Commit graph

682 commits

Author SHA1 Message Date
andrew rumble
2ccd39b2fa Switch to using status over statusCode
This is a difference in the request/fetch APIs.

GitOrigin-RevId: bde9adcf4de2ceaabfd9baae7a93bf2b0b5e5a1e
2024-08-01 08:04:47 +00:00
Alexandre Bourdin
dcf6e502b9 Merge pull request #19443 from overleaf/ab-overleaf-integration-refacto-move-institutions
[web] Move onboarding related code to onboarding module

GitOrigin-RevId: 405d4c3588f3911867fecd02b36e55fcd7633615
2024-07-30 08:04:31 +00:00
Antoine Clausse
5f2718cf29 [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555)
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`

* Lowercase the email to avoid rate-limit bypass

* Remove unit test "when the users rate limit"

* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`

This should address the `trim()` bypass

* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`

We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"

* Add acceptance test for rate limit

* Add comment on rate limits

* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity

* Make the login rate limits configurable from the settings

GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
2024-07-30 08:04:26 +00:00
andrew rumble
bfc6ac8745 Add mock for the unlink dropbox endpoint
GitOrigin-RevId: 41293a2cb6ab3cf87d40717e43c0f4888df89fe1
2024-07-23 08:04:28 +00:00
ilkin-overleaf
c005e99a3e Merge pull request #19411 from overleaf/ii-split-tests-helpers
[web] Move split test helper methods to a separate file

GitOrigin-RevId: 9bcb429f2debf8f7ff4b071e32c9cf0038459b97
2024-07-22 08:04:16 +00:00
Liangjun Song
f4a7b1f298 bypass linking sharing admin redirect for internal projects (#19314)
* disable linking sharing admin redirect

* address comments

* remove ignoreSiteAdmin

* load admin domains from settings

* add acceptance test

* more tests

* fix tests and restore admin domain

* use adminDomains as array

GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f
2024-07-16 08:04:35 +00:00
Jakob Ackermann
a55d9fcf38 Merge pull request #19416 from overleaf/jpa-test-debug
[web] tests: use named before-all/after-all hooks for mongo setup

GitOrigin-RevId: bbdd0f27d310eac730cec3e2230f177d8112acd8
2024-07-15 09:33:03 +00:00
ilkin-overleaf
f9245b8c08 Merge pull request #19071 from overleaf/ii-invite-token-remove-token-field
[web] Remove the token field from `projectInvites` collection

GitOrigin-RevId: fe8395e1d1a0ba2daad600b7e3be657f40151a8e
2024-07-04 08:05:00 +00:00
Jakob Ackermann
37155e78be Merge pull request #19215 from overleaf/jpa-cleanup-module-init
[web] cleanup web-module init modules

GitOrigin-RevId: 97a05c6fe79fbd96f9697a16ed7099827edc81f0
2024-07-04 08:04:37 +00:00
Thomas
94be372b24 Add new interstitial 'Join project' consent page for existing link sharing editors when opening a project (#19066)
* Add helpers for checking and removing user readwrite token membership

* Add sharing-updates page and handlers

* Redirect read write token members to sharing-updates on project load

GitOrigin-RevId: d552a2cd74a9843c6103923b03f137131a48877a
2024-06-26 11:12:42 +00:00
Miguel Serrano
1697087425 Merge pull request #18970 from overleaf/msm-clean-features-templates
[web] Cleanup `features.templates`

GitOrigin-RevId: 7c9f7bc827700e4255a5ba8a46de70318afdaae4
2024-06-24 12:05:43 +00:00
David
dcb7944b05 Merge pull request #18895 from overleaf/dp-presentation-mode
Add pdf presentation mode

GitOrigin-RevId: e6ac1ae339e9690a733a110c6f0a33149e869dd6
2024-06-17 08:04:30 +00:00
Brian Gough
38ac00ba13 Merge pull request #18775 from overleaf/bg-cookie-session-metrics-middleware
add middleware to record session cookie metrics in web

GitOrigin-RevId: f4404455e219d2071d6f0b39e657e9219b7d1c70
2024-06-13 08:04:16 +00:00
Brian Gough
97956856ca Merge pull request #18741 from overleaf/bg-cookie-session-test-rotation-support
test session key rotation in cookie-session module

