github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-23 02:55:13 -04:00
Code Issues Projects Releases Packages Wiki Activity
20953 commits 3 branches 7 tags 222 MiB
Commit graph

585 commits

Author SHA1 Message Date
Brian Gough
bf04275478 Merge pull request #14090 from overleaf/bg-best-reduce-rate-limiter-on-confirmation-email-resend 
reduce rate limiter on confirmation emails

GitOrigin-RevId: 87743dd9dac483a68ff82f1185ae1156d60b0575
 2023-08-31 08:04:05 +00:00
Jakob Ackermann
3d9e9f6aeb Merge pull request #14565 from overleaf/jpa-add-error-context 
[web] add response context to errors of failed logout/login action in CI

GitOrigin-RevId: 9b2e23e243541f87476f8cc71687f9492f615b4d
 2023-08-30 08:05:13 +00:00
Jakob Ackermann
6b61d906ba Merge pull request #14562 from overleaf/jpa-disable-connection-checking 
[web] workaround for broken detection of idle connections in CI

GitOrigin-RevId: ae9ff2b9b1bf99b56d8eb1af6e035b6ed08f7477
 2023-08-30 08:05:02 +00:00
Jakob Ackermann
1ae5c2c2f1 Merge pull request #14530 from overleaf/jpa-check-response-status 
[web] check response status code in acceptance tests

GitOrigin-RevId: 119a13f03bb3f1e8bb39340c36a9f2b0649b2bba
 2023-08-29 08:04:11 +00:00
Jakob Ackermann
94a4659672 Merge pull request #14382 from overleaf/jpa-change-ci-defaults 
[web] use representative defaultFeatures for Server Pro/CE in tests

GitOrigin-RevId: 859187579e8d410f5890e863a46a9440b724c543
 2023-08-18 08:05:41 +00:00
Alexandre Bourdin
53131239d0 Merge pull request #14169 from overleaf/revert-14167-revert-14106-ab-ab-group-settings-admin-only 
Revert "Revert "[web] Restrict group settings page and managed users activation to group admin""

GitOrigin-RevId: 3e622fe3c25dfa9940351450f55c1441634fbd44
 2023-08-10 08:04:24 +00:00
Alf Eaton
c0ab5d498d Set Cache-Control: private for project files (#13750) 
GitOrigin-RevId: b111c792a49a8a5e37734b5fcce1a69f4904c1ff
 2023-08-04 08:05:31 +00:00
Brian Gough
d2f470450e Merge pull request #13933 from overleaf/bg-managed-users-add-missing-jsdoc-param 
refactor getUserValidationStatus in PermissionsManager

GitOrigin-RevId: 80ef8142d3556e47e1d6cb323148f1f1042057aa
 2023-07-21 08:04:40 +00:00
Brian Gough
f3ac016566 Merge pull request #13907 from overleaf/bg-managed-users-allow-cancelled-subscriptions 
allow cancelled subscriptions for managed users

GitOrigin-RevId: 56262ce4bd4cc93d4e5ea92222c76a874d6cad1e
 2023-07-20 08:05:08 +00:00
Brian Gough
f80100fba1 Merge pull request #13662 from overleaf/bg-managed-users-fix-subscription-validator 
fix subscription validator for managed users

GitOrigin-RevId: 765c1c11850090f57327fc8b4255d41a16514472
 2023-07-17 11:01:27 +00:00
Brian Gough
bc3d6c3636 Merge pull request #13717 from overleaf/bg-managed-users-block-affiliations-fix 
fix for block affiliations for managed users

GitOrigin-RevId: cac54288592323ea3f1cd7655d4e2b89ee301002
 2023-07-17 10:58:38 +00:00
Miguel Serrano
01e3409eb4 Merge pull request #13485 from overleaf/msm-share-modal-fetch-tokens 
[web] Fetch share tokens instead of sending via websocket

GitOrigin-RevId: f97bb91ca3ceb410fe860bf1c7802d8157d9f8b4
 2023-07-17 10:48:10 +00:00
Miguel Serrano
78314a0ee0 [web] Fix Null Pointer Error in WikiController in SP (#13393) 
* [web] Fix NPE in WikiController

This error prevents the wiki from retrieving
page content in Server Pro

* [web] add `settings.proxyLearn` to SaaS config

GitOrigin-RevId: d137097e08720e8423133a7f59e2fe619fe134be
 2023-07-17 10:42:41 +00:00
Brian Gough
efdc2dfca4 Merge pull request #13560 from overleaf/bg-group-policy-tests 
add policies and tests for managed users

GitOrigin-RevId: 1f17e0911306b7dba8f4e2ab25a320a08c44702c
 2023-07-17 10:42:31 +00:00
Brian Gough
3b60d05074 Merge pull request #13536 from overleaf/bg-implement-managed-users-policy 
add missing review comment changes from backend support for managed users

GitOrigin-RevId: 31eab361844da3bb2c46d745127a6aa413c3e242
 2023-07-17 10:42:21 +00:00
Mathias Jakobsen
af76768eb7 Merge pull request #13372 from overleaf/mj-captcha-add-email 
[web] Add recaptcha to add-email

