Commit graph

694 commits

Author SHA1 Message Date
Jakob Ackermann
d655cb129a Merge pull request #20168 from overleaf/jpa-email-fallback-info
[web] log emails on level INFO from fallback transport

GitOrigin-RevId: a1f63e302cf6c5fcfa82b85ff2c79182fdc58945
2024-08-30 08:04:42 +00:00
Brian Gough
dbf977a93c Merge pull request #20087 from overleaf/bg-clean-up-web-crash-tests
read crash test files from a directory

GitOrigin-RevId: 3e498bd73dc9ca97cbe96899f9c1661d430a7d75
2024-08-26 08:05:23 +00:00
roo hutton
5e2662adc4 [web] Enforce collaborator limit (#19619)
* Enables collaborator limit enforcement

* Add pendingEditor_refs for editors downgraded during limit enforcement

* Add isPendingEditor to useEditorContext

---------

Co-authored-by: Thomas Mees <thomas.mees@overleaf.com>
GitOrigin-RevId: b622213f6282ccd8ee85a23ceb29b8c6f8ff6a96
2024-08-22 14:01:25 +00:00
andrew rumble
330868ff0c Handle Mongoose callback api removal in test helpers
GitOrigin-RevId: 00b8128aed7727e7a1b6f8d2d92a5fbc3a7775fb
2024-08-21 08:04:37 +00:00
andrew rumble
5cd5c1bffc Use new ObjectId instead of ObjectId()
GitOrigin-RevId: bfbf9f1d6b84a13f32fce127f01a49b1deaee6fe
2024-08-21 08:04:33 +00:00
andrew rumble
032deaf05c Switch to mongodb-legacy
GitOrigin-RevId: 11e09528c153de6b7766d18c3c90d94962190371
2024-08-21 08:04:24 +00:00
Alexandre Bourdin
a6c97cd506 Merge pull request #19946 from overleaf/ac-remove-ol-int-imports-from-tests
[web] Remove overleaf-integration imports from tests

GitOrigin-RevId: 96a3afaab386c486c948d35999f2acf4cedc77cf
2024-08-20 08:04:27 +00:00
Alexandre Bourdin
10ef61a02b Merge pull request #19901 from overleaf/ac-confirm-institution-domain-queue-in-institution-module
[web] Add `start` function to modules. Move `confirm-institution-domain` queue to institution module

GitOrigin-RevId: 0d36ff3dcc529e77c76d72d0a67bbdb9310b42fd
2024-08-14 08:05:39 +00:00
Alexandre Bourdin
0071439866 Merge pull request #19929 from overleaf/ac-test-show-upgrade-prompt
[web] Add acceptance test checking `showUpgradePrompt` in `/project/:id`

GitOrigin-RevId: 825c5c364bea07f9f3886443633f9022413d030f
2024-08-14 08:05:34 +00:00
Brian Gough
cf83990459 add tests for unwanted 500 responses from invalid urls (#19612)
* add acceptance tests for bad urls

* fix 500 from health check when smoke test userId is undefined

* handle exception from invalid urls in ExpressLocals middleware

* Add return statement before `next()`

* Cleaned up list of crash_test_urls.txt

* Return 400 instead of 404 on parsing errors

---------

Co-authored-by: mserranom <mserranom@gmail.com>
GitOrigin-RevId: dac35b07d1f12bd9ceb70e3064ec2ef8393f99b5
2024-08-14 08:05:16 +00:00
Antoine Clausse
8736bee460 [web] Move confirm_university_domain to institutions module, and /api/clsi/compile/* to publish-modal module (#19797)
* Move `/api/institutions/confirm_university_domain` to institutions module

* Move `confirmDomain` to institutions module

* Move `/api/clsi/compile/*` endpoints to `publish-modal` module

* Move ApiClsiTests to publish-modal module

* Revert move of MockClsiApi. It's still needed in the main acceptance tests

GitOrigin-RevId: b59c2921e03b94546d72d21e60a688eb1ae1d05e
2024-08-12 08:05:16 +00:00
ilkin-overleaf
16cdf5140a Merge pull request #19626 from overleaf/ii-invite-remove-unncecessary-fields
[web] Clean up props exposed to the /invite and /invites endpoints

GitOrigin-RevId: dc4163e04d5785e141d5e322bfb0a626e67d637f
2024-08-12 08:05:04 +00:00
andrew rumble
2ccd39b2fa Switch to using status over statusCode
This is a difference in the request/fetch APIs.

