Commit graph

1653 commits

Author SHA1 Message Date
Antoine Clausse
5f2718cf29 [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555)
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`

* Lowercase the email to avoid rate-limit bypass

* Remove unit test "when the users rate limit"

* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`

This should address the `trim()` bypass

* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`

We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"

* Add acceptance test for rate limit

* Add comment on rate limits

* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity

* Make the login rate limits configurable from the settings

GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
2024-07-30 08:04:26 +00:00
Antoine Clausse
afd965c04b [web] Remove overleaf-integration overrides for /user/emails/delete & /user/emails/resend_confirmation (#19438)
* Use hooks to call `clearSamlSession`

* Promisify `UserEmailsController.remove`

* Use hook for `userDeleteEmailMiddleware`

* Remove `/user/emails/delete` override

* Remove "removeRoute of `/user/emails/resend-secondary-confirmation`"

That route isn't defined elsewhere

* Promisify `UserEmailsController.resendConfirmation`

* Promisify `UserEmailsController.sendReconfirmation`

* Use hook for `resendConfirmationEmailMiddleware`

* Remove `/user/emails/resend_confirmation` override

* Promisify `tryDeleteUser`

* Proxy `clearSamlSession` through `SAMLHelper`

* Revert "Use hook for `resendConfirmationEmailMiddleware`"

This reverts commit f028d9c8

* Inject `SAMLMiddleware.resendConfirmationEmailMiddleware` in `/user/emails/resend_confirmation`

* Update `middleware` syntax and grammar

* Update tests

* Use Module middleware instead of hook for `userDeleteEmailMiddleware`

* Remove "promises" export of tryDeleteUser

GitOrigin-RevId: 211e194fc1ef82dc452ee4e837dcddd9b23690a0
2024-07-29 08:04:24 +00:00
Jimmy Domagala-Tang
918c3e7e33 Merge pull request #19301 from overleaf/jdt-collaborator-ai-usage
Prevent AI usage on projects where collaborators have a blocking policy

GitOrigin-RevId: 93bdd9c5accff51a14f0585249e13ed7f1fa4e53
2024-07-26 08:04:35 +00:00
David
d7357b4d62 Merge pull request #19400 from overleaf/dp-duplicate-file-folder-name
Improvements to handling of file/folder upload conflicts

GitOrigin-RevId: 526edf30dfbaec7ee1e03ffd156365f09be25e86
2024-07-25 08:05:08 +00:00
Alf Eaton
7e136131c0 Promisify Metadata feature (#19361)
GitOrigin-RevId: 962aa9dbbc41a49c2c3120af9a1254a4db85387b
2024-07-24 08:05:19 +00:00
Liangjun Song
f4a7b1f298 bypass linking sharing admin redirect for internal projects (#19314)
* disable linking sharing admin redirect

* address comments

* remove ignoreSiteAdmin

* load admin domains from settings

* add acceptance test

* more tests

* fix tests and restore admin domain

* use adminDomains as array

GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f
2024-07-16 08:04:35 +00:00
Alf Eaton
136214f37a Return the Promise from an expressified async function (#19359)
* Return the Promise from an expressified async function

GitOrigin-RevId: ca4c221a92de888e210e995faad97d0ea241e93f
2024-07-15 09:05:29 +00:00
ilkin-overleaf
b442a74f54 Merge pull request #19249 from overleaf/ii-invite-token-response
[web] Fix share modal resend status code

GitOrigin-RevId: 303f7b6c49d9522df6317789bb7c3c69d774715f
2024-07-15 09:05:02 +00:00
Thomas
ab4a4df931 Merge pull request #19348 from overleaf/tm-link-sharing-changes-events-fixes
Link sharing changes events fixes for collaborator sharing-updates prompt and project open event

GitOrigin-RevId: 45449f0dd27e07de189a9c2620b0aa9a8849dc41
2024-07-15 09:04:44 +00:00
Mathias Jakobsen
1f0e346bbc Merge pull request #19373 from overleaf/mj-comment-regex-fix
[web] Fix regex in comment matching

