1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-12-20 15:23:43 -05:00
Commit graph

62 commits

Author SHA1 Message Date
Shane Kilkelly
0f131d940d Enforce stricter password policy.
- Check minimum password lengths
- Set default policy to 6-128 chars
2017-07-24 11:06:47 +01:00
Shane Kilkelly
0e26222551 Don't redirect to images, icons, etc, in login workflow 2017-05-12 15:46:16 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Henry Oswald
cff922a0f5 idendify -> identify 2017-03-22 16:01:26 +00:00
Henry Oswald
ebdce6169e idendifyUser on login 2017-03-22 15:50:49 +00:00
Shane Kilkelly
1137ab0715 Don't record redirect to static asset paths 2017-01-17 14:35:37 +00:00
Shane Kilkelly
f5ced03074 Set redirect when sending user to login page.
Allows smart redirecting to work when public access is turned off.
2017-01-10 15:42:36 +00:00
Shane Kilkelly
395135a655 Merge branch 'sk-post-login-redirect' 2016-11-28 09:52:14 +00:00
Henry Oswald
f130470971 log ip address of user when logging in 2016-11-25 11:59:50 +00:00
Shane Kilkelly
167f01857a Remove stray next params. 2016-11-24 14:15:01 +00:00
Shane Kilkelly
22101d0305 If user is sent to login page with explicit redirect, obey 2016-11-24 11:38:13 +00:00
Shane Kilkelly
cee3326ce3 fix omission of 'length' 2016-11-22 17:06:05 +00:00
Shane Kilkelly
8a4352fff2 Set redirect when redirecting from restricted 2016-11-22 16:54:03 +00:00
Shane Kilkelly
8089bb55a4 use session for the post-login redirect, remove redir query string. 2016-11-22 14:24:36 +00:00
Shane Kilkelly
bfa0e7cf89 WIP: start moving web sessions to cluster 2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00
Henry Oswald
3141f91b59 Merge pull request from sharelatex/ho-password-limits
Ho password limits
2016-10-05 10:03:54 +01:00
Shane Kilkelly
dd14e51713 Handle null, undefined and false in isUserLoggedIn 2016-09-23 16:53:07 +01:00
Henry Oswald
8a2b7d0461 server side protect passwords which are too long 2016-09-23 16:51:46 +01:00
Henry Oswald
0d0f0e8604 wip 2016-09-23 16:38:46 +01:00
Shane Kilkelly
dbac4bd008 update session when user settings change 2016-09-22 16:58:25 +01:00
Shane Kilkelly
636b1fe9e2 Copy to session.user, for compatibility 2016-09-22 15:49:09 +01:00
Shane Kilkelly
c959e0c65d Set req.user 2016-09-22 13:54:13 +01:00
Shane Kilkelly
dde5b7b830 Regenerate session on login, protect against session-fixation attack. 2016-09-21 13:03:37 +01:00
Shane Kilkelly
bb71433727 Remove getLoggedInUser 2016-09-21 09:27:51 +01:00
Henry Oswald
777cbf1c80 move comment for user is false next to if statment 2016-09-20 14:51:51 +01:00
Shane Kilkelly
2119dcbb58 Finalise login workflow, works with login form again. 2016-09-15 14:36:11 +01:00
Shane Kilkelly
8e0103a1bc wip: fix unit tests for AuthenticationController 2016-09-07 14:05:51 +01:00
Shane Kilkelly
3a5b3a8e8d wip: acceptance tests working 2016-09-06 15:55:34 +01:00
Shane Kilkelly
b0a10c948c wip refactor 2016-09-06 15:22:13 +01:00
Shane Kilkelly
749658a916 WIP: fixing acceptance tests 2016-09-06 13:21:22 +01:00
Shane Kilkelly
ab2c1e82fb WIP: refactor 2016-09-05 15:58:31 +01:00
Shane Kilkelly
e6c7aa25ec barely functional login and logout 2016-09-05 10:28:47 +01:00
Shane Kilkelly
e4f4325150 Basic passport integration 2016-09-02 16:17:37 +01:00
Paulo Reis
9bf9df9a4a Track login events. 2016-08-11 14:09:45 +01:00
Shane Kilkelly
0ac9b05d02 Add ip_address and session_created to the session user object. 2016-07-01 15:49:07 +01:00
Shane Kilkelly
f1653d01b7 Refactor method names in UserSessionsManager 2016-07-01 15:33:59 +01:00
Shane Kilkelly
db213c0621 Begin keeping record of user sessions in reds. 2016-06-29 11:35:25 +01:00
Brian Gough
98a0c54004 use parameter for bcrypt rounds, rehash passwords on login if necessary 2016-06-17 12:22:03 +01:00
James Allen
de02928454 Merge branch 'master' into ja_email_tokens 2016-03-17 17:01:26 +00:00
James Allen
b556d57f40 Remove missed console.log debugging lines in AuthenticationController.coffee 2016-03-14 17:11:23 +00:00
James Allen
71ef045728 Implement authorization guards in Authorization{Manager,Controller} 2016-03-14 17:06:57 +00:00
James Allen
3e03164ed4 Remove dead auth_token code 2016-03-10 17:15:14 +00:00
Henry Oswald
940586f654 sped up unit tests to improve speed
also removed some unneeded requires.
2016-03-09 12:51:19 +00:00
Henry Oswald
c8084406d3 user notifications auto created on login for joinging groups 2016-02-17 16:24:09 +00:00
Henry Oswald
690b195f1a move login success to .json as it sends json over 2016-01-25 17:35:57 +00:00
James Allen
1e8ab5357b Improve pre-registered account activation process 2015-12-11 11:30:06 +00:00
Henry Oswald
7fd29b18a8 destroy users session before creating a new one for them after login
session changed to prevent against fixation attacks
2015-07-01 15:29:02 +01:00
Henry Oswald
665bdcf538 v1 of express4 conversion 2015-07-01 15:17:43 +01:00
Henry Oswald
a7640b5bbd changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist 2015-04-30 11:57:40 +01:00