Commit graph

37 commits

Author SHA1 Message Date
Paulo Jorge Reis
e139abb110 Merge pull request #1273 from sharelatex/ja-password-reset-v1
Handle v1-only users in v2 password reset flow

GitOrigin-RevId: 38ce8e9aebd3330b980e73640a23661d8015d4f3
2018-12-18 11:48:53 +00:00
Jessica Lawshe
7666c8a481 Merge pull request #1236 from sharelatex/jel-password-reset
Reset password via API request to v1

GitOrigin-RevId: 00b0306ca77df650595a762382a8a63b05a945f6
2018-12-14 16:02:14 +00:00
James Allen
0dcbc5facb Send out confirmation emails on register and record confirmedAt date 2018-06-21 10:21:15 +01:00
Tim Alby
bbaca91e57 add UserGetter#getUserByMainEmail
Use only that method to find users by email.
2018-05-28 14:11:09 +02:00
Shane Kilkelly
6a161b4071 remove commented out code 2017-02-06 16:35:52 +00:00
Shane Kilkelly
7d5dc34b3e fix the set-password form for new (admin-created) users 2017-02-06 14:58:54 +00:00
Shane Kilkelly
6e282ab308 clear sessions on password reset 2016-07-05 14:19:59 +01:00
James Allen
1e8ab5357b Improve pre-registered account activation process 2015-12-11 11:30:06 +00:00
Shane Kilkelly
0aaeb6671e Keep password reset token in session, and strip it from reset page url.
This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.

Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.
2015-08-24 11:53:33 +01:00
Henry Oswald
3ecf201eda send -> sendStatus 2015-07-08 16:56:38 +01:00
Henry Oswald
1cc0cbe8fc split site into 2 routers, webRouter and apiRouter
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
Henry Oswald
1d21bddcf5 fix Onetime token handler path 2015-05-27 15:06:36 +01:00
Henry Oswald
841231dbf8 make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 15:24:09 +01:00
Henry Oswald
9764ab258b added complex password validation to password resets 2015-04-30 12:05:46 +01:00
Henry Oswald
312c56a24e allow password resets to be performed when site is not public by adding routes into white list 2015-04-30 11:58:26 +01:00
James Allen
893ff85521 Don't allow password resets for holding accounts 2015-04-14 13:11:49 +01:00
James Allen
9b8cf7bcfa Remove public registration and require that a user be registered by an admin 2015-03-19 14:22:48 +00:00
Henry Oswald
56efefd6d4 renamed variable 2014-10-30 08:33:18 +00:00
James Allen
accd8207b2 Show password reset expired message rather than server error if that's what has happened 2014-10-08 17:18:24 +01:00
Henry Oswald
f73629f8d9 v1 of sentinal support 2014-09-26 14:52:00 +01:00
James Allen
10021986c5 Don't error on password reset if no email found, and translate error messages 2014-08-08 11:41:54 +01:00
Henry Oswald
d047d44079 Changed the error messages which are sent down to the client to be translated first
fixed up tests from titles we check when rendering, deleted them as they never
catch anything important, more hastle than they are worth imo.
2014-08-01 14:03:38 +01:00
Henry Oswald
1b8c8b8c48 sorted out titles 2014-08-01 13:47:14 +01:00
James Allen
5aa7daa951 Fix password reset rate limit to work on ip, not email which changes every request 2014-06-25 10:46:58 +01:00
Henry Oswald
dabed896be lowercase password reset email 2014-06-10 17:54:29 +01:00
Henry Oswald
50df82697a Merge branch 'master' of github.com:sharelatex/web-sharelatex 2014-05-16 11:27:09 +01:00
Henry Oswald
9419d3a0e5 hooked up the frount end ui to show the email can not be found,
added client side valdidation on password, removed server side min
length check. Just check that it is not 0 len
2014-05-16 11:26:29 +01:00
James Allen
240dc2e319 Use crypto.randomBytes 2014-05-16 10:52:31 +01:00
Henry Oswald
9c3c57f2a8 renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 10:43:55 +01:00
Henry Oswald
bf1bb22afd added rate limiting to password reset endpoint 2014-05-16 10:31:33 +01:00
Henry Oswald
133c4759f8 fix tests, whoops 2014-05-15 18:26:00 +01:00
Henry Oswald
e1b3f3542c added some logging 2014-05-15 18:14:05 +01:00
Henry Oswald
96d98329f1 token based reset works 2014-05-15 17:58:25 +01:00
Henry Oswald
1ffd19099b writen getUserIdFromToken 2014-05-15 17:20:42 +01:00
Henry Oswald
9f901fb1ba added the token generator and its getNewToken function 2014-05-15 17:16:20 +01:00
Henry Oswald
64688e661d written password reset controller 2014-05-15 16:50:38 +01:00
Henry Oswald
551e1d465a written password reset handler 2014-05-15 16:20:23 +01:00