Shane Kilkelly
0aaeb6671e
Keep password reset token in session, and strip it from reset page url.
...
This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.
Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.
2015-08-24 11:53:33 +01:00
Henry Oswald
a53e3b80cf
if blog or universities site is down don't crash, send 500
2015-08-20 16:55:16 +01:00
Shane Kilkelly
aab7a8713e
Catch the case where filename is shorter than the extension length.
2015-08-20 15:56:30 +01:00
Shane Kilkelly
2dd56d0b32
If we're sending a html file to mobile-safari, do so as plain text.
...
This prevents safari from trying to render the page,
which it does because it ignores the "Content-Disposition" header.
2015-08-20 12:02:43 +01:00
Henry Oswald
63580f6a79
remove useClsi2 flag in project collection
2015-08-19 11:58:41 +01:00
Henry Oswald
a777fcc5a6
changed post to deactivate projects to set params via body rather than query params
2015-08-19 11:55:35 +01:00
Henry Oswald
50fc886c94
changed inactive to active as its more effienct query in mongo
2015-08-19 11:54:30 +01:00
Henry Oswald
d3499acd7b
pass options through stating how long ago want to archive from and limit
2015-08-14 14:11:53 +01:00
Henry Oswald
70b825fd2a
fixed call to ProjectUpdateHandler.markAsOpened and made it async
2015-08-14 11:27:11 +01:00
Henry Oswald
66b87df17c
added deactivate project endpoint
2015-08-14 11:26:11 +01:00
Henry Oswald
bec9bf5c87
replace lodash with underscore in this project
2015-08-14 09:42:27 +01:00
Henry Oswald
21a67ddab4
added deactivate old projects endpoint
2015-08-13 22:50:39 +01:00
Henry Oswald
a0142d4415
added inactive and reactivate project logic
2015-08-13 22:40:28 +01:00
James Allen
ec5e03bd01
Fix subscription currency dropdowns
2015-08-04 15:58:31 +01:00
Henry Oswald
53dc0b63c8
v1 of enago
2015-08-04 10:45:19 +01:00
Henry Oswald
3e55aef25a
show error if socket io fails to connect. Not tested yet.
2015-07-31 15:42:47 +01:00
Henry Oswald
417fd4f5f5
add logging to tell us how long since a project that is being opened was last updated
2015-07-22 10:38:48 +01:00
Henry Oswald
c12213b46b
added logging around load editor times
2015-07-22 10:38:28 +01:00
Henry Oswald
a786b623a8
added logging to help debug slow project list page loading
2015-07-22 01:06:23 +01:00
Henry Oswald
3ecf201eda
send -> sendStatus
2015-07-08 16:56:38 +01:00
Henry Oswald
9028bcf830
set body parser limit to 2mb
2015-07-08 14:35:03 +01:00
Henry Oswald
39df8964cf
added route that got lost in merge
2015-07-08 13:29:10 +01:00
Henry Oswald
9a49ce4a0e
removed extra req.session.destroy
2015-07-08 12:58:02 +01:00
Henry Oswald
8020cd8f47
removed tpds from settings.defaults.coffee, if not set updates are now not queued
2015-07-02 12:09:08 +01:00
Henry Oswald
56346ad88c
remove analytics router and fixed bad package.json
2015-07-01 15:48:23 +01:00
Brian Gough
e6a670533d
added default mongoose connection
2015-07-01 15:36:50 +01:00
Henry Oswald
7fd29b18a8
destroy users session before creating a new one for them after login
...
session changed to prevent against fixation attacks
2015-07-01 15:29:02 +01:00
Henry Oswald
4f0b922a5d
changed name used when project or file uploaded, this changed when
...
we started using https://github.com/expressjs/multer
* originalname - Name of the file on the user's computer
* name - Renamed file name
2015-07-01 15:28:49 +01:00
Henry Oswald
3ab57f6830
put express locals on webRouter, this prevents problem with accessing sessions in locals, they should also only be used on web routes not api routes
2015-07-01 15:28:30 +01:00
Henry Oswald
941d407231
added saveUninitialized option to session which is now required
2015-07-01 15:26:17 +01:00
Henry Oswald
15a57f5dc4
removed req.session.destorys from endpoints now on the api router which are not needed
2015-07-01 15:26:05 +01:00
Henry Oswald
1cc0cbe8fc
split site into 2 routers, webRouter and apiRouter
...
