Commit graph

2810 commits

Author SHA1 Message Date
Simon Detheridge
85f097343f Merge pull request #1022 from sharelatex/spd-no-github-for-new-users
Don't add old v1 features for new accounts
2018-10-15 15:28:34 +01:00
Tim Alby
e646c5c42a refactor to use config file 2018-10-15 14:46:38 +02:00
Brian Gough
a640397052 make project names unique for zip uploads and template imports 2018-10-15 09:33:39 +01:00
Brian Gough
59cf0aa3cb fix bug in call to findAllUsersProjects 2018-10-15 09:33:39 +01:00
Simon Detheridge
48995d2d44 Don't add old v1 features for new accounts
Introduces the notion of v1 'grandfathered features', specifically Gihub and Mendeley integration. This allows us to create new v1 accounts for new users without them automatically getting the new features.

Requires a settings change in `settings.web.sl.coffee` to disable these features by default for v1 accounts.

bug: overleaf/sharelatex#1014
2018-10-12 17:45:57 +01:00
Hugh O'Brien
b825f0b267 Merge branch 'master' into hb-v2-affiliations-callback 2018-10-11 17:14:35 +01:00
Paulo Reis
901fb0fc1e Unit test brand variation id. 2018-10-10 14:09:47 +01:00
Paulo Reis
29787c42c5 Read brand variation id from v1-crafted links; set brand variation id for projects created from v1 templates. 2018-10-10 14:09:47 +01:00
Paulo Reis
a380feab98 Add brand variation id to the Project model. 2018-10-10 14:09:47 +01:00
Simon Detheridge
ea2782ff22 Merge pull request #1005 from sharelatex/spd-no-more-asterisks
Sanitize paths in all relevant ProjectEntityHandler methods
2018-10-10 10:44:13 +01:00
Ersun Warncke
7652e80800 add account merge error 2018-10-09 09:47:03 -04:00
Tim Alby
48e5c6b523 add UserMembership logic 2018-10-09 12:09:11 +01:00
Simon Detheridge
56dcbefb5b Check for safe paths in all ProjectEntityHandler methods
Some import mechanisms (for example, Github project import) call methods such as 'upsert*' directly, bypassing existing filename checks.

Added checks to all methods in ProjectEntityHandler that can create or rename a file.

bug: overleaf/sharelatex#908
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-08 15:31:04 +01:00
Simon Detheridge
e66210d2af Add method to sanitize full paths
For convenience, add a method to SafePath to break a path into components and verify the status of each one.