GitOrigin-RevId: 57486b3df527a9998da3b93981c9d45f510802b8
2024-06-13 08:04:06 +00:00
andrew rumble
3311066363 Add new fields to mongoose subscription schema
GitOrigin-RevId: 6b28d7464482a8d5729709f99893b333c3d7f9c2
2024-06-11 08:04:55 +00:00
Antoine Clausse
262a92083a Don't throw cron job when some PayPal collection fails (#18795)
* Don't throw cron job when some PayPal collection fails

Follow-up of https://github.com/overleaf/internal/pull/18414 and https://github.com/overleaf/internal/pull/18572

This was causing `Heartbeat [cron-web-collect-paypal-prod] is expired.`
And the cron to rerun (altogether three times a day, instead of once a day)

https://cloudlogging.app.goo.gl/W4qBPFDeTUkRQ8J27

* Update tests

GitOrigin-RevId: a6a29cc84c0c72fd86b2e3a9739669d3a5fb0be5
2024-06-11 08:04:04 +00:00
Antoine Clausse
01e1286a8b In PayPal collect invoices script: Update throw unsuccessful invoices collections (#18572)
* Remove throw on `INVOICES_COLLECTED_SUCCESS.length === 0`

Effectively reverts 038377b511

See: https://digital-science.slack.com/archives/C20TZCMMF/p1716973110408049

* Update tests so they don't expect rejections

* Reject when some invoice collection failed

GitOrigin-RevId: aa37f7fa37c96b8624e87d94be675d115e3250a9
2024-05-30 08:04:31 +00:00
Alexandre Bourdin
a0c8cf663a Merge pull request #18000 from overleaf/ab-dev-enable-toolbar-default
[web] Enable the dev-toolbar by default in the dev environment

GitOrigin-RevId: 170e59e9b82268e621fe99ffcc82b7d68467e1b3
2024-05-27 10:23:56 +00:00
Brian Gough
344b4d0fa0 Merge pull request #18088 from overleaf/ab-session-secret-rotation
[web/realtime/history-v1] Support session secret rotation

GitOrigin-RevId: 3c2fa27b1b3e0a8e0c9d1af2e616ce873d54aedf
2024-05-27 10:23:33 +00:00
Antoine Clausse
554be73a36 In collect_paypal_past_due_invoice.js, iterate over each page instead of gathering data from all pages at first (#18414)
* Create `getPaginatedEndpointIterator` to iterate each page

* Create `waitMs` util, it will replace `slowCallback`

* Make `handleAPIError` async

* Make `isAccountUsingPaypal` async

* Make `attemptInvoiceCollection` async

* Make `attemptInvoicesCollection` async

* Use `await` instead of `new Promise`

* Remove unused callbackified `attemptInvoiceCollection`

* Run `attemptInvoiceCollection` for each page instead of gathering all pages in the beginning

* Add test on fetching multiple pages of invoice

GitOrigin-RevId: 2674b18c6ca5732b873fb2bc71b515909006f93d
2024-05-27 10:23:18 +00:00
David
635aae7b1f Merge pull request #18320 from overleaf/dp-add-secondary-prompt-ui
Add secondary email form V2 (with Captcha this time)

GitOrigin-RevId: b06216a2c9cb5b3b09305a17992eca506a0047f5
2024-05-27 10:22:40 +00:00
Antoine Clausse
78a0bc2b05 [web] Convert RecurlyWrapper functions to async (#18384)
* Rename `RecurlyWrapper` to `promises`, as it will only contain the promises soon

* Update `apiRequest`

* Update `_parseXml`

* Update `_parseXmlAndGetAttribute`

* Update `_parse*Xml`

* Update `updateAccountEmailAddress`

* Update `checkAccountExists`

* Update `createAccount`

* Update `createBillingInfo`

* Update `setAddressAndCompanyBillingInfo`

* Update `createSubscription`

* Update `_createPaypalSubscription`

* Update `_handle422Response`

* Update `_createCreditCardSubscription`

* Update `createSubscription`

* Update `getSubscriptions`

* Update `getSubscription`

* Update `getPaginatedEndpoint`

* Update `getAccount`

* Update `getAccountActiveCoupons`

* Update `getCoupon`

* Update `getBillingInfo`

* Update `getAccountPastDueInvoices`

* Update `attemptInvoiceCollection`

* Update `updateSubscription`

* Update `createFixedAmmountCoupon`

* Update `lookupCoupon`

* Update `redeemCoupon`

* Update `extendTrial`

* Update `listAccountActiveSubscriptions`

* To find which functions to add as callbackified, I used this Regex:
`RecurlyWrapper\.(?!promises)[^.\s]*`

