Shane Kilkelly
0aaeb6671e
Keep password reset token in session, and strip it from reset page url.
...
This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.
Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.
2015-08-24 11:53:33 +01:00
Henry Oswald
a53e3b80cf
if blog or universities site is down don't crash, send 500
2015-08-20 16:55:16 +01:00
Shane Kilkelly
23bd5d317c
A few extra cases which should not be treated as html.
2015-08-20 15:58:36 +01:00
Shane Kilkelly
ebf754904f
More thorough tests for the FileStoreController when downloading .html files.
2015-08-20 15:56:56 +01:00
Shane Kilkelly
aab7a8713e
Catch the case where filename is shorter than the extension length.
2015-08-20 15:56:30 +01:00
Shane Kilkelly
85c1704fc5
Test that content-type is set for mobile-safari user-agents.
2015-08-20 14:03:12 +01:00
Shane Kilkelly
ce248f56d7
Un-break FileStoreControllerTests by mocking out the req.get
method.
2015-08-20 12:28:51 +01:00
Shane Kilkelly
2dd56d0b32
If we're sending a html file to mobile-safari, do so as plain text.
...
This prevents safari from trying to render the page,
which it does because it ignores the "Content-Disposition" header.
2015-08-20 12:02:43 +01:00
Shane Kilkelly
936b41ff2a
Merge branch 'sk-unpublish-buttons'
2015-08-19 15:44:02 +01:00
Henry Oswald
038c5a33a2
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-08-19 12:00:58 +01:00
Henry Oswald
0e9ec00f85
added stubbed logger in document controller tests
2015-08-19 11:58:59 +01:00
Henry Oswald
63580f6a79
remove useClsi2 flag in project collection
2015-08-19 11:58:41 +01:00
Henry Oswald
a777fcc5a6
changed post to deactivate projects to set params via body rather than query params
2015-08-19 11:55:35 +01:00
Henry Oswald
50fc886c94
changed inactive to active as its more effienct query in mongo
2015-08-19 11:54:30 +01:00
Shane Kilkelly
18f75bba79
Generalize this style to all .btn elements under the .template-details-section
2015-08-19 09:59:01 +01:00
Shane Kilkelly
865372d13f
Add some whitespace around buttons in template-details.
2015-08-18 14:45:44 +01:00
Shane Kilkelly
96619bde8c
Move the template-browser code into the 'templates' module.
...
Now located to be located at `modules/templates/public/coffee/main/index.coffee`,
moved to complete a migration of template related code into the templates module.
Corresponding commit in sharelatex-web-modules:
625c556e42072d30f30d474aaef72deff24ca154
2015-08-18 14:21:35 +01:00
Shane Kilkelly
6b295fde28
Add shane image.
2015-08-17 14:23:36 +01:00
Henry Oswald
d3499acd7b
pass options through stating how long ago want to archive from and limit
2015-08-14 14:11:53 +01:00
Henry Oswald
70b825fd2a
fixed call to ProjectUpdateHandler.markAsOpened and made it async
2015-08-14 11:27:11 +01:00
Henry Oswald
66b87df17c
added deactivate project endpoint
2015-08-14 11:26:11 +01:00
Henry Oswald
bec9bf5c87
replace lodash with underscore in this project
2015-08-14 09:42:27 +01:00
Henry Oswald
68e970cd69
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-08-14 09:31:25 +01:00
Henry Oswald
21a67ddab4
added deactivate old projects endpoint
2015-08-13 22:50:39 +01:00
Henry Oswald
a0142d4415
added inactive and reactivate project logic
2015-08-13 22:40:28 +01:00
Brian Gough
a25373d53e
update metric-sharelatex to v1.2.0 for mongodb-core support
2015-08-06 09:44:47 +01:00
James Allen
ec5e03bd01
Fix subscription currency dropdowns
2015-08-04 15:58:31 +01:00
Henry Oswald
04d3e527d6
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-08-04 10:46:19 +01:00
Henry Oswald
53dc0b63c8
v1 of enago
2015-08-04 10:45:19 +01:00
Brian Gough
2bc003894b
use latest version of metrics with commit id until ready to tag
2015-08-02 15:55:26 +01:00
Brian Gough
c5cc639bff
upgrade mongoose from 3.8.28 to 4.1.0
2015-08-02 15:24:17 +01:00
Henry Oswald
3e55aef25a
show error if socket io fails to connect. Not tested yet.