bug: overleaf/sharelatex#908
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-08 14:48:17 +01:00
Simon Detheridge
9c189303c1 Merge pull request #1002 from sharelatex/spd-email-cta-links
Add additional CTA link to emails
2018-10-08 13:56:21 +01:00
Simon Detheridge
af9c9517f3 Merge pull request #999 from sharelatex/as-validate-password-length
Validate password length
2018-10-08 13:55:25 +01:00
hugh-obrien
f6307f9086 store reversedHostname property and update test accordingly 2018-10-08 13:37:12 +01:00
hugh-obrien
3919acad46 store reversed hostname and review fixes for v2 university domain confirmation 2018-10-08 12:08:29 +01:00
Jessica Lawshe
f04212c96f Merge pull request #995 from sharelatex/ta-remove-confirmed-field
remove unused confirmed field from user model
2018-10-08 11:43:42 +01:00
Alasdair Smith
e129172553 Fix ordering of boolean check to be more readable 2018-10-08 11:25:24 +01:00
Alasdair Smith
04572f61bb Fix copy/paste error 2018-10-08 10:44:26 +01:00
Alasdair Smith
676557a051 Refactor to validate in AuthenticationManager 2018-10-08 10:44:25 +01:00
Alasdair Smith
44c86b3769 Refactor to use password strength options 2018-10-08 10:44:25 +01:00
Alasdair Smith
bf60fe7f6c Add error handling for InvalidError 2018-10-08 10:44:25 +01:00
Alasdair Smith
e99165b475 Validate password length when registering 2018-10-08 10:44:25 +01:00
Hugh O'Brien
cc962c3e6f Merge pull request #978 from sharelatex/hb-use-exports-for-pdf-from-publish-modal
Generic Zip or Pdf Exports endpoint
2018-10-08 10:13:18 +01:00
hugh-obrien
65ecdf84f4 cleanup and tests for v2 affiliations confirmation 2018-10-07 16:40:26 +01:00
hugh-obrien
af3cc01496 Lookup users by email hostname using new field 2018-10-06 17:22:39 +01:00
hugh-obrien
026f7eebcd Setting up hostname field and institution domain confirmation endpoint 2018-10-06 15:57:25 +01:00
Simon Detheridge
286f25529a Remove secondary CTA link from account merge confirmation email
bug: sharelatex/web-sharelatex-internal#987
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-05 13:19:05 +01:00
Simon Detheridge
d316a76106 Revert "add plain text link to email address confirmation emails"
This reverts commit 48cd7e604dcc5f3b7ae8eb699f14b44bc073f107.
2018-10-05 13:16:42 +01:00
Simon Detheridge
a2ef0e1ae5 Add additional CTA link to emails
Some mail clients don't show the CTA button correctly, or at all. Add an additional, smaller link to the bottom of the email for people who can't see the button.