GitOrigin-RevId: e341f13a9ccbe2fbc1ec6c6c1d8a7a11c4dd4e37
2024-07-15 09:04:07 +00:00
Alf Eaton
87d1c08e2f Merge pull request #19325 from overleaf/ae-metadata-packages
Include all package names in the project metadata

GitOrigin-RevId: dd30eb254806248484c9c6d9210f38c7c69a0ba1
2024-07-15 09:03:32 +00:00
Jimmy Domagala-Tang
e47a790af9 Merge pull request #19292 from overleaf/jdt-mj-imported-at
copying a project should preserve a linked files created timestamp

GitOrigin-RevId: d82506db1fb3f54567e638346179413468419b82
2024-07-15 09:02:08 +00:00
Eric Mc Sween
0be042e331 Merge pull request #19318 from overleaf/mj-revert-check-ranges-support
[web] Check that project has ranges support when reverting

GitOrigin-RevId: 761e435e9d640c08f27dd4ad2cef95934c0cc48b
2024-07-15 09:02:03 +00:00
Miguel Serrano
b5e5d39c3a [web] Tighten check for spelling language (#19297)
* [web] Tighten check for spelling language

* spelling proxy only for `/check` requests

GitOrigin-RevId: c678e93cca9ad39682ec7ce6e49804ea74741acc
2024-07-15 09:01:45 +00:00
Brian Gough
0ebf01f209 Merge pull request #19105 from overleaf/bg-cookie-session-fix-user-deleter-unit-tests
fix UserDeleteTests to restore time operations

GitOrigin-RevId: 85c91697e05b6a12aa66a6524a74848ff281527b
2024-07-04 08:05:43 +00:00
ilkin-overleaf
f9245b8c08 Merge pull request #19071 from overleaf/ii-invite-token-remove-token-field
[web] Remove the token field from `projectInvites` collection

GitOrigin-RevId: fe8395e1d1a0ba2daad600b7e3be657f40151a8e
2024-07-04 08:05:00 +00:00
Jimmy Domagala-Tang
007cc42477 Merge pull request #19152 from overleaf/jdt-project-permissions
Allow checking permissions for all users on a project and rename checkPermissions -> AssertPermissions

GitOrigin-RevId: 511356cf2fe68367e284347e68e59f6116bd0f80
2024-07-03 08:04:19 +00:00
Thomas
566466185b Merge pull request #19206 from overleaf/tm-link-sharing-changes-events
Implement link sharing warning events by reusing the StartFreeTrial paywall button component from the original modal

GitOrigin-RevId: 9c16407ad8a7b5afc9b5b13be1491ef903ae74a3
2024-07-02 08:04:25 +00:00
Thomas
6a65644778 Merge pull request #19185 from overleaf/tm-validate-can-invite-editor-2
Update inviteToProject to check if editor slots are available

GitOrigin-RevId: bb67ae6329130573ba43e9524a3084bf5551ebde
2024-07-01 08:04:21 +00:00
Thomas
a047388b08 Add serverside checks for changing the user access level after link sharing changes (#19168)
* Add getEditInviteCount to count only edit collaborators

* Add getInvitedEditCollaboratorCount to count joined editors

* Add canAddXEditCollaborators to determine if owner can add more editors

* Update setCollaboratorInfo to check if editor slots are available

GitOrigin-RevId: a88707f102dfbde39322f5a7bbc79d47b6e810d5
2024-07-01 08:04:16 +00:00
Thomas
2ce71b0b4d Async/awaitify LimitationsManager for link sharing changes (#19110)
* Move functions to top level

* Async/awaitify LimitationsManager methods

* Promisify LimitationsManagerTests

GitOrigin-RevId: ece7d2ea5160aa95924840044e2f225e1f2848e7
2024-07-01 08:04:12 +00:00
Domagoj Kriskovic
c3c97d9fb9 [web] return file type in revertFile (#18995)
* [web] return file type in revertFile

* fix revertFile unit test

* fix formatting

GitOrigin-RevId: e4ac0500ff6c72c7f7fa23a5f61b09ed31a28da0
2024-06-28 08:04:45 +00:00
Antoine Clausse
1dbbe5af9d [web] Promisify TemplatesController (#18849)
* Promisify TemplatesController

* Update TemplatesControllerTests

* Fix `templateVersionId` in `getV1Template` (!!)

