Timothée Alby
|
b39626751a
|
Merge pull request #1499 from sharelatex/ta-open-redirect-fix
Prevent Open Redirects
GitOrigin-RevId: 8cd2ead74de60f47b728ac227c21440281b111a5
|
2019-02-12 15:47:41 +00:00 |
|
Simon Detheridge
|
c7f30bdfec
|
Merge pull request #1494 from sharelatex/spd-overleaf-v1-oauth-state
Use 'state' parameter to prefent CSRF attacks when authenticating with v1
GitOrigin-RevId: bf5f8ddffa391d8f3ca84d3588df906b08eb018d
|
2019-02-11 11:42:20 +00:00 |
|
Simon Detheridge
|
da6711dc99
|
Merge pull request #1275 from sharelatex/hb-authorization-flags
Authorization flags for metrics
GitOrigin-RevId: 651587c11317bfc8bb7b1e8143e8c2c820683cb5
|
2019-01-11 14:44:17 +00:00 |
|
Simon Detheridge
|
4c191953d3
|
Merge pull request #1356 from sharelatex/spd-password-complexity
Make password validation more consistent between backend and frontend
GitOrigin-RevId: 6ba729da842bf474cf7e9b5e0b2435db0544737c
|
2019-01-11 14:43:49 +00:00 |
|
Paulo Jorge Reis
|
e139abb110
|
Merge pull request #1273 from sharelatex/ja-password-reset-v1
Handle v1-only users in v2 password reset flow
GitOrigin-RevId: 38ce8e9aebd3330b980e73640a23661d8015d4f3
|
2018-12-18 11:48:53 +00:00 |
|
Jessica Lawshe
|
7666c8a481
|
Merge pull request #1236 from sharelatex/jel-password-reset
Reset password via API request to v1
GitOrigin-RevId: 00b0306ca77df650595a762382a8a63b05a945f6
|
2018-12-14 16:02:14 +00:00 |
|
James Allen
|
12004962fb
|
Merge pull request #1221 from sharelatex/ew-collabratec-zip-upload-api
collabratec zip upload api
GitOrigin-RevId: cf93d47112404e9dcbecd723aa806fc213c057f3
|
2018-12-05 12:32:31 +00:00 |
|
Douglas Lovell
|
aae0484458
|
Merge branch 'master' into dcl-i1207
GitOrigin-RevId: c947041ca99860d4afb62ecfd28ba6fe1c717bfc
|
2018-11-30 13:24:27 +00:00 |
|
Douglas Lovell
|
ed3147a58f
|
Allow open from template button when lacking source
GitOrigin-RevId: 8fd49bff6cc0f66d041bb70f9345b2744978be3a
|
2018-11-30 13:24:23 +00:00 |
|
Simon Detheridge
|
50cba1a86f
|
Merge pull request #1153 from sharelatex/spd-open-in-overleaf-local-storage
Use browser local storage instead of session for tex snippets
GitOrigin-RevId: 9609dc882c37ccd2f58bf6d36ea851bbe746fa25
|
2018-11-26 16:53:31 +00:00 |
|
Ersun Warncke
|
f3b92bbeec
|
Collabratec Get Projects API (#1092)
collabratec get projects api
GitOrigin-RevId: c733aecf515cf75ca1ae9c454efa7a35f09cf495
|
2018-11-06 13:48:49 +00:00 |
|
Ersun Warncke
|
365158f283
|
Merge pull request #1047 from sharelatex/ew-oauth-authorization
add oauth middlewear
GitOrigin-RevId: b68360763e1060fdbcbb4348d3d691a803fbfa41
|
2018-10-30 18:31:47 +00:00 |
|
Alasdair Smith
|
e129172553
|
Fix ordering of boolean check to be more readable
|
2018-10-08 11:25:24 +01:00 |
|
Alasdair Smith
|
04572f61bb
|
Fix copy/paste error
|
2018-10-08 10:44:26 +01:00 |
|
Alasdair Smith
|
676557a051
|
Refactor to validate in AuthenticationManager
|
2018-10-08 10:44:25 +01:00 |
|
Alasdair Smith
|
44c86b3769
|
Refactor to use password strength options
|
2018-10-08 10:44:25 +01:00 |
|
Shane Kilkelly
|
2c47da553b
|
Add an error log if activating sudo-mode on login fails
|
2018-10-04 15:05:40 +01:00 |
|
Shane Kilkelly
|
2ef23194df
|
WIP: trying to get acceptance tests to pass
|
2018-10-04 15:05:40 +01:00 |
|
Shane Kilkelly
|
c95d925d56
|
When regenerating session, don't copy the __tmp key
|
2018-09-19 09:28:59 +01:00 |
|
hugh-obrien
|
1e04a09ec6
|
remove unnecessary error returns and ip fetching
