Timothée Alby
276310bd23
Merge pull request #1778 from overleaf/hb-password-reset-sl
...
Handle users who haven't migrated better on password reset
GitOrigin-RevId: f123a6fe4a5a958f558e3cf34c3180e8fc96d159
2019-05-16 07:34:18 +00:00
Timothée Alby
5b7974065d
Prevent registration of new accounts with existing secondary emails ( #1696 )
...
Prevent registration of new accounts with existing secondary emails
GitOrigin-RevId: 004cf9d31064fc5b7deb621c95c38f103397ff15
2019-05-02 14:17:34 +00:00
Simon Detheridge
9808eb7f55
Merge pull request #1722 from sharelatex/jel-password-descriptive-message
...
Use descriptive error message for password reset
GitOrigin-RevId: f1f0bacd6397f2068ed2abc71ee6ec54b3a51aff
2019-04-25 14:37:21 +00:00
Jessica Lawshe
f455a11aa8
Merge pull request #1655 from sharelatex/jel-user-must-reconfirm
...
Reconfirm user accounts
GitOrigin-RevId: 0343ff745e881cd51b5efbfb97404b6b926905c8
2019-04-17 14:14:19 +00:00
Simon Detheridge
4c191953d3
Merge pull request #1356 from sharelatex/spd-password-complexity
...
Make password validation more consistent between backend and frontend
GitOrigin-RevId: 6ba729da842bf474cf7e9b5e0b2435db0544737c
2019-01-11 14:43:49 +00:00
Simon Detheridge
4360a55fdc
Merge pull request #1383 from sharelatex/spd-rate-limits
...
Add rate limits to email-related endpoints
GitOrigin-RevId: 05a8b40eb65a55aba35788e2401e6988b672b389
2019-01-11 14:43:29 +00:00
Paulo Jorge Reis
e139abb110
Merge pull request #1273 from sharelatex/ja-password-reset-v1
...
Handle v1-only users in v2 password reset flow
GitOrigin-RevId: 38ce8e9aebd3330b980e73640a23661d8015d4f3
2018-12-18 11:48:53 +00:00
Jessica Lawshe
7666c8a481
Merge pull request #1236 from sharelatex/jel-password-reset
...
Reset password via API request to v1
GitOrigin-RevId: 00b0306ca77df650595a762382a8a63b05a945f6
2018-12-14 16:02:14 +00:00
Shane Kilkelly
6a161b4071
remove commented out code
2017-02-06 16:35:52 +00:00
Shane Kilkelly
7d5dc34b3e
fix the set-password form for new (admin-created) users
2017-02-06 14:58:54 +00:00
Shane Kilkelly
6e282ab308
clear sessions on password reset
2016-07-05 14:19:59 +01:00
James Allen
1e8ab5357b
Improve pre-registered account activation process
2015-12-11 11:30:06 +00:00
Shane Kilkelly
0aaeb6671e
Keep password reset token in session, and strip it from reset page url.
...
This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.
Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.
2015-08-24 11:53:33 +01:00
Henry Oswald
3ecf201eda
send -> sendStatus
2015-07-08 16:56:38 +01:00
Henry Oswald
9764ab258b
added complex password validation to password resets
2015-04-30 12:05:46 +01:00
Henry Oswald
56efefd6d4
renamed variable
2014-10-30 08:33:18 +00:00
James Allen
accd8207b2
Show password reset expired message rather than server error if that's what has happened
2014-10-08 17:18:24 +01:00
James Allen
10021986c5
Don't error on password reset if no email found, and translate error messages
2014-08-08 11:41:54 +01:00
Henry Oswald
d047d44079
Changed the error messages which are sent down to the client to be translated first
...
fixed up tests from titles we check when rendering, deleted them as they never
catch anything important, more hastle than they are worth imo.
2014-08-01 14:03:38 +01:00
Henry Oswald
1b8c8b8c48
sorted out titles
2014-08-01 13:47:14 +01:00
James Allen
5aa7daa951
Fix password reset rate limit to work on ip, not email which changes every request
2014-06-25 10:46:58 +01:00
Henry Oswald
dabed896be
lowercase password reset email
2014-06-10 17:54:29 +01:00
Henry Oswald
9419d3a0e5
hooked up the frount end ui to show the email can not be found,
...
added client side valdidation on password, removed server side min
length check. Just check that it is not 0 len
2014-05-16 11:26:29 +01:00
Henry Oswald
bf1bb22afd
added rate limiting to password reset endpoint
2014-05-16 10:31:33 +01:00
Henry Oswald
9f901fb1ba
added the token generator and its getNewToken function
2014-05-15 17:16:20 +01:00
Henry Oswald
64688e661d
written password reset controller
2014-05-15 16:50:38 +01:00
Henry Oswald
551e1d465a
written password reset handler
2014-05-15 16:20:23 +01:00