Commit graph

1802 commits

Author SHA1 Message Date
Shane Kilkelly
855fe2e143 If user is project owner, don't add them as a token user 2017-10-16 16:44:20 +01:00
Brian Gough
4c78b5770c use regex for directory check 2017-10-16 15:17:33 +01:00
Brian Gough
2bb7c6d4c6 remove child_process module from ArchiveManager 2017-10-16 14:21:28 +01:00
Brian Gough
96d08e41a7 update tests 2017-10-16 14:15:38 +01:00
Brian Gough
d6d76f132e replace unzip with yauzl 2017-10-16 14:15:38 +01:00
Alasdair Smith
60c297eac8 Also prevent rollout to modulo 0 users 2017-10-16 13:40:09 +01:00
Shane Kilkelly
ad999a72b6 If a token-based project not found, check private overleaf project 2017-10-16 13:20:15 +01:00
Alasdair Smith
abb21ac96b Fix autocompile rollout logic 2017-10-16 12:44:11 +01:00
Alasdair Smith
5d3371a52c Merge pull request #38 from sharelatex/as-autocompile-rollout
Rollout for auto compile; Connects to #20
2017-10-16 10:48:43 +01:00
Alasdair Smith
625f52c248 Update cutoff date 2017-10-16 10:28:42 +01:00
Shane Kilkelly
490ccc6051 Add commentary to token-generator, and move token-alpha to top level 2017-10-13 11:37:38 +01:00
Shane Kilkelly
ac513a1355 Refactor to not pass req down into Auth modules 2017-10-13 11:20:57 +01:00
Brian Gough
4ce639db70 Merge pull request #58 from sharelatex/bg-rate-limit-autocompile
fix two bugs in auto compile limit logic
2017-10-13 08:18:31 +01:00
Alasdair Smith
36e1fafb60 Set proportion to 0 2017-10-12 17:10:41 +01:00
James Allen
f0079bb7a4 Merge pull request #41 from sharelatex/ja-transfer-projects
Add method to transfer projects from one user_id to another
2017-10-12 16:27:00 +01:00
Brian Gough
fc3ecddd0e fix two bugs in auto compile limit logic
1. the compileGroup is "standard" not default
2. was not excluding normal compiles from metrics
2017-10-12 16:18:14 +01:00
Brian Gough
8cf3288187 avoid exception in validateProjectName 2017-10-12 16:03:12 +01:00
Shane Kilkelly
dcf601fe80 Only show token-based projects if accessLevel is set to token-based 2017-10-12 15:47:29 +01:00
Shane Kilkelly
9a7c8c5842 Revert "Remove remaining traces of UserStub"
This reverts commit ab6b4c32254a20b940c489b8b5b56237433cc0f6.
2017-10-12 15:08:48 +01:00
Brian Gough
18370076a2 Merge pull request #45 from sharelatex/bg-auto-doc-flush
allow docupdater to flush docs in background (connects to overleaf/sharelatex#190)
2017-10-12 14:48:16 +01:00
Shane Kilkelly
16416463c6 Update removeUserFromProject to account for token-access 2017-10-12 11:49:02 +01:00
Shane Kilkelly
6feedf5520 Use crypto module for token generation 2017-10-12 11:36:45 +01:00
Shane Kilkelly
22c5f41fb6 Add logging for token generation 2017-10-12 11:25:16 +01:00
Shane Kilkelly
fe708fcc04 Generate all missing tokens 2017-10-12 11:19:26 +01:00
Shane Kilkelly
70b1e42e36 Add deprecation comment regarding legacy access-levels 2017-10-12 11:00:39 +01:00
Shane Kilkelly
6e09165452 Refactor auth sources 2017-10-12 10:57:11 +01:00
Brian Gough
45ed090326 Merge pull request #37 from sharelatex/bg-rate-limit-autocompile
rate limit autocompile (connects to #18)
2017-10-12 09:25:59 +01:00
Brian Gough
