Commit graph

1847 commits

Author SHA1 Message Date
Hayden Faulds
20ea9918c9 allow overleafId to be passed in to avoid history initialization 2017-10-27 14:56:16 +01:00
Shane Kilkelly
83bd78f467 More sensible conversion of byte-buffer to array 2017-10-27 10:38:55 +01:00
Shane Kilkelly
ec94e59388 Fix error-handling in setPublicAccessLevel 2017-10-26 16:39:24 +01:00
Shane Kilkelly
18443b55cb Refactor token generator, and use crypto for numerics 2017-10-26 16:01:53 +01:00
Shane Kilkelly
d2a17c2745 Add rate-limiting to the token endpoints 2017-10-26 14:11:31 +01:00
Shane Kilkelly
8561b69ee9 Remove tokenMembers sync to clients 2017-10-25 11:29:05 +01:00
Shane Kilkelly
74c231826d WIP: track changes with token-access 2017-10-25 10:34:18 +01:00
Paulo Jorge Reis
0453aa60fe Merge pull request #66 from sharelatex/pr-ol-beta-theme
Overleaf beta theme & dashboard styling
2017-10-25 09:40:02 +01:00
Alasdair Smith
f8e44471ee Merge pull request #75 from sharelatex/as-10-pc-rollout
Rollout autocompile to 10% of users
2017-10-25 09:05:24 +01:00
Paulo Reis
70a56d0474 Merge branch 'master' into pr-ol-beta-theme 2017-10-24 16:19:31 +01:00
Hayden Faulds
670b183c8e initialize project history on creation 2017-10-24 13:07:00 +01:00
Hayden Faulds
c437eb37d5 handle missing settings.apis.project_history 2017-10-24 09:47:14 +01:00
Hayden Faulds
519f041215 Merge pull request #50 from sharelatex/hof-toggle-projec-history
toggle project history
2017-10-24 09:13:50 +01:00
Hayden Faulds
299112f6e0 toggle project history using setting 2017-10-23 15:49:10 +01:00
Alasdair Smith
8421f6767a Rollout to 10% of users 2017-10-23 13:14:20 +01:00
Shane Kilkelly
dc39e447b2 Change findAllUsersProjects, produce and object rather than lists 2017-10-20 11:49:20 +01:00
Paulo Reis
525defb92d Add router entry to the new styleguide (WIP). 2017-10-20 10:53:26 +01:00
Alasdair Smith
5b1836c639 Merge pull request #70 from sharelatex/as-add-onboarding-logging
Adds some onboarding logging to investigate potential bug
2017-10-20 10:47:15 +01:00
Alasdair Smith
edb2a6c88b Increase rollout to 5% 2017-10-20 10:23:52 +01:00
Shane Kilkelly
d710d284fe Merge branch 'sk-unlisted-projects' of github.com:sharelatex/web-sharelatex-internal into sk-unlisted-projects 2017-10-20 10:11:33 +01:00
Shane Kilkelly
0e44b319db Change anonToken and such to anonymousAccessToken 2017-10-20 10:10:21 +01:00
John Lees-Miller
30f67008a0 Fix typo 2017-10-20 09:19:18 +01:00
Shane Kilkelly
eab77aba91 Abstract away the token-protection logic 2017-10-19 16:26:01 +01:00
Alasdair Smith
ebaa640c51 Fix log call signature 2017-10-19 16:02:40 +01:00
Alasdair Smith
6fd1d493e3 Also add logging for track changes 2017-10-19 15:47:12 +01:00
Alasdair Smith
4d4dba9677 Adds some onboarding logging to investigate potential bug 2017-10-19 15:31:19 +01:00
Shane Kilkelly
97706acbac Fix indentation 2017-10-19 14:54:59 +01:00
Shane Kilkelly
5572a0e873 Merge branch 'sk-unlisted-projects' of github.com:sharelatex/web-sharelatex-internal into sk-unlisted-projects 2017-10-19 14:46:05 +01:00
Shane Kilkelly
d8717a06a2 Fix track-changes with token-access 2017-10-19 14:42:17 +01:00
John Lees-Miller
3383a057a1 Fix typo
(The typo came from my comment in Overleaf many years ago.)