2015-07-31 15:42:47 +01:00
Henry Oswald
417fd4f5f5
add logging to tell us how long since a project that is being opened was last updated
2015-07-22 10:38:48 +01:00
Henry Oswald
c12213b46b
added logging around load editor times
2015-07-22 10:38:28 +01:00
Henry Oswald
a786b623a8
added logging to help debug slow project list page loading
2015-07-22 01:06:23 +01:00
Henry Oswald
3ecf201eda
send -> sendStatus
2015-07-08 16:56:38 +01:00
Henry Oswald
9028bcf830
set body parser limit to 2mb
2015-07-08 14:35:03 +01:00
Henry Oswald
39df8964cf
added route that got lost in merge
2015-07-08 13:29:10 +01:00
Henry Oswald
9a49ce4a0e
removed extra req.session.destroy
2015-07-08 12:58:02 +01:00
Henry Oswald
258a8e3f04
added picture of kiri and geri
2015-07-08 11:30:02 +01:00
Henry Oswald
8020cd8f47
removed tpds from settings.defaults.coffee, if not set updates are now not queued
2015-07-02 12:09:08 +01:00
Henry Oswald
56346ad88c
remove analytics router and fixed bad package.json
2015-07-01 15:48:23 +01:00
Brian Gough
e6a670533d
added default mongoose connection
2015-07-01 15:36:50 +01:00
Henry Oswald
7fd29b18a8
destroy users session before creating a new one for them after login
...
session changed to prevent against fixation attacks
2015-07-01 15:29:02 +01:00
Henry Oswald
4f0b922a5d
changed name used when project or file uploaded, this changed when
...
we started using https://github.com/expressjs/multer
* originalname - Name of the file on the user's computer
* name - Renamed file name
2015-07-01 15:28:49 +01:00
Henry Oswald
3ab57f6830
put express locals on webRouter, this prevents problem with accessing sessions in locals, they should also only be used on web routes not api routes
2015-07-01 15:28:30 +01:00
Henry Oswald
941d407231
added saveUninitialized option to session which is now required
2015-07-01 15:26:17 +01:00
Henry Oswald
15a57f5dc4
removed req.session.destorys from endpoints now on the api router which are not needed
2015-07-01 15:26:05 +01:00
Henry Oswald
1cc0cbe8fc
split site into 2 routers, webRouter and apiRouter
...
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
Henry Oswald
665bdcf538
v1 of express4 conversion
2015-07-01 15:17:43 +01:00
James Allen
c75cdf24b5
Fix selectAll for angular upgrade
2015-06-29 13:43:44 +01:00
Brian Gough
a4f99c4224
remove fairy from exception handler
2015-06-23 14:16:06 +01:00
Brian Gough
893de9d8ac
updated metrics package version
2015-06-23 13:54:05 +01:00
Brian Gough
3de841dd71
added event loop monitor
2015-06-23 13:50:42 +01:00
Henry Oswald
84bf0dd9a3
added timeout and logging for tpdsworker queing via http
2015-06-23 11:19:23 +01:00
Henry Oswald
b83fe4dcf9
put tpdsworker url in from settings
2015-06-23 11:13:05 +01:00
Henry Oswald
2ec925b45e
fairy removed from web, makes http request to tpds worker now
2015-06-22 22:33:04 +01:00
Henry Oswald
706c1824f0
changed package.json to use our fairy fork
2015-06-18 15:43:42 +01:00
James Allen
559e26145b
Run module unit tests with main tests
2015-06-16 10:54:15 +01:00
James Allen
30eb79dfdc
Add link to DataJoy that shows randomly 50% of the time
2015-06-09 15:36:16 +01:00
James Allen
0eec715bb5
Upgrade to Angular 1.3.15 and latest ui-bootstrap
2015-06-09 14:59:12 +01:00
Henry Oswald
fc72ca601e
update package.json
2015-06-09 10:19:24 +01:00
Henry Oswald
eeead86fba
updated mongoose
2015-06-02 16:24:40 +01:00
Henry Oswald
aaa902cca9
fixed bug with subscriptions where if an old user had a subscription and was in a group they would get a confusing page
2015-06-01 14:38:09 +01:00
Henry Oswald
33aa5c732f
if a domain licence link has expired render a nice message explaining they need to retry
2015-06-01 12:43:42 +01:00
Henry Oswald
cb48242b74
changed email expire to 1 day for verifying account
2015-06-01 12:22:46 +01:00
Henry Oswald
6727c3ee00
changed ShareLaTeX thoughts to go into type form
