June Kelly
3288f87dbe
[web] Password set/reset: reject current password (redux) ( #8956 )
...
* [web] set-password: reject same as current password
* [web] Add 'peek' operation on tokens
This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.
We give up to three attempts before invalidating the token.
* [web] Add hide-on-error feature to async forms
This allows us to hide the form elements when certain
named error conditions occur.
* [web] reset-password: handle same-password rejection
We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.
* [web] Validate OneTimeToken when loading password reset form
* [web] Rate limit GET: /user/password/set
Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.
* [web] Tidy up pug layout and mongo query for token peeking
Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
2022-09-28 08:06:54 +00:00
Alf Eaton
c41c14c697
Remove deprecated grunt code ( #9506 )
...
GitOrigin-RevId: 2b19d73c593545aaa9f6eb88143d08c5df39a1be
2022-09-16 08:05:37 +00:00
Eric Mc Sween
19c73cbd73
Merge pull request #9563 from overleaf/em-tpds-merge-metadata
...
Return metadata from TPDS update endpoint in web
GitOrigin-RevId: 9154be67f7f975807c6e986a5d6fb66013c9a384
2022-09-13 08:05:50 +00:00
Alf Eaton
7c20e7701b
Remove mkdirp from web dependencies ( #7427 )
...
GitOrigin-RevId: b170371e538ca65fccd5c21f76dc25feec909190
2022-08-22 08:03:41 +00:00
Simon Detheridge
9953822175
Merge pull request #6661 from overleaf/spd-local-tests
...
Move acceptance test mocks to nonstandard ports and add options for running locally
GitOrigin-RevId: bd8f70ac8d80599daccc51cfe7b90a2ad8d8c3d8
2022-08-10 08:03:45 +00:00
Jakob Ackermann
e5e6be99f8
Merge pull request #9099 from overleaf/jpa-web-graceful-shutdown
...
[web] introduce graceful shutdown
GitOrigin-RevId: f42793a96f1e0304c57a855241bffa32bb291864
2022-08-05 08:03:27 +00:00
Timothée Alby
95a289b80b
Merge pull request #9009 from overleaf/ab-split-tests-saas-check
...
[web] Skip split test assignment logic when not in SaaS mode
GitOrigin-RevId: 4c370bbc78c5a6828207f3336dfa6af9f4d71e17
2022-07-29 08:04:03 +00:00
Timothée Alby
ff3e659fbb
Merge pull request #8897 from overleaf/ta-token-access-anonymous-redirect
...
Redirect Early on Anonymous Write Token Access Attempts
GitOrigin-RevId: 55e1839c3171a0a6a677ecca2f6bec87aad802bd
2022-07-29 08:03:45 +00:00
Timothée Alby
7f722a006c
Merge pull request #8571 from overleaf/ta-token-access-page
...
Require User Interaction on Token Access Page
GitOrigin-RevId: 2f4c00ba75ebd6bd87d3e770ec8223d736344f5b
2022-07-29 08:03:39 +00:00
Alexandre Bourdin
e9e36737e6
Merge pull request #8957 from overleaf/ab-split-test-controls-badge
...
[web] SplitTestBadge based on split test phase and badge config
GitOrigin-RevId: e178ca864fd6619ff61a2a84fc1ccb5d54e0a814
2022-07-26 08:04:28 +00:00
M Fahru
574d0eab12
Improve error message when a collaborator tries to refresh a linked file without access to the project ( #8884 )
...
* Improve error message when a collaborator tries to refresh a linked file without access to the project
* Move the AccessDeniedError hardcoded error message to translation file
* apply prettier
* remove period (dot) in test hardcoded string
* revert unintended changes
GitOrigin-RevId: 50a5bf46428a96e629e9091cc18068f3ee7084e3
2022-07-21 08:03:32 +00:00
Henry Oswald
5f1abee345
Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password
...
Revert "[web] Password set/reset: reject current password"
GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
2022-07-20 08:04:00 +00:00
June Kelly
d04ea76081
Merge pull request #8882 from overleaf/jk-web-reject-same-password
...
[web] Password set/reset: reject current password
GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
2022-07-20 08:03:36 +00:00
Alexandre Bourdin
21c8b9a47a
Merge pull request #8426 from overleaf/ta-error-pages-style
...
Update General Error Pages Style
GitOrigin-RevId: 04346784c94d5ce6bf3257fd128a3f00da4c4e9e
2022-06-23 08:02:34 +00:00
Miguel Serrano
6549b93caa
Fixed tests by removing stdout checks that are no longer valid ( #8337 )
...
* Fixed tests by removing stdout checks that are no longer valid
script verbosity was updated in c73b46599b
, this checks are no longer valid. After the deleted line there's an extra check that should be good enough for the test case.
GitOrigin-RevId: 2756d11cad97fdbeca44f35c24ee192e582a52c1
2022-06-09 08:02:27 +00:00
Eric Mc Sween
e0ab82e3d4
Merge pull request #8035 from overleaf/em-remove-chaid
...