c913ec69ef Merge pull request #34 from sharelatex/bg-fix-double-callback-in-resources-check
fix double callback in resources check (connects to #18)
2017-10-12 09:20:05 +01:00
Brian Gough
cf25ff058f use new endpoint docupdater get_and_flush_if_old 2017-10-11 16:05:28 +01:00
Alasdair Smith
5047213c3c Change rollout detection to account for changes in proportion preserving rolled out users 2017-10-11 14:47:39 +01:00
Hayden Faulds
f017a94b7e remove unused HistoryManager 2017-10-11 11:18:20 +01:00
Hayden Faulds
4e0a159db4 Merge pull request #40 from sharelatex/hof-pathname-for-doc-store
return pathname from DocumentController.getDoc
2017-10-11 09:52:56 +01:00
Brian Gough
5b0d3d1429 simplify rate-limit checking code 2017-10-09 16:31:01 +01:00
Brian Gough
9eec245358 allow docupdater to flush docs in background 2017-10-09 14:17:28 +01:00
Shane Kilkelly
1a4ffe7708 Remove un-necessary call to getProject from archiveProject path 2017-10-09 11:30:55 +01:00
Shane Kilkelly
ad68adee9a Add more commentary on the anonymous path 2017-10-09 11:13:55 +01:00
Shane Kilkelly
e73de3bfd4 Fix whitespace in function signature 2017-10-09 10:57:23 +01:00
Shane Kilkelly
732ce9417b Don't create tokens on project by default 2017-10-09 10:25:20 +01:00
Shane Kilkelly
d386f79a76 Clean up 2017-10-06 16:10:33 +01:00
Shane Kilkelly
91abb6eed6 If project is not tokenBased, don't count members of token arrays 2017-10-06 15:57:22 +01:00
Shane Kilkelly
387854db7a Fix an embarassing mistake, generate tokens dynamically, not once. 2017-10-06 13:24:10 +01:00
James Allen
3c54419eb3 Remove commented debug code 2017-10-05 16:12:26 +01:00
James Allen
9c1faa4395 Add method to transfer projects from one user_id to another 2017-10-05 14:26:34 +01:00
Shane Kilkelly
bb0dad3353 Safe access to potentially-null project 2017-10-05 14:19:21 +01:00
Shane Kilkelly
b8d90a1a99 Show token-access projects on the dashboard 2017-10-05 13:20:06 +01:00
Shane Kilkelly
e4e558c0e6 Hide access tokens if user is not the project owner.
This prevents sneaky read-only users from sniffing out the read-write
link via the browser console.
2017-10-05 13:18:30 +01:00
Shane Kilkelly
6482cd7dd8 Generate tokens on old projects if they're not present 2017-10-04 16:31:24 +01:00
Alasdair Smith
8366ea271f Restrict autocompile onboarding to users in rollout (factor of 100) 2017-10-03 17:08:19 +01:00
Brian Gough
d14723f24a add rate limits for autocompiles
global rate limit for all users and a lower rate limit for free users
2017-10-03 16:16:21 +01:00
Shane Kilkelly
b6c2a8f7f7 Tidy up callbacks 2017-10-03 14:14:22 +01:00
Shane Kilkelly
7b33f8b4c2 Unit test TokenAccessController 2017-10-03 14:04:59 +01:00
Alasdair Smith
91e0397bf5 Update signup date check to today 2017-10-03 10:48:59 +01:00
Shane Kilkelly
ede497f4b3 Unit test TokenAccessHandler 2017-10-03 10:02:26 +01:00
Brian Gough
bd005d7bb6 fix double callback in precompile resources check 2017-10-02 10:14:52 +01:00
Shane Kilkelly
9f24f696a5 Use custom header, send anonToken in payload to joinProject 2017-09-29 16:32:07 +01:00
Shane Kilkelly
34d4d1360f Anon read-token: add an Authorization header to $http 2017-09-29 15:54:55 +01:00