And after adding callbackified functions, we're left with no results with the Regex:
`RecurlyWrapper\.(?!promises|apiUrl|_buildXml|_parseXml|attemptInvoiceCollection|createFixedAmmountCoupon|getAccountActiveCoupons|getBillingInfo|getPaginatedEndpoint|getSubscription|updateAccountEmailAddress)[^.\s]*`

* Update unit tests

* Test `getSubscription` both as "promise" and as "callback"

I'm not sure if we want to generalize this.

* Fix: add missing `await`s (!!)

* Change `apiRequest` to reject errors instead of resolving it in an object

* Fixup for CollectPayPalPastDueInvoice test

* Fix: callbackify `getSubscriptions` (!!)

* Replace `.then(...)` chain by multiple `await`

* Fixup `attemptInvoicesCollection`: prevent reading length of undefined

* Use `return await` when returning promises

Per https://github.com/overleaf/internal/pull/18384#pullrequestreview-2065738771

GitOrigin-RevId: ceda755b24fd29f97a27e60ac5db9bc7e369f932
2024-05-27 10:21:26 +00:00
Jakob Ackermann
dfe587f297 Merge pull request #18294 from overleaf/jpa-td-invite-details
[web] avoid content reflection via query parameter on register page

GitOrigin-RevId: 43e7ba6069e0d9f3f12e5e9e680b5960b0673782
2024-05-16 08:05:09 +00:00
Antoine Clausse
9419cc3b37 [web] Add tests to collect_paypal_past_due_invoice.js + update logging (#18310)
* Fix: Invoices collected array length comparison

Update the code with the correct condition to respect the intent of the previous implementation ("exit with non zero code when no invoicess were processed").
See 5476f39984

However, I'm not sure if erroring when no invoices are collected is actually what we want to do.

* Wrap `collect_paypal_past_due_invoice` script and export the function

* Fixup typo `accoutns`

* Log invoices collection data before throwing

* Add note: `handleAPIError` is silencing the errors

* Create a test on `collect_paypal_past_due_invoice`

* Replace `console.log` by `@overleaf/logger` (bunyan)

Our `console.warn` show up as Errors (in red) in GCP. For example the following is an error in GCP:
```
Errors in attemptInvoiceCollection with id=2693634 OError: Recurly API returned with status code: 400
```
https://github.com/overleaf/internal/blob/5476f39/services/web/scripts/recurly/collect_paypal_past_due_invoice.js#L9

---

Does it correctly set the levels as warnings if we use `@overleaf/logger`

GitOrigin-RevId: 37c8bdf4afd8cef4706700aafb44480ec8966a74
2024-05-15 08:04:46 +00:00
David
6718729087 Merge pull request #18318 from overleaf/dp-revert-secondary-email
Revert "Merge pull request #18139 from overleaf/dp-add-secondary-prompt-ui"

GitOrigin-RevId: d8af37a5c332ac21ddd4c85679553df0bda326f9
2024-05-14 08:04:11 +00:00
David
0630e96d49 Merge pull request #18139 from overleaf/dp-add-secondary-prompt-ui
Add UI for secondary email prompt

GitOrigin-RevId: 887b2c7f0047f19b605f03745f7dda83926ec70b
2024-05-14 08:04:01 +00:00
Jakob Ackermann
0576e02127 Merge pull request #18152 from overleaf/jpa-stricter-session-validation
[web] stricter session validation

GitOrigin-RevId: 3ef916318fde7f31e3e3fd0f7082dde7a2975a27
2024-05-03 08:04:20 +00:00
Antoine Clausse
a26c655220 Delete 3 migration scripts for compile-timeouts (#18163)
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 2d66052994159b6d902b807f02488095d65562e1
2024-05-01 08:05:00 +00:00
Antoine Clausse
cdd79e8ec0 Fix: unset recent users featuresUpdatedAt after wrong update (#18149)
* Copy previous script

* Remove `featuresUpdatedAt` that was wrongly set on recent users

* Fix! `signupDate` -> `signUpDate`

* Add test on `migration_compile_timeout_60s_to_20s_fixup_new_users.js`

* style: `$unset: { featuresUpdatedAt: 1 }` -> `$unset: { featuresUpdatedAt: '' }`