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
Henry Oswald
665bdcf538
v1 of express4 conversion
2015-07-01 15:17:43 +01:00
Brian Gough
3de841dd71
added event loop monitor
2015-06-23 13:50:42 +01:00
Henry Oswald
84bf0dd9a3
added timeout and logging for tpdsworker queing via http
2015-06-23 11:19:23 +01:00
Henry Oswald
b83fe4dcf9
put tpdsworker url in from settings
2015-06-23 11:13:05 +01:00
Henry Oswald
2ec925b45e
fairy removed from web, makes http request to tpds worker now
2015-06-22 22:33:04 +01:00
James Allen
30eb79dfdc
Add link to DataJoy that shows randomly 50% of the time
2015-06-09 15:36:16 +01:00
James Allen
0eec715bb5
Upgrade to Angular 1.3.15 and latest ui-bootstrap
2015-06-09 14:59:12 +01:00
Henry Oswald
aaa902cca9
fixed bug with subscriptions where if an old user had a subscription and was in a group they would get a confusing page
2015-06-01 14:38:09 +01:00
Henry Oswald
33aa5c732f
if a domain licence link has expired render a nice message explaining they need to retry
2015-06-01 12:43:42 +01:00
Henry Oswald
cb48242b74
changed email expire to 1 day for verifying account
2015-06-01 12:22:46 +01:00
Henry Oswald
6727c3ee00
changed ShareLaTeX thoughts to go into type form
2015-05-29 16:27:35 +01:00
Henry Oswald
d3f6c0c614
Merge branch 'user-csv' of git://github.com/heukirne/web-sharelatex into heukirne-user-csv
2015-05-29 12:17:54 +01:00
Henry Oswald
e4011b9ba1
Merge branch 'emailverification'
2015-05-29 12:10:02 +01:00
Henry Oswald
702fdc1480
improved views for domain licence invites
2015-05-29 12:09:28 +01:00
Henrique Dias
f50eb0398f
add export csv group feature
2015-05-28 16:54:41 -03:00
Henry Oswald
43c4531e51
kill off CollaboratorsHandler. changeUsersPrivilegeLevel as it is not used anywhere
2015-05-28 13:02:08 +01:00
Henry Oswald
e454d2f059
don't allow renaming in client if user is not owner
2015-05-28 12:59:02 +01:00
Henry Oswald
ca28d8ee70
changed views to use translations
2015-05-27 22:15:46 +01:00
Henry Oswald
b657c5207e
cleaned up the views a bit
2015-05-27 21:45:29 +01:00
Henry Oswald
22b94e9246
renamed SubscriptionDomainAllocator -> SubscriptionDomainHandler
2015-05-27 20:57:54 +01:00
Henry Oswald
4773d6d22f
added tests around new endpoints for joining groups
2015-05-27 20:50:16 +01:00
Henry Oswald
f27c072ae1
pull logic checking if user is already part of a group out of controller into handler
2015-05-27 16:33:47 +01:00
Henry Oswald
72e528e9d1
if you are alread in the group show the custom group page
2015-05-27 15:50:28 +01:00
Henry Oswald
79fa49a43d
if a user is elelable to be part of a group subscription and they go to
...