bug: sharelatex/web-sharelatex-internal#987
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-05 12:04:00 +01:00
Shane Kilkelly
4c2a90966a Merge pull request #918 from sharelatex/sk-enable-sudo-mode-in-v2
Enable sudo-mode for v2
2018-10-05 10:05:24 +01:00
Simon Detheridge
2b8ce379f8 Lookup correct compiler when importing v1 templates
bug: overleaf/sharelatex#981
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-04 16:42:03 +01:00
Shane Kilkelly
2c47da553b Add an error log if activating sudo-mode on login fails 2018-10-04 15:05:40 +01:00
Shane Kilkelly
778abaff6e Remove stray log 2018-10-04 15:05:40 +01:00
Shane Kilkelly
2ef23194df WIP: trying to get acceptance tests to pass 2018-10-04 15:05:40 +01:00
Shane Kilkelly
f9ed367148 Move the auth mechanism for sudo-mode into SudoModeHandler 2018-10-04 15:05:40 +01:00
Shane Kilkelly
254d74899b WIP: enable sudo-mode for v2 2018-10-04 15:05:40 +01:00
Chrystal Maria Griffiths
e932eb074b Merge pull request #992 from sharelatex/as-fix-mathjax
Fix mathjax incorrectly loading config
2018-10-04 15:01:05 +01:00
Chrystal Griffiths
13843f82a0 Use settings appName 2018-10-04 09:57:51 +01:00
Tim Alby
5ff66187a0 remove unused confirmed field from user model 2018-10-03 16:01:30 +01:00
Ersun Warncke
752658f773 Merge pull request #990 from sharelatex/ew-use-v1-doc-info-api
Use v1 Doc Info API for Token Access
2018-10-03 09:22:41 -04:00
Timothée Alby
e3cfa36b56 Merge pull request #984 from sharelatex/ta-email-cta-link
add plain text link to email address confirmation emails
2018-10-03 14:20:05 +01:00
Timothée Alby
c74c782cee Merge pull request #961 from sharelatex/ta-account-sync-affiliations
Add getInstitutionsPlan Function
2018-10-03 14:19:56 +01:00
Alasdair Smith
fb8ed890f9 Correctly load Safe mathjax extention using provided config 2018-10-03 11:52:33 +01:00
Brian Gough
2b738907aa Merge pull request #989 from sharelatex/bg-clean-up-broken-project-on-error
clean up broken project on error in ProjectDuplicator
2018-10-03 10:04:30 +01:00
Ersun Warncke
642b45d0d6 use v1 doc info api 2018-10-02 11:16:46 -04:00
Alasdair Smith
f90dd1b49a Merge pull request #986 from sharelatex/as-sign-in-from-v2-post
Remove POST /docs custom handler, now handled by redirects
2018-10-02 14:06:57 +01:00
Brian Gough
4621234220 clean up broken project on error in ProjectDuplicator 2018-10-02 12:14:22 +01:00
Alasdair Smith
062f26dda3 Remove POST /docs custom handler, now handled by redirects
Implementing a system for signing into v1 via v2 using POSTs so the
unauthenticated route is no longer necessary
2018-09-28 14:11:38 +01:00
Tim Alby
4e9737bf71 add plain text link to email address confirmation emails 2018-09-28 13:36:31 +01:00
Alasdair Smith
1330c8da73 Also check if v1 project exported if not found for read-only tokens 2018-09-28 11:47:14 +01:00
Alasdair Smith
435fe11115 Check if v1 project was exported if not found
This prevents a redirect loop for projects which were exported but then
deleted on v2. v2 would not find the project, redirect to v1, which
would find that it was exported and redirect back to v2.
2018-09-28 11:47:14 +01:00
Brian Gough
6d5908f2f4 Merge pull request #893 from sharelatex/ja-fix-duplicate-text-in-email
Don't include the license name twice in invite emails
2018-09-28 11:15:40 +01:00
Brian Gough
1f6abd4e69 fix invalid project names when opening templates 2018-09-28 10:38:25 +01:00
Brian Gough
8f8694ad94 iterate over owned projects in a more robust way 2018-09-28 09:48:15 +01:00
Brian Gough
6b80d3563d add support for creating unique project names 2018-09-28 09:48:15 +01:00
Alasdair Smith
45bd46bc01 Merge pull request #977 from sharelatex/as-encode-auth-with-v1-query-strings
Encode redirects which will auth with v1 first
2018-09-28 09:45:54 +01:00
hugh-obrien
52859cdfaa make the zip fetching endpoint for exports generic to either zips or pdfs 2018-09-27 16:11:11 +01:00
Alasdair Smith
4f2c91a59a Add new redirect option to auth with v1, which will urlencode the query string
