overleaf

mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00

Author	SHA1	Message	Date
Simon Detheridge	4c191953d3	Merge pull request #1356 from sharelatex/spd-password-complexity Make password validation more consistent between backend and frontend GitOrigin-RevId: 6ba729da842bf474cf7e9b5e0b2435db0544737c	2019-01-11 14:43:49 +00:00
Simon Detheridge	4360a55fdc	Merge pull request #1383 from sharelatex/spd-rate-limits Add rate limits to email-related endpoints GitOrigin-RevId: 05a8b40eb65a55aba35788e2401e6988b672b389	2019-01-11 14:43:29 +00:00
Paulo Jorge Reis	e139abb110	Merge pull request #1273 from sharelatex/ja-password-reset-v1 Handle v1-only users in v2 password reset flow GitOrigin-RevId: 38ce8e9aebd3330b980e73640a23661d8015d4f3	2018-12-18 11:48:53 +00:00
Jessica Lawshe	7666c8a481	Merge pull request #1236 from sharelatex/jel-password-reset Reset password via API request to v1 GitOrigin-RevId: 00b0306ca77df650595a762382a8a63b05a945f6	2018-12-14 16:02:14 +00:00
James Allen	0dcbc5facb	Send out confirmation emails on register and record confirmedAt date	2018-06-21 10:21:15 +01:00
Tim Alby	bbaca91e57	add UserGetter#getUserByMainEmail Use only that method to find users by email.	2018-05-28 14:11:09 +02:00
Shane Kilkelly	6a161b4071	remove commented out code	2017-02-06 16:35:52 +00:00
Shane Kilkelly	7d5dc34b3e	fix the set-password form for new (admin-created) users	2017-02-06 14:58:54 +00:00
Shane Kilkelly	6e282ab308	clear sessions on password reset	2016-07-05 14:19:59 +01:00
James Allen	1e8ab5357b	Improve pre-registered account activation process	2015-12-11 11:30:06 +00:00
Shane Kilkelly	0aaeb6671e	Keep password reset token in session, and strip it from reset page url. This fixes an issue where the reset token was leaked in the referrer header when navigating away from the password reset page to an external site. Now we get the token from the query string, store it in the session, then redirect to the bare url of the password reset page, which then uses the stored token to render the reset form.	2015-08-24 11:53:33 +01:00
Henry Oswald	3ecf201eda	send -> sendStatus	2015-07-08 16:56:38 +01:00
Henry Oswald	1cc0cbe8fc	split site into 2 routers, webRouter and apiRouter web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf	2015-07-01 15:23:18 +01:00
Henry Oswald	1d21bddcf5	fix Onetime token handler path	2015-05-27 15:06:36 +01:00
Henry Oswald	841231dbf8	make PasswordResetTokenHandler generic so it can be used for invites	2015-05-26 15:24:09 +01:00
Henry Oswald	9764ab258b	added complex password validation to password resets	2015-04-30 12:05:46 +01:00
Henry Oswald	312c56a24e	allow password resets to be performed when site is not public by adding routes into white list	2015-04-30 11:58:26 +01:00
James Allen	893ff85521	Don't allow password resets for holding accounts	2015-04-14 13:11:49 +01:00
James Allen	9b8cf7bcfa	Remove public registration and require that a user be registered by an admin	2015-03-19 14:22:48 +00:00
Henry Oswald	56efefd6d4	renamed variable	2014-10-30 08:33:18 +00:00
James Allen	accd8207b2	Show password reset expired message rather than server error if that's what has happened	2014-10-08 17:18:24 +01:00
Henry Oswald	f73629f8d9	v1 of sentinal support	2014-09-26 14:52:00 +01:00
James Allen	10021986c5	Don't error on password reset if no email found, and translate error messages	2014-08-08 11:41:54 +01:00
Henry Oswald	d047d44079	Changed the error messages which are sent down to the client to be translated first fixed up tests from titles we check when rendering, deleted them as they never catch anything important, more hastle than they are worth imo.	2014-08-01 14:03:38 +01:00
Henry Oswald	1b8c8b8c48	sorted out titles	2014-08-01 13:47:14 +01:00
James Allen	5aa7daa951	Fix password reset rate limit to work on ip, not email which changes every request	2014-06-25 10:46:58 +01:00
Henry Oswald	dabed896be	lowercase password reset email	2014-06-10 17:54:29 +01:00
Henry Oswald	50df82697a	Merge branch 'master' of github.com:sharelatex/web-sharelatex	2014-05-16 11:27:09 +01:00
Henry Oswald	9419d3a0e5	hooked up the frount end ui to show the email can not be found, added client side valdidation on password, removed server side min length check. Just check that it is not 0 len	2014-05-16 11:26:29 +01:00
James Allen	240dc2e319	Use crypto.randomBytes	2014-05-16 10:52:31 +01:00
Henry Oswald	9c3c57f2a8	renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name	2014-05-16 10:43:55 +01:00
Henry Oswald	bf1bb22afd	added rate limiting to password reset endpoint	2014-05-16 10:31:33 +01:00
Henry Oswald	133c4759f8	fix tests, whoops	2014-05-15 18:26:00 +01:00
Henry Oswald	e1b3f3542c	added some logging	2014-05-15 18:14:05 +01:00
Henry Oswald	96d98329f1	token based reset works	2014-05-15 17:58:25 +01:00
Henry Oswald	1ffd19099b	writen getUserIdFromToken	2014-05-15 17:20:42 +01:00
Henry Oswald	9f901fb1ba	added the token generator and its getNewToken function	2014-05-15 17:16:20 +01:00
Henry Oswald	64688e661d	written password reset controller	2014-05-15 16:50:38 +01:00
Henry Oswald	551e1d465a	written password reset handler	2014-05-15 16:20:23 +01:00

39 commits