GitOrigin-RevId: bde9adcf4de2ceaabfd9baae7a93bf2b0b5e5a1e
2024-08-01 08:04:47 +00:00
Alexandre Bourdin
dcf6e502b9 Merge pull request #19443 from overleaf/ab-overleaf-integration-refacto-move-institutions
[web] Move onboarding related code to onboarding module

GitOrigin-RevId: 405d4c3588f3911867fecd02b36e55fcd7633615
2024-07-30 08:04:31 +00:00
Antoine Clausse
5f2718cf29 [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555)
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`

* Lowercase the email to avoid rate-limit bypass

* Remove unit test "when the users rate limit"

* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`

This should address the `trim()` bypass

* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`

We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"

* Add acceptance test for rate limit

* Add comment on rate limits

* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity

* Make the login rate limits configurable from the settings

GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
2024-07-30 08:04:26 +00:00
andrew rumble
bfc6ac8745 Add mock for the unlink dropbox endpoint
GitOrigin-RevId: 41293a2cb6ab3cf87d40717e43c0f4888df89fe1
2024-07-23 08:04:28 +00:00
ilkin-overleaf
c005e99a3e Merge pull request #19411 from overleaf/ii-split-tests-helpers
[web] Move split test helper methods to a separate file

GitOrigin-RevId: 9bcb429f2debf8f7ff4b071e32c9cf0038459b97
2024-07-22 08:04:16 +00:00
Liangjun Song
f4a7b1f298 bypass linking sharing admin redirect for internal projects (#19314)
* disable linking sharing admin redirect

* address comments

* remove ignoreSiteAdmin

* load admin domains from settings

* add acceptance test

* more tests

* fix tests and restore admin domain

* use adminDomains as array

GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f
2024-07-16 08:04:35 +00:00
Jakob Ackermann
a55d9fcf38 Merge pull request #19416 from overleaf/jpa-test-debug
[web] tests: use named before-all/after-all hooks for mongo setup

GitOrigin-RevId: bbdd0f27d310eac730cec3e2230f177d8112acd8
2024-07-15 09:33:03 +00:00
ilkin-overleaf
f9245b8c08 Merge pull request #19071 from overleaf/ii-invite-token-remove-token-field
[web] Remove the token field from `projectInvites` collection

GitOrigin-RevId: fe8395e1d1a0ba2daad600b7e3be657f40151a8e
2024-07-04 08:05:00 +00:00
Jakob Ackermann
37155e78be Merge pull request #19215 from overleaf/jpa-cleanup-module-init
[web] cleanup web-module init modules

GitOrigin-RevId: 97a05c6fe79fbd96f9697a16ed7099827edc81f0
2024-07-04 08:04:37 +00:00
Thomas
94be372b24 Add new interstitial 'Join project' consent page for existing link sharing editors when opening a project (#19066)
* Add helpers for checking and removing user readwrite token membership

* Add sharing-updates page and handlers

* Redirect read write token members to sharing-updates on project load

GitOrigin-RevId: d552a2cd74a9843c6103923b03f137131a48877a
2024-06-26 11:12:42 +00:00
Miguel Serrano
1697087425 Merge pull request #18970 from overleaf/msm-clean-features-templates
[web] Cleanup `features.templates`

GitOrigin-RevId: 7c9f7bc827700e4255a5ba8a46de70318afdaae4
2024-06-24 12:05:43 +00:00
David
dcb7944b05 Merge pull request #18895 from overleaf/dp-presentation-mode
Add pdf presentation mode

GitOrigin-RevId: e6ac1ae339e9690a733a110c6f0a33149e869dd6
2024-06-17 08:04:30 +00:00
Brian Gough
38ac00ba13 Merge pull request #18775 from overleaf/bg-cookie-session-metrics-middleware
add middleware to record session cookie metrics in web

