Simon Detheridge
56dcbefb5b
Check for safe paths in all ProjectEntityHandler methods
...
Some import mechanisms (for example, Github project import) call methods such as 'upsert*' directly, bypassing existing filename checks.
Added checks to all methods in ProjectEntityHandler that can create or rename a file.
bug: overleaf/sharelatex#908
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-08 15:31:04 +01:00
Simon Detheridge
e66210d2af
Add method to sanitize full paths
...
For convenience, add a method to SafePath to break a path into components and verify the status of each one.
bug: overleaf/sharelatex#908
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-08 14:48:17 +01:00
hugh-obrien
f6307f9086
store reversedHostname property and update test accordingly
2018-10-08 13:37:12 +01:00
hugh-obrien
3919acad46
store reversed hostname and review fixes for v2 university domain confirmation
2018-10-08 12:08:29 +01:00
Alasdair Smith
e129172553
Fix ordering of boolean check to be more readable
2018-10-08 11:25:24 +01:00
Alasdair Smith
1ef947b1fe
Fix tests after refactoring register validation
2018-10-08 10:44:25 +01:00
Hugh O'Brien
cc962c3e6f
Merge pull request #978 from sharelatex/hb-use-exports-for-pdf-from-publish-modal
...
Generic Zip or Pdf Exports endpoint
2018-10-08 10:13:18 +01:00
hugh-obrien
65ecdf84f4
cleanup and tests for v2 affiliations confirmation
2018-10-07 16:40:26 +01:00
Tim Alby
c00a0a435d
remove console.log in tests
2018-10-05 16:24:28 +01:00
Tim Alby
7b4b75b51a
fix incorrect or missing test mocks
2018-10-05 16:24:05 +01:00
Shane Kilkelly
70b56d0362
Fix up acceptance tests
2018-10-04 15:05:40 +01:00
Shane Kilkelly
2ef23194df
WIP: trying to get acceptance tests to pass
2018-10-04 15:05:40 +01:00
Shane Kilkelly
f9ed367148
Move the auth mechanism for sudo-mode into SudoModeHandler
2018-10-04 15:05:40 +01:00
Ersun Warncke
752658f773
Merge pull request #990 from sharelatex/ew-use-v1-doc-info-api
...
Use v1 Doc Info API for Token Access
2018-10-03 09:22:41 -04:00
Timothée Alby
c74c782cee
Merge pull request #961 from sharelatex/ta-account-sync-affiliations
...
Add getInstitutionsPlan Function
2018-10-03 14:19:56 +01:00
Brian Gough
2b738907aa
Merge pull request #989 from sharelatex/bg-clean-up-broken-project-on-error
...
clean up broken project on error in ProjectDuplicator
2018-10-03 10:04:30 +01:00
Ersun Warncke
642b45d0d6
use v1 doc info api
2018-10-02 11:16:46 -04:00
Brian Gough
4621234220
clean up broken project on error in ProjectDuplicator
2018-10-02 12:14:22 +01:00
Alasdair Smith
1330c8da73
Also check if v1 project exported if not found for read-only tokens
2018-09-28 11:47:14 +01:00
Alasdair Smith
435fe11115
Check if v1 project was exported if not found
...
This prevents a redirect loop for projects which were exported but then
deleted on v2. v2 would not find the project, redirect to v1, which
would find that it was exported and redirect back to v2.
2018-09-28 11:47:14 +01:00
Brian Gough
6d5908f2f4
Merge pull request #893 from sharelatex/ja-fix-duplicate-text-in-email
...
Don't include the license name twice in invite emails
2018-09-28 11:15:40 +01:00
Brian Gough
1f6abd4e69
fix invalid project names when opening templates
2018-09-28 10:38:25 +01:00
Brian Gough
6b80d3563d
add support for creating unique project names
2018-09-28 09:48:15 +01:00
hugh-obrien
52859cdfaa
make the zip fetching endpoint for exports generic to either zips or pdfs
2018-09-27 16:11:11 +01:00
Alasdair Smith
4f2c91a59a
Add new redirect option to auth with v1, which will urlencode the query string
...