/user/subscription it should redirect them to the group subscription invite
2015-05-27 15:35:31 +01:00
Henry Oswald
1d21bddcf5
fix Onetime token handler path
2015-05-27 15:06:36 +01:00
Brian Gough
a5d14f4ffb
handle unexplained case where smokeTestModule is undefined
2015-05-26 16:33:02 +01:00
Henry Oswald
481bd67fbd
changed paths to use hyphens and add succesfull join page
2015-05-26 15:26:45 +01:00
Henry Oswald
841231dbf8
make PasswordResetTokenHandler generic so it can be used for invites
2015-05-26 15:24:09 +01:00
Brian Gough
e51cdb81bd
port leak fixes from smoke-test-sharelatex module
2015-05-26 10:54:55 +01:00
Henry Oswald
cad8d8a23b
v1 basic invite works, not pretty or tested
2015-05-22 13:57:15 +01:00
Henry Oswald
f5c39efcac
patched xss hole with messages not setting the content type correctly
2015-05-19 11:04:52 +01:00
Brian Gough
3ad517e1c2
Merge pull request #177 from sharelatex/fix-ace-extension-errors
...
prevent loading error for ace language tools extension in development
2015-05-05 14:47:44 +01:00
Brian Gough
6014085e8e
prevent loading error for ace language tools extension in development
2015-05-05 14:33:18 +01:00
Henry Oswald
72af6748c9
Merge pull request #157 from oskanberg/patch-1
...
Rename 'javscript' to 'javascript'
2015-05-05 14:28:27 +01:00
Henry Oswald
9764ab258b
added complex password validation to password resets
2015-04-30 12:05:46 +01:00
Henry Oswald
312c56a24e
allow password resets to be performed when site is not public by adding routes into white list
2015-04-30 11:58:26 +01:00
Henry Oswald
a7640b5bbd
changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist
2015-04-30 11:57:40 +01:00
Henry Oswald
635f79d2f6
added password strength check to change password
2015-04-28 18:30:19 +01:00
Henry Oswald
f385a7a4b5
open chat links in new window
2015-04-28 16:20:24 +01:00
Henry Oswald
6669884f44
Merge branch 'tpds-cleanup'
2015-04-23 10:06:26 +01:00
Henry Oswald
31a51b73d8
improved linkify so data is correctly sanitized, used inbuilt angular lib
...
don't know how I missed that last time!
2015-04-22 17:58:33 +01:00
James Allen
af85c83877
Buffer updates when only a single user is editing a document
...
Add in 5 second delay between flushing updates when only a single user
is editing a document. As soon as an update is received from another user
we switch to sending updates immediately again so there is no latency
between collaborators. The logic applies to individual docs, so two users
can be editing different docs and will still buffer updates since they
will not affect each other.
2015-04-17 11:24:28 +01:00
Brian Gough
396644d314
proposed fix to delete tpds dump files after use
2015-04-15 14:41:38 +01:00
James Allen
5c30a7de67
Add in option for global login requirement (defaults to on)
2015-04-15 11:14:53 +01:00
James Allen
893ff85521
Don't allow password resets for holding accounts
2015-04-14 13:11:49 +01:00
James Allen
33f56b71a2
Remove redundant body parser line
2015-04-14 13:04:49 +01:00
James Allen
8b4ccae60a
Read cookie session length from settings file
2015-04-14 13:04:29 +01:00
Brian Gough
0684fa36fd
upgrade pdfjs to version 1.0.1040
2015-03-31 14:53:27 +01:00
James Allen
8483f249ee
Actually proxy websocket connections
2015-03-20 19:08:48 +00:00
Brian Gough
b0a32b1ef8
make new pdf viewer the default for all users
...
remove old pdf viewer
2015-03-20 11:28:28 +00:00
James Allen
ff55e4c5ed
Merge branch 'private_registration'
2015-03-20 10:34:17 +00:00
James Allen
393169bc2a
Create a grunt task to create the admin user
2015-03-19 17:36:50 +00:00
James Allen
e2d515f957
Allow public registration module to hook into email system
2015-03-19 17:19:56 +00:00
James Allen
9b8cf7bcfa
Remove public registration and require that a user be registered by an admin
2015-03-19 14:22:48 +00:00
James Allen
d76ef86077
Tell user to contact admin email to register
2015-03-18 16:20:26 +00:00
James Allen
93a088618a
Return proper error from registration handler
2015-03-18 16:19:48 +00:00
James Allen
cb948fede2
Move email sending into registration controller
2015-03-18 15:57:01 +00:00
Brian Gough
adb98d05b5
sentry 1.1.16 does not yet support release parameter, use build tag instead
2015-03-18 15:50:26 +00:00
Brian Gough
5d788ca7c5
add grunt version target to report version to sentry
...