GitOrigin-RevId: f4404455e219d2071d6f0b39e657e9219b7d1c70
2024-06-13 08:04:16 +00:00
Brian Gough
97956856ca Merge pull request #18741 from overleaf/bg-cookie-session-test-rotation-support
test session key rotation in cookie-session module

GitOrigin-RevId: 57486b3df527a9998da3b93981c9d45f510802b8
2024-06-13 08:04:06 +00:00
andrew rumble
3311066363 Add new fields to mongoose subscription schema
GitOrigin-RevId: 6b28d7464482a8d5729709f99893b333c3d7f9c2
2024-06-11 08:04:55 +00:00
Antoine Clausse
262a92083a Don't throw cron job when some PayPal collection fails (#18795)
* Don't throw cron job when some PayPal collection fails

Follow-up of https://github.com/overleaf/internal/pull/18414 and https://github.com/overleaf/internal/pull/18572

This was causing `Heartbeat [cron-web-collect-paypal-prod] is expired.`
And the cron to rerun (altogether three times a day, instead of once a day)

https://cloudlogging.app.goo.gl/W4qBPFDeTUkRQ8J27

* Update tests

GitOrigin-RevId: a6a29cc84c0c72fd86b2e3a9739669d3a5fb0be5
2024-06-11 08:04:04 +00:00
Antoine Clausse
01e1286a8b In PayPal collect invoices script: Update throw unsuccessful invoices collections (#18572)
* Remove throw on `INVOICES_COLLECTED_SUCCESS.length === 0`

Effectively reverts 038377b511

See: https://digital-science.slack.com/archives/C20TZCMMF/p1716973110408049

* Update tests so they don't expect rejections

* Reject when some invoice collection failed

GitOrigin-RevId: aa37f7fa37c96b8624e87d94be675d115e3250a9
2024-05-30 08:04:31 +00:00
Alexandre Bourdin
a0c8cf663a Merge pull request #18000 from overleaf/ab-dev-enable-toolbar-default
[web] Enable the dev-toolbar by default in the dev environment

GitOrigin-RevId: 170e59e9b82268e621fe99ffcc82b7d68467e1b3
2024-05-27 10:23:56 +00:00
Brian Gough
344b4d0fa0 Merge pull request #18088 from overleaf/ab-session-secret-rotation
[web/realtime/history-v1] Support session secret rotation

GitOrigin-RevId: 3c2fa27b1b3e0a8e0c9d1af2e616ce873d54aedf
2024-05-27 10:23:33 +00:00
Antoine Clausse
554be73a36 In collect_paypal_past_due_invoice.js, iterate over each page instead of gathering data from all pages at first (#18414)
* Create `getPaginatedEndpointIterator` to iterate each page

* Create `waitMs` util, it will replace `slowCallback`

* Make `handleAPIError` async

* Make `isAccountUsingPaypal` async

* Make `attemptInvoiceCollection` async

* Make `attemptInvoicesCollection` async

* Use `await` instead of `new Promise`

* Remove unused callbackified `attemptInvoiceCollection`

* Run `attemptInvoiceCollection` for each page instead of gathering all pages in the beginning

* Add test on fetching multiple pages of invoice

GitOrigin-RevId: 2674b18c6ca5732b873fb2bc71b515909006f93d
2024-05-27 10:23:18 +00:00
David
635aae7b1f Merge pull request #18320 from overleaf/dp-add-secondary-prompt-ui
Add secondary email form V2 (with Captcha this time)

GitOrigin-RevId: b06216a2c9cb5b3b09305a17992eca506a0047f5
2024-05-27 10:22:40 +00:00
Antoine Clausse
78a0bc2b05 [web] Convert RecurlyWrapper functions to async (#18384)
* Rename `RecurlyWrapper` to `promises`, as it will only contain the promises soon