Remove the chaid package from tests
GitOrigin-RevId: 61b541eebcf1982137aa10ad51940547c649e68d
2022-05-23 08:04:07 +00:00
Jakob Ackermann
f0bd6dda23
Merge pull request #7986 from overleaf/jpa-eslint-8
...
[misc] upgrade eslint packages to the latest version everywhere
GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
2022-05-17 08:05:59 +00:00
Tim Down
35480a3c7d
Merge pull request #7545 from overleaf/td-split-test-data-sentry
...
Record split-test state in Sentry metadata from web clients
GitOrigin-RevId: 66dd195c546bd9fb0aedac52844200846c5012ca
2022-04-25 08:04:45 +00:00
ilkin-overleaf
d50271c1e9
Merge pull request #7225 from overleaf/ta-leave-modal
...
[DeleteAccount] Create Modal with Form
GitOrigin-RevId: 611f08c7253f59d91c6937b79c80a386b9d21ccd
2022-04-11 08:03:36 +00:00
Eric Mc Sween
3235119302
Merge pull request #7228 from overleaf/em-node-16
...
Upgrade to Node 16
GitOrigin-RevId: 3db1ae57ffb02f8a2b9012ffbb3efecfc01d2b04
2022-04-05 12:20:52 +00:00
Jakob Ackermann
c8866bbda0
Merge pull request #7094 from overleaf/jpa-redirect-admin-requests
...
[web] redirect admin users from admin endpoints to the admin domain
GitOrigin-RevId: a4bd7d4f998615efcb46ae9866868af9489c94f5
2022-04-05 12:18:51 +00:00
Jakob Ackermann
d59b154f07
Merge pull request #6712 from overleaf/jpa-redirect-token-access
...
[web] redirect admin users from token access gateway to admin panel
GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f
2022-04-05 12:18:29 +00:00
Jakob Ackermann
e82a053c85
Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app
...
[misc] move admin capability from www. to admin. subdomain
GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459
2022-04-05 12:18:24 +00:00
Thomas
1aae979398
Send delete request to chat when expiring deleted projects ( #6997 )
...
* Send delete request to chat when expiring deleted projects
* Add script to clean-up orphaned chat of previously expired projects
GitOrigin-RevId: 157d100bd51b6204a9e31733b5164b8e7036ef01
2022-03-28 08:04:29 +00:00
Eric Mc Sween
5ded04eaea
Merge pull request #6785 from overleaf/em-split-tests-analytics-enabled
...
Add "analytics enabled" setting to split tests
GitOrigin-RevId: 9ddfda9e246cac7a13361b2d3df6884212583000
2022-03-01 09:04:15 +00:00
Jessica Lawshe
1c62f82f9c
Merge pull request #6886 from overleaf/jpa-less-verbose-ci
...
[web] skip HIBP check for all tests but the HIBP specific ones
GitOrigin-RevId: 714e69cc2220e7edcef875d6be487ded571cd977
2022-02-25 09:03:23 +00:00
Miguel Serrano
176ead8983
Primary Email Check ( #6471 )
...
* added primary-email-check page, route and controllers
* add `#add-email` internal link in settings to display new email form
* added primary-email-check redirection with split test
* update `lastPrimaryEmailCheck` when the default email address is set
* added `lastPrimaryCheck` to admin panel
* translations for primary-email-check
* acceptance tests for primary-email-check
* [web] multi-submit for primary email check
* Using `confirmedAt` to prevent from displaying primary-email-check page
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
Co-Authored-By: Miguel Serrano <mserranom@gmail.com>
GitOrigin-RevId: d8e3a280439da08038a4487d8bfd7b3b0596e3b5
2022-02-04 09:03:34 +00:00
Jakob Ackermann
7b4102025e
Merge pull request #6493 from overleaf/jpa-flaky-delay
...
[web] HaveIBeenPwnedApiTests: give background check more time
GitOrigin-RevId: 761b3f402f9284eb56bee29e6e78e759ac42ba86
2022-01-27 09:03:53 +00:00
Jakob Ackermann
d812b88e76
Merge pull request #6457 from overleaf/jpa-harden-login
...
[web] harden login process
GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d
2022-01-27 09:03:38 +00:00
Jakob Ackermann
8e77ada424
Merge pull request #6417 from overleaf/jpa-device-history
...
[web] add cookie/JWE based device history for skipping captcha challenge
GitOrigin-RevId: b091564bfd93f7e587d396c860fd864f220f4b63
2022-01-27 09:03:34 +00:00
Jessica Lawshe
6a0da3d204
Merge pull request #6375 from overleaf/jel-reconfirm-check
...
[web] Use v1 date for reconfirm notification check
GitOrigin-RevId: e14f1b6a1a6ab629628858d962a3757a6078cf79
2022-01-26 09:03:50 +00:00
Tim Alby
3e70546e18
rename price attributes to price_in_cents or price_in_unit
...
GitOrigin-RevId: 8045472c96862078583fcb522099ad78926281dc
2022-01-21 09:03:23 +00:00
Jakob Ackermann
1fc0b3e4aa
Merge pull request #6349 from overleaf/jpa-password-strength-checking
...
