github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-10-31 21:21:03 -04:00
Code Issues Projects Releases Packages Wiki Activity
19292 commits 3 branches 7 tags 199 MiB
Commit graph

30 commits

Author SHA1 Message Date
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Henry Oswald
5f1abee345 Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly
d04ea76081 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00
Jakob Ackermann
f0bd6dda23 Merge pull request #7986 from overleaf/jpa-eslint-8 
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
 2022-05-17 08:05:59 +00:00
Timothée Alby
21c92a045d Merge pull request #6672 from overleaf/ta-router-apply-signature-fix 
Use Correct Router Apply Function Signature

GitOrigin-RevId: 567ff9a4c59834ae200bba860e265abe2e0173e5
 2022-02-16 11:34:37 +00:00
June Kelly
c72ec548bb Merge pull request #5976 from overleaf/jk-login-audit-log-type 
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
 2022-01-14 09:02:28 +00:00
Hugh O'Brien
3b95ac6d88 Merge pull request #5688 from overleaf/jpa-invalid-password-message 
[web] password reset: validate user password ahead of invalidating token

GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
 2021-11-10 09:02:38 +00:00
June Kelly
7292cfbd02 Merge pull request #5366 from overleaf/jk-move-password-reset-audit-log 
[web] audit password reset before taking action

GitOrigin-RevId: 672f712658b4669a5a750dbc6f97d24ce35c332d
 2021-10-21 08:03:00 +00:00
Jakob Ackermann
891947770c Merge pull request #5124 from overleaf/jk-de-ng-set-password-page 
[web] de-ng set password form

GitOrigin-RevId: d8ebf9f794454d5772e13ab783892d2bba6eed87
 2021-09-24 08:03:23 +00:00
June Kelly
0ae8f37629 Merge pull request #5107 from overleaf/jk-de-ng-reconfirm-and-pw-reset 
[web] de-ng password reset and must-reconfirm forms

GitOrigin-RevId: 2101493ff017ba56214c6f981129f94eb9db46aa
 2021-09-17 08:03:02 +00:00
Alexandre Bourdin
9468e5cb4f Merge pull request #4338 from overleaf/ab-session-manager 
Extract functions from AuthenticationController to SessionManager

GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883
 2021-07-28 12:36:22 +00:00
Jakob Ackermann
9d00c351a8 Merge pull request #4327 from overleaf/jpa-pw-reset-captcha 
[misc] add captcha on password reset requests

GitOrigin-RevId: 9a23b9c9dee2c56345e9c1846861c05c25126802
 2021-07-28 02:06:02 +00:00
Jakob Ackermann
5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Miguel Serrano
f9871103bf Merge pull request #3949 from overleaf/msm-reenable-eslint-const-rule 
Reenable eslint `prefer-const` rule

GitOrigin-RevId: 4f3825be8b8dff381095209085a36eaab76260d5
 2021-05-06 02:09:14 +00:00
Alf Eaton
1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Miguel Serrano
d65db1acf0 Merge pull request #3824 from overleaf/jpa-password-reset-email-forwarding 
[misc] fix passing around of users email as part of password reset

GitOrigin-RevId: 54e8cde9867a2ce735bc7ebe281ead19ef49e6cd
 2021-04-01 02:05:04 +00:00
Eric Mc Sween
309163d444 Merge pull request #3595 from overleaf/ae-password-reset-request-validation 
Add request validation to the password reset endpoints

GitOrigin-RevId: 104444d0ebfea2b3d66285a8433e49c1134076b8
 2021-02-04 03:04:59 +00:00
Shane Kilkelly
e9f7a17093 Merge pull request #3234 from overleaf/sk-fix-password-validation-email 
Overhaul password validation

GitOrigin-RevId: a591c4e192e30a0ac053eab6f80627543a8a92fe
 2020-10-23 02:04:39 +00:00
Simon Detheridge
fdcf327ae7 Merge pull request #3231 from overleaf/jpa-hide-internal-error-messages 
[misc] PasswordResetController: do not expose internal error messages

GitOrigin-RevId: 9eca5e7f5367559d5340363ef859589e218e817f
 2020-09-29 02:05:30 +00:00
Jessica Lawshe
552fb56b74 Merge pull request #3078 from overleaf/jel-log-password-reset-by-token 
Update audit log when password reset by token

GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf
 2020-08-13 15:46:10 +00:00
Miguel Serrano
0583f7a667 Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods 
[misc] fix express deprecations

GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5
 2020-05-07 03:27:56 +00:00
Eric Mc Sween
1dc325d1c7 Merge pull request #2750 from overleaf/ta-activate-finish-login 
Don't Bypass FinishLogin on Password Reset

GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71
 2020-04-24 03:30:45 +00:00
Eric Mc Sween
93fe30a451 Merge pull request #2412 from overleaf/em-password-trim 
Preserve spaces in password in password reset flow

GitOrigin-RevId: 9a2dfb2988ae99be73934b722e635056b5ab1a18
 2019-12-02 14:09:57 +00:00
Ersun Warncke
2c335802ca remove excessive logging 
GitOrigin-RevId: 62024bbe0415a4fdae66eb1b9c6707e5faec7cd1
 2019-11-27 12:17:32 +00:00
Eric Mc Sween
2603597150 Merge pull request #2221 from overleaf/em-ownership-transfer-emails 
Project ownership transfer emails

GitOrigin-RevId: 3d33147c18e2d652976b3dac7453c0407c81314e
 2019-10-15 13:30:10 +00:00
Ersun Warncke
d624c29b6f remove v1 deps for password change/reset 
GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7
 2019-07-17 15:09:24 +00:00
Eric Mc Sween
d7549544d6 Merge pull request #1950 from overleaf/em-password-reset 
Fetch user by email when validating password reset

GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d
 2019-07-16 09:22:15 +00:00
Eric Mc Sween
a31090daab Merge pull request #1944 from overleaf/em-password-reset 
Store the email address in the password reset token data

GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a
 2019-07-04 12:51:16 +00:00
Timothée Alby
e73a5d9103 Merge pull request #1923 from overleaf/ta-error-log-level 
Reduce Log Level

GitOrigin-RevId: 63a8859e6b78cb0774a28069089f4bce73eb91ec
 2019-07-01 14:06:36 +00:00
Alasdair Smith
0ca81de78c Merge pull request #1717 from overleaf/as-decaffeinate-backend 
Decaffeinate backend

GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa
 2019-05-29 09:32:21 +00:00