Antoine Clausse
5f2718cf29
[web] Make rate-limit on login consistent, prevent "trim/case bypass" ( #19555 )
...
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`
* Lowercase the email to avoid rate-limit bypass
* Remove unit test "when the users rate limit"
* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`
This should address the `trim()` bypass
* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`
We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"
* Add acceptance test for rate limit
* Add comment on rate limits
* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity
* Make the login rate limits configurable from the settings
GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
2024-07-30 08:04:26 +00:00
Antoine Clausse
afd965c04b
[web] Remove overleaf-integration
overrides for /user/emails/delete
& /user/emails/resend_confirmation
( #19438 )
...
* Use hooks to call `clearSamlSession`
* Promisify `UserEmailsController.remove`
* Use hook for `userDeleteEmailMiddleware`
* Remove `/user/emails/delete` override
* Remove "removeRoute of `/user/emails/resend-secondary-confirmation`"
That route isn't defined elsewhere
* Promisify `UserEmailsController.resendConfirmation`
* Promisify `UserEmailsController.sendReconfirmation`
* Use hook for `resendConfirmationEmailMiddleware`
* Remove `/user/emails/resend_confirmation` override
* Promisify `tryDeleteUser`
* Proxy `clearSamlSession` through `SAMLHelper`
* Revert "Use hook for `resendConfirmationEmailMiddleware`"
This reverts commit f028d9c8
* Inject `SAMLMiddleware.resendConfirmationEmailMiddleware` in `/user/emails/resend_confirmation`
* Update `middleware` syntax and grammar
* Update tests
* Use Module middleware instead of hook for `userDeleteEmailMiddleware`
* Remove "promises" export of tryDeleteUser
GitOrigin-RevId: 211e194fc1ef82dc452ee4e837dcddd9b23690a0
2024-07-29 08:04:24 +00:00
Jimmy Domagala-Tang
918c3e7e33
Merge pull request #19301 from overleaf/jdt-collaborator-ai-usage
...
Prevent AI usage on projects where collaborators have a blocking policy
GitOrigin-RevId: 93bdd9c5accff51a14f0585249e13ed7f1fa4e53
2024-07-26 08:04:35 +00:00
David
d7357b4d62
Merge pull request #19400 from overleaf/dp-duplicate-file-folder-name
...
Improvements to handling of file/folder upload conflicts
GitOrigin-RevId: 526edf30dfbaec7ee1e03ffd156365f09be25e86
2024-07-25 08:05:08 +00:00
Alf Eaton
7e136131c0
Promisify Metadata feature ( #19361 )
...
GitOrigin-RevId: 962aa9dbbc41a49c2c3120af9a1254a4db85387b
2024-07-24 08:05:19 +00:00
Liangjun Song
f4a7b1f298
bypass linking sharing admin redirect for internal projects ( #19314 )
...
* disable linking sharing admin redirect
* address comments
* remove ignoreSiteAdmin
* load admin domains from settings
* add acceptance test
* more tests
* fix tests and restore admin domain
* use adminDomains as array
GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f
2024-07-16 08:04:35 +00:00
Alf Eaton
136214f37a
Return the Promise from an expressified async function ( #19359 )
...
* Return the Promise from an expressified async function
GitOrigin-RevId: ca4c221a92de888e210e995faad97d0ea241e93f
2024-07-15 09:05:29 +00:00
ilkin-overleaf
b442a74f54
Merge pull request #19249 from overleaf/ii-invite-token-response
...
[web] Fix share modal resend status code
GitOrigin-RevId: 303f7b6c49d9522df6317789bb7c3c69d774715f
2024-07-15 09:05:02 +00:00
Thomas
ab4a4df931
Merge pull request #19348 from overleaf/tm-link-sharing-changes-events-fixes
...
Link sharing changes events fixes for collaborator sharing-updates prompt and project open event
GitOrigin-RevId: 45449f0dd27e07de189a9c2620b0aa9a8849dc41
2024-07-15 09:04:44 +00:00
Mathias Jakobsen
1f0e346bbc
Merge pull request #19373 from overleaf/mj-comment-regex-fix
...
