 2756d11cad97fdbeca44f35c24ee192e582a52c1
2022-06-09 08:02:27 +00:00
Eric Mc Sween
e0ab82e3d4 Merge pull request #8035 from overleaf/em-remove-chaid
Remove the chaid package from tests

GitOrigin-RevId: 61b541eebcf1982137aa10ad51940547c649e68d
2022-05-23 08:04:07 +00:00
Jakob Ackermann
f0bd6dda23 Merge pull request #7986 from overleaf/jpa-eslint-8
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
2022-05-17 08:05:59 +00:00
Tim Down
35480a3c7d Merge pull request #7545 from overleaf/td-split-test-data-sentry
Record split-test state in Sentry metadata from web clients

GitOrigin-RevId: 66dd195c546bd9fb0aedac52844200846c5012ca
2022-04-25 08:04:45 +00:00
ilkin-overleaf
d50271c1e9 Merge pull request #7225 from overleaf/ta-leave-modal
[DeleteAccount] Create Modal with Form

GitOrigin-RevId: 611f08c7253f59d91c6937b79c80a386b9d21ccd
2022-04-11 08:03:36 +00:00
Eric Mc Sween
3235119302 Merge pull request #7228 from overleaf/em-node-16
Upgrade to Node 16

GitOrigin-RevId: 3db1ae57ffb02f8a2b9012ffbb3efecfc01d2b04
2022-04-05 12:20:52 +00:00
Jakob Ackermann
c8866bbda0 Merge pull request #7094 from overleaf/jpa-redirect-admin-requests
[web] redirect admin users from admin endpoints to the admin domain

GitOrigin-RevId: a4bd7d4f998615efcb46ae9866868af9489c94f5
2022-04-05 12:18:51 +00:00
Jakob Ackermann
d59b154f07 Merge pull request #6712 from overleaf/jpa-redirect-token-access
[web] redirect admin users from token access gateway to admin panel

GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f
2022-04-05 12:18:29 +00:00
Jakob Ackermann
e82a053c85 Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app
[misc] move admin capability from www. to admin. subdomain

GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459
2022-04-05 12:18:24 +00:00
Thomas
1aae979398 Send delete request to chat when expiring deleted projects (#6997)
* Send delete request to chat when expiring deleted projects

* Add script to clean-up orphaned chat of previously expired projects

GitOrigin-RevId: 157d100bd51b6204a9e31733b5164b8e7036ef01
2022-03-28 08:04:29 +00:00
Eric Mc Sween
5ded04eaea Merge pull request #6785 from overleaf/em-split-tests-analytics-enabled
Add "analytics enabled" setting to split tests

GitOrigin-RevId: 9ddfda9e246cac7a13361b2d3df6884212583000
2022-03-01 09:04:15 +00:00
Jessica Lawshe
1c62f82f9c Merge pull request #6886 from overleaf/jpa-less-verbose-ci
[web] skip HIBP check for all tests but the HIBP specific ones

GitOrigin-RevId: 714e69cc2220e7edcef875d6be487ded571cd977
2022-02-25 09:03:23 +00:00
Miguel Serrano
176ead8983 Primary Email Check (#6471)
* added primary-email-check page, route and controllers
* add `#add-email` internal link in settings to display new email form
* added primary-email-check redirection with split test
* update `lastPrimaryEmailCheck` when the default email address is set
* added `lastPrimaryCheck` to admin panel
* translations for primary-email-check
* acceptance tests for primary-email-check
* [web] multi-submit for primary email check
* Using `confirmedAt` to prevent from displaying primary-email-check page

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
Co-Authored-By: Miguel Serrano <mserranom@gmail.com>
GitOrigin-RevId: d8e3a280439da08038a4487d8bfd7b3b0596e3b5
2022-02-04 09:03:34 +00:00
Jakob Ackermann
7b4102025e Merge pull request #6493 from overleaf/jpa-flaky-delay
[web] HaveIBeenPwnedApiTests: give background check more time

GitOrigin-RevId: 761b3f402f9284eb56bee29e6e78e759ac42ba86
2022-01-27 09:03:53 +00:00
Jakob Ackermann
d812b88e76 Merge pull request #6457 from overleaf/jpa-harden-login
[web] harden login process

GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d
2022-01-27 09:03:38 +00:00
Jakob Ackermann
8e77ada424 Merge pull request #6417 from overleaf/jpa-device-history
[web] add cookie/JWE based device history for skipping captcha challenge

GitOrigin-RevId: b091564bfd93f7e587d396c860fd864f220f4b63
2022-01-27 09:03:34 +00:00
Jessica Lawshe
6a0da3d204 Merge pull request #6375 from overleaf/jel-reconfirm-check
[web] Use v1 date for reconfirm notification check

GitOrigin-RevId: e14f1b6a1a6ab629628858d962a3757a6078cf79
2022-01-26 09:03:50 +00:00
Tim Alby
3e70546e18 rename price attributes to price_in_cents or price_in_unit
GitOrigin-RevId: 8045472c96862078583fcb522099ad78926281dc
2022-01-21 09:03:23 +00:00
Jakob Ackermann
1fc0b3e4aa Merge pull request #6349 from overleaf/jpa-password-strength-checking
[web] data collection for password strength using HaveIBeenPwned api