2017-10-19 11:47:47 +01:00
Alasdair Smith
4cc517240c Increase rollout to 3% 2017-10-19 10:54:21 +01:00
Brian Gough
05ee2a5244 Merge pull request #67 from sharelatex/bg-ignore-git-in-uploads
ignore .git directories in uploads
2017-10-18 13:11:46 +01:00
Brian Gough
5d116e8ce9 Merge pull request #65 from sharelatex/bg-fix-main-doc-selection
fix main doc selection (connects to overleaf/sharelatex#222)
2017-10-18 13:11:10 +01:00
Brian Gough
d0f0268783 Merge pull request #57 from sharelatex/bg-handle-undefined-project-name-with-error
avoid exception in validateProjectName
2017-10-18 13:10:45 +01:00
Brian Gough
f8662d8aaa Merge pull request #60 from sharelatex/bg-fix-unzip-permission
replace unzip with yauzl (connects to #219)
2017-10-18 13:10:07 +01:00
Shane Kilkelly
7d2bde85ff Add a setting to enable anonymous read-and-write link sharing 2017-10-18 13:04:37 +01:00
Brian Gough
290361dc72 ignore .gitignore files in uploads too 2017-10-17 16:49:51 +01:00
Brian Gough
277b9c5d50 ignore .git directories in uploads 2017-10-17 16:32:26 +01:00
Brian Gough
6001f14261 log each file unzipped 2017-10-17 16:31:56 +01:00
Brian Gough
76d73951f2 fix bug when unzipping directory 2017-10-17 16:31:35 +01:00
Brian Gough
56cb901b41 filter missing doc_ids from root doc_ids list 2017-10-17 15:49:02 +01:00
Brian Gough
f70ab03bd8 show an error if the main file cannot be found
also improve logic for detecting the main file, if there's only one file
it must be the main file.
2017-10-17 15:47:50 +01:00
Alasdair Smith
b0dc84748a Fix to actual percentage 2017-10-17 15:44:15 +01:00
Alasdair Smith
6ff3a2de9f Rollout autocompile to 1% of users and improve readability 2017-10-17 15:04:27 +01:00
Shane Kilkelly
9c247d5f59 On project list, only show projects once, with max access 2017-10-17 11:10:31 +01:00
Shane Kilkelly
855fe2e143 If user is project owner, don't add them as a token user 2017-10-16 16:44:20 +01:00
Brian Gough
4c78b5770c use regex for directory check 2017-10-16 15:17:33 +01:00
Brian Gough
2bb7c6d4c6 remove child_process module from ArchiveManager 2017-10-16 14:21:28 +01:00
Brian Gough
96d08e41a7 update tests 2017-10-16 14:15:38 +01:00
Brian Gough
d6d76f132e replace unzip with yauzl 2017-10-16 14:15:38 +01:00
Alasdair Smith
60c297eac8 Also prevent rollout to modulo 0 users 2017-10-16 13:40:09 +01:00
Shane Kilkelly
ad999a72b6 If a token-based project not found, check private overleaf project 2017-10-16 13:20:15 +01:00
Alasdair Smith
abb21ac96b Fix autocompile rollout logic 2017-10-16 12:44:11 +01:00
Alasdair Smith
5d3371a52c Merge pull request #38 from sharelatex/as-autocompile-rollout
Rollout for auto compile; Connects to #20
2017-10-16 10:48:43 +01:00
Alasdair Smith
625f52c248 Update cutoff date 2017-10-16 10:28:42 +01:00
Shane Kilkelly
490ccc6051 Add commentary to token-generator, and move token-alpha to top level 2017-10-13 11:37:38 +01:00
Shane Kilkelly
ac513a1355 Refactor to not pass req down into Auth modules 2017-10-13 11:20:57 +01:00
Brian Gough
4ce639db70 Merge pull request #58 from sharelatex/bg-rate-limit-autocompile
fix two bugs in auto compile limit logic
2017-10-13 08:18:31 +01:00
Alasdair Smith
36e1fafb60 Set proportion to 0 2017-10-12 17:10:41 +01:00
James Allen
f0079bb7a4 Merge pull request #41 from sharelatex/ja-transfer-projects
Add method to transfer projects from one user_id to another
2017-10-12 16:27:00 +01:00
Brian Gough
fc3ecddd0e fix two bugs in auto compile limit logic
1. the compileGroup is "standard" not default
2. was not excluding normal compiles from metrics
2017-10-12 16:18:14 +01:00
Brian Gough
8cf3288187 avoid exception in validateProjectName 2017-10-12 16:03:12 +01:00
Shane Kilkelly
dcf601fe80 Only show token-based projects if accessLevel is set to token-based 2017-10-12 15:47:29 +01:00
Shane Kilkelly
9a7c8c5842 Revert "Remove remaining traces of UserStub"
This reverts commit ab6b4c32254a20b940c489b8b5b56237433cc0f6.