This is necessary for the GET /docs endpoint, which can be used to send
urls as part of query parameters. If these are not encoded before
redirecting, they can become corrupted.
2018-09-27 12:19:16 +01:00
Ersun Warncke
a23f0a3d15
fix test failure from merge
2018-09-25 08:54:01 -04:00
Ersun Warncke
7b90fcb186
Merge pull request #969 from sharelatex/ew-check-doc-token-access
...
check access for doc on read only token
2018-09-25 08:35:56 -04:00
Ersun Warncke
eeed857dd9
change api path
2018-09-25 06:45:27 -04:00
Ersun Warncke
f0c0834b0f
only do v1 access check when api config present
2018-09-25 05:42:04 -04:00
James Allen
e2f90ba01a
Merge pull request #966 from sharelatex/as-no-project-token-based
...
Redirect logged out users to v1 if project is not found from token based url
2018-09-25 10:25:30 +01:00
Alasdair Smith
298ee2dbb4
Fix v1 return to path
2018-09-25 10:06:24 +01:00
Alasdair Smith
da16e8d01f
Add acceptance test for unimported read only token
2018-09-25 09:43:39 +01:00
Alasdair Smith
ca895ae1b1
Redirect to v1 via sign in link
2018-09-25 09:37:22 +01:00
Brian Gough
89ba3912c0
Merge pull request #964 from sharelatex/csh-issue-963-MultipleProjectDownloads
...
Replace ShareLaTeX with Overleaf in name of multiple project download file
2018-09-25 09:33:53 +01:00
Brian Gough
5947294016
Merge branch 'bg-support-main-file-for-templates'
2018-09-25 09:32:14 +01:00
Brian Gough
0d4143205d
strip quotes from mainFile
2018-09-25 09:05:49 +01:00
Ersun Warncke
f89e85231a
check access for doc on read only token
2018-09-24 18:03:28 -04:00
Alasdair Smith
d6350c963e
Remove projectExists flag from higher access check
...
Now that find project by read and read/write token methods check whether
the project exists, it is not neccessary to check whether the project
exists in the higher access check. Therefore it has been removed
2018-09-24 19:00:10 +01:00
Alasdair Smith
99dec02266
If no project found for read/write token, redirect to v1
2018-09-24 19:00:10 +01:00
Alasdair Smith
237810509a
If no project found for read token, redirect to v1
2018-09-24 19:00:10 +01:00
Christopher Hoskin
5c35cc9593
Replace ShareLaTeX with Overleaf in name of multiple project download file ( Closes : #963 )
2018-09-24 16:33:54 +01:00
Brian Gough
418bc10a18
allow getting doc paths by project id
2018-09-24 16:04:23 +01:00
Brian Gough
5954e45016
add missing require
2018-09-24 15:44:09 +01:00
Brian Gough
2692090f3f
support a mainFile parameter for templates
2018-09-24 15:27:16 +01:00
Tim Alby
51c5228288
add getInstitutionsPlan function
2018-09-24 13:16:31 +01:00
hugh-obrien
c0b32f031e
force gallery items to use legacy OL v1 texlive image
2018-09-24 10:49:01 +01:00
Shane Kilkelly
7d5bd74c43
Enable legacy login for tests
2018-09-24 08:34:50 +01:00
Shane Kilkelly
eff7b4d59e
Add the enableLegacyRegistration option to acceptance test settings
2018-09-20 15:34:14 +01:00
Hugh O'Brien
b377b89447
Merge pull request #933 from sharelatex/bg-avoid-exception-for-no-emails
...
fix exception when user has no emails field
2018-09-19 11:33:03 +01:00
Brian Gough
02854274a7
2018-09-18 14:09:05 +01:00
Timothée Alby
b16cffe587
Merge pull request #932 from sharelatex/as-redirect-query-string
...
Support passing through query params in redirects
2018-09-18 12:35:21 +01:00
Timothée Alby
b6925647ef
Merge pull request #922 from sharelatex/ta-forbid-null-query
...