Hayden Faulds
bf1c24f6f9 return pathname from DocumentController.getDoc 2017-09-29 15:37:10 +01:00
Shane Kilkelly
9810f63245 Render editor for token access, stub out ui changes 2017-09-28 16:06:08 +01:00
Alasdair Smith
3e2388a7de Don't show autocompile for users signed up after release date 2017-09-28 13:57:15 +01:00
Alasdair Smith
f2c0bf5515 First pass at getting onboarding shown event from analytics 2017-09-28 13:04:18 +01:00
Alasdair Smith
afff8ddf29 Pass (dummy) autocompile onboarding 2017-09-28 11:13:49 +01:00
Shane Kilkelly
4552f3be67 Move the getPublicAccessLevel helper to top-level of module 2017-09-28 10:53:35 +01:00
Shane Kilkelly
27dcf6c4c5 Fix a typo causing double-callbacks 2017-09-28 10:37:57 +01:00
Shane Kilkelly
574b115022 Working token-based access 2017-09-27 14:01:52 +01:00
Brian Gough
13628f82ec Merge pull request #17 from sharelatex/bg-lock-compiles
show error for compile in progress
2017-09-27 13:54:16 +01:00
Hayden Faulds
4adf88ca01 handle OL or SL ids in UserInfoController.getPersonalInfo 2017-09-26 11:40:05 +01:00
Hayden Faulds
2c0e9bb89a return overleaf details from ProejctsDetailsHandler.getdetails 2017-09-26 10:19:30 +01:00
Brian Gough
0f855689a7 show error for compile in progress 2017-09-26 08:07:35 +01:00
Shane Kilkelly
ee32648bf4 Order privileges by highest-to-lowest 2017-09-22 15:55:38 +01:00
Shane Kilkelly
81170d472d Add token-access routes 2017-09-22 14:54:35 +01:00
Shane Kilkelly
95292a2e55 Add unique index to token properties 2017-09-21 15:06:42 +01:00
Shane Kilkelly
441c207953 Generate tokens by default 2017-09-21 15:04:15 +01:00
Shane Kilkelly
abe41b6948 Fix projection in project query 2017-09-21 13:37:10 +01:00
Shane Kilkelly
863d327743 Change logic to exclude token users 2017-09-21 11:02:55 +01:00
Shane Kilkelly
931ba56e33 Add an 'owner' source tag, for the project owner 2017-09-21 09:35:25 +01:00
Shane Kilkelly
ef7e1ceabf Rename functions to make distinction between invited/token members 2017-09-21 09:30:38 +01:00
Shane Kilkelly
91ec0da239 Use the invitedMembers function for sending tpds updates 2017-09-20 15:48:20 +01:00
Shane Kilkelly
574baf386e Alter getProjectsUserIsMemberOf to include token-access projects.
Also change the api to produce an object with the different project lists
attached, rather than a pair of lists.
2017-09-20 15:26:03 +01:00
Shane Kilkelly
ceb7c509d0 Rename getProjectsUserIsCollaboratorOf to ...IsMemberOf
This brings the naming more in line with current conventions.
2017-09-20 13:16:50 +01:00
Shane Kilkelly
069f49d5a6 Change getCollaboratorCount to getInvitedCollaboratorCount.
And update the one call-site in LimitationsManager. This function
is used to limit invites, so it makes sense to explicitely limit
this to Invited members of the project.
2017-09-20 10:29:47 +01:00
Shane Kilkelly
8460160076 Add a getInvitedMembersWithPrivilegeLevels function.
Then use it to build the loadProject view-model.
2017-09-20 10:02:43 +01:00
Shane Kilkelly
cf54989e6a Add a getInvitedMemberIds function
Limited to only members who were invited to the project, not users
who have access via a token.
