github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity
1849 commits 3 branches 7 tags 221 MiB
Commit graph

544 commits

Author SHA1 Message Date
James Allen
40704b486e Don't lock up on very long lined documents 2015-08-28 16:52:09 +01:00
Shane Kilkelly
0aaeb6671e Keep password reset token in session, and strip it from reset page url. 
This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.

Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.
 2015-08-24 11:53:33 +01:00
Henry Oswald
a53e3b80cf if blog or universities site is down don't crash, send 500 2015-08-20 16:55:16 +01:00
Shane Kilkelly
aab7a8713e Catch the case where filename is shorter than the extension length. 2015-08-20 15:56:30 +01:00
Shane Kilkelly
2dd56d0b32 If we're sending a html file to mobile-safari, do so as plain text. 
This prevents safari from trying to render the page,
which it does because it ignores the "Content-Disposition" header.
 2015-08-20 12:02:43 +01:00
Henry Oswald
63580f6a79 remove useClsi2 flag in project collection 2015-08-19 11:58:41 +01:00
Henry Oswald
a777fcc5a6 changed post to deactivate projects to set params via body rather than query params 2015-08-19 11:55:35 +01:00
Henry Oswald
50fc886c94 changed inactive to active as its more effienct query in mongo 2015-08-19 11:54:30 +01:00
Henry Oswald
d3499acd7b pass options through stating how long ago want to archive from and limit 2015-08-14 14:11:53 +01:00
Henry Oswald
70b825fd2a fixed call to ProjectUpdateHandler.markAsOpened and made it async 2015-08-14 11:27:11 +01:00
Henry Oswald
66b87df17c added deactivate project endpoint 2015-08-14 11:26:11 +01:00
Henry Oswald
bec9bf5c87 replace lodash with underscore in this project 2015-08-14 09:42:27 +01:00
Henry Oswald
a0142d4415 added inactive and reactivate project logic 2015-08-13 22:40:28 +01:00
Henry Oswald
417fd4f5f5 add logging to tell us how long since a project that is being opened was last updated 2015-07-22 10:38:48 +01:00
Henry Oswald
c12213b46b added logging around load editor times 2015-07-22 10:38:28 +01:00
Henry Oswald
a786b623a8 added logging to help debug slow project list page loading 2015-07-22 01:06:23 +01:00
Henry Oswald
3ecf201eda send -> sendStatus 2015-07-08 16:56:38 +01:00
Henry Oswald
9a49ce4a0e removed extra req.session.destroy 2015-07-08 12:58:02 +01:00
Henry Oswald
8020cd8f47 removed tpds from settings.defaults.coffee, if not set updates are now not queued 2015-07-02 12:09:08 +01:00
Henry Oswald
7fd29b18a8 destroy users session before creating a new one for them after login 
session changed to prevent against fixation attacks
 2015-07-01 15:29:02 +01:00
Henry Oswald
4f0b922a5d changed name used when project or file uploaded, this changed when 
we started using https://github.com/expressjs/multer

* originalname - Name of the file on the user's computer
* name - Renamed file name
 2015-07-01 15:28:49 +01:00
Henry Oswald
15a57f5dc4 removed req.session.destorys from endpoints now on the api router which are not needed 2015-07-01 15:26:05 +01:00
Henry Oswald
1cc0cbe8fc split site into 2 routers, webRouter and apiRouter 
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
 2015-07-01 15:23:18 +01:00
Henry Oswald
665bdcf538 v1 of express4 conversion 2015-07-01 15:17:43 +01:00
Henry Oswald
84bf0dd9a3 added timeout and logging for tpdsworker queing via http 2015-06-23 11:19:23 +01:00
Henry Oswald
b83fe4dcf9 put tpdsworker url in from settings 2015-06-23 11:13:05 +01:00
Henry Oswald
2ec925b45e fairy removed from web, makes http request to tpds worker now 2015-06-22 22:33:04 +01:00
Henry Oswald
33aa5c732f if a domain licence link has expired render a nice message explaining they need to retry 2015-06-01 12:43:42 +01:00
Henry Oswald
cb48242b74 changed email expire to 1 day for verifying account 2015-06-01 12:22:46 +01:00
Henry Oswald
6727c3ee00 changed ShareLaTeX thoughts to go into type form 2015-05-29 16:27:35 +01:00
Henry Oswald
d3f6c0c614 Merge branch 'user-csv' of git://github.com/heukirne/web-sharelatex into heukirne-user-csv 2015-05-29 12:17:54 +01:00
Henry Oswald
e4011b9ba1 Merge branch 'emailverification' 2015-05-29 12:10:02 +01:00
Henrique Dias
f50eb0398f add export csv group feature 2015-05-28 16:54:41 -03:00
Henry Oswald
43c4531e51 kill off CollaboratorsHandler. changeUsersPrivilegeLevel as it is not used anywhere 2015-05-28 13:02:08 +01:00
Henry Oswald
22b94e9246 renamed SubscriptionDomainAllocator -> SubscriptionDomainHandler 2015-05-27 20:57:54 +01:00
Henry Oswald
4773d6d22f added tests around new endpoints for joining groups 2015-05-27 20:50:16 +01:00
Henry Oswald
f27c072ae1 pull logic checking if user is already part of a group out of controller into handler 2015-05-27 16:33:47 +01:00
Henry Oswald
72e528e9d1 if you are alread in the group show the custom group page 2015-05-27 15:50:28 +01:00
Henry Oswald
79fa49a43d if a user is elelable to be part of a group subscription and they go to 
/user/subscription it should redirect them to the group subscription invite
 2015-05-27 15:35:31 +01:00
Henry Oswald
1d21bddcf5 fix Onetime token handler path 2015-05-27 15:06:36 +01:00
Brian Gough
a5d14f4ffb handle unexplained case where smokeTestModule is undefined 2015-05-26 16:33:02 +01:00
Henry Oswald
481bd67fbd changed paths to use hyphens and add succesfull join page 2015-05-26 15:26:45 +01:00
Henry Oswald
841231dbf8 make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 15:24:09 +01:00
Brian Gough
e51cdb81bd port leak fixes from smoke-test-sharelatex module 2015-05-26 10:54:55 +01:00
Henry Oswald
cad8d8a23b v1 basic invite works, not pretty or tested 2015-05-22 13:57:15 +01:00
Henry Oswald
f5c39efcac patched xss hole with messages not setting the content type correctly 2015-05-19 11:04:52 +01:00
Henry Oswald
9764ab258b added complex password validation to password resets 2015-04-30 12:05:46 +01:00
Henry Oswald
312c56a24e allow password resets to be performed when site is not public by adding routes into white list 2015-04-30 11:58:26 +01:00
Henry Oswald
a7640b5bbd changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist 2015-04-30 11:57:40 +01:00
Henry Oswald
6669884f44 Merge branch 'tpds-cleanup' 2015-04-23 10:06:26 +01:00