James Allen
a153c6682a
Put in client side check for document getting too long
2015-11-06 12:51:43 +00:00
James Allen
9dcc251017
Copy header values so they can be modified by modules each request
2015-11-05 16:52:50 +00:00
James Allen
16b7bf222a
Merge branch 'contacts'
2015-11-05 10:14:25 +00:00
James Allen
c46f62cfc1
Ensure that a user can only be added to project once
2015-11-02 15:21:41 +00:00
Henry Oswald
cf48c94725
rate limit pdf downloads
2015-10-30 11:56:01 +00:00
Henry Oswald
5e19d710ba
change error handling on spelling
2015-10-22 20:15:50 +01:00
Henry Oswald
1c91de0395
added function to get project with only folders for quicker adding of files to large projects
2015-10-21 16:56:06 +01:00
Henry Oswald
885915916a
check if user exists on recurly callback
2015-10-21 11:27:13 +01:00
Henry Oswald
d9734953a6
don't archive project in track changes for moment
2015-10-20 17:36:37 +01:00
Henry Oswald
79a694b5c8
for spelling attach error handler first
2015-10-20 09:55:12 +01:00
Henry Oswald
f61d97a4f6
added null check on user when checking permissions
2015-10-19 22:29:36 +01:00
Henry Oswald
2b8dd7248a
added subscription handler null check
2015-10-19 22:29:11 +01:00
Henry Oswald
d80179ecc6
added missing null check in
2015-10-19 22:14:52 +01:00
Henry Oswald
0c74673e04
Merge branch 'master' of https://github.com/sharelatex/web-sharelatex
2015-10-19 15:44:54 +01:00
Henry Oswald
2c32126f68
archive in track changes as well as docstore
2015-10-19 15:44:50 +01:00
James Allen
36678301e6
Try to put a new doc in the docstore first so that if it fails it doesn't leave a broken doc_id in the project
2015-10-16 12:34:33 +01:00
James Allen
d996ed6e47
Refactor addUserToProject for better access by groups
2015-10-14 17:29:58 +01:00
James Allen
c4e4f2c77a
Add modules hook for contacts and support groups in auto complete
2015-10-08 18:17:53 +01:00
James Allen
78c5741d06
Add contact when adding collaborator
2015-10-08 16:42:23 +01:00
James Allen
d11d536994
Refactor adding and removing collaborators to not go through EditorController
2015-10-08 14:15:36 +01:00
James Allen
8cc7869b03
Pull in contacts from contacts api and send to tag-input for autocomplete
2015-10-07 17:32:35 +01:00
Henry Oswald
f1d07811df
update the entire users features on assign bonus bu don't update
...
the user features if there is nothing to update when assigning bonus
2015-10-07 13:50:51 +01:00
Henry Oswald
b69ec9768d
bonus allocater does not need to check if user has subscription any more.
2015-10-05 16:50:34 +01:00
Henry Oswald
fae7d431f4
after subscription is updated always check bonus
2015-10-05 16:33:13 +01:00
Henry Oswald
9a60617162
change referral allocated to only upgrade features and to find highest level
...
i.e. user has referred 5 users, there are bonus levels for 3 & 6 shares, auto takes 3 users now.
2015-10-05 12:30:03 +01:00
Henry Oswald
24007affa7
change admin link to /admin/user
...
this is the page for the admin panel, if the panel is installed
then it will load, otherwise a redirect to register users has been
added in.
2015-09-16 12:17:58 +01:00
Henry Oswald
70611da833
added a null check to getRequestUserAndProject
2015-09-15 12:47:48 +01:00
Henry Oswald
9a72667e91
added word count UI feature.
2015-09-14 15:28:19 +01:00
Henrique Dias
d228fd88ab
add worcount file param
2015-09-11 09:53:06 -03:00
Henrique Dias
77c2162872
add wordcount clsi handler
2015-09-10 12:41:48 -03:00
James Allen
639424f664
Don't error on project clone if not root doc is set
2015-09-02 14:32:21 +01:00
James Allen
40704b486e
Don't lock up on very long lined documents
2015-08-28 16:52:09 +01:00
Shane Kilkelly
0aaeb6671e
Keep password reset token in session, and strip it from reset page url.
...
This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.
Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.
2015-08-24 11:53:33 +01:00
Henry Oswald
a53e3b80cf
if blog or universities site is down don't crash, send 500
2015-08-20 16:55:16 +01:00
Shane Kilkelly
aab7a8713e
Catch the case where filename is shorter than the extension length.
