Commit graph

549 commits

Author SHA1 Message Date
Eric Mc Sween
75abea72b0 Merge pull request #11492 from overleaf/em-rate-limiter
Move all remaining rate limiters to rate-limiter-flexible

GitOrigin-RevId: 163ab2aebecb281057e552dc75591dd02028990c
2023-01-31 09:03:44 +00:00
Eric Mc Sween
2dbc0e3b3d Merge pull request #11489 from overleaf/em-fix-paypal
Set COOP header to same-origin-allow-popups

GitOrigin-RevId: c8c3751386addb307ee2caf59c228484e8e593c0
2023-01-27 09:05:43 +00:00
Tim Down
9ab12f3b44 Merge pull request #10966 from overleaf/td-add-coop-header
Upgrade Helmet to add some security-related response headers, including COOP

GitOrigin-RevId: fce8538b004f7b3ba6c6ca65ad311957d75b496a
2023-01-24 09:05:27 +00:00
Miguel Serrano
4a84922a2f Merge pull request #11346 from overleaf/msm-config-history-v1-sp
Configuration changes for FPH in CE/SP

GitOrigin-RevId: 990eb0fa6158d4815740413da085759d2cc5e231
2023-01-20 14:13:46 +00:00
Mathias Jakobsen
e8c677f7ad Merge pull request #11036 from overleaf/jpa-cdn-blocked-metric
[web] add metric for blocked cdn

GitOrigin-RevId: bee0fa5af0cc3c5d91deb64c8e32bb7e04dbcc2b
2023-01-05 09:04:04 +00:00
Mathias Jakobsen
38cc3394e3 Merge pull request #10793 from overleaf/mj-split-test-cleanup
Split test clean-up

GitOrigin-RevId: 7dd6178487022cbefcbc85797dacc3f3fbfa17e2
2022-12-21 09:04:04 +00:00
ilkin-overleaf
2675cab92e Merge pull request #10394 from overleaf/ii-password-reset-and-strength-checking
[web] Password reset strength checking and UI updates

GitOrigin-RevId: 442a5c9e7e9d0a61d3ae649f3526bc3c02fd5704
2022-12-07 09:03:36 +00:00
Brian Gough
f8a1da1b47 Merge pull request #10715 from overleaf/jpa-web-share-mongo-pool
[web] share mongo connection pool between Mongoose and native db

GitOrigin-RevId: 8bb2a9dc76880144a8681cb564183906df624cc0
2022-12-02 09:04:02 +00:00
Brian Gough
4589a57774 Merge pull request #10637 from overleaf/bg-delete-user-from-dropbox
delete user data from dropbox

GitOrigin-RevId: d586c73b4500f4fe718927f537ae770356eaefc1
2022-11-29 09:04:33 +00:00
Jakob Ackermann
d4551dc7ce Merge pull request #10442 from overleaf/jpa-convert-archived-trashed
[web] add migration for convert_archived_state script

GitOrigin-RevId: aeea3601a0c5f96e978c3f2a85458687d6d6678e
2022-11-15 09:07:09 +00:00
June Kelly
9e824ac93c Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts
[web] Audit failed login attempts

GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9
2022-10-20 08:03:44 +00:00
Eric Mc Sween
fe963ba692 Merge pull request #9956 from overleaf/em-node-fetch-web
Replace request-promise with fetch in web acceptance tests

GitOrigin-RevId: f50357cdea2d1353d7a82c5346b149018f91823f
2022-10-18 08:03:25 +00:00
Miguel Serrano
74f44e655a Merge pull request #9617 from overleaf/msm-audit-log-collections
Move project/user audit logs to their own collections

GitOrigin-RevId: f6f89b3e2815c0fe5691a79eceb35b77b3c370d8
2022-09-30 08:04:17 +00:00
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956)
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
2022-09-28 08:06:54 +00:00
Alf Eaton
c41c14c697 Remove deprecated grunt code (#9506)
GitOrigin-RevId: 2b19d73c593545aaa9f6eb88143d08c5df39a1be
2022-09-16 08:05:37 +00:00
Eric Mc Sween
19c73cbd73 Merge pull request #9563 from overleaf/em-tpds-merge-metadata
Return metadata from TPDS update endpoint in web

GitOrigin-RevId: 9154be67f7f975807c6e986a5d6fb66013c9a384
2022-09-13 08:05:50 +00:00
Alf Eaton
7c20e7701b Remove mkdirp from web dependencies (#7427)
GitOrigin-RevId: b170371e538ca65fccd5c21f76dc25feec909190
2022-08-22 08:03:41 +00:00
Simon Detheridge
9953822175 Merge pull request #6661 from overleaf/spd-local-tests
Move acceptance test mocks to nonstandard ports and add options for running locally