2017-10-12 15:08:48 +01:00
Brian Gough
18370076a2 Merge pull request #45 from sharelatex/bg-auto-doc-flush
allow docupdater to flush docs in background (connects to overleaf/sharelatex#190)
2017-10-12 14:48:16 +01:00
Shane Kilkelly
16416463c6 Update removeUserFromProject to account for token-access 2017-10-12 11:49:02 +01:00
Shane Kilkelly
6feedf5520 Use crypto module for token generation 2017-10-12 11:36:45 +01:00
Shane Kilkelly
22c5f41fb6 Add logging for token generation 2017-10-12 11:25:16 +01:00
Shane Kilkelly
fe708fcc04 Generate all missing tokens 2017-10-12 11:19:26 +01:00
Shane Kilkelly
70b1e42e36 Add deprecation comment regarding legacy access-levels 2017-10-12 11:00:39 +01:00
Shane Kilkelly
6e09165452 Refactor auth sources 2017-10-12 10:57:11 +01:00
Brian Gough
45ed090326 Merge pull request #37 from sharelatex/bg-rate-limit-autocompile
rate limit autocompile (connects to #18)
2017-10-12 09:25:59 +01:00
Brian Gough
c913ec69ef Merge pull request #34 from sharelatex/bg-fix-double-callback-in-resources-check
fix double callback in resources check (connects to #18)
2017-10-12 09:20:05 +01:00
Brian Gough
cf25ff058f use new endpoint docupdater get_and_flush_if_old 2017-10-11 16:05:28 +01:00
Alasdair Smith
5047213c3c Change rollout detection to account for changes in proportion preserving rolled out users 2017-10-11 14:47:39 +01:00
Hayden Faulds
f017a94b7e remove unused HistoryManager 2017-10-11 11:18:20 +01:00
Hayden Faulds
4e0a159db4 Merge pull request #40 from sharelatex/hof-pathname-for-doc-store
return pathname from DocumentController.getDoc
2017-10-11 09:52:56 +01:00
Brian Gough
5b0d3d1429 simplify rate-limit checking code 2017-10-09 16:31:01 +01:00
Brian Gough
9eec245358 allow docupdater to flush docs in background 2017-10-09 14:17:28 +01:00
Shane Kilkelly
1a4ffe7708 Remove un-necessary call to getProject from archiveProject path 2017-10-09 11:30:55 +01:00
Shane Kilkelly
ad68adee9a Add more commentary on the anonymous path 2017-10-09 11:13:55 +01:00
Shane Kilkelly
e73de3bfd4 Fix whitespace in function signature 2017-10-09 10:57:23 +01:00
Shane Kilkelly
732ce9417b Don't create tokens on project by default 2017-10-09 10:25:20 +01:00
Shane Kilkelly
d386f79a76 Clean up 2017-10-06 16:10:33 +01:00
Shane Kilkelly
91abb6eed6 If project is not tokenBased, don't count members of token arrays 2017-10-06 15:57:22 +01:00
Shane Kilkelly
387854db7a Fix an embarassing mistake, generate tokens dynamically, not once. 2017-10-06 13:24:10 +01:00
James Allen
3c54419eb3 Remove commented debug code 2017-10-05 16:12:26 +01:00
James Allen
9c1faa4395 Add method to transfer projects from one user_id to another 2017-10-05 14:26:34 +01:00
Shane Kilkelly
bb0dad3353 Safe access to potentially-null project 2017-10-05 14:19:21 +01:00
Shane Kilkelly
b8d90a1a99 Show token-access projects on the dashboard 2017-10-05 13:20:06 +01:00
Shane Kilkelly
e4e558c0e6 Hide access tokens if user is not the project owner.
This prevents sneaky read-only users from sniffing out the read-write
link via the browser console.