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* Add comment on test (https://github.com/overleaf/internal/pull/18149#discussion_r1582999534)

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 408f5c7d48e60722aba736167b8e8858e9570d99
2024-04-30 08:04:33 +00:00
Antoine Clausse
711d50a2f1 [web] Create script to update forgotten featuresUpdatedAt after the migration to 20s compile timeout (#18113)
* Copy `migration_compile_timeout_60s_to_20s.js` script

* Update `featuresUpdatedAt`

* Add a comment about `featuresUpdatedAt` in migration_compile_timeout_60s_to_20s.js

* Fix test on migration_compile_timeout_60s_to_20s.js

* Fix: Include users having `featuresUpdatedAt` undefined in the update

* Add test on `migration_compile_timeout_60s_to_20s_fixup_features_updated_at`

GitOrigin-RevId: 4b2baf955a6a9f39bf9ce00b7839af551064c6cb
2024-04-30 08:04:28 +00:00
Brian Gough
29105911c5 Merge pull request #17732 from overleaf/bg-session-mitigation-initial-protoype
anonymous cookie-based sessions module

GitOrigin-RevId: 75fe2d48fa384ba8d07c0b478a9a5a907a2b3b67
2024-04-26 08:04:54 +00:00
Jakob Ackermann
a540754f6e Merge pull request #18116 from overleaf/jpa-bulk-replace-localhost
[misc] bulk replace localhost with 127.0.0.1

GitOrigin-RevId: d238f3635302e8ff5500d611108c4d1bef216726
2024-04-26 08:04:39 +00:00
David
c2448ff3d2 Merge pull request #17947 from overleaf/dp-secondary-email-confirmation-code
Add endpoints for secondary email confirmation by code

GitOrigin-RevId: c2829672fd9aeca457f76958d4922b9c95086f26
2024-04-26 08:04:00 +00:00
Jessica Lawshe
a815ba6e5c Merge pull request #17912 from overleaf/jel-sso-enroll-after-login
[web] Redirect to group SSO enrollment page after log in

GitOrigin-RevId: 4c0937de6f009cd6e7e094569eb9ad46606a763b
2024-04-25 08:05:10 +00:00
Alexandre Bourdin
9fc6fa9b77 Merge pull request #18017 from overleaf/ab-convert-assigned-at-date
[web] Transform assignedAt back to date for conversion

GitOrigin-RevId: bd0213b337f765d8512386f9f5d3fc6d03572e33
2024-04-23 08:04:52 +00:00
David
5ad70690c9 Merge pull request #17989 from overleaf/dp-test-endpoint-injection
Create an injectRouteAfter test helper method

GitOrigin-RevId: e6c7cfd47a0200b47d5074185301f15ae2182c44
2024-04-19 08:04:02 +00:00
David
0cf17478fe Merge pull request #17810 from overleaf/dp-compormised-password-prompt
Add compromised password prompt

GitOrigin-RevId: 7910a220943fcb3aa191da6d514d5bc3ae20f5a3
2024-04-19 08:03:58 +00:00
Jakob Ackermann
3df0fe82ce Merge pull request #17926 from overleaf/jpa-batched-update-sorting
[web] batchedUpdate: use explicit sorting to find first record to update

GitOrigin-RevId: 6f57b92a4e5907f307618bd98642b4874018e9fa
2024-04-17 08:04:09 +00:00
Antoine Clausse
d35204033f Merge pull request #17909 from overleaf/ac-tear-down-compile-timeout-tests-2
[web]  Remove split-tests `compile-backend-class*` and `compile-timeout-20s*` (attempt 2)

GitOrigin-RevId: 5658f2977d3e7089eec5bbe7a33eee81c153e41d
2024-04-16 08:04:08 +00:00
Antoine Clausse
491bc2628d Merge pull request #17899 from overleaf/revert-17700-ac-tear-down-compile-timeout-tests
Revert "[web] Remove split-tests `compile-backend-class*` and `compile-timeout-20s*`"

GitOrigin-RevId: d5070ced06adbd435e782a44b7ef767e395bd6a0
2024-04-15 08:04:37 +00:00
Antoine Clausse
2dd10c7fee [web] Remove split-tests compile-backend-class* and compile-timeout-20s* (#17700)
* Remove split-tests of `compile-timeout-20s` and `compile-timeout-20s-existing-users`

