* Promisify clear_sessions_set_must_reconfirm.mjs
* Add test on PasswordResetTests.mjs
* Add `must-reset-password-unset` audit log
* Add `must-reset-password-set` audit log
* Add test ClearSessionsSetMustReconfirmTests.mjs
* Fixup bad copy-paste in test: `must-reset-password-set` -> `must-reset-password-unset`
* Check `must_reconfirm` before calling `removeReconfirmFlag`
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Fix unit test
* Use `promiseMapWithLimit`
* Add `{ script: true }` to AuditLog. Also use `undefined` instead of `null` for consistency
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 522026c82196d263c196503d899b8c57b05b31dd
* [web] Expose metric for active users in SP
* Removed redundant UserHandler.setupLoginData()
In the past this method was also calling
a now deleted notifyDomainLicence(), but now
this is just an alias for populateTeamInvites()
* Added migration for `lastActive`
* Added secondary read precedence to count active users
GitOrigin-RevId: 86d6db31e1ae74ae40c6599e6acb731d8c4a04bd
[web] Add `start` function to modules. Move `confirm-institution-domain` queue to institution module
GitOrigin-RevId: 0d36ff3dcc529e77c76d72d0a67bbdb9310b42fd
* add acceptance tests for bad urls
* fix 500 from health check when smoke test userId is undefined
* handle exception from invalid urls in ExpressLocals middleware
* Add return statement before `next()`
* Cleaned up list of crash_test_urls.txt
* Return 400 instead of 404 on parsing errors
---------
Co-authored-by: mserranom <mserranom@gmail.com>
GitOrigin-RevId: dac35b07d1f12bd9ceb70e3064ec2ef8393f99b5
* Move `/api/institutions/confirm_university_domain` to institutions module
* Move `confirmDomain` to institutions module
* Move `/api/clsi/compile/*` endpoints to `publish-modal` module
* Move ApiClsiTests to publish-modal module
* Revert move of MockClsiApi. It's still needed in the main acceptance tests
GitOrigin-RevId: b59c2921e03b94546d72d21e60a688eb1ae1d05e
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`
* Lowercase the email to avoid rate-limit bypass
* Remove unit test "when the users rate limit"
* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`
This should address the `trim()` bypass
* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`
We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"
* Add acceptance test for rate limit
* Add comment on rate limits
* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity
* Make the login rate limits configurable from the settings
GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
* Add helpers for checking and removing user readwrite token membership
* Add sharing-updates page and handlers
* Redirect read write token members to sharing-updates on project load
GitOrigin-RevId: d552a2cd74a9843c6103923b03f137131a48877a
* Create `getPaginatedEndpointIterator` to iterate each page
* Create `waitMs` util, it will replace `slowCallback`
* Make `handleAPIError` async
* Make `isAccountUsingPaypal` async
* Make `attemptInvoiceCollection` async
* Make `attemptInvoicesCollection` async
* Use `await` instead of `new Promise`
* Remove unused callbackified `attemptInvoiceCollection`
* Run `attemptInvoiceCollection` for each page instead of gathering all pages in the beginning
* Add test on fetching multiple pages of invoice
GitOrigin-RevId: 2674b18c6ca5732b873fb2bc71b515909006f93d
* Rename `RecurlyWrapper` to `promises`, as it will only contain the promises soon
* Update `apiRequest`
* Update `_parseXml`
* Update `_parseXmlAndGetAttribute`
* Update `_parse*Xml`
* Update `updateAccountEmailAddress`
* Update `checkAccountExists`
* Update `createAccount`
* Update `createBillingInfo`
* Update `setAddressAndCompanyBillingInfo`
* Update `createSubscription`
* Update `_createPaypalSubscription`
* Update `_handle422Response`
* Update `_createCreditCardSubscription`
* Update `createSubscription`
* Update `getSubscriptions`
* Update `getSubscription`
* Update `getPaginatedEndpoint`
* Update `getAccount`
* Update `getAccountActiveCoupons`
* Update `getCoupon`
* Update `getBillingInfo`
* Update `getAccountPastDueInvoices`
* Update `attemptInvoiceCollection`
* Update `updateSubscription`
* Update `createFixedAmmountCoupon`
* Update `lookupCoupon`
* Update `redeemCoupon`
* Update `extendTrial`
* Update `listAccountActiveSubscriptions`
* To find which functions to add as callbackified, I used this Regex:
`RecurlyWrapper\.(?!promises)[^.\s]*`
And after adding callbackified functions, we're left with no results with the Regex:
`RecurlyWrapper\.(?!promises|apiUrl|_buildXml|_parseXml|attemptInvoiceCollection|createFixedAmmountCoupon|getAccountActiveCoupons|getBillingInfo|getPaginatedEndpoint|getSubscription|updateAccountEmailAddress)[^.\s]*`
* Update unit tests
* Test `getSubscription` both as "promise" and as "callback"
I'm not sure if we want to generalize this.
* Fix: add missing `await`s (!!)
* Change `apiRequest` to reject errors instead of resolving it in an object
* Fixup for CollectPayPalPastDueInvoice test
* Fix: callbackify `getSubscriptions` (!!)
* Replace `.then(...)` chain by multiple `await`
* Fixup `attemptInvoicesCollection`: prevent reading length of undefined
* Use `return await` when returning promises
Per https://github.com/overleaf/internal/pull/18384#pullrequestreview-2065738771
GitOrigin-RevId: ceda755b24fd29f97a27e60ac5db9bc7e369f932
