github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-10-24 21:12:38 -04:00
Code Issues Projects Releases Packages Wiki Activity
20153 commits 3 branches 7 tags 203 MiB
Commit graph

17 commits

Author SHA1 Message Date
June Kelly
a140e3dc8c Merge pull request #12269 from overleaf/jk-enable-password-similarity-check 
[web] Enforce password similarity check

GitOrigin-RevId: 1bc4efebba401663c1db9d209dc560560f160ce0
 2023-03-23 09:04:12 +00:00
June Kelly
53b78ad68b Merge pull request #11590 from overleaf/jk-password-reset-ux-improvements 
[web] Password Reset UX Improvements

GitOrigin-RevId: d62575ff965e045823bfb7268db892188cf709ed
 2023-02-10 16:33:14 +00:00
Eric Mc Sween
fe963ba692 Merge pull request #9956 from overleaf/em-node-fetch-web 
Replace request-promise with fetch in web acceptance tests

GitOrigin-RevId: f50357cdea2d1353d7a82c5346b149018f91823f
 2022-10-18 08:03:25 +00:00
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956) 
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
 2022-09-28 08:06:54 +00:00
Simon Detheridge
9953822175 Merge pull request #6661 from overleaf/spd-local-tests 
Move acceptance test mocks to nonstandard ports and add options for running locally

GitOrigin-RevId: bd8f70ac8d80599daccc51cfe7b90a2ad8d8c3d8
 2022-08-10 08:03:45 +00:00
Henry Oswald
5f1abee345 Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password 
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
 2022-07-20 08:04:00 +00:00
June Kelly
d04ea76081 Merge pull request #8882 from overleaf/jk-web-reject-same-password 
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
 2022-07-20 08:03:36 +00:00
Hugh O'Brien
3b95ac6d88 Merge pull request #5688 from overleaf/jpa-invalid-password-message 
[web] password reset: validate user password ahead of invalidating token

GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
 2021-11-10 09:02:38 +00:00
June Kelly
7292cfbd02 Merge pull request #5366 from overleaf/jk-move-password-reset-audit-log 
[web] audit password reset before taking action

GitOrigin-RevId: 672f712658b4669a5a750dbc6f97d24ce35c332d
 2021-10-21 08:03:00 +00:00
Alf Eaton
1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Alf Eaton
1ebc8a79cb Merge pull request #3495 from overleaf/ae-prettier-2 
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
 2021-04-15 02:05:22 +00:00
Miguel Serrano
d65db1acf0 Merge pull request #3824 from overleaf/jpa-password-reset-email-forwarding 
[misc] fix passing around of users email as part of password reset

GitOrigin-RevId: 54e8cde9867a2ce735bc7ebe281ead19ef49e6cd
 2021-04-01 02:05:04 +00:00
Jakob Ackermann
4280a96b2c Merge pull request #3749 from overleaf/jpa-refactor-audit-log-access-in-tests 
[misc] test/acceptance: refactor access on user audit log

GitOrigin-RevId: fab5b81a7469ef4fa0daa553169a47e3427c49fd
 2021-03-27 03:05:06 +00:00
Eric Mc Sween
309163d444 Merge pull request #3595 from overleaf/ae-password-reset-request-validation 
Add request validation to the password reset endpoints

GitOrigin-RevId: 104444d0ebfea2b3d66285a8433e49c1134076b8
 2021-02-04 03:04:59 +00:00
Alf Eaton
2ff1cf43d6 Merge pull request #3470 from overleaf/eslint 
Upgrade and configure ESLint

GitOrigin-RevId: ad5aeaf85e72c847a125ff3a9db99a12855e38aa
 2020-12-16 03:08:28 +00:00
Jakob Ackermann
a096d98956 Merge pull request #3193 from overleaf/jpa-mongodb-native-acceptance-tests 
[misc] migrate the acceptance tests to the native mongo driver

GitOrigin-RevId: 5ec8605cafb28cc9cfeb85d7ee0d1b567cfe49ba
 2020-10-09 02:05:03 +00:00
Jessica Lawshe
552fb56b74 Merge pull request #3078 from overleaf/jel-log-password-reset-by-token 
Update audit log when password reset by token

GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf
 2020-08-13 15:46:10 +00:00