[web] Fix regex in comment matching
GitOrigin-RevId: e341f13a9ccbe2fbc1ec6c6c1d8a7a11c4dd4e37
2024-07-15 09:04:07 +00:00
Alf Eaton
87d1c08e2f
Merge pull request #19325 from overleaf/ae-metadata-packages
...
Include all package names in the project metadata
GitOrigin-RevId: dd30eb254806248484c9c6d9210f38c7c69a0ba1
2024-07-15 09:03:32 +00:00
Jimmy Domagala-Tang
e47a790af9
Merge pull request #19292 from overleaf/jdt-mj-imported-at
...
copying a project should preserve a linked files created timestamp
GitOrigin-RevId: d82506db1fb3f54567e638346179413468419b82
2024-07-15 09:02:08 +00:00
Eric Mc Sween
0be042e331
Merge pull request #19318 from overleaf/mj-revert-check-ranges-support
...
[web] Check that project has ranges support when reverting
GitOrigin-RevId: 761e435e9d640c08f27dd4ad2cef95934c0cc48b
2024-07-15 09:02:03 +00:00
Miguel Serrano
b5e5d39c3a
[web] Tighten check for spelling language ( #19297 )
...
* [web] Tighten check for spelling language
* spelling proxy only for `/check` requests
GitOrigin-RevId: c678e93cca9ad39682ec7ce6e49804ea74741acc
2024-07-15 09:01:45 +00:00
Brian Gough
0ebf01f209
Merge pull request #19105 from overleaf/bg-cookie-session-fix-user-deleter-unit-tests
...
fix UserDeleteTests to restore time operations
GitOrigin-RevId: 85c91697e05b6a12aa66a6524a74848ff281527b
2024-07-04 08:05:43 +00:00
ilkin-overleaf
f9245b8c08
Merge pull request #19071 from overleaf/ii-invite-token-remove-token-field
...
[web] Remove the token field from `projectInvites` collection
GitOrigin-RevId: fe8395e1d1a0ba2daad600b7e3be657f40151a8e
2024-07-04 08:05:00 +00:00
Jimmy Domagala-Tang
007cc42477
Merge pull request #19152 from overleaf/jdt-project-permissions
...
Allow checking permissions for all users on a project and rename checkPermissions -> AssertPermissions
GitOrigin-RevId: 511356cf2fe68367e284347e68e59f6116bd0f80
2024-07-03 08:04:19 +00:00
Thomas
566466185b
Merge pull request #19206 from overleaf/tm-link-sharing-changes-events
...
Implement link sharing warning events by reusing the StartFreeTrial paywall button component from the original modal
GitOrigin-RevId: 9c16407ad8a7b5afc9b5b13be1491ef903ae74a3
2024-07-02 08:04:25 +00:00
Thomas
6a65644778
Merge pull request #19185 from overleaf/tm-validate-can-invite-editor-2
...
Update inviteToProject to check if editor slots are available
GitOrigin-RevId: bb67ae6329130573ba43e9524a3084bf5551ebde
2024-07-01 08:04:21 +00:00
Thomas
a047388b08
Add serverside checks for changing the user access level after link sharing changes ( #19168 )
...
* Add getEditInviteCount to count only edit collaborators
* Add getInvitedEditCollaboratorCount to count joined editors
* Add canAddXEditCollaborators to determine if owner can add more editors
* Update setCollaboratorInfo to check if editor slots are available
GitOrigin-RevId: a88707f102dfbde39322f5a7bbc79d47b6e810d5
2024-07-01 08:04:16 +00:00
Thomas
2ce71b0b4d
Async/awaitify LimitationsManager for link sharing changes ( #19110 )
...
* Move functions to top level
* Async/awaitify LimitationsManager methods
* Promisify LimitationsManagerTests
GitOrigin-RevId: ece7d2ea5160aa95924840044e2f225e1f2848e7
2024-07-01 08:04:12 +00:00
Domagoj Kriskovic
c3c97d9fb9
[web] return file type in revertFile ( #18995 )
...
* [web] return file type in revertFile
* fix revertFile unit test
* fix formatting
GitOrigin-RevId: e4ac0500ff6c72c7f7fa23a5f61b09ed31a28da0
2024-06-28 08:04:45 +00:00
Antoine Clausse
1dbbe5af9d
[web] Promisify TemplatesController ( #18849 )
...
