James Allen
ca0982a909
Enable the external auth switches when OL OAuth in use
2017-11-17 17:16:12 +00:00
Shane Kilkelly
9a7c8c5842
Revert "Remove remaining traces of UserStub"
...
This reverts commit ab6b4c32254a20b940c489b8b5b56237433cc0f6.
2017-10-12 15:08:48 +01:00
Shane Kilkelly
a06f4b6b28
Remove remaining traces of UserStub
2017-09-19 16:16:39 +01:00
Tim Alby
a04adbf132
remove extra security headers
2017-09-13 11:53:11 +02:00
Tim Alby
d6834ff417
add security headers using Helmet
...
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
- a user is logged in, OR
- a project is displayed
2017-09-12 11:17:59 +02:00
Brian Gough
2e6c578dd7
add ol-style.css to fingerprint list
2017-09-05 10:54:26 +01:00
James Allen
d5839437fd
Add in UserStub model and support in collaborators view
2017-08-24 17:48:47 +02:00
Paulo Reis
4849c705de
Optionally ask the translate local method to HTML encode; use it in the problematic tooltip.
2017-07-28 17:31:28 +01:00
Brian Gough
0ae93db08b
use ApiErrorHandler on public api
2017-07-05 15:06:23 +01:00
Brian Gough
bd83d94f64
rename apiRouter -> privateApiRouter in Modules
2017-07-05 14:41:14 +01:00
Brian Gough
29b40ad824
add public api router
2017-07-05 14:32:55 +01:00
Brian Gough
3e8ad69f3c
make loading of module routes more robust
2017-07-05 11:46:29 +01:00
Brian Gough
b2f676af5a
avoid duplicate routes for /status
2017-07-04 12:41:51 +01:00
Brian Gough
62d6933886
use settings instead of ENV for web/api split
2017-06-15 16:11:20 +01:00
Brian Gough
4b188ce120
support separate processes for web and api
...
via an environment variable WEB_TYPE
2017-05-22 13:31:02 +01:00
Brian Gough
5ac2ed8fc6
use a separate error handler for api router errors
2017-05-19 16:36:29 +01:00
Shane Kilkelly
60d3e4a97b
If external auth system is in use, skip sudo-mode checks
2017-05-15 15:46:24 +01:00
James Allen
3bfd92dd9c
Rename lock to avoid potential conflict with doc updater
2017-05-11 15:27:01 +01:00
James Allen
8449b0417c
Move all redis end points to be cluster compatible
2017-05-04 15:22:54 +01:00
Shane Kilkelly
a9b8b864df
Move content-disposition setting into a method on res
2017-04-12 16:00:02 +01:00
Shane Kilkelly
bb65da88fe
Merge branch 'master' into node-6.9
2017-04-05 10:15:51 +01:00
Shane Kilkelly
043520fc28
Remove the Metrics module, use metrics-sharelatex
2017-04-03 16:18:30 +01:00
Shane Kilkelly
f2b5901776
wip: use new metrics.timeAsyncMethod
2017-03-16 10:59:18 +00:00
Brian Gough
6f392f2270
upgrade pdfjs to 1.7.225
2017-03-02 09:31:23 +00:00
Shane Kilkelly
621a07aff2
Merge branch 'master' into node-6.9
2017-02-14 11:01:14 +00:00
Shane Kilkelly
4e9426e6bf
Merge branch 'master' into sk-pug
2017-01-30 14:36:10 +00:00
Shane Kilkelly
239164fe26
Merge branch 'master' into sk-rate-limit-cluster
2017-01-25 09:56:08 +00:00
Henry Oswald
13d21b881f
use new annoncments feature for case study info
2017-01-24 16:03:05 +00:00
Henry Oswald
2341a8481a
Merge branch 'master' into ho-promote-case-study
2017-01-24 14:49:35 +00:00
Shane Kilkelly
57cd54bf55
WIP: migrate from jade to pug
2017-01-20 12:03:02 +00:00
Shane Kilkelly
635b935acc
Add an acceptance test for login rate limits, cleanup
2017-01-16 11:46:59 +00:00
Shane Kilkelly
25956d4c62
Fix up tests
2017-01-13 16:04:26 +00:00
Shane Kilkelly
525e871d55
Merge branch 'master' into sk-rate-limit-cluster
2017-01-13 14:17:18 +00:00
Shane Kilkelly
5c25d15a18
WIP: try switch to rolling rate limiter
2017-01-12 09:25:18 +00:00
Shane Kilkelly
731f280e2e
Move auth parts of top menu out of config and into web templates.
...
Move the remaining configuration into a new config var: `nav.header_extras`.
Add a `nav.showSubscriptionLink` var to control visibility of subscription link
in the Account menu.
This will allow admins to more easily configure extra links in the top
navigation bar, without the danger of overwriting the important auth menus.
2017-01-11 10:27:38 +00:00
Shane Kilkelly
7bbbfe20b9
If external auth is used, remove /register
items from header nav.
...
(logic moved from docker-image settings file)
2016-12-21 13:50:13 +00:00
Shane Kilkelly
64f69069b2
Experimental: upgrade to node 6.9.2 (latest LTS release)
2016-12-21 10:23:42 +00:00
Shane Kilkelly
822f76a883
Add unit tests for RedisWrapper
2016-12-19 15:12:22 +00:00
Shane Kilkelly
03b541fb64
Fix small mistakes
2016-12-19 14:10:27 +00:00
Shane Kilkelly
9f787943b6
Remove stray redis imports.
2016-12-19 12:17:23 +00:00
Shane Kilkelly
ef0a5801d5
Create a RedisWrapper, and use it for rate limiting.
2016-12-19 12:17:02 +00:00
Shane Kilkelly
d38890e9f4
Add the rolling
option to session
2016-11-30 09:41:58 +00:00
Henry Oswald
6e9458e9e1
wip
2016-11-29 14:38:25 +00:00
Brian Gough
277894631a
try out new pdfjs font fix
...
https://github.com/mozilla/pdf.js/pull/7705
2016-11-16 14:50:09 +00:00
Shane Kilkelly
6c381b127c
Count saml as an external authentication system.
2016-11-14 13:33:48 +00:00
Shane Kilkelly
2cf2199964
WIP: enable non-csrf routes from modules
2016-11-11 13:48:29 +00:00
Shane Kilkelly
bfa0e7cf89
WIP: start moving web sessions to cluster
2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8
Enable hook from module into passport init.
2016-11-01 14:06:54 +00:00
Brian Gough
baf09e4f3a
avoid exception in LoggerSerializers
2016-10-25 15:50:05 +01:00
Brian Gough
3519fbe337
add worker-latex.js to fingerprints
2016-10-25 14:18:37 +01:00