This is necessary for the GET /docs endpoint, which can be used to send
urls as part of query parameters. If these are not encoded before
redirecting, they can become corrupted.
2018-09-27 12:19:16 +01:00
James Allen
0cb563816d Don't enable legacy blog in v2 2018-09-27 10:56:14 +01:00
Alasdair Smith
c2ecccfa02 Use correct setting 2018-09-26 17:35:55 +01:00
Alasdair Smith
f2fa83a218 Fix /teams redirect using wrong setting 2018-09-26 17:04:40 +01:00
Alasdair Smith
9c0a888d11 Add custom redirect for /docs
We want to redirect POST and GET to different locations, but this is
unsupported by RedirectManager. Therefore we redirect GETs with
RedirectManager and POSTs with this custom route.
2018-09-26 17:04:40 +01:00
Ersun Warncke
7b90fcb186 Merge pull request #969 from sharelatex/ew-check-doc-token-access
check access for doc on read only token
2018-09-25 08:35:56 -04:00
Ersun Warncke
eeed857dd9 change api path 2018-09-25 06:45:27 -04:00
Ersun Warncke
f0c0834b0f only do v1 access check when api config present 2018-09-25 05:42:04 -04:00
James Allen
1d657e1700 Merge pull request #968 from sharelatex/ja-show-register-button
Show register button on OL v2
2018-09-25 10:25:38 +01:00
James Allen
e2f90ba01a Merge pull request #966 from sharelatex/as-no-project-token-based
Redirect logged out users to v1 if project is not found from token based url
2018-09-25 10:25:30 +01:00
Alasdair Smith
298ee2dbb4 Fix v1 return to path 2018-09-25 10:06:24 +01:00
Alasdair Smith
ca895ae1b1 Redirect to v1 via sign in link 2018-09-25 09:37:22 +01:00
Brian Gough
89ba3912c0 Merge pull request #964 from sharelatex/csh-issue-963-MultipleProjectDownloads
Replace ShareLaTeX with Overleaf in name of multiple project download file
2018-09-25 09:33:53 +01:00
Brian Gough
5947294016 Merge branch 'bg-support-main-file-for-templates' 2018-09-25 09:32:14 +01:00
Brian Gough
0d4143205d strip quotes from mainFile 2018-09-25 09:05:49 +01:00
James Allen
19b97e953f Show register button on OL v2 2018-09-25 08:29:34 +01:00
Ersun Warncke
f89e85231a check access for doc on read only token 2018-09-24 18:03:28 -04:00
Alasdair Smith
d6350c963e Remove projectExists flag from higher access check
Now that find project by read and read/write token methods check whether
the project exists, it is not neccessary to check whether the project
exists in the higher access check. Therefore it has been removed
2018-09-24 19:00:10 +01:00
Alasdair Smith
99dec02266 If no project found for read/write token, redirect to v1 2018-09-24 19:00:10 +01:00
Alasdair Smith
237810509a If no project found for read token, redirect to v1 2018-09-24 19:00:10 +01:00
Christopher Hoskin
5c35cc9593 Replace ShareLaTeX with Overleaf in name of multiple project download file (Closes: #963) 2018-09-24 16:33:54 +01:00
Brian Gough
418bc10a18 allow getting doc paths by project id 2018-09-24 16:04:23 +01:00
Brian Gough
586e3814fe add missing require 2018-09-24 15:27:16 +01:00
Brian Gough
2692090f3f support a mainFile parameter for templates 2018-09-24 15:27:16 +01:00
Tim Alby
51c5228288 add getInstitutionsPlan function 2018-09-24 13:16:31 +01:00
hugh-obrien
5f4a36ca26 remove debug line 2018-09-24 10:49:01 +01:00
hugh-obrien
c0b32f031e force gallery items to use legacy OL v1 texlive image 2018-09-24 10:49:01 +01:00
James Allen
772ac42005 Fix messed up rebase 2018-09-21 10:42:20 +01:00
Alasdair Smith
3462b8042e Add /chrome redirect to match v1 behaviour 2018-09-21 10:35:43 +01:00
James Allen
2d9cadb487 Merge pull request #935 from sharelatex/as-teams-redirect
Add route to handle /teams similar to v1
2018-09-21 08:37:10 +01:00
Jessica Lawshe
488886c1d2 Merge pull request #929 from sharelatex/jel-homepage
Add Homepage
2018-09-20 09:01:13 -05:00
Jessica Lawshe
d2af2fb630 Merge pull request #927 from sharelatex/jel-plans-updates
Plans page updates
2018-09-20 09:00:58 -05:00
Jessica Lawshe
d023150b0f Add v2 homepage
Specific homepage filenames and redirect to login when not found