[web] data collection for password strength using HaveIBeenPwned api
GitOrigin-RevId: 7e4d57a979c29027fb7ca5294f3935500a0b4cf3
2022-01-20 09:03:07 +00:00
Jakob Ackermann
d720d6affa
Merge pull request #6317 from overleaf/jpa-send-explicit-content-type
...
[web] send explicit content type in responses
GitOrigin-RevId: d5aeaba57a7d2fc053fbf5adc2299fb46e435341
2022-01-18 09:03:18 +00:00
June Kelly
c72ec548bb
Merge pull request #5976 from overleaf/jk-login-audit-log-type
...
[web] Add 'method' info to login audit log
GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
2022-01-14 09:02:28 +00:00
Jessica Lawshe
1122a83b60
Merge pull request #6254 from overleaf/jel-saml-entitlement
...
[web] Always update entitlement in v1 after SAML callback
GitOrigin-RevId: 2569d6d8e6142786ad2875c62c9cd4568837654a
2022-01-13 09:04:16 +00:00
Alf Eaton
50df230846
[web] Upgrade Prettier to match version in monorepo root ( #6231 )
...
GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d
2022-01-11 09:03:23 +00:00
Jakob Ackermann
2465a32451
Merge pull request #6234 from overleaf/jpa-web-owns-spelling-preferences
...
[misc] move ownership of spellingPreferences collection to web
GitOrigin-RevId: f2584a1119a578c3df15371c6798923a4f2d15ae
2022-01-07 09:03:11 +00:00
Eric Mc Sween
5fc6d7dcb3
Merge pull request #5740 from overleaf/em-gcp-logging-web
...
Improve GCP logging for web
GitOrigin-RevId: b304c87a3fe46c29189f665eb3daf22c23d6eb8f
2021-11-11 09:03:09 +00:00
Hugh O'Brien
3b95ac6d88
Merge pull request #5688 from overleaf/jpa-invalid-password-message
...
[web] password reset: validate user password ahead of invalidating token
GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
2021-11-10 09:02:38 +00:00
Jakob Ackermann
6122520bf5
Merge pull request #5727 from overleaf/jpa-deprecation-warnings
...
[misc] fix deprecation warnings
GitOrigin-RevId: aa103252e5918143bb1dacb19e87e47bb1784e83
2021-11-09 09:04:44 +00:00
Jakob Ackermann
b5998148e7
Merge pull request #5622 from overleaf/jpa-less-verbose-ci
...
[web] less verbose CI
GitOrigin-RevId: 4935fa7f10db9309376c548788277c79b9ec50db
2021-11-03 09:03:04 +00:00
Eric Mc Sween
e5676a9643
Merge pull request #5648 from overleaf/em-revert-gcp-logging-web
...
Revert "Improve GCP logging for web"
GitOrigin-RevId: 92d446baf62108da1df92146eec12a2fe69d30ee
2021-11-02 09:03:29 +00:00
Eric Mc Sween
641b10cceb
Merge pull request #5632 from overleaf/em-gcp-logging-web
...
Improve GCP logging for web
GitOrigin-RevId: 1198fab2e821a55563058171cfa435605216e337
2021-11-02 09:03:22 +00:00
Brian Gough
99f5023d5a
Merge pull request #5623 from overleaf/bg-initial-features-epoch
...
[web] start using featuresEpoch in production
GitOrigin-RevId: b3cbbdc60677455fddbe9fff5e97d63f2239c59d
2021-11-02 09:03:09 +00:00
Jakob Ackermann
7f9fd00bda
Merge pull request #5367 from overleaf/jpa-node-handle-callback-err
...
[misc] fix eslint violations for node/handle-callback-err
GitOrigin-RevId: 83a4900e8861010df1917bff49382bd9c93375bd
2021-10-28 08:03:26 +00:00
Jakob Ackermann
a6f05109a3
Merge pull request #5352 from overleaf/jpa-no-var
...
[misc] fix eslint violations for `no-var`
GitOrigin-RevId: c52e82f3a8a993b8662cc5aa56e7b95ca3c55832
2021-10-27 08:03:00 +00:00
Jakob Ackermann
358e8b7424
Merge pull request #5349 from overleaf/jpa-no-depreacted-api
...
[misc] fix eslint violations for node/no-depreacted-api
GitOrigin-RevId: 0f7d64984da9e789c4ab95381db34afb89fa1a94
2021-10-21 08:03:18 +00:00
June Kelly
7292cfbd02
Merge pull request #5366 from overleaf/jk-move-password-reset-audit-log
...
[web] audit password reset before taking action
GitOrigin-RevId: 672f712658b4669a5a750dbc6f97d24ce35c332d
2021-10-21 08:03:00 +00:00
Brian Gough
b9e7f6ab5e
Merge pull request #5384 from overleaf/bg-add-symbol-palette-feature-flag
...
[web] add symbol palette feature flag
GitOrigin-RevId: 154499aaef72b677f28d85c501d0015811081887
2021-10-14 08:03:11 +00:00