* Remove `NEW_COMPILE_TIMEOUT_ENFORCED_CUTOFF` variables

* Revert timeout override `60` -> `20`

* Update settings.overrides.saas.js: `compileTimeout: 20`

* Remove `compile-backend-class-n2d`

* Remove `force_new_compile_timeout`

* Remove `showNewCompileTimeoutUI`

* Remove `compileTimeChanging`

* Simplify code by removing segmentation object

* Remove `CompileTimeoutChangingSoon`

* Remove `user.features.compileTimeout = '20 (with 10s prompt)'`

* Remove `CompileTimeWarning`

* Remove `TimeoutUpgradePrompt` (old)

* Remove `compile-backend-class`

* Remove unused translations

* Update tests

* Fix: Show `CompileTimeout` even if `!window.ExposedSettings.enableSubscriptions`

* Create script to migrate users to 20s compileTimeout

* migration script: exclude `compileTimeout: 20` from the match

* migration script: use `batchedUpdate`

* Remove `showFasterCompilesFeedbackUI` and `FasterCompilesFeedback`

Helped-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* Remove `_getCompileBackendClassDetails`, simplify definition of `limits` object

* Remove `Settings.apis.clsi.defaultBackendClass`

* Remove unnecessary second scan of the whole user collection in dry mode

* Override `timeout` to 20 for users having `compileGroup === 'standard' && compileTimeout <= 60`

* Remove second `logCount`: re-run the script in dry-mode if you want to see that count

* Use secondary readPreference when counting users

* Fix script setup and exit 0

* Fix: Remove `user.` from query path!

* Add acceptance test on script migration_compile_timeout_60s_to_20s.js

GitOrigin-RevId: 3cb65130e6d7fbd9c54005f4c213066d0473e9d8
2024-04-15 08:04:24 +00:00
Jessica Lawshe
955c860b64 Merge pull request #17841 from overleaf/jel-lint-populate
[web] Add linting rule for mongoose `populate`

GitOrigin-RevId: 625b2b5f9db4e88ce0d629752f083b8be71c7766
2024-04-12 08:06:18 +00:00
Jakob Ackermann
c9373c25f4 Merge pull request #17873 from overleaf/jpa-await-user-login
[web] await promisified user login in ProjectStructureTests

GitOrigin-RevId: 68df8931a5c7c3843367c6fd34a66278c212ff5b
2024-04-12 08:05:20 +00:00
Jakob Ackermann
a6fb983afc Merge pull request #17871 from overleaf/jpa-bind-v4-v6
[misc] align the host for binding and requesting in tests

GitOrigin-RevId: 916521c56928329ff2cbf2817f3a0a27aeaf8c3d
2024-04-12 08:04:51 +00:00
roo hutton
8644e239c6 Merge pull request #17596 from overleaf/rh-permissions-policy
[web] Add Permissions-Policy header

GitOrigin-RevId: 8934bbbda411102580d9ef8af135dcdc147627f9
2024-04-08 08:04:29 +00:00
David
b1928cecef Merge pull request #17530 from overleaf/dp-teardown-onboarding-flow-split-test
Teardown onboarding flow split test

GitOrigin-RevId: 48e95e4e736772074cb68d195fc950a9da3aebcf
2024-04-08 08:04:04 +00:00
Brian Gough
f2a1b49d48 Merge pull request #17593 from overleaf/bg-account-security-update-hibp-links
Update haveibeenpwnd links to use the password check form

GitOrigin-RevId: f67b1ed689c851ad3684becc38cd5eb82b0018a2
2024-03-22 09:03:13 +00:00
Thomas
811173d32d Merge pull request #17569 from overleaf/tm-account-suspension
Add the ability to suspend user accounts

GitOrigin-RevId: 5e57f29941434c78a47354baca83527213f9b9b5
2024-03-22 09:03:06 +00:00
David
664ba2b1f1 Merge pull request #16957 from overleaf/dp-mongoose-callback-subscription-test-helpers
Promisify Subscription acceptance test helper

GitOrigin-RevId: 0a03f994fdc65dcd3b1b33d2f777602962274ab7
2024-03-11 09:04:04 +00:00
David
9ef084d73f Merge pull request #17430 from overleaf/dp-callbackify-class
Add callbackifyClass utility

GitOrigin-RevId: 762b800ce0eff2f146147908838162f7d32bd855
2024-03-11 09:03:59 +00:00