GitOrigin-RevId: bdaa59ed3cff81d919a8b3d19d5be555a2790f55
2024-06-28 08:04:17 +00:00
Thomas
94be372b24 Add new interstitial 'Join project' consent page for existing link sharing editors when opening a project (#19066)
* Add helpers for checking and removing user readwrite token membership

* Add sharing-updates page and handlers

* Redirect read write token members to sharing-updates on project load

GitOrigin-RevId: d552a2cd74a9843c6103923b03f137131a48877a
2024-06-26 11:12:42 +00:00
Thomas
260fdf1307 Add read write token join interstitial variation for link sharing changes (#19060)
* Add read write join interstitial variation for link sharing changes

GitOrigin-RevId: 41661f43f4ab0f18f6ada5bec0b6af2407f65f07
2024-06-26 11:12:37 +00:00
Thomas
70bf7b2aab Merge pull request #19109 from overleaf/tm-project-joined-add-project-id
Add projectId to project-joined event

GitOrigin-RevId: 222e0acc8764592344e384d1a6a5a2327d4161f5
2024-06-26 11:12:33 +00:00
Mathias Jakobsen
e48e4293a6 Merge pull request #19090 from overleaf/mj-web-metadata
[web] Ignore commented content when parsing metadata

GitOrigin-RevId: 78f9b0d6549e60fca4ba8929beb677341d885655
2024-06-25 11:12:02 +00:00
roo hutton
64d9792fe3 Merge pull request #18861 from overleaf/rh-editor-limit-exceeded
[web]: Handle exceeded editor limit in share modal

GitOrigin-RevId: 23a15805ca98327ae4a7fc731bbca3982c90bad5
2024-06-25 08:04:46 +00:00
Jimmy Domagala-Tang
04432478e1 Merge pull request #19053 from overleaf/ab-split-tests-first-time-assignments
[web] Return isFirstTimeAssignment flag with split test assignments

GitOrigin-RevId: 70954470fbd9430749d83d8d1e08a3969d4a09e6
2024-06-25 08:04:37 +00:00
Jimmy Domagala-Tang
271700893a Merge pull request #18784 from overleaf/bg-allow-combined-group-policies
allow combined group policies

GitOrigin-RevId: b23fb0454f794e9094e8e15e732b4322a48ac1ee
2024-06-24 12:04:13 +00:00
ilkin-overleaf
34311ce0dc Merge pull request #18789 from overleaf/ii-invite-token-lookup-by-hmac-token
[web] Lookup project invitations by HMAC token

GitOrigin-RevId: b631445e18f83ddb5e7708388a57a0fac0f73bd2
2024-06-24 12:03:10 +00:00
Eric Mc Sween
e73fdfba63 Merge pull request #18906 from overleaf/em-migrate-existing-histories-2
History ranges migration script - second attempt

GitOrigin-RevId: 60a2c04e2a72e76a58e9e179fefc4186a96fde32
2024-06-19 08:05:02 +00:00
Domagoj Kriskovic
7e8e2b0585 Send origin metadata through docupdater and project-history when restoring files (#18721)
* add RestoreFileOrigin in overleaf-editor-core

* support source to be an object

* use sourceOrOrigin as param

* rename to originOrSource so the priority is more clear

* get timestamp from version

* fix test

* include version and min_count in getUpdatesFromHistory

* extractOriginOrSource util function

* fix RestoreManagerTests

GitOrigin-RevId: 0ace05a6ade2794c753a9d0bffb4f858ecc6899a
2024-06-18 08:04:34 +00:00
ilkin-overleaf
b34be6bea4 Merge pull request #18653 from overleaf/ii-invite-token-create-hmac
[web] Add HMAC tokens for project invitations

GitOrigin-RevId: 02fa01e24790c9a87f57ff9346f5346658d4dd46
2024-06-17 08:04:17 +00:00
Mathias Jakobsen
8c6c67564f Merge pull request #18778 from overleaf/mj-web-chat-restore-tests
[chat+web] Add tests for revert functionality