2017-10-05 13:18:30 +01:00
Shane Kilkelly
6482cd7dd8 Generate tokens on old projects if they're not present 2017-10-04 16:31:24 +01:00
Alasdair Smith
8366ea271f Restrict autocompile onboarding to users in rollout (factor of 100) 2017-10-03 17:08:19 +01:00
Brian Gough
d14723f24a add rate limits for autocompiles
global rate limit for all users and a lower rate limit for free users
2017-10-03 16:16:21 +01:00
Shane Kilkelly
b6c2a8f7f7 Tidy up callbacks 2017-10-03 14:14:22 +01:00
Shane Kilkelly
7b33f8b4c2 Unit test TokenAccessController 2017-10-03 14:04:59 +01:00
Alasdair Smith
91e0397bf5 Update signup date check to today 2017-10-03 10:48:59 +01:00
Shane Kilkelly
ede497f4b3 Unit test TokenAccessHandler 2017-10-03 10:02:26 +01:00
Brian Gough
bd005d7bb6 fix double callback in precompile resources check 2017-10-02 10:14:52 +01:00
Shane Kilkelly
9f24f696a5 Use custom header, send anonToken in payload to joinProject 2017-09-29 16:32:07 +01:00
Shane Kilkelly
34d4d1360f Anon read-token: add an Authorization header to $http 2017-09-29 15:54:55 +01:00
Hayden Faulds
bf1c24f6f9 return pathname from DocumentController.getDoc 2017-09-29 15:37:10 +01:00
Shane Kilkelly
9810f63245 Render editor for token access, stub out ui changes 2017-09-28 16:06:08 +01:00
Alasdair Smith
3e2388a7de Don't show autocompile for users signed up after release date 2017-09-28 13:57:15 +01:00
Alasdair Smith
f2c0bf5515 First pass at getting onboarding shown event from analytics 2017-09-28 13:04:18 +01:00
Alasdair Smith
afff8ddf29 Pass (dummy) autocompile onboarding 2017-09-28 11:13:49 +01:00
Shane Kilkelly
4552f3be67 Move the getPublicAccessLevel helper to top-level of module 2017-09-28 10:53:35 +01:00
Shane Kilkelly
27dcf6c4c5 Fix a typo causing double-callbacks 2017-09-28 10:37:57 +01:00
Shane Kilkelly
574b115022 Working token-based access 2017-09-27 14:01:52 +01:00
Brian Gough
13628f82ec Merge pull request #17 from sharelatex/bg-lock-compiles
show error for compile in progress
2017-09-27 13:54:16 +01:00
Hayden Faulds
4adf88ca01 handle OL or SL ids in UserInfoController.getPersonalInfo 2017-09-26 11:40:05 +01:00
Hayden Faulds
2c0e9bb89a return overleaf details from ProejctsDetailsHandler.getdetails 2017-09-26 10:19:30 +01:00
Brian Gough
0f855689a7 show error for compile in progress 2017-09-26 08:07:35 +01:00
Shane Kilkelly
ee32648bf4 Order privileges by highest-to-lowest 2017-09-22 15:55:38 +01:00
Shane Kilkelly
81170d472d Add token-access routes 2017-09-22 14:54:35 +01:00
Shane Kilkelly
95292a2e55 Add unique index to token properties 2017-09-21 15:06:42 +01:00
Shane Kilkelly
441c207953 Generate tokens by default 2017-09-21 15:04:15 +01:00
Shane Kilkelly
abe41b6948 Fix projection in project query 2017-09-21 13:37:10 +01:00
Shane Kilkelly
863d327743 Change logic to exclude token users 2017-09-21 11:02:55 +01:00
Shane Kilkelly
931ba56e33 Add an 'owner' source tag, for the project owner 2017-09-21 09:35:25 +01:00
Shane Kilkelly
ef7e1ceabf Rename functions to make distinction between invited/token members 2017-09-21 09:30:38 +01:00
Shane Kilkelly
91ec0da239 Use the invitedMembers function for sending tpds updates 2017-09-20 15:48:20 +01:00
Shane Kilkelly
574baf386e Alter getProjectsUserIsMemberOf to include token-access projects.
Also change the api to produce an object with the different project lists
attached, rather than a pair of lists.