* Update `apiRequest`

* Update `_parseXml`

* Update `_parseXmlAndGetAttribute`

* Update `_parse*Xml`

* Update `updateAccountEmailAddress`

* Update `checkAccountExists`

* Update `createAccount`

* Update `createBillingInfo`

* Update `setAddressAndCompanyBillingInfo`

* Update `createSubscription`

* Update `_createPaypalSubscription`

* Update `_handle422Response`

* Update `_createCreditCardSubscription`

* Update `createSubscription`

* Update `getSubscriptions`

* Update `getSubscription`

* Update `getPaginatedEndpoint`

* Update `getAccount`

* Update `getAccountActiveCoupons`

* Update `getCoupon`

* Update `getBillingInfo`

* Update `getAccountPastDueInvoices`

* Update `attemptInvoiceCollection`

* Update `updateSubscription`

* Update `createFixedAmmountCoupon`

* Update `lookupCoupon`

* Update `redeemCoupon`

* Update `extendTrial`

* Update `listAccountActiveSubscriptions`

* To find which functions to add as callbackified, I used this Regex:
`RecurlyWrapper\.(?!promises)[^.\s]*`

And after adding callbackified functions, we're left with no results with the Regex:
`RecurlyWrapper\.(?!promises|apiUrl|_buildXml|_parseXml|attemptInvoiceCollection|createFixedAmmountCoupon|getAccountActiveCoupons|getBillingInfo|getPaginatedEndpoint|getSubscription|updateAccountEmailAddress)[^.\s]*`

* Update unit tests

* Test `getSubscription` both as "promise" and as "callback"

I'm not sure if we want to generalize this.

* Fix: add missing `await`s (!!)

* Change `apiRequest` to reject errors instead of resolving it in an object

* Fixup for CollectPayPalPastDueInvoice test

* Fix: callbackify `getSubscriptions` (!!)

* Replace `.then(...)` chain by multiple `await`

* Fixup `attemptInvoicesCollection`: prevent reading length of undefined

* Use `return await` when returning promises

Per https://github.com/overleaf/internal/pull/18384#pullrequestreview-2065738771

GitOrigin-RevId: ceda755b24fd29f97a27e60ac5db9bc7e369f932
2024-05-27 10:21:26 +00:00
Jakob Ackermann
dfe587f297 Merge pull request #18294 from overleaf/jpa-td-invite-details
[web] avoid content reflection via query parameter on register page

GitOrigin-RevId: 43e7ba6069e0d9f3f12e5e9e680b5960b0673782
2024-05-16 08:05:09 +00:00
Antoine Clausse
9419cc3b37 [web] Add tests to collect_paypal_past_due_invoice.js + update logging (#18310)
* Fix: Invoices collected array length comparison

Update the code with the correct condition to respect the intent of the previous implementation ("exit with non zero code when no invoicess were processed").
See 5476f39984

However, I'm not sure if erroring when no invoices are collected is actually what we want to do.

* Wrap `collect_paypal_past_due_invoice` script and export the function

* Fixup typo `accoutns`

* Log invoices collection data before throwing

* Add note: `handleAPIError` is silencing the errors

* Create a test on `collect_paypal_past_due_invoice`

* Replace `console.log` by `@overleaf/logger` (bunyan)

Our `console.warn` show up as Errors (in red) in GCP. For example the following is an error in GCP:
```
Errors in attemptInvoiceCollection with id=2693634 OError: Recurly API returned with status code: 400
```
https://github.com/overleaf/internal/blob/5476f39/services/web/scripts/recurly/collect_paypal_past_due_invoice.js#L9

---

Does it correctly set the levels as warnings if we use `@overleaf/logger`

GitOrigin-RevId: 37c8bdf4afd8cef4706700aafb44480ec8966a74
2024-05-15 08:04:46 +00:00
David
6718729087 Merge pull request #18318 from overleaf/dp-revert-secondary-email
Revert "Merge pull request #18139 from overleaf/dp-add-secondary-prompt-ui"

GitOrigin-RevId: d8af37a5c332ac21ddd4c85679553df0bda326f9
2024-05-14 08:04:11 +00:00
David
0630e96d49 Merge pull request #18139 from overleaf/dp-add-secondary-prompt-ui
Add UI for secondary email prompt

GitOrigin-RevId: 887b2c7f0047f19b605f03745f7dda83926ec70b
2024-05-14 08:04:01 +00:00
Jakob Ackermann
0576e02127 Merge pull request #18152 from overleaf/jpa-stricter-session-validation
[web] stricter session validation