2015-08-20 15:56:30 +01:00
Shane Kilkelly
2dd56d0b32
If we're sending a html file to mobile-safari, do so as plain text.
...
This prevents safari from trying to render the page,
which it does because it ignores the "Content-Disposition" header.
2015-08-20 12:02:43 +01:00
Henry Oswald
63580f6a79
remove useClsi2 flag in project collection
2015-08-19 11:58:41 +01:00
Henry Oswald
a777fcc5a6
changed post to deactivate projects to set params via body rather than query params
2015-08-19 11:55:35 +01:00
Henry Oswald
50fc886c94
changed inactive to active as its more effienct query in mongo
2015-08-19 11:54:30 +01:00
Henry Oswald
d3499acd7b
pass options through stating how long ago want to archive from and limit
2015-08-14 14:11:53 +01:00
Henry Oswald
70b825fd2a
fixed call to ProjectUpdateHandler.markAsOpened and made it async
2015-08-14 11:27:11 +01:00
Henry Oswald
66b87df17c
added deactivate project endpoint
2015-08-14 11:26:11 +01:00
Henry Oswald
bec9bf5c87
replace lodash with underscore in this project
2015-08-14 09:42:27 +01:00
Henry Oswald
21a67ddab4
added deactivate old projects endpoint
2015-08-13 22:50:39 +01:00
Henry Oswald
a0142d4415
added inactive and reactivate project logic
2015-08-13 22:40:28 +01:00
Henry Oswald
417fd4f5f5
add logging to tell us how long since a project that is being opened was last updated
2015-07-22 10:38:48 +01:00
Henry Oswald
c12213b46b
added logging around load editor times
2015-07-22 10:38:28 +01:00
Henry Oswald
a786b623a8
added logging to help debug slow project list page loading
2015-07-22 01:06:23 +01:00
Henry Oswald
3ecf201eda
send -> sendStatus
2015-07-08 16:56:38 +01:00
Henry Oswald
9028bcf830
set body parser limit to 2mb
2015-07-08 14:35:03 +01:00
Henry Oswald
39df8964cf
added route that got lost in merge
2015-07-08 13:29:10 +01:00
Henry Oswald
9a49ce4a0e
removed extra req.session.destroy
2015-07-08 12:58:02 +01:00
Henry Oswald
8020cd8f47
removed tpds from settings.defaults.coffee, if not set updates are now not queued
2015-07-02 12:09:08 +01:00
Henry Oswald
56346ad88c
remove analytics router and fixed bad package.json
2015-07-01 15:48:23 +01:00
Brian Gough
e6a670533d
added default mongoose connection
2015-07-01 15:36:50 +01:00
Henry Oswald
7fd29b18a8
destroy users session before creating a new one for them after login
...
session changed to prevent against fixation attacks
2015-07-01 15:29:02 +01:00
Henry Oswald
4f0b922a5d
changed name used when project or file uploaded, this changed when
...
we started using https://github.com/expressjs/multer
* originalname - Name of the file on the user's computer
* name - Renamed file name
2015-07-01 15:28:49 +01:00
Henry Oswald
3ab57f6830
put express locals on webRouter, this prevents problem with accessing sessions in locals, they should also only be used on web routes not api routes
2015-07-01 15:28:30 +01:00
Henry Oswald
941d407231
added saveUninitialized option to session which is now required
2015-07-01 15:26:17 +01:00
Henry Oswald
15a57f5dc4
removed req.session.destorys from endpoints now on the api router which are not needed
2015-07-01 15:26:05 +01:00
Henry Oswald
1cc0cbe8fc
split site into 2 routers, webRouter and apiRouter
...