GitOrigin-RevId: 0540e0dbc3103dcaac87dd7fabeedbc5892c371c
 2023-07-17 10:40:08 +00:00
Brian Gough
64ca8ce094 Merge pull request #13530 from overleaf/bg-support-managed-users 
add backend support for managed users

GitOrigin-RevId: 61d965949c864013be31206661d2d36b35dd37a1
 2023-07-17 10:39:58 +00:00
Miguel Serrano
7e6613a1a0 Merge pull request #13327 from overleaf/msm-web-track-changes-cleanup 
[web] Cleanup track-changes from web

GitOrigin-RevId: 8cef709ec5e91e4ffe8cd06826038ed84f36ef67
 2023-07-17 10:28:12 +00:00
June Kelly
d68ed0efdf Merge pull request #13140 from overleaf/jk-real-time-disconnect-link-sharing 
[real-time] Disconnect relevant users when link-sharing is turned off

GitOrigin-RevId: cf44a30a235717b658a759e8a74ae4d0e5abae47
 2023-05-31 08:05:07 +00:00
Jakob Ackermann
915914840a Merge pull request #13083 from overleaf/ds-jpa-project-ownership-change 
[web] let invited admins transfer ownership of projects

GitOrigin-RevId: 49da7d42bec089f2278bde8942a63e5538fb5401
 2023-05-16 08:05:22 +00:00
Eric Mc Sween
1117bfae20 Merge pull request #13023 from overleaf/em-delete-git-bridge-data 
Delete git bridge data when a project is expired

GitOrigin-RevId: a600941831af31ff7712d44e437936cd416fc644
 2023-05-16 08:05:07 +00:00
Eric Mc Sween
9528eab43e Merge pull request #13000 from overleaf/em-revert-delete-git-bridge-data 
Revert "Delete git bridge data when a project is expired"

GitOrigin-RevId: a8674e040c9ccce3937b6ce244a82cd190c32c97
 2023-05-09 08:05:17 +00:00
Eric Mc Sween
264bacab10 Merge pull request #12840 from overleaf/em-expire-project-git-bridge 
Delete git bridge data when a project is expired

GitOrigin-RevId: 2f26af2f946ffd8c09f530a7eaadb37522d24a50
 2023-05-09 08:05:00 +00:00
Jessica Lawshe
8be17cdb37 Merge pull request #12819 from overleaf/jpa-institutions-lookup 
[web] migrate /institutions/ proxies to explicit V1 requests

GitOrigin-RevId: 535da280a6350dacbe2c957d2f2cedaeee02a48a
 2023-04-28 08:04:34 +00:00
Eric Mc Sween
5b804ceefd Merge pull request #12654 from overleaf/em-td-upload-filename-encoding 
Fix filename encoding of project and file uploads

GitOrigin-RevId: e718c8f8f376772ee13c50c82d26848977e16eef
 2023-04-19 08:03:13 +00:00
June Kelly
841df71a1d Merge pull request #12342 from overleaf/jk-password-ux-please-use-another-password 
[web] Password UX: 'Please use another password'

GitOrigin-RevId: ca9b26cbcf2dabb27c716da314764ee40ffc83dd
 2023-04-12 08:04:13 +00:00
June Kelly
a140e3dc8c Merge pull request #12269 from overleaf/jk-enable-password-similarity-check 
[web] Enforce password similarity check

GitOrigin-RevId: 1bc4efebba401663c1db9d209dc560560f160ce0
 2023-03-23 09:04:12 +00:00
Eric Mc Sween
21971956b7 Merge pull request #12219 from overleaf/em-camel-case-web 
Camel case variables in web

GitOrigin-RevId: 28e61b759b27f71265f33ab64f588374dba610e0
 2023-03-22 09:05:04 +00:00
Jakob Ackermann
03f45c02c3 Merge pull request #12276 from overleaf/jpa-batched-update-window 
[web] add time based window queries to batchedUpdate

GitOrigin-RevId: e56c01b888cd9749f39d42b77de09bc3fe2d0ec1
 2023-03-22 09:04:09 +00:00
Jakob Ackermann
e6a8f3d04f Merge pull request #12297 from overleaf/jpa-primary-email-check-saas 
[web] disable primary email check in Server CE/Pro

GitOrigin-RevId: be40160aecae7f19780a67e5cdd9356be232ee22
 2023-03-21 09:05:45 +00:00
Jakob Ackermann
ccb0841a50 Merge pull request #12281 from overleaf/jpa-tweak-event-segmentation-filter 
[web] tweak analytics event segmentation filter

GitOrigin-RevId: e00fef0ac74edfd7fbace33bf9289f1c6f905b57
 2023-03-20 09:03:16 +00:00
Jakob Ackermann
fa5804a3cf Merge pull request #12254 from overleaf/jpa-back-fill-doc-rev 
[web] add script for back filling rev=1 for old (deleted) docs