Move variables to shared file

Move circle image styling to shared file

Leaving float on plans page because of some layout differences
2018-09-20 08:57:07 -05:00
Hugh O'Brien
b377b89447 Merge pull request #933 from sharelatex/bg-avoid-exception-for-no-emails
fix exception when user has no emails field
2018-09-19 11:33:03 +01:00
Shane Kilkelly
e1c3689aec Update the email-merge email template 2018-09-19 09:28:59 +01:00
Shane Kilkelly
2ec7747b60 Add a help link to the account-merge email in case of error 2018-09-19 09:28:59 +01:00
Shane Kilkelly
c95d925d56 When regenerating session, don't copy the __tmp key 2018-09-19 09:28:59 +01:00
Shane Kilkelly
c9e3418049 Working overleaf-side of account-merge 2018-09-19 09:28:59 +01:00
Shane Kilkelly
fcfcbdb4c5 Remove dead code 2018-09-19 09:28:59 +01:00
Shane Kilkelly
677b3c759d Remove old controller 2018-09-19 09:28:59 +01:00
Shane Kilkelly
843f1c6b35 Move AccountMergeEmailController to integration module 2018-09-19 09:28:59 +01:00
Shane Kilkelly
54a5c563fb Address feedback 2018-09-19 09:28:59 +01:00
Shane Kilkelly
5e17dfd1cb Also add the final email to the array of emails on the account 2018-09-19 09:28:59 +01:00
Shane Kilkelly
efb6018246 Add a rate-limit to the email-confirm endpoint 2018-09-19 09:28:59 +01:00
Shane Kilkelly
6cfe68db26 Roughly working account-merge-by-email callback endpoint 2018-09-19 09:28:59 +01:00
Shane Kilkelly
958c7a19b6 Add a skeleton of a callback endpoint for merging accounts via email 2018-09-19 09:28:59 +01:00
Shane Kilkelly
ba221a1135 WIP: add email-based account merge flow to ShareLaTeX 2018-09-19 09:28:59 +01:00
Alasdair Smith
bdcc25805e Add route to handle /teams similar to v1 2018-09-18 17:14:37 +01:00
Brian Gough
02854274a7 2018-09-18 14:09:05 +01:00
Timothée Alby
b16cffe587 Merge pull request #932 from sharelatex/as-redirect-query-string
Support passing through query params in redirects
2018-09-18 12:35:21 +01:00
Timothée Alby
b6925647ef Merge pull request #922 from sharelatex/ta-forbid-null-query
Prevent Calls to UserGetter.getUser with Null Query
2018-09-18 12:24:19 +01:00
Alasdair Smith
7e358ab318 Support passing through query params 2018-09-18 11:34:04 +01:00
hugh-obrien
6f00d1f45a send required export fields for s1 submission 2018-09-18 10:05:35 +01:00
Jessica Lawshe
6fc7468b02 Thousands of templates 2018-09-17 10:47:57 -05:00
James Allen
15103ac894 Support the same URL with multiple methods in redirects 2018-09-17 15:38:58 +01:00
James Allen
40f08d1592 Add additional functionality to RedirectManager 2018-09-17 15:38:45 +01:00
Alasdair Smith
42cef8e393 Merge pull request #920 from sharelatex/mm-gallery-exports
Add gallery fields to export controller and handler
2018-09-17 09:42:26 +01:00
Alasdair Smith
e1e7091f30 Merge pull request #905 from sharelatex/as-project-intelligent-redirect
Intelligently redirect to v1 if no v2 project found
2018-09-17 09:40:52 +01:00
Tim Alby
41b92d4647 prevent calls to UserGetter.getUser with null query 2018-09-14 12:46:00 +01:00
Michael Mazour
79dc415064 Slightly refactor exports controller body handling
1. Move all body parsing together
2. Remove `firstName && lastName` condition, which duplicates one present in the Handler.
2018-09-14 11:02:51 +01:00
Michael Mazour
10fcdd6daf Add optional gallery fields to export request
Support the optional (well, gallery-only) fields `title`, `description`, `author`, `license`, and `show_source` in export requests.
2018-09-14 11:02:51 +01:00
Tim Alby
0051e59309 remove unused call to UserGetter.getUser 2018-09-13 17:39:30 +01:00
James Allen