GitOrigin-RevId: f10a5589d8ee1299949ef3decd8325d8fa1f7d41
2024-06-11 08:04:51 +00:00
Mathias Jakobsen
c29c151c9f Merge pull request #18803 from overleaf/revert-18801-mj-revert-big-deploy
[web+chat] Redo deploy

GitOrigin-RevId: a056bf20d49a39e71e03db740f57e8506dfc6b71
2024-06-11 08:03:59 +00:00
Mathias Jakobsen
a26e3d3376 Merge pull request #18801 from overleaf/mj-revert-big-deploy
[web+chat] Revert big deploy

GitOrigin-RevId: f4d068cbea7e5f5d59a3d698e2def2f94c9b6322
2024-06-10 08:04:33 +00:00
Mathias Jakobsen
d470093174 Merge pull request #18737 from overleaf/mj-chat-revert-existing-file
[web] Revert existing file by deleting it first

GitOrigin-RevId: ec9ed5c709c2631ff08dbc2e0f3633d303f12836
2024-06-10 08:04:29 +00:00
Mathias Jakobsen
110b83aea0 Merge pull request #18710 from overleaf/mj-web-chat-send-thread-data
[chat+web] Inform frontend when duplicating threads

GitOrigin-RevId: 285afee8f5a016a8e7ac58e9538cc3ec8362681d
2024-06-10 08:04:25 +00:00
Mathias Jakobsen
0f869f9059 Merge pull request #18654 from overleaf/mj-web-duplicate-threads
[web] Ensure single doc pointing to comment when reverting

GitOrigin-RevId: e86e566e1b21eed18bb08b285befcab0e740ec45
2024-06-10 08:04:20 +00:00
Jessica Lawshe
3948b6ddb3 Merge pull request #18717 from overleaf/jel-isSplitTestActive
[web] Add helper for checking if test is active

GitOrigin-RevId: 1e8987517915e3947812086863da11fad252daf1
2024-06-06 08:05:01 +00:00
Antoine Clausse
e452f1df5b [web] Promisify LdapController (#18500)
* Promisify LdapController

* Update tests LdapControllerTests.js

* Promisify `AuthenticationController.finishLogin`

* Simplify null checks in LdapController

* Fix: don't use spread operator in module.exports

* Make `AuthenticationController.promises.finishLogin` a promise that resolves

* Fixup: `finishLogin` does not call `next` then the promise finishes, it calls it only on errors

* Use `Modules.promises.hooks.fire`

* Revert `processPassportLogin` callback style

* Update error handling: Use `OError.tag` instead of `logger.err`

* Fix unit tests: Rely on callbacks rather than promises

* Fix: Actually call `passport.authenticate` (!!)

* Update test: fixup `passport.authenticate` mocks

This would have caught the bugs that the previous commit is solving

* Remove `.then(() => next())` in `processPassportLogin`

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>

---------

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: a7eab5f5289956aeb8f2418408958daef3511ab7
2024-06-06 08:04:23 +00:00
Alf Eaton
c24ace801b Remove Angular (#17534)
GitOrigin-RevId: 7a0d45e17d9905fa75569e2d19ca59caa4a41565
2024-06-06 08:04:09 +00:00
Andrew Rumble
d1a58e6b77 Merge pull request #18538 from overleaf/ar-add-download-all-link-in-web
[web] add download all link for output files

GitOrigin-RevId: 3d574d75d53e577cb0f8fd3caa4f757d9e1b7889
2024-06-03 08:04:07 +00:00
Jessica Lawshe
3a59883e7a Merge pull request #18297 from overleaf/jel-remove-angular-group-invite
[web] Remove Angular version of group invite

GitOrigin-RevId: bd31cd2ed3c105c9042ae9c42894cfe960459a46
2024-05-31 08:04:27 +00:00
Antoine Clausse
36f0a3e01a [web] Promisify ProjectController (#18477)
* Create `promiseAuto` util to replace `async.auto`