GitOrigin-RevId: 62f5b773fb83ddbf9bb202a592ce2e8f33b5e6b2
 2023-03-17 09:03:58 +00:00
Jakob Ackermann
3c9ace481d Merge pull request #11855 from overleaf/jpa-fix-config 
[web] fix access-token-encryptor config

GitOrigin-RevId: b16002159a3f0004e83ddb4b0cde3b33211184b3
 2023-02-17 09:04:00 +00:00
Jakob Ackermann
dd906df7b7 Merge pull request #11360 from overleaf/jpa-encrypt-2fa-secret 
[web] two-factor-authentication: encrypt the secret in the db

GitOrigin-RevId: 86642e13d917b239012229f685ad0210039a6706
 2023-02-17 09:03:44 +00:00
June Kelly
53b78ad68b Merge pull request #11590 from overleaf/jk-password-reset-ux-improvements 
[web] Password Reset UX Improvements

GitOrigin-RevId: d62575ff965e045823bfb7268db892188cf709ed
 2023-02-10 16:33:14 +00:00
June Kelly
ac83dd9bb3 Merge pull request #11353 from overleaf/jk-remove-deprecated-public-access-levels 
[web] Disallow deprecated access levels from being set

GitOrigin-RevId: cf276e849692be210a2dc7d896820579efc46952
 2023-02-02 09:02:59 +00:00
Eric Mc Sween
75abea72b0 Merge pull request #11492 from overleaf/em-rate-limiter 
Move all remaining rate limiters to rate-limiter-flexible

GitOrigin-RevId: 163ab2aebecb281057e552dc75591dd02028990c
 2023-01-31 09:03:44 +00:00
Eric Mc Sween
2dbc0e3b3d Merge pull request #11489 from overleaf/em-fix-paypal 
Set COOP header to same-origin-allow-popups

GitOrigin-RevId: c8c3751386addb307ee2caf59c228484e8e593c0
 2023-01-27 09:05:43 +00:00
Tim Down
9ab12f3b44 Merge pull request #10966 from overleaf/td-add-coop-header 
Upgrade Helmet to add some security-related response headers, including COOP

GitOrigin-RevId: fce8538b004f7b3ba6c6ca65ad311957d75b496a
 2023-01-24 09:05:27 +00:00
Miguel Serrano
4a84922a2f Merge pull request #11346 from overleaf/msm-config-history-v1-sp 
Configuration changes for FPH in CE/SP

GitOrigin-RevId: 990eb0fa6158d4815740413da085759d2cc5e231
 2023-01-20 14:13:46 +00:00
Mathias Jakobsen
e8c677f7ad Merge pull request #11036 from overleaf/jpa-cdn-blocked-metric 
[web] add metric for blocked cdn

GitOrigin-RevId: bee0fa5af0cc3c5d91deb64c8e32bb7e04dbcc2b
 2023-01-05 09:04:04 +00:00
Mathias Jakobsen
38cc3394e3 Merge pull request #10793 from overleaf/mj-split-test-cleanup 
Split test clean-up

GitOrigin-RevId: 7dd6178487022cbefcbc85797dacc3f3fbfa17e2
 2022-12-21 09:04:04 +00:00
ilkin-overleaf
2675cab92e Merge pull request #10394 from overleaf/ii-password-reset-and-strength-checking 
[web] Password reset strength checking and UI updates

GitOrigin-RevId: 442a5c9e7e9d0a61d3ae649f3526bc3c02fd5704
 2022-12-07 09:03:36 +00:00
Brian Gough
f8a1da1b47 Merge pull request #10715 from overleaf/jpa-web-share-mongo-pool 
[web] share mongo connection pool between Mongoose and native db

GitOrigin-RevId: 8bb2a9dc76880144a8681cb564183906df624cc0
 2022-12-02 09:04:02 +00:00
Brian Gough
4589a57774 Merge pull request #10637 from overleaf/bg-delete-user-from-dropbox 
delete user data from dropbox

GitOrigin-RevId: d586c73b4500f4fe718927f537ae770356eaefc1
 2022-11-29 09:04:33 +00:00
Jakob Ackermann
d4551dc7ce Merge pull request #10442 from overleaf/jpa-convert-archived-trashed 
[web] add migration for convert_archived_state script

GitOrigin-RevId: aeea3601a0c5f96e978c3f2a85458687d6d6678e
 2022-11-15 09:07:09 +00:00
June Kelly
9e824ac93c Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts 
[web] Audit failed login attempts

GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9
 2022-10-20 08:03:44 +00:00
Eric Mc Sween
fe963ba692 Merge pull request #9956 from overleaf/em-node-fetch-web 
Replace request-promise with fetch in web acceptance tests

GitOrigin-RevId: f50357cdea2d1353d7a82c5346b149018f91823f
 2022-10-18 08:03:25 +00:00
Miguel Serrano
74f44e655a Merge pull request #9617 from overleaf/msm-audit-log-collections 
Move project/user audit logs to their own collections

GitOrigin-RevId: f6f89b3e2815c0fe5691a79eceb35b77b3c370d8
 2022-09-30 08:04:17 +00:00
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00