GitOrigin-RevId: bd8f70ac8d80599daccc51cfe7b90a2ad8d8c3d8
2022-08-10 08:03:45 +00:00
Jakob Ackermann
e5e6be99f8 Merge pull request #9099 from overleaf/jpa-web-graceful-shutdown
[web] introduce graceful shutdown

GitOrigin-RevId: f42793a96f1e0304c57a855241bffa32bb291864
2022-08-05 08:03:27 +00:00
Timothée Alby
95a289b80b Merge pull request #9009 from overleaf/ab-split-tests-saas-check
[web] Skip split test assignment logic when not in SaaS mode

GitOrigin-RevId: 4c370bbc78c5a6828207f3336dfa6af9f4d71e17
2022-07-29 08:04:03 +00:00
Timothée Alby
ff3e659fbb Merge pull request #8897 from overleaf/ta-token-access-anonymous-redirect
Redirect Early on Anonymous Write Token Access Attempts

GitOrigin-RevId: 55e1839c3171a0a6a677ecca2f6bec87aad802bd
2022-07-29 08:03:45 +00:00
Timothée Alby
7f722a006c Merge pull request #8571 from overleaf/ta-token-access-page
Require User Interaction on Token Access Page

GitOrigin-RevId: 2f4c00ba75ebd6bd87d3e770ec8223d736344f5b
2022-07-29 08:03:39 +00:00
Alexandre Bourdin
e9e36737e6 Merge pull request #8957 from overleaf/ab-split-test-controls-badge
[web] SplitTestBadge based on split test phase and badge config

GitOrigin-RevId: e178ca864fd6619ff61a2a84fc1ccb5d54e0a814
2022-07-26 08:04:28 +00:00
M Fahru
574d0eab12 Improve error message when a collaborator tries to refresh a linked file without access to the project (#8884)
* Improve error message when a collaborator tries to refresh a linked file without access to the project

* Move the AccessDeniedError hardcoded error message to translation file

* apply prettier

* remove period (dot) in test hardcoded string

* revert unintended changes

GitOrigin-RevId: 50a5bf46428a96e629e9091cc18068f3ee7084e3
2022-07-21 08:03:32 +00:00
Henry Oswald
5f1abee345 Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password
Revert "[web] Password set/reset: reject current password"

GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
2022-07-20 08:04:00 +00:00
June Kelly
d04ea76081 Merge pull request #8882 from overleaf/jk-web-reject-same-password
[web] Password set/reset: reject current password

GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
2022-07-20 08:03:36 +00:00
Alexandre Bourdin
21c8b9a47a Merge pull request #8426 from overleaf/ta-error-pages-style
Update General Error Pages Style

GitOrigin-RevId: 04346784c94d5ce6bf3257fd128a3f00da4c4e9e
2022-06-23 08:02:34 +00:00
Miguel Serrano
6549b93caa Fixed tests by removing stdout checks that are no longer valid (#8337)
* Fixed tests by removing stdout checks that are no longer valid

script verbosity was updated in c73b46599b, this checks are no longer valid. After the deleted line there's an extra check that should be good enough for the test case.

GitOrigin-RevId: 2756d11cad97fdbeca44f35c24ee192e582a52c1
2022-06-09 08:02:27 +00:00
Eric Mc Sween
e0ab82e3d4 Merge pull request #8035 from overleaf/em-remove-chaid
Remove the chaid package from tests

GitOrigin-RevId: 61b541eebcf1982137aa10ad51940547c649e68d
2022-05-23 08:04:07 +00:00
Jakob Ackermann
f0bd6dda23 Merge pull request #7986 from overleaf/jpa-eslint-8
[misc] upgrade eslint packages to the latest version everywhere

GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3
2022-05-17 08:05:59 +00:00
Tim Down
35480a3c7d Merge pull request #7545 from overleaf/td-split-test-data-sentry
Record split-test state in Sentry metadata from web clients

GitOrigin-RevId: 66dd195c546bd9fb0aedac52844200846c5012ca
2022-04-25 08:04:45 +00:00
ilkin-overleaf
d50271c1e9 Merge pull request #7225 from overleaf/ta-leave-modal
[DeleteAccount] Create Modal with Form

GitOrigin-RevId: 611f08c7253f59d91c6937b79c80a386b9d21ccd
2022-04-11 08:03:36 +00:00
Eric Mc Sween
3235119302 Merge pull request #7228 from overleaf/em-node-16
Upgrade to Node 16

GitOrigin-RevId: 3db1ae57ffb02f8a2b9012ffbb3efecfc01d2b04
2022-04-05 12:20:52 +00:00
Jakob Ackermann
c8866bbda0 Merge pull request #7094 from overleaf/jpa-redirect-admin-requests
[web] redirect admin users from admin endpoints to the admin domain