* Promisify TemplatesController
* Update TemplatesControllerTests
* Fix `templateVersionId` in `getV1Template` (!!)
GitOrigin-RevId: bdaa59ed3cff81d919a8b3d19d5be555a2790f55
2024-06-28 08:04:17 +00:00
Thomas
94be372b24
Add new interstitial 'Join project' consent page for existing link sharing editors when opening a project ( #19066 )
...
* Add helpers for checking and removing user readwrite token membership
* Add sharing-updates page and handlers
* Redirect read write token members to sharing-updates on project load
GitOrigin-RevId: d552a2cd74a9843c6103923b03f137131a48877a
2024-06-26 11:12:42 +00:00
Thomas
260fdf1307
Add read write token join interstitial variation for link sharing changes ( #19060 )
...
* Add read write join interstitial variation for link sharing changes
GitOrigin-RevId: 41661f43f4ab0f18f6ada5bec0b6af2407f65f07
2024-06-26 11:12:37 +00:00
Thomas
70bf7b2aab
Merge pull request #19109 from overleaf/tm-project-joined-add-project-id
...
Add projectId to project-joined event
GitOrigin-RevId: 222e0acc8764592344e384d1a6a5a2327d4161f5
2024-06-26 11:12:33 +00:00
Mathias Jakobsen
e48e4293a6
Merge pull request #19090 from overleaf/mj-web-metadata
...
[web] Ignore commented content when parsing metadata
GitOrigin-RevId: 78f9b0d6549e60fca4ba8929beb677341d885655
2024-06-25 11:12:02 +00:00
roo hutton
64d9792fe3
Merge pull request #18861 from overleaf/rh-editor-limit-exceeded
...
[web]: Handle exceeded editor limit in share modal
GitOrigin-RevId: 23a15805ca98327ae4a7fc731bbca3982c90bad5
2024-06-25 08:04:46 +00:00
Jimmy Domagala-Tang
04432478e1
Merge pull request #19053 from overleaf/ab-split-tests-first-time-assignments
...
[web] Return isFirstTimeAssignment flag with split test assignments
GitOrigin-RevId: 70954470fbd9430749d83d8d1e08a3969d4a09e6
2024-06-25 08:04:37 +00:00
Jimmy Domagala-Tang
271700893a
Merge pull request #18784 from overleaf/bg-allow-combined-group-policies
...
allow combined group policies
GitOrigin-RevId: b23fb0454f794e9094e8e15e732b4322a48ac1ee
2024-06-24 12:04:13 +00:00
ilkin-overleaf
34311ce0dc
Merge pull request #18789 from overleaf/ii-invite-token-lookup-by-hmac-token
...
[web] Lookup project invitations by HMAC token
GitOrigin-RevId: b631445e18f83ddb5e7708388a57a0fac0f73bd2
2024-06-24 12:03:10 +00:00
Eric Mc Sween
e73fdfba63
Merge pull request #18906 from overleaf/em-migrate-existing-histories-2
...
History ranges migration script - second attempt
GitOrigin-RevId: 60a2c04e2a72e76a58e9e179fefc4186a96fde32
2024-06-19 08:05:02 +00:00
Domagoj Kriskovic
7e8e2b0585
Send origin metadata through docupdater and project-history when restoring files ( #18721 )
...
* add RestoreFileOrigin in overleaf-editor-core
* support source to be an object
* use sourceOrOrigin as param
* rename to originOrSource so the priority is more clear
* get timestamp from version
* fix test
* include version and min_count in getUpdatesFromHistory
* extractOriginOrSource util function
* fix RestoreManagerTests
GitOrigin-RevId: 0ace05a6ade2794c753a9d0bffb4f858ecc6899a
2024-06-18 08:04:34 +00:00
ilkin-overleaf
b34be6bea4
Merge pull request #18653 from overleaf/ii-invite-token-create-hmac
...
[web] Add HMAC tokens for project invitations
GitOrigin-RevId: 02fa01e24790c9a87f57ff9346f5346658d4dd46
2024-06-17 08:04:17 +00:00
Mathias Jakobsen
8c6c67564f
Merge pull request #18778 from overleaf/mj-web-chat-restore-tests
...