* Promisify `BrandVariationsHandler.getBrandVariationById`

* Promisify `updateProjectSettings`

* Promisify `updateProjectAdminSettings`

* Promisify `newProject`

* Promisify `deleteProject`

* Promisify `loadEditor`

* Fix brandVariation loading in promise auto

* Promisify `_refreshFeatures`

* Promisify `_injectProjectUsers`

* Fix `no-inner-declarations`

* Promisify `cloneProject`

* Promisify `userProjectsJson`

* Promisify `projectEntitiesJson`

* Promisify `restoreProject`

* Promisify `renameProject`

* Additional warning fix

* Update unit tests

* Fixup `updateProjectSettings`: call jobs inside the Promise.all

* Use `expressify(...)` instead of manually call `next(err)`

https://github.com/overleaf/internal/pull/18477#discussion_r1613611987
https://github.com/overleaf/internal/pull/18477#discussion_r1613621146
https://github.com/overleaf/internal/pull/18477#discussion_r1613634000
...

* Replace Promise.all by sequencial awaits

https://github.com/overleaf/internal/pull/18477#discussion_r1613852746
https://github.com/overleaf/internal/pull/18477#discussion_r1613611987

* Remove manual throws of 500. Let the generic error handler catch them.

https://github.com/overleaf/internal/pull/18477#discussion_r1613623446
https://github.com/overleaf/internal/pull/18477#discussion_r1613628955

* Promisify `untrashProject`

https://github.com/overleaf/internal/pull/18477#discussion_r1613627783

* Promisify `expireDeletedProjectsAfterDuration`

* Promisify `archiveProject`

* Promisify `unarchiveProject`

* Promisify `trashProject`

* Promisify `expireDeletedProject`

* Use async `setTimeout` from `timers/promise`

https://github.com/overleaf/internal/pull/18477#discussion_r1613843085

* Remove unused `_injectProjectUsers`

https://github.com/overleaf/internal/pull/18477#discussion_r1613855766

* Add missing exec in queries (?)

Not sure if that makes a real difference but it's more consistent with the rest of the code

* Catch floating promises

https://github.com/overleaf/internal/pull/18477#discussion_r1613868876

* Replace custom `promiseAuto` by `p-props` from NPM

https://github.com/overleaf/internal/pull/18477#discussion_r1613393294

* Downgrade `p-props` to v4. Later versions require ESM

* Simplify code around `splitTestAssignments`

GitOrigin-RevId: 84d37f7aa9227b5b9acf9eeb5db1b78afc01b6ee
2024-05-30 08:04:36 +00:00
Domagoj Kriskovic
218a4538c1 [web] support for reverting binary files (#18033)
* [web] revert binary file

* use addEntityWithName if file was deleted

* todo comments

* only show Revert file in ui even if deleted

* use _revertBinaryFile function

* emit new ids when reverting

* format:fix

* await emitToRoom calls

* use EditorController.upsertFile

* remove _revertBinaryFile function

* binary file check

* mock importFile method in tests

* move findElementByPath stub

* debug ci error

* resolve with empty object as file

* fix tests

* remove await before expect()

* format:fix

* test when binary file exists and when it does not

* use "file-revert" for source

* [web] revert existing file without ranges support (#18107)

* [web] revert existing file without ranges support

* ignore document_updated_externally if file-revert

* fix test

GitOrigin-RevId: a5e0c83a7635bc7d934dec9debe916bdd4beb51e
2024-05-30 08:04:20 +00:00
Mathias Jakobsen
f14fdc7b7c Merge pull request #17958 from overleaf/mj-web-revert-file
[web] Initial version of file reverting

GitOrigin-RevId: ef500b2c3ddf21b0acb6650c2526edd10ab2cc18
2024-05-29 08:04:16 +00:00
ilkin-overleaf
abd57e03cf Merge pull request #17831 from overleaf/msm-filter-saml-error-log
[web] Filter saml error logs by path

GitOrigin-RevId: 4ca9e156657afc893f38fed7ec6b00cbb7a608ef
2024-05-28 08:04:10 +00:00
Eric Mc Sween
3a1560894a Merge pull request #18516 from overleaf/em-web-resolved-comment-ids
Reintroduce resolved comment ids in getDocument()

GitOrigin-RevId: 591589efc643c815c40df440d1297158901f7a79
2024-05-28 08:04:01 +00:00