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
Henry Oswald
665bdcf538
v1 of express4 conversion
2015-07-01 15:17:43 +01:00
Brian Gough
3de841dd71
added event loop monitor
2015-06-23 13:50:42 +01:00
Henry Oswald
84bf0dd9a3
added timeout and logging for tpdsworker queing via http
2015-06-23 11:19:23 +01:00
Henry Oswald
b83fe4dcf9
put tpdsworker url in from settings
2015-06-23 11:13:05 +01:00
Henry Oswald
2ec925b45e
fairy removed from web, makes http request to tpds worker now
2015-06-22 22:33:04 +01:00
Henry Oswald
33aa5c732f
if a domain licence link has expired render a nice message explaining they need to retry
2015-06-01 12:43:42 +01:00
Henry Oswald
cb48242b74
changed email expire to 1 day for verifying account
2015-06-01 12:22:46 +01:00
Henry Oswald
6727c3ee00
changed ShareLaTeX thoughts to go into type form
2015-05-29 16:27:35 +01:00
Henry Oswald
d3f6c0c614
Merge branch 'user-csv' of git://github.com/heukirne/web-sharelatex into heukirne-user-csv
2015-05-29 12:17:54 +01:00
Henry Oswald
e4011b9ba1
Merge branch 'emailverification'
2015-05-29 12:10:02 +01:00
Henrique Dias
f50eb0398f
add export csv group feature
2015-05-28 16:54:41 -03:00
Henry Oswald
43c4531e51
kill off CollaboratorsHandler. changeUsersPrivilegeLevel as it is not used anywhere
2015-05-28 13:02:08 +01:00
Henry Oswald
22b94e9246
renamed SubscriptionDomainAllocator -> SubscriptionDomainHandler
2015-05-27 20:57:54 +01:00
Henry Oswald
4773d6d22f
added tests around new endpoints for joining groups
2015-05-27 20:50:16 +01:00
Henry Oswald
f27c072ae1
pull logic checking if user is already part of a group out of controller into handler
2015-05-27 16:33:47 +01:00
Henry Oswald
72e528e9d1
if you are alread in the group show the custom group page
2015-05-27 15:50:28 +01:00
Henry Oswald
79fa49a43d
if a user is elelable to be part of a group subscription and they go to
...
/user/subscription it should redirect them to the group subscription invite
2015-05-27 15:35:31 +01:00
Henry Oswald
1d21bddcf5
fix Onetime token handler path
2015-05-27 15:06:36 +01:00
Brian Gough
a5d14f4ffb
handle unexplained case where smokeTestModule is undefined
2015-05-26 16:33:02 +01:00
Henry Oswald
481bd67fbd
changed paths to use hyphens and add succesfull join page
2015-05-26 15:26:45 +01:00
Henry Oswald
841231dbf8
make PasswordResetTokenHandler generic so it can be used for invites
2015-05-26 15:24:09 +01:00
Brian Gough
e51cdb81bd
port leak fixes from smoke-test-sharelatex module
2015-05-26 10:54:55 +01:00
Henry Oswald
cad8d8a23b
v1 basic invite works, not pretty or tested
2015-05-22 13:57:15 +01:00
Henry Oswald
f5c39efcac
patched xss hole with messages not setting the content type correctly
2015-05-19 11:04:52 +01:00
Henry Oswald
9764ab258b
added complex password validation to password resets
2015-04-30 12:05:46 +01:00
Henry Oswald
312c56a24e
allow password resets to be performed when site is not public by adding routes into white list
2015-04-30 11:58:26 +01:00
Henry Oswald
a7640b5bbd
changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist
2015-04-30 11:57:40 +01:00
Henry Oswald
6669884f44
Merge branch 'tpds-cleanup'
2015-04-23 10:06:26 +01:00
Brian Gough
396644d314
proposed fix to delete tpds dump files after use
2015-04-15 14:41:38 +01:00
James Allen
5c30a7de67
Add in option for global login requirement (defaults to on)
2015-04-15 11:14:53 +01:00
James Allen
893ff85521
Don't allow password resets for holding accounts
2015-04-14 13:11:49 +01:00
James Allen
33f56b71a2
Remove redundant body parser line
2015-04-14 13:04:49 +01:00
James Allen
8b4ccae60a
Read cookie session length from settings file
2015-04-14 13:04:29 +01:00
Brian Gough
0684fa36fd
upgrade pdfjs to version 1.0.1040
2015-03-31 14:53:27 +01:00
James Allen
8483f249ee
Actually proxy websocket connections
2015-03-20 19:08:48 +00:00
Brian Gough
b0a32b1ef8
make new pdf viewer the default for all users
...
remove old pdf viewer
2015-03-20 11:28:28 +00:00
James Allen
393169bc2a
Create a grunt task to create the admin user
2015-03-19 17:36:50 +00:00
James Allen
e2d515f957
Allow public registration module to hook into email system
2015-03-19 17:19:56 +00:00
James Allen
9b8cf7bcfa
Remove public registration and require that a user be registered by an admin
2015-03-19 14:22:48 +00:00