[chat+web] Add tests for revert functionality
GitOrigin-RevId: f10a5589d8ee1299949ef3decd8325d8fa1f7d41
2024-06-11 08:04:51 +00:00
Mathias Jakobsen
c29c151c9f
Merge pull request #18803 from overleaf/revert-18801-mj-revert-big-deploy
...
[web+chat] Redo deploy
GitOrigin-RevId: a056bf20d49a39e71e03db740f57e8506dfc6b71
2024-06-11 08:03:59 +00:00
Mathias Jakobsen
a26e3d3376
Merge pull request #18801 from overleaf/mj-revert-big-deploy
...
[web+chat] Revert big deploy
GitOrigin-RevId: f4d068cbea7e5f5d59a3d698e2def2f94c9b6322
2024-06-10 08:04:33 +00:00
Mathias Jakobsen
d470093174
Merge pull request #18737 from overleaf/mj-chat-revert-existing-file
...
[web] Revert existing file by deleting it first
GitOrigin-RevId: ec9ed5c709c2631ff08dbc2e0f3633d303f12836
2024-06-10 08:04:29 +00:00
Mathias Jakobsen
110b83aea0
Merge pull request #18710 from overleaf/mj-web-chat-send-thread-data
...
[chat+web] Inform frontend when duplicating threads
GitOrigin-RevId: 285afee8f5a016a8e7ac58e9538cc3ec8362681d
2024-06-10 08:04:25 +00:00
Mathias Jakobsen
0f869f9059
Merge pull request #18654 from overleaf/mj-web-duplicate-threads
...
[web] Ensure single doc pointing to comment when reverting
GitOrigin-RevId: e86e566e1b21eed18bb08b285befcab0e740ec45
2024-06-10 08:04:20 +00:00
Jessica Lawshe
3948b6ddb3
Merge pull request #18717 from overleaf/jel-isSplitTestActive
...
[web] Add helper for checking if test is active
GitOrigin-RevId: 1e8987517915e3947812086863da11fad252daf1
2024-06-06 08:05:01 +00:00
Antoine Clausse
e452f1df5b
[web] Promisify LdapController ( #18500 )
...
* Promisify LdapController
* Update tests LdapControllerTests.js
* Promisify `AuthenticationController.finishLogin`
* Simplify null checks in LdapController
* Fix: don't use spread operator in module.exports
* Make `AuthenticationController.promises.finishLogin` a promise that resolves
* Fixup: `finishLogin` does not call `next` then the promise finishes, it calls it only on errors
* Use `Modules.promises.hooks.fire`
* Revert `processPassportLogin` callback style
* Update error handling: Use `OError.tag` instead of `logger.err`
* Fix unit tests: Rely on callbacks rather than promises
* Fix: Actually call `passport.authenticate` (!!)
* Update test: fixup `passport.authenticate` mocks
This would have caught the bugs that the previous commit is solving
* Remove `.then(() => next())` in `processPassportLogin`
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
---------
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: a7eab5f5289956aeb8f2418408958daef3511ab7
2024-06-06 08:04:23 +00:00
Alf Eaton
c24ace801b
Remove Angular ( #17534 )
...
GitOrigin-RevId: 7a0d45e17d9905fa75569e2d19ca59caa4a41565
2024-06-06 08:04:09 +00:00
Andrew Rumble
d1a58e6b77
Merge pull request #18538 from overleaf/ar-add-download-all-link-in-web
...
[web] add download all link for output files
GitOrigin-RevId: 3d574d75d53e577cb0f8fd3caa4f757d9e1b7889
2024-06-03 08:04:07 +00:00
Jessica Lawshe
3a59883e7a
Merge pull request #18297 from overleaf/jel-remove-angular-group-invite
...
[web] Remove Angular version of group invite
GitOrigin-RevId: bd31cd2ed3c105c9042ae9c42894cfe960459a46
2024-05-31 08:04:27 +00:00
Antoine Clausse
36f0a3e01a
[web] Promisify ProjectController ( #18477 )
...