2017-09-20 09:36:56 +01:00
Shane Kilkelly
fc202439ab Read-only privelege for anonymous access 2017-09-20 09:36:06 +01:00
Shane Kilkelly
06966f67db Differentiate project members by source, include token members 2017-09-20 09:35:19 +01:00
Shane Kilkelly
a06f4b6b28 Remove remaining traces of UserStub 2017-09-19 16:16:39 +01:00
Shane Kilkelly
7919d5342b Remove obsolete add-email-to-project workflow 2017-09-19 15:57:19 +01:00
Shane Kilkelly
c87df7be79 Add token-access user refs to Project 2017-09-19 09:27:22 +01:00
Shane Kilkelly
8fece2d5f0 Add tokenBased access level 2017-09-18 10:58:13 +01:00
Shane Kilkelly
2011432120 Add tokens property to Project model 2017-09-18 10:27:28 +01:00
James Allen
adf211a226 Merge pull request #594 from sharelatex/ja-include-token-in-project-schema
Include OL tokens in project schema
2017-09-15 11:41:24 +02:00
Brian Gough
9f9c15f6f5 Merge pull request #599 from sharelatex/bg-reset-project-state
clear docupdater project state in deleteAuxFiles
2017-09-15 09:09:29 +01:00
Brian Gough
28a80cf23d Merge pull request #604 from sharelatex/bg-fix-root-doc-in-incremental-compile
fix root doc in incremental compile
2017-09-13 13:47:22 +01:00
Tim Alby
a04adbf132 remove extra security headers 2017-09-13 11:53:11 +02:00
Brian Gough
51eb94a493 handle incremental compile without root doc 2017-09-13 10:10:44 +01:00
Brian Gough
0e87b8950e update clearProjectState endpoint 2017-09-12 11:40:00 +01:00
Tim Alby
d6834ff417 add security headers using Helmet
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
  - a user is logged in, OR
  - a project is displayed
2017-09-12 11:17:59 +02:00
Brian Gough
5430c8a3c2 Merge pull request #593 from sharelatex/bg-fix-inactive-projects-request
avoid error when passing as limit in mongo query
2017-09-11 08:16:28 +01:00
Brian Gough
6d73c48c36 Merge pull request #596 from sharelatex/bg-suppress-incremental-compile-after-errors
suppress incremental compile after errors
2017-09-11 08:15:50 +01:00
Brian Gough
2b4c8bd846 clear docupdater project state in deleteAuxFiles 2017-09-08 15:57:29 +01:00
Brian Gough
e8435e3eae make condition clearer for incremental compile 2017-09-08 13:39:24 +01:00
Brian Gough
03a5ff2e43 skip incremental compile after docupdater error 2017-09-07 15:06:09 +01:00
Shane Kilkelly
586d1f1599 Merge pull request #531 from sharelatex/sk-allow-explicit-ses-email-config
Instantiate the ses client if explicitly specified.
2017-09-07 10:21:01 +01:00
Brian Gough
3ac0e97a14 avoid error when passing as limit in mongo query
convert request parameter from string to number
2017-09-05 12:33:13 +01:00
Brian Gough
e2368615e2 Merge pull request #589 from sharelatex/bg-check-options-for-incremental-compile
include the options in the project state hash
2017-09-05 11:53:17 +01:00
Brian Gough
2e6c578dd7 add ol-style.css to fingerprint list 2017-09-05 10:54:26 +01:00
James Allen
39320c20b8 Include OL tokens in project schema 2017-09-05 10:50:39 +02:00
Brian Gough
d9557fcbf5 include the options in the project state hash 2017-09-01 16:36:51 +01:00
Shane Kilkelly
3d0268a486 Add other required properties for project load. 2017-09-01 11:36:23 +01:00
Shane Kilkelly
68f860b28d Load user features alongside id and email.
Fixes a bug where project features were not applied properly,
and instead fell back to the free-account defaults.
2017-09-01 11:16:45 +01:00
James Allen
9c4dc40abf Merge pull request #583 from sharelatex/ja-import-projects
Add in UserStub model and support in collaborators view
2017-08-29 16:06:00 +02:00
James Allen
a58a715fad Merge pull request #570 from sharelatex/ho-null-check-redis-sessions
Ho null check redis sessions
2017-08-29 15:44:22 +02:00
James Allen
8d268e9d42 Merge pull request #580 from sharelatex/ja-import-collaborators
Add in UserStub model and support in collaborators view
2017-08-29 15:43:54 +02:00
James Allen
ba43e45f85 Merge pull request #578 from sharelatex/ja-import-projects