2017-09-20 15:26:03 +01:00
Shane Kilkelly
ceb7c509d0 Rename getProjectsUserIsCollaboratorOf to ...IsMemberOf
This brings the naming more in line with current conventions.
2017-09-20 13:16:50 +01:00
Shane Kilkelly
069f49d5a6 Change getCollaboratorCount to getInvitedCollaboratorCount.
And update the one call-site in LimitationsManager. This function
is used to limit invites, so it makes sense to explicitely limit
this to Invited members of the project.
2017-09-20 10:29:47 +01:00
Shane Kilkelly
8460160076 Add a getInvitedMembersWithPrivilegeLevels function.
Then use it to build the loadProject view-model.
2017-09-20 10:02:43 +01:00
Shane Kilkelly
cf54989e6a Add a getInvitedMemberIds function
Limited to only members who were invited to the project, not users
who have access via a token.
2017-09-20 09:36:56 +01:00
Shane Kilkelly
fc202439ab Read-only privelege for anonymous access 2017-09-20 09:36:06 +01:00
Shane Kilkelly
06966f67db Differentiate project members by source, include token members 2017-09-20 09:35:19 +01:00
Shane Kilkelly
a06f4b6b28 Remove remaining traces of UserStub 2017-09-19 16:16:39 +01:00
Shane Kilkelly
7919d5342b Remove obsolete add-email-to-project workflow 2017-09-19 15:57:19 +01:00
Shane Kilkelly
c87df7be79 Add token-access user refs to Project 2017-09-19 09:27:22 +01:00
Shane Kilkelly
8fece2d5f0 Add tokenBased access level 2017-09-18 10:58:13 +01:00
Shane Kilkelly
2011432120 Add tokens property to Project model 2017-09-18 10:27:28 +01:00
James Allen
adf211a226 Merge pull request #594 from sharelatex/ja-include-token-in-project-schema
Include OL tokens in project schema
2017-09-15 11:41:24 +02:00
Brian Gough
9f9c15f6f5 Merge pull request #599 from sharelatex/bg-reset-project-state
clear docupdater project state in deleteAuxFiles
2017-09-15 09:09:29 +01:00
Brian Gough
28a80cf23d Merge pull request #604 from sharelatex/bg-fix-root-doc-in-incremental-compile
fix root doc in incremental compile
2017-09-13 13:47:22 +01:00
Tim Alby
a04adbf132 remove extra security headers 2017-09-13 11:53:11 +02:00
Brian Gough
51eb94a493 handle incremental compile without root doc 2017-09-13 10:10:44 +01:00
Brian Gough
0e87b8950e update clearProjectState endpoint 2017-09-12 11:40:00 +01:00
Tim Alby
d6834ff417 add security headers using Helmet
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
  - a user is logged in, OR
  - a project is displayed
2017-09-12 11:17:59 +02:00
Brian Gough
5430c8a3c2 Merge pull request #593 from sharelatex/bg-fix-inactive-projects-request
avoid error when passing as limit in mongo query
2017-09-11 08:16:28 +01:00
Brian Gough
6d73c48c36 Merge pull request #596 from sharelatex/bg-suppress-incremental-compile-after-errors
suppress incremental compile after errors
2017-09-11 08:15:50 +01:00
Brian Gough
2b4c8bd846 clear docupdater project state in deleteAuxFiles 2017-09-08 15:57:29 +01:00
Brian Gough
e8435e3eae make condition clearer for incremental compile 2017-09-08 13:39:24 +01:00
Brian Gough
03a5ff2e43 skip incremental compile after docupdater error 2017-09-07 15:06:09 +01:00
Shane Kilkelly
586d1f1599 Merge pull request #531 from sharelatex/sk-allow-explicit-ses-email-config
Instantiate the ses client if explicitly specified.
2017-09-07 10:21:01 +01:00
Brian Gough
3ac0e97a14 avoid error when passing as limit in mongo query
convert request parameter from string to number
2017-09-05 12:33:13 +01:00
Brian Gough
e2368615e2 Merge pull request #589 from sharelatex/bg-check-options-for-incremental-compile
include the options in the project state hash
2017-09-05 11:53:17 +01:00
Brian Gough
2e6c578dd7 add ol-style.css to fingerprint list 2017-09-05 10:54:26 +01:00