2015-05-29 16:27:35 +01:00
Henry Oswald
d3f6c0c614
Merge branch 'user-csv' of git://github.com/heukirne/web-sharelatex into heukirne-user-csv
2015-05-29 12:17:54 +01:00
Henry Oswald
e4011b9ba1
Merge branch 'emailverification'
2015-05-29 12:10:02 +01:00
Henry Oswald
702fdc1480
improved views for domain licence invites
2015-05-29 12:09:28 +01:00
Henrique Dias
f709ddf3eb
add csv export unit tests
2015-05-28 17:22:49 -03:00
Henrique Dias
f50eb0398f
add export csv group feature
2015-05-28 16:54:41 -03:00
Henry Oswald
43c4531e51
kill off CollaboratorsHandler. changeUsersPrivilegeLevel as it is not used anywhere
2015-05-28 13:02:08 +01:00
Henry Oswald
e454d2f059
don't allow renaming in client if user is not owner
2015-05-28 12:59:02 +01:00
Henry Oswald
ca28d8ee70
changed views to use translations
2015-05-27 22:15:46 +01:00
Henry Oswald
b657c5207e
cleaned up the views a bit
2015-05-27 21:45:29 +01:00
Henry Oswald
22b94e9246
renamed SubscriptionDomainAllocator -> SubscriptionDomainHandler
2015-05-27 20:57:54 +01:00
Henry Oswald
4773d6d22f
added tests around new endpoints for joining groups
2015-05-27 20:50:16 +01:00
Henry Oswald
f27c072ae1
pull logic checking if user is already part of a group out of controller into handler
2015-05-27 16:33:47 +01:00
Henry Oswald
72e528e9d1
if you are alread in the group show the custom group page
2015-05-27 15:50:28 +01:00
Henry Oswald
79fa49a43d
if a user is elelable to be part of a group subscription and they go to
...
/user/subscription it should redirect them to the group subscription invite
2015-05-27 15:35:31 +01:00
Henry Oswald
1d21bddcf5
fix Onetime token handler path
2015-05-27 15:06:36 +01:00
Brian Gough
a5d14f4ffb
handle unexplained case where smokeTestModule is undefined
2015-05-26 16:33:02 +01:00
Henry Oswald
481bd67fbd
changed paths to use hyphens and add succesfull join page
2015-05-26 15:26:45 +01:00
Henry Oswald
94b26e71a4
ignore test script
2015-05-26 15:25:24 +01:00
Henry Oswald
841231dbf8
make PasswordResetTokenHandler generic so it can be used for invites
2015-05-26 15:24:09 +01:00
Brian Gough
e51cdb81bd
port leak fixes from smoke-test-sharelatex module
2015-05-26 10:54:55 +01:00
Henry Oswald
12bf268978
Merge branch 'master' into emailverification
2015-05-25 11:51:46 +01:00
Henry Oswald
d774ca7e0a
added sigma-master
2015-05-25 11:37:53 +01:00
Henry Oswald
cad8d8a23b
v1 basic invite works, not pretty or tested
2015-05-22 13:57:15 +01:00
Brian Gough
cc9c8fdc94
freeze Date in Recurly tests before all calls
...
beforeEach freezes and resets for each subtest, which does not give
the desired result as the time increases between each subtest, we want
to freeze once at the beginning and reset at the end using before/after.
2015-05-19 15:00:30 +01:00
Henry Oswald
f5c39efcac
patched xss hole with messages not setting the content type correctly
2015-05-19 11:04:52 +01:00
Henry Oswald
47d4ed9631
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-05-18 16:10:07 +01:00
Henry Oswald
2bc39ddf0b
added sigma.js lib used for module spike
2015-05-18 16:09:47 +01:00
Brian Gough
3051d7dab6
modify LockManager test to avoid dependence on timing
2015-05-18 09:14:28 +01:00
Diego Giovane Pasqualin
7c6ed0ff77
Update bcrypt to 0.8.3
...
This new version compiles successfully on nodejs newer than 0.10.
2015-05-11 16:43:29 -03:00
Brian Gough
1bb7ae3996
always remove the spinner, even if it is not spinning
2015-05-11 14:12:24 +01:00
Brian Gough
92836f49fc
avoid unnecessary spell checks on session change
2015-05-11 10:07:11 +01:00
Henry Oswald
8fc41e9e05
added templateLinks property to example config for ShareLaTeX server pro
2015-05-10 13:10:03 +01:00
Brian Gough
3ad517e1c2
Merge pull request #177 from sharelatex/fix-ace-extension-errors
...
prevent loading error for ace language tools extension in development
2015-05-05 14:47:44 +01:00