it writes the git commit id and Jenkins build number into the sentry
configuration
2015-03-17 16:59:17 +00:00
Oliver Skånberg-Tippen
5df9f49a4e
Rename 'javscript' to 'javascript'
2015-03-10 18:56:46 +00:00
James Allen
0f69ee0f22
Add in proxy for /socket.io so that we don't need to faff with real-time service location
2015-03-09 14:09:09 +00:00
James Allen
bb61dfe34a
Show nice error page if socket.io could not be loaded
2015-03-09 13:57:13 +00:00
James Allen
d376acdaa9
Allow an __appName__ parameter in translations
2015-03-09 12:14:30 +00:00
Henry Oswald
97f0fad525
add vat number option to payment form
2015-03-04 18:08:06 +00:00
Henry Oswald
80dc2f9224
send coupon code server side to be applied to users subscription
2015-03-04 17:50:24 +00:00
Henry Oswald
9805c6a9ff
doc model no longer has lines or rev in it
2015-03-04 11:10:59 +00:00
Henry Oswald
fe3b9bf07a
clients can not rename docs/files/folders to blank name.
...
Client and server side checks added
2015-03-04 11:10:59 +00:00
Brian Gough
edc83b905c
remove circular references when reporting to sentry
2015-03-03 16:41:21 +00:00
Brian Gough
c1cde643ef
use send build identifier to clsi only for new pdf viewer
...
old pdf viewer will continue to use the main ouput.pdf file
2015-03-02 14:59:53 +00:00
Brian Gough
0315954b47
Merge branch 'master' into support-cached-pdfs
2015-03-02 09:20:00 +00:00
Brian Gough
5b9f2e8fc1
pass build id through to clsi when requesting pdf
2015-02-26 16:21:44 +00:00
Henry Oswald
40b30b957a
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-02-24 22:07:43 +00:00
Henry Oswald
161f24ffdf
add flag which requires login for /learn
2015-02-24 22:07:36 +00:00
Henry Oswald
387a8b8ae3
hide some forms in user settings if authentication is managed by external system
2015-02-24 13:41:46 +00:00
Henry Oswald
5028665913
ignore errors from https://pstatic.datafastguru.info its malware we have
...
no control over
2015-02-23 17:29:38 +00:00
Henry Oswald
8638b531a5
fire off register to newsletter on user registration as it can be slow
2015-02-23 16:03:45 +00:00
Henry Oswald
c33956c0af
fix jade warnings about missing space, need to escape the module html
...
insertions a different way. != func rather than !{func}
2015-02-23 10:18:48 +00:00
Henry Oswald
e4121d8a28
forgot comma in ignoreUrls
2015-02-19 11:25:06 +00:00
Henry Oswald
4eed88c1ab
broken a err and null check into 2 lines
2015-02-19 10:54:28 +00:00
Henry Oswald
ad5de0e93a
added null check on Facebook
2015-02-18 22:25:58 +00:00
Henry Oswald
5d09999da5
ignore errors from twitter loading
2015-02-18 22:19:49 +00:00
Henry Oswald
a9660a3a07
add err and null project test for locating project element
2015-02-18 21:57:21 +00:00
Henry Oswald
455d78773e
change the meta tags a little to help with so
2015-02-18 21:57:21 +00:00
Henry Oswald
f8e3fa6308
increase the auto compile limit a little
2015-02-18 21:57:21 +00:00
Henry Oswald
21a01d94d4
check that content exists before adding it to getAllDocs.