Update Project schema for overleaf imports
2017-08-29 15:43:39 +02:00
James Allen
bb6ca9ba51 Update Project schema 2017-08-29 15:21:05 +02:00
Brian Gough
f9d1650c6a Merge pull request #569 from sharelatex/bg-compile-from-redis
compile from redis
2017-08-25 09:09:52 +01:00
James Allen
d5839437fd Add in UserStub model and support in collaborators view 2017-08-24 17:48:47 +02:00
James Allen
b4254f06ef Update Project schema for overleaf imports 2017-08-21 17:49:08 +02:00
Brian Gough
90ff58b820 compute project state hash from sorted docs/files 2017-08-16 10:49:29 +01:00
Brian Gough
739445336f remove unused code and fix flushing 2017-08-15 16:00:00 +01:00
Brian Gough
4789dd23ee docupdater will parse lines in getProjectDocs
no need to do this in web now
2017-08-11 16:57:23 +01:00
James Allen
1f326f7990 Merge pull request #575 from sharelatex/ja-overleaf-oauth
Allow OAuth based log-ins from Overleaf
2017-08-10 10:28:41 +02:00
Brian Gough
e2048e1ed5 use incrementalCompilesEnabled as option name 2017-08-09 16:25:57 +01:00
Brian Gough
836bddd91f comment about 409 code in DocumentUpdaterHandler 2017-08-09 16:00:11 +01:00
Brian Gough
ddecd26718 flush documents to mongo on incremental compiles 2017-08-09 15:47:44 +01:00
James Allen
7538c8834f Merge branch 'master' into ja-per-user-track-changes 2017-08-09 14:05:36 +02:00
James Allen
a0a45ee654 Update date 2017-08-09 14:02:40 +02:00
Brian Gough
7eb1c01994 add metrics for incremental compiles 2017-08-09 11:41:09 +01:00
Brian Gough
97b129cbe3 enable incremental compilation for beta users 2017-08-09 10:57:24 +01:00
James Allen
638eeb1247 Update Server.coffee 2017-08-09 11:51:08 +02:00
James Allen
17e849792c Pull out logic into module 2017-08-09 11:50:05 +02:00
Brian Gough
8aa77cec5e provide fallback to normal compile method 2017-08-08 16:48:47 +01:00
Brian Gough
203e42fa4c clean up options handling 2017-08-08 16:48:37 +01:00
James Allen
eac0ce8353 Initial spike of Overleaf based logins 2017-08-08 14:00:21 +02:00
Brian Gough
31e71854a4 fix unit tests 2017-08-08 11:38:31 +01:00
Brian Gough
849e905efb simplify incremental request to docupdater
if project state hasn't changed, get the docs from the docupdater -- we
check/set the hash and return the docs in a single request.  Otherwise
do a full request from mongo.
2017-08-07 14:45:04 +01:00
Brian Gough
1321009fe1 update docupdater endpoint to /project/id/docs 2017-08-03 14:40:46 +01:00
Henry Oswald
33fe252a15 null check user during logout 2017-08-03 13:26:14 +01:00
Henry Oswald
35f31d5a3c null check the user correctly 2017-08-03 13:17:39 +01:00
Brian Gough
38c879faf2 improve comment about ClsiStateManager hash 2017-08-03 12:15:27 +01:00
Brian Gough
6d331e8ffd use projectStateUnchanged instead of stateOk 2017-08-03 12:10:23 +01:00
Brian Gough
f44b844d74 refer to project state as projectStateHash 2017-08-03 12:08:11 +01:00
Brian Gough
5c02255e07 use syncType and syncState for clsi state options 2017-08-03 11:44:10 +01:00
Brian Gough
fb29ac3031 clean up logging 2017-08-03 11:36:59 +01:00
Brian Gough
0a859d3b33 clean up state manager 2017-08-03 11:36:23 +01:00
Brian Gough
a955b8fcc9 remove unused inline function 2017-08-03 11:35:42 +01:00
Brian Gough
a4117487e9 switch from mongoose to mongojs in ClsiManager
for efficiency
2017-08-03 11:35:42 +01:00
Brian Gough
17b1075dc9 add rootFolder to attributes in Clsi request 2017-08-03 10:20:57 +01:00
James Allen
86a38df6e0 Merge pull request #563 from sharelatex/pr-support-html-encoded-i18n
Support HTML encoded i18n
2017-08-03 10:36:35 +02:00
James Allen
3d9da02815 Merge pull request #555 from sharelatex/sk-password-policy
Enforce stricter password policy.
2017-08-03 10:35:00 +02:00
James Allen
28838eff60 Merge pull request #567 from sharelatex/ja-admin-panel-additions
Some refactoring and methods needed to support the admin panel
2017-08-03 10:34:33 +02:00