ef11161ddb Revert "Record and show last modified by user for projects" 2018-09-13 14:00:30 +01:00
Alasdair Smith
f37040e4a4 Only redirect if has overleaf setting 2018-09-13 12:09:19 +01:00
Alasdair Smith
8a969d1c25 Redirect directly from controller instead of via handler 2018-09-13 12:09:19 +01:00
Alasdair Smith
9d600afdf8 Fix failing tests for token access
If project was changed from token access to private, then we want to
404 on v2 (not redirect to v1). So the logic was changed to check if the
project exists and if it does then a 404 is returned. If it does not
then it redirects to v1.
2018-09-13 12:09:19 +01:00
Alasdair Smith
24495f3340 Also redirect not found read tokens to v1 2018-09-13 12:09:19 +01:00
Alasdair Smith
e0ce988d32 Intelligently redirect to v1 if no v2 project found for token 2018-09-13 12:09:19 +01:00
James Allen
ab10336110 Record last update time and user from project-history 2018-09-13 10:38:52 +01:00
Hugh O'Brien
24c479e984 Merge pull request #885 from sharelatex/hb-ip-matcher-notifications
IP matcher affiliation CTA notifications
2018-09-13 08:59:25 +01:00
Brian Gough
6d54e843e8 fix typo in Errors, only two underscores in __proto__ 2018-09-12 10:45:50 +01:00
Ersun Warncke
7d3e17651f set options and method for request, pass cookies and form body 2018-09-10 06:10:36 -04:00
hugh-obrien
1e04a09ec6 remove unnecessary error returns and ip fetching 2018-09-07 18:15:32 +01:00
hugh-obrien
8ef90a0dcb move call for creating ip matched notifcation to project controller 2018-09-05 15:40:59 +01:00
Jessica Lawshe
a4956294c1 Remove plans redirect 2018-09-05 08:14:05 -05:00
Tim Alby
9ec60a128a add userHasSubscriptionOrIsGroupMember alias 2018-09-05 11:37:37 +01:00
hugh-obrien
23e6292fd7 updating tests for ip matcher logic 2018-09-05 11:22:26 +01:00
hugh-obrien
f20d27986b create ip match notifications without forcing replacement 2018-09-05 11:22:26 +01:00
hugh-obrien
d950e14b3f use new routes and params from v1 ip matcher endpoint 2018-09-05 11:22:26 +01:00
hugh-obrien
bf2ea4e7b3 test against ip matcher for notification on login if different from previous ip 2018-09-05 11:22:26 +01:00
hugh-obrien
38faa5c25e correctly create and display ip matched affiliations 2018-09-05 11:22:25 +01:00
hugh-obrien
fa23ea75b8 Call university ip matcher api when checking notifications 2018-09-05 11:22:25 +01:00
James Allen
24f60bf791 Don't include the license name twice in invite emails 2018-09-05 11:05:38 +01:00
Shane Kilkelly
d432b6799f Merge pull request #888 from sharelatex/ta-v1-subscription-check-fix
Don't Regard v1 Teams as Paid Subscriptions
2018-09-05 10:22:46 +01:00
Ersun Warncke
e4e6a0fa1b add new tag methods 2018-09-03 10:40:28 -04:00
Tim Alby
3324796086 don't regard v1 teams as paid subscriptions
- use `userHasV1Subscription` instead of `userHasV1SubscriptionOrTeam` in `LimitationsManager.userHasSubscriptionOrIsGroupMember `
- remove `userHasV1SubscriptionOrTeam`
- rename `LimitationsManager.userHasSubscriptionOrIsGroupMember` to `LimitationsManager.hasPaidSubscription`
- rename some variables for clarity
2018-09-03 15:09:57 +01:00
James Allen
5025b54c9c Merge pull request #887 from sharelatex/as-logout-of-v1
Extract logout to function, so different redirect can be called
2018-09-03 14:04:22 +01:00
Alasdair Smith
53bd2cfd33 Add error handling on logout 2018-09-03 11:46:36 +01:00
Alasdair Smith
6569e34873 Extract logout to function, so different redirect can be called 2018-09-03 11:01:14 +01:00
Paulo Reis
af4094a88c Use CSS hashed paths when hot-swapping themes. 2018-09-02 14:44:15 +01:00