GitOrigin-RevId: 3ef916318fde7f31e3e3fd0f7082dde7a2975a27
2024-05-03 08:04:20 +00:00
Antoine Clausse
a26c655220 Delete 3 migration scripts for compile-timeouts (#18163)
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 2d66052994159b6d902b807f02488095d65562e1
2024-05-01 08:05:00 +00:00
Antoine Clausse
cdd79e8ec0 Fix: unset recent users featuresUpdatedAt after wrong update (#18149)
* Copy previous script

* Remove `featuresUpdatedAt` that was wrongly set on recent users

* Fix! `signupDate` -> `signUpDate`

* Add test on `migration_compile_timeout_60s_to_20s_fixup_new_users.js`

* style: `$unset: { featuresUpdatedAt: 1 }` -> `$unset: { featuresUpdatedAt: '' }`

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* Add comment on test (https://github.com/overleaf/internal/pull/18149#discussion_r1582999534)

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 408f5c7d48e60722aba736167b8e8858e9570d99
2024-04-30 08:04:33 +00:00
Antoine Clausse
711d50a2f1 [web] Create script to update forgotten featuresUpdatedAt after the migration to 20s compile timeout (#18113)
* Copy `migration_compile_timeout_60s_to_20s.js` script

* Update `featuresUpdatedAt`

* Add a comment about `featuresUpdatedAt` in migration_compile_timeout_60s_to_20s.js

* Fix test on migration_compile_timeout_60s_to_20s.js

* Fix: Include users having `featuresUpdatedAt` undefined in the update

* Add test on `migration_compile_timeout_60s_to_20s_fixup_features_updated_at`

GitOrigin-RevId: 4b2baf955a6a9f39bf9ce00b7839af551064c6cb
2024-04-30 08:04:28 +00:00
Brian Gough
29105911c5 Merge pull request #17732 from overleaf/bg-session-mitigation-initial-protoype
anonymous cookie-based sessions module

GitOrigin-RevId: 75fe2d48fa384ba8d07c0b478a9a5a907a2b3b67
2024-04-26 08:04:54 +00:00
Jakob Ackermann
a540754f6e Merge pull request #18116 from overleaf/jpa-bulk-replace-localhost
[misc] bulk replace localhost with 127.0.0.1

GitOrigin-RevId: d238f3635302e8ff5500d611108c4d1bef216726
2024-04-26 08:04:39 +00:00
David
c2448ff3d2 Merge pull request #17947 from overleaf/dp-secondary-email-confirmation-code
Add endpoints for secondary email confirmation by code

GitOrigin-RevId: c2829672fd9aeca457f76958d4922b9c95086f26
2024-04-26 08:04:00 +00:00
Jessica Lawshe
a815ba6e5c Merge pull request #17912 from overleaf/jel-sso-enroll-after-login
[web] Redirect to group SSO enrollment page after log in

GitOrigin-RevId: 4c0937de6f009cd6e7e094569eb9ad46606a763b
2024-04-25 08:05:10 +00:00
Alexandre Bourdin
9fc6fa9b77 Merge pull request #18017 from overleaf/ab-convert-assigned-at-date
[web] Transform assignedAt back to date for conversion

GitOrigin-RevId: bd0213b337f765d8512386f9f5d3fc6d03572e33
2024-04-23 08:04:52 +00:00
David
5ad70690c9 Merge pull request #17989 from overleaf/dp-test-endpoint-injection
Create an injectRouteAfter test helper method

GitOrigin-RevId: e6c7cfd47a0200b47d5074185301f15ae2182c44
2024-04-19 08:04:02 +00:00
David
0cf17478fe Merge pull request #17810 from overleaf/dp-compormised-password-prompt
Add compromised password prompt

GitOrigin-RevId: 7910a220943fcb3aa191da6d514d5bc3ae20f5a3
2024-04-19 08:03:58 +00:00
Jakob Ackermann
3df0fe82ce Merge pull request #17926 from overleaf/jpa-batched-update-sorting
[web] batchedUpdate: use explicit sorting to find first record to update

GitOrigin-RevId: 6f57b92a4e5907f307618bd98642b4874018e9fa
2024-04-17 08:04:09 +00:00