|
2018-09-07 18:15:32 +01:00 |
|
hugh-obrien
|
8ef90a0dcb
|
move call for creating ip matched notifcation to project controller
|
2018-09-05 15:40:59 +01:00 |
|
hugh-obrien
|
bf2ea4e7b3
|
test against ip matcher for notification on login if different from previous ip
|
2018-09-05 11:22:26 +01:00 |
|
Nate Stemen
|
4d991aa176
|
Merge branch 'master' into ns-use-regex-test
|
2018-08-27 14:26:51 -04:00 |
|
Nate Stemen
|
ebea8a8633
|
use regex test instead of match when only bool needed
|
2018-08-27 14:25:01 -04:00 |
|
Alasdair Smith
|
9bc3fa2df0
|
Pass req to preDoPassportLogin module hook
|
2018-08-17 12:04:05 +01:00 |
|
Shane Kilkelly
|
d8c9a96619
|
If we're creating v1 accounts, don't allow login for users already linked up
|
2018-08-03 14:58:29 +01:00 |
|
Shane Kilkelly
|
299de369e5
|
Refactor the way logins are finished off and sessions established
|
2018-07-17 16:27:24 +01:00 |
|
Shane Kilkelly
|
b4f8108277
|
Move the pre-login async code into a helper function
|
2018-07-13 11:51:11 +01:00 |
|
Douglas Lovell
|
1df5b0b942
|
Fixup mixed indentation
|
2018-06-29 19:36:59 -03:00 |
|
Shane Kilkelly
|
0f131d940d
|
Enforce stricter password policy.
- Check minimum password lengths
- Set default policy to 6-128 chars
|
2017-07-24 11:06:47 +01:00 |
|
Shane Kilkelly
|
0e26222551
|
Don't redirect to images, icons, etc, in login workflow
|
2017-05-12 15:46:16 +01:00 |
|
Shane Kilkelly
|
043520fc28
|
Remove the Metrics module, use metrics-sharelatex
|
2017-04-03 16:18:30 +01:00 |
|
Henry Oswald
|
cff922a0f5
|
idendify -> identify
|
2017-03-22 16:01:26 +00:00 |
|
Henry Oswald
|
ebdce6169e
|
idendifyUser on login
|
2017-03-22 15:50:49 +00:00 |
|
Shane Kilkelly
|
1137ab0715
|
Don't record redirect to static asset paths
|
2017-01-17 14:35:37 +00:00 |
|
Shane Kilkelly
|
f5ced03074
|
Set redirect when sending user to login page.
Allows smart redirecting to work when public access is turned off.
|
2017-01-10 15:42:36 +00:00 |
|
Shane Kilkelly
|
395135a655
|
Merge branch 'sk-post-login-redirect'
|
2016-11-28 09:52:14 +00:00 |
|
Henry Oswald
|
f130470971
|
log ip address of user when logging in
|
2016-11-25 11:59:50 +00:00 |
|
Shane Kilkelly
|
167f01857a
|
Remove stray next params.
|
2016-11-24 14:15:01 +00:00 |
|
Shane Kilkelly
|
22101d0305
|
If user is sent to login page with explicit redirect, obey
|
2016-11-24 11:38:13 +00:00 |
|
Shane Kilkelly
|
cee3326ce3
|
fix omission of 'length'
|
2016-11-22 17:06:05 +00:00 |
|
Shane Kilkelly
|
8a4352fff2
|
Set redirect when redirecting from restricted
|
2016-11-22 16:54:03 +00:00 |
|
Shane Kilkelly
|
8089bb55a4
|
use session for the post-login redirect, remove redir query string.
|
2016-11-22 14:24:36 +00:00 |
|
Shane Kilkelly
|
bfa0e7cf89
|
WIP: start moving web sessions to cluster
|
2016-11-08 15:32:36 +00:00 |
|
Shane Kilkelly
|
9cb3d8c4b8
|
Enable hook from module into passport init.
|
2016-11-01 14:06:54 +00:00 |
|
Henry Oswald
|
3141f91b59
|
Merge pull request #322 from sharelatex/ho-password-limits
Ho password limits
|
2016-10-05 10:03:54 +01:00 |
|
Shane Kilkelly
|
dd14e51713
|
Handle null, undefined and false in isUserLoggedIn
|
2016-09-23 16:53:07 +01:00 |
|
Henry Oswald
|
8a2b7d0461
|
server side protect passwords which are too long
|
2016-09-23 16:51:46 +01:00 |
|
Henry Oswald
|
0d0f0e8604
|
wip
|
2016-09-23 16:38:46 +01:00 |
|
Shane Kilkelly
|
dbac4bd008
|
update session when user settings change
|
2016-09-22 16:58:25 +01:00 |
|