...
causing error which I think is blowing up the mongo driver elsewhere
2015-02-18 21:57:21 +00:00
James Allen
766bfbf5ef
Provide easy way out of track-changes
2015-02-18 17:50:14 +00:00
James Allen
000f01fbeb
Remove unneeded uid module
2015-02-17 11:21:50 +00:00
James Allen
8e13ded360
Regenerate the session id after logging in or registering
2015-02-13 11:18:17 +00:00
Henry Oswald
65859468de
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-02-12 09:21:48 +00:00
Henry Oswald
216c9cefe3
don't error on subscription dashboard page if there is no subscription.taxRate
2015-02-12 09:21:45 +00:00
James Allen
50048a53b5
Don't throw an exception if there is an error with unzip
2015-02-11 11:34:49 +00:00
Henry Oswald
bf38fb7459
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-02-10 18:05:51 +00:00
Henry Oswald
1d6c928c81
fix bug which showed all plans as monthly in payment form.
...
Also use translations for string of month/year
2015-02-10 18:05:39 +00:00
James Allen
b44e9b1dcb
Move template front end code to module
2015-02-10 13:02:43 +00:00
James Allen
e4b77a2563
Merge branch 'dropbox-module'
2015-02-10 11:38:32 +00:00
James Allen
001a5d751b
Pull out templates logic into its own module
2015-02-10 11:24:34 +00:00
Henry Oswald
08420a305a
autolink chat messages
2015-02-07 16:15:33 +00:00
Henry Oswald
7918ea4bc3
don't evaulate wiki/learn html with angular
2015-02-07 15:55:27 +00:00
Henry Oswald
7030d5f822
change plan shows price including tax
2015-02-06 16:19:52 +00:00
Henry Oswald
86f963a7ec
recurly tax updates
...
- get all accounts does get all of them by looping through all pages
- creating coupons requires which plan the coupon is for
- fixed the total price shown to people so it includes tax
2015-02-06 16:19:52 +00:00
James Allen
6c387edbe2
Remove Dropbox front end logic from main sharelatex repo
2015-02-05 18:20:34 +00:00
James Allen
f75376124e
Update open source branding
2015-02-05 16:56:35 +00:00
James Allen
d7afb4e513
Clean up unused real-time code in web
2015-02-05 16:37:37 +00:00
James Allen
3aad31069c
Always show chat name or email
2015-02-05 13:05:57 +00:00
James Allen
5a922e2356
Include email address explicitly in welcome email to avoid any confusion
2015-02-05 12:52:50 +00:00
James Allen
888ebd5d7b
Attempt to stop superfish malware from loading
2015-02-05 11:23:45 +00:00
James Allen
366a0403a6
Clear rate limit in smoke tests
2015-02-05 10:18:18 +00:00
James Allen
e35d80211e
Log when rate limit is hit
2015-02-05 09:52:40 +00:00
Henry Oswald
993c5bcee7
dont show generic error message on subscriptions if they are part of a group
2015-02-04 20:56:50 +00:00
Henry Oswald
7fdb8009a0
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-02-04 20:20:16 +00:00
Henry Oswald
e4a54cbdfc
added recurly subscription null checks
...
this deals with a user who has an expired old subscription then
is added to a group subscription.
2015-02-04 20:17:55 +00:00
James Allen
4235c90623
Add in rate limit to opening projets
2015-02-04 15:05:35 +00:00
James Allen
2aa229d145
Add in profiling end point
2015-02-03 11:05:23 +00:00
James Allen
860de1528f
Load default coupon code if provided in query string
2015-02-02 17:42:27 +00:00
James Allen
48a17729e4
Show change plan list on clicking change plan, not hide
2015-02-02 14:53:45 +00:00
Henry Oswald
7f0b4e5ba5
Merge branch 'master' into sitelicences
2015-02-02 11:15:14 +00:00
Henry Oswald
ee83ed6e81
started using underscore.string to check domain emails
2015-02-02 11:15:04 +00:00
Henry Oswald
cb889efb6a
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-01-29 18:32:26 +00:00