Prevent Calls to UserGetter.getUser with Null Query
2018-09-18 12:24:19 +01:00
Alasdair Smith
7e358ab318
Support passing through query params
2018-09-18 11:34:04 +01:00
hugh-obrien
39f580d6ba
fixing broken exports test
2018-09-18 10:13:33 +01:00
James Allen
15103ac894
Support the same URL with multiple methods in redirects
2018-09-17 15:38:58 +01:00
James Allen
83a1039b7e
Add acceptance tests for RedirectManager
2018-09-17 15:38:58 +01:00
James Allen
40f08d1592
Add additional functionality to RedirectManager
2018-09-17 15:38:45 +01:00
Alasdair Smith
42cef8e393
Merge pull request #920 from sharelatex/mm-gallery-exports
...
Add gallery fields to export controller and handler
2018-09-17 09:42:26 +01:00
Alasdair Smith
e1e7091f30
Merge pull request #905 from sharelatex/as-project-intelligent-redirect
...
Intelligently redirect to v1 if no v2 project found
2018-09-17 09:40:52 +01:00
Tim Alby
41b92d4647
prevent calls to UserGetter.getUser with null query
2018-09-14 12:46:00 +01:00
Michael Mazour
10fcdd6daf
Add optional gallery fields to export request
...
Support the optional (well, gallery-only) fields `title`, `description`, `author`, `license`, and `show_source` in export requests.
2018-09-14 11:02:51 +01:00
Tim Alby
0051e59309
remove unused call to UserGetter.getUser
2018-09-13 17:39:30 +01:00
James Allen
ef11161ddb
Revert "Record and show last modified by user for projects"
2018-09-13 14:00:30 +01:00
Michael Mazour
1f976a0e04
Improve ExportsController unit tests
...
Test the params the handler's called with.
2018-09-13 12:24:03 +01:00
Alasdair Smith
8a969d1c25
Redirect directly from controller instead of via handler
2018-09-13 12:09:19 +01:00
Alasdair Smith
0c658127ef
Add tests for ProjectNotTokenAccessError
2018-09-13 12:09:19 +01:00
Alasdair Smith
893e2dd235
Add test for location of redirect to v1
2018-09-13 12:09:19 +01:00
Alasdair Smith
cf8ae7c28c
Add test for redirecting to v1 if project unimported
2018-09-13 12:09:19 +01:00
James Allen
ab10336110
Record last update time and user from project-history
2018-09-13 10:38:52 +01:00
Hugh O'Brien
24c479e984
Merge pull request #885 from sharelatex/hb-ip-matcher-notifications
...
IP matcher affiliation CTA notifications
2018-09-13 08:59:25 +01:00
Ersun Warncke
7d3e17651f
set options and method for request, pass cookies and form body
2018-09-10 06:10:36 -04:00
Ersun Warncke
dd056e36ae
add overleaf method
2018-09-10 06:10:36 -04:00
hugh-obrien
8ef90a0dcb
move call for creating ip matched notifcation to project controller
2018-09-05 15:40:59 +01:00
Tim Alby
9ec60a128a
add userHasSubscriptionOrIsGroupMember alias
2018-09-05 11:37:37 +01:00
hugh-obrien
23e6292fd7
updating tests for ip matcher logic
2018-09-05 11:22:26 +01:00
hugh-obrien
de83df2703
adding tests for ip matching notifications
2018-09-05 11:22:25 +01:00
James Allen
24f60bf791
Don't include the license name twice in invite emails
2018-09-05 11:05:38 +01:00
Shane Kilkelly
d432b6799f
Merge pull request #888 from sharelatex/ta-v1-subscription-check-fix
...
Don't Regard v1 Teams as Paid Subscriptions
2018-09-05 10:22:46 +01:00
Ersun Warncke
e4e6a0fa1b
add new tag methods
2018-09-03 10:40:28 -04:00
Tim Alby
3324796086
don't regard v1 teams as paid subscriptions
...