GitOrigin-RevId: a4bd7d4f998615efcb46ae9866868af9489c94f5
2022-04-05 12:18:51 +00:00
Jakob Ackermann
d59b154f07 Merge pull request #6712 from overleaf/jpa-redirect-token-access
[web] redirect admin users from token access gateway to admin panel

GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f
2022-04-05 12:18:29 +00:00
Jakob Ackermann
e82a053c85 Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app
[misc] move admin capability from www. to admin. subdomain

GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459
2022-04-05 12:18:24 +00:00
Thomas
1aae979398 Send delete request to chat when expiring deleted projects (#6997)
* Send delete request to chat when expiring deleted projects

* Add script to clean-up orphaned chat of previously expired projects

GitOrigin-RevId: 157d100bd51b6204a9e31733b5164b8e7036ef01
2022-03-28 08:04:29 +00:00
Eric Mc Sween
5ded04eaea Merge pull request #6785 from overleaf/em-split-tests-analytics-enabled
Add "analytics enabled" setting to split tests

GitOrigin-RevId: 9ddfda9e246cac7a13361b2d3df6884212583000
2022-03-01 09:04:15 +00:00
Jessica Lawshe
1c62f82f9c Merge pull request #6886 from overleaf/jpa-less-verbose-ci
[web] skip HIBP check for all tests but the HIBP specific ones

GitOrigin-RevId: 714e69cc2220e7edcef875d6be487ded571cd977
2022-02-25 09:03:23 +00:00
Miguel Serrano
176ead8983 Primary Email Check (#6471)
* added primary-email-check page, route and controllers
* add `#add-email` internal link in settings to display new email form
* added primary-email-check redirection with split test
* update `lastPrimaryEmailCheck` when the default email address is set
* added `lastPrimaryCheck` to admin panel
* translations for primary-email-check
* acceptance tests for primary-email-check
* [web] multi-submit for primary email check
* Using `confirmedAt` to prevent from displaying primary-email-check page

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
Co-Authored-By: Miguel Serrano <mserranom@gmail.com>
GitOrigin-RevId: d8e3a280439da08038a4487d8bfd7b3b0596e3b5
2022-02-04 09:03:34 +00:00
Jakob Ackermann
7b4102025e Merge pull request #6493 from overleaf/jpa-flaky-delay
[web] HaveIBeenPwnedApiTests: give background check more time

GitOrigin-RevId: 761b3f402f9284eb56bee29e6e78e759ac42ba86
2022-01-27 09:03:53 +00:00
Jakob Ackermann
d812b88e76 Merge pull request #6457 from overleaf/jpa-harden-login
[web] harden login process

GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d
2022-01-27 09:03:38 +00:00
Jakob Ackermann
8e77ada424 Merge pull request #6417 from overleaf/jpa-device-history
[web] add cookie/JWE based device history for skipping captcha challenge

GitOrigin-RevId: b091564bfd93f7e587d396c860fd864f220f4b63
2022-01-27 09:03:34 +00:00
Jessica Lawshe
6a0da3d204 Merge pull request #6375 from overleaf/jel-reconfirm-check
[web] Use v1 date for reconfirm notification check

GitOrigin-RevId: e14f1b6a1a6ab629628858d962a3757a6078cf79
2022-01-26 09:03:50 +00:00
Tim Alby
3e70546e18 rename price attributes to price_in_cents or price_in_unit
GitOrigin-RevId: 8045472c96862078583fcb522099ad78926281dc
2022-01-21 09:03:23 +00:00
Jakob Ackermann
1fc0b3e4aa Merge pull request #6349 from overleaf/jpa-password-strength-checking
[web] data collection for password strength using HaveIBeenPwned api

GitOrigin-RevId: 7e4d57a979c29027fb7ca5294f3935500a0b4cf3
2022-01-20 09:03:07 +00:00
Jakob Ackermann
d720d6affa Merge pull request #6317 from overleaf/jpa-send-explicit-content-type
[web] send explicit content type in responses

GitOrigin-RevId: d5aeaba57a7d2fc053fbf5adc2299fb46e435341
2022-01-18 09:03:18 +00:00
June Kelly
c72ec548bb Merge pull request #5976 from overleaf/jk-login-audit-log-type
[web] Add 'method' info to login audit log

GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
2022-01-14 09:02:28 +00:00
Jessica Lawshe
1122a83b60 Merge pull request #6254 from overleaf/jel-saml-entitlement
[web] Always update entitlement in v1 after SAML callback

GitOrigin-RevId: 2569d6d8e6142786ad2875c62c9cd4568837654a
2022-01-13 09:04:16 +00:00
Alf Eaton
50df230846 [web] Upgrade Prettier to match version in monorepo root (#6231)
GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d
2022-01-11 09:03:23 +00:00