* Create `promiseAuto` util to replace `async.auto`
* Promisify `BrandVariationsHandler.getBrandVariationById`
* Promisify `updateProjectSettings`
* Promisify `updateProjectAdminSettings`
* Promisify `newProject`
* Promisify `deleteProject`
* Promisify `loadEditor`
* Fix brandVariation loading in promise auto
* Promisify `_refreshFeatures`
* Promisify `_injectProjectUsers`
* Fix `no-inner-declarations`
* Promisify `cloneProject`
* Promisify `userProjectsJson`
* Promisify `projectEntitiesJson`
* Promisify `restoreProject`
* Promisify `renameProject`
* Additional warning fix
* Update unit tests
* Fixup `updateProjectSettings`: call jobs inside the Promise.all
* Use `expressify(...)` instead of manually call `next(err)`
https://github.com/overleaf/internal/pull/18477#discussion_r1613611987
https://github.com/overleaf/internal/pull/18477#discussion_r1613621146
https://github.com/overleaf/internal/pull/18477#discussion_r1613634000
...
* Replace Promise.all by sequencial awaits
https://github.com/overleaf/internal/pull/18477#discussion_r1613852746
https://github.com/overleaf/internal/pull/18477#discussion_r1613611987
* Remove manual throws of 500. Let the generic error handler catch them.
https://github.com/overleaf/internal/pull/18477#discussion_r1613623446
https://github.com/overleaf/internal/pull/18477#discussion_r1613628955
* Promisify `untrashProject`
https://github.com/overleaf/internal/pull/18477#discussion_r1613627783
* Promisify `expireDeletedProjectsAfterDuration`
* Promisify `archiveProject`
* Promisify `unarchiveProject`
* Promisify `trashProject`
* Promisify `expireDeletedProject`
* Use async `setTimeout` from `timers/promise`
https://github.com/overleaf/internal/pull/18477#discussion_r1613843085
* Remove unused `_injectProjectUsers`
https://github.com/overleaf/internal/pull/18477#discussion_r1613855766
* Add missing exec in queries (?)
Not sure if that makes a real difference but it's more consistent with the rest of the code
* Catch floating promises
https://github.com/overleaf/internal/pull/18477#discussion_r1613868876
* Replace custom `promiseAuto` by `p-props` from NPM
https://github.com/overleaf/internal/pull/18477#discussion_r1613393294
* Downgrade `p-props` to v4. Later versions require ESM
* Simplify code around `splitTestAssignments`
GitOrigin-RevId: 84d37f7aa9227b5b9acf9eeb5db1b78afc01b6ee
2024-05-30 08:04:36 +00:00
Domagoj Kriskovic
218a4538c1
[web] support for reverting binary files ( #18033 )
...
* [web] revert binary file
* use addEntityWithName if file was deleted
* todo comments
* only show Revert file in ui even if deleted
* use _revertBinaryFile function
* emit new ids when reverting
* format:fix
* await emitToRoom calls
* use EditorController.upsertFile
* remove _revertBinaryFile function
* binary file check
* mock importFile method in tests
* move findElementByPath stub
* debug ci error
* resolve with empty object as file
* fix tests
* remove await before expect()
* format:fix
* test when binary file exists and when it does not
* use "file-revert" for source
* [web] revert existing file without ranges support (#18107 )
* [web] revert existing file without ranges support
* ignore document_updated_externally if file-revert
* fix test
GitOrigin-RevId: a5e0c83a7635bc7d934dec9debe916bdd4beb51e
2024-05-30 08:04:20 +00:00
Mathias Jakobsen
f14fdc7b7c
Merge pull request #17958 from overleaf/mj-web-revert-file
...
[web] Initial version of file reverting
GitOrigin-RevId: ef500b2c3ddf21b0acb6650c2526edd10ab2cc18
2024-05-29 08:04:16 +00:00
ilkin-overleaf
abd57e03cf
Merge pull request #17831 from overleaf/msm-filter-saml-error-log
...
[web] Filter saml error logs by path
GitOrigin-RevId: 4ca9e156657afc893f38fed7ec6b00cbb7a608ef
2024-05-28 08:04:10 +00:00
Eric Mc Sween
3a1560894a
Merge pull request #18516 from overleaf/em-web-resolved-comment-ids
...
Reintroduce resolved comment ids in getDocument()
GitOrigin-RevId: 591589efc643c815c40df440d1297158901f7a79
2024-05-28 08:04:01 +00:00