- use `userHasV1Subscription` instead of `userHasV1SubscriptionOrTeam` in `LimitationsManager.userHasSubscriptionOrIsGroupMember `
- remove `userHasV1SubscriptionOrTeam`
- rename `LimitationsManager.userHasSubscriptionOrIsGroupMember` to `LimitationsManager.hasPaidSubscription`
- rename some variables for clarity
2018-09-03 15:09:57 +01:00
James Allen
52381c8fb7
Merge pull request #851 from sharelatex/jel-remove-a-b-test
...
Remove Plans and Pricing A/B Test
2018-08-30 15:19:56 +01:00
Paulo Jorge Reis
cb4d4145a1
Merge pull request #855 from sharelatex/pr-v2-light-theme
...
v2 light theme
2018-08-30 11:24:52 +01:00
Ersun Warncke
9feb8ef39f
Revert "Merge pull request #843 from sharelatex/ew-collabratec"
...
This reverts commit 223beab491d2f8dcf4c7285267fda355cfce3f05, reversing
changes made to a726537c4372641bfca0eb37fc130ca3a932d433.
2018-08-29 12:00:53 -04:00
Ersun Warncke
afc22dc5c2
Revert "Merge pull request #790 from sharelatex/ew-add-cookie-and-form-to-proxy"
...
This reverts commit ebefc2f28c6e88bbfa632f2b22cb8b99b75e95ec, reversing
changes made to 223beab491d2f8dcf4c7285267fda355cfce3f05.
2018-08-29 12:00:20 -04:00
Ersun Warncke
e7eefc0474
Merge pull request #790 from sharelatex/ew-add-cookie-and-form-to-proxy
...
set options and method for request, pass cookies and form body
2018-08-29 10:17:21 -04:00
Ersun Warncke
c1859f3e80
Merge pull request #843 from sharelatex/ew-collabratec
2018-08-29 10:17:02 -04:00
Jessica Lawshe
8889f2aed2
Remove Plans and Pricing A/B Test
...
Remove all layouts, analytics events, and scope related to the A/B test.
The group modal from the default layout of the A/B test should be maintained though for v2.
2018-08-28 12:42:09 -05:00
Paulo Reis
76fcee721e
Update unit tests.
2018-08-28 14:24:05 +01:00
Paulo Reis
efc926ffc5
Load theme as a user setting; allow the user to change it; update tests.
2018-08-27 15:25:00 +01:00
Tim Alby
ef37902dfc
check institution confirmation status
2018-08-27 15:45:31 +02:00
Hugh O'Brien
29253c5a93
Merge branch 'master' into hb-fetch-licences-graph
2018-08-23 16:11:43 +01:00
Tim Alby
753fb02c05
always return an array when getting affiliations
2018-08-23 15:15:53 +02:00
Paulo Jorge Reis
d838f8778a
Merge pull request #832 from sharelatex/pr-change-free-history-limits
...
Change history limits for free users
2018-08-23 14:02:08 +01:00
Ersun Warncke
8f21ab7f10
add overleaf method
2018-08-22 13:44:40 -04:00
hugh-obrien
8d72fc78fc
send licences graph request to v1 for data instead of analytics
2018-08-22 18:31:29 +01:00
Hugh O'Brien
eeadd1e9bb
Merge pull request #797 from sharelatex/hb-inform-v1-affiliation-confirms
...
Tell v1 confirmation status of affiliation emails
2018-08-22 08:34:33 +01:00
Paulo Reis
54e0a7cfd2
Merge branch 'master' into pr-change-free-history-limits
2018-08-21 11:23:28 +01:00
Alasdair Smith
d99a42e678
Merge pull request #824 from sharelatex/as-redirect-sl-login-to-v2-login
...
Allow for redirection of unlinked SL account to /user/login_to_ol_v2
2018-08-21 10:13:52 +01:00
Paulo Reis
4dee3fd5e1
Update frontend unit tests.
2018-08-20 17:02:55 +01:00
Tim Alby
8d6505b518
log institutions API errors
2018-08-17 17:48:00 +02:00