GitOrigin-RevId: 7e4d57a979c29027fb7ca5294f3935500a0b4cf3
2022-01-20 09:03:07 +00:00
Jakob Ackermann
d720d6affa Merge pull request #6317 from overleaf/jpa-send-explicit-content-type
[web] send explicit content type in responses

GitOrigin-RevId: d5aeaba57a7d2fc053fbf5adc2299fb46e435341
2022-01-18 09:03:18 +00:00
June Kelly
c72ec548bb Merge pull request #5976 from overleaf/jk-login-audit-log-type
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
2022-01-14 09:02:28 +00:00
Jessica Lawshe
1122a83b60 Merge pull request #6254 from overleaf/jel-saml-entitlement
[web] Always update entitlement in v1 after SAML callback

GitOrigin-RevId: 2569d6d8e6142786ad2875c62c9cd4568837654a
2022-01-13 09:04:16 +00:00
Alf Eaton
50df230846 [web] Upgrade Prettier to match version in monorepo root (#6231)
GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d
2022-01-11 09:03:23 +00:00
Jakob Ackermann
2465a32451 Merge pull request #6234 from overleaf/jpa-web-owns-spelling-preferences
[misc] move ownership of spellingPreferences collection to web

GitOrigin-RevId: f2584a1119a578c3df15371c6798923a4f2d15ae
2022-01-07 09:03:11 +00:00
Eric Mc Sween
5fc6d7dcb3 Merge pull request #5740 from overleaf/em-gcp-logging-web
Improve GCP logging for web

GitOrigin-RevId: b304c87a3fe46c29189f665eb3daf22c23d6eb8f
2021-11-11 09:03:09 +00:00
Hugh O'Brien
3b95ac6d88 Merge pull request #5688 from overleaf/jpa-invalid-password-message
[web] password reset: validate user password ahead of invalidating token

GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
2021-11-10 09:02:38 +00:00
Jakob Ackermann
6122520bf5 Merge pull request #5727 from overleaf/jpa-deprecation-warnings
[misc] fix deprecation warnings

GitOrigin-RevId: aa103252e5918143bb1dacb19e87e47bb1784e83
2021-11-09 09:04:44 +00:00
Jakob Ackermann
b5998148e7 Merge pull request #5622 from overleaf/jpa-less-verbose-ci
[web] less verbose CI

GitOrigin-RevId: 4935fa7f10db9309376c548788277c79b9ec50db
2021-11-03 09:03:04 +00:00
Eric Mc Sween
e5676a9643 Merge pull request #5648 from overleaf/em-revert-gcp-logging-web
Revert "Improve GCP logging for web"

GitOrigin-RevId: 92d446baf62108da1df92146eec12a2fe69d30ee
2021-11-02 09:03:29 +00:00
Eric Mc Sween
641b10cceb Merge pull request #5632 from overleaf/em-gcp-logging-web
Improve GCP logging for web

GitOrigin-RevId: 1198fab2e821a55563058171cfa435605216e337
2021-11-02 09:03:22 +00:00
Brian Gough
99f5023d5a Merge pull request #5623 from overleaf/bg-initial-features-epoch
[web] start using featuresEpoch in production

GitOrigin-RevId: b3cbbdc60677455fddbe9fff5e97d63f2239c59d
2021-11-02 09:03:09 +00:00
Jakob Ackermann
7f9fd00bda Merge pull request #5367 from overleaf/jpa-node-handle-callback-err
[misc] fix eslint violations for node/handle-callback-err

GitOrigin-RevId: 83a4900e8861010df1917bff49382bd9c93375bd
2021-10-28 08:03:26 +00:00
Jakob Ackermann
a6f05109a3 Merge pull request #5352 from overleaf/jpa-no-var
[misc] fix eslint violations for `no-var`

GitOrigin-RevId: c52e82f3a8a993b8662cc5aa56e7b95ca3c55832
2021-10-27 08:03:00 +00:00
Jakob Ackermann
358e8b7424 Merge pull request #5349 from overleaf/jpa-no-depreacted-api
[misc] fix eslint violations for node/no-depreacted-api

GitOrigin-RevId: 0f7d64984da9e789c4ab95381db34afb89fa1a94
2021-10-21 08:03:18 +00:00
June Kelly
7292cfbd02 Merge pull request #5366 from overleaf/jk-move-password-reset-audit-log
[web] audit password reset before taking action

GitOrigin-RevId: 672f712658b4669a5a750dbc6f97d24ce35c332d
2021-10-21 08:03:00 +00:00
Brian Gough
b9e7f6ab5e Merge pull request #5384 from overleaf/bg-add-symbol-palette-feature-flag
[web] add symbol palette feature flag

GitOrigin-RevId: 154499aaef72b677f28d85c501d0015811081887
2021-10-14 08:03:11 +00:00