Brian Gough
f2a1b49d48
Merge pull request #17593 from overleaf/bg-account-security-update-hibp-links
...
Update haveibeenpwnd links to use the password check form
GitOrigin-RevId: f67b1ed689c851ad3684becc38cd5eb82b0018a2
2024-03-22 09:03:13 +00:00
Jakob Ackermann
2207000a0f
Merge pull request #16379 from overleaf/jpa-pw-reset-hint
...
[web] add username hint for password managers on password (re)set form
GitOrigin-RevId: f691c0368494bc550ee10581f2a8ddf5addadf9b
2024-01-05 09:03:27 +00:00
June Kelly
724a8d6113
Merge pull request #12698 from overleaf/jk-full-stops
...
[web] Add full-stops after 'Please use a different password'
GitOrigin-RevId: 9cac7c70358db11a74858252001a2dee211c0325
2023-04-26 08:04:30 +00:00
June Kelly
841df71a1d
Merge pull request #12342 from overleaf/jk-password-ux-please-use-another-password
...
[web] Password UX: 'Please use another password'
GitOrigin-RevId: ca9b26cbcf2dabb27c716da314764ee40ffc83dd
2023-04-12 08:04:13 +00:00
June Kelly
53b78ad68b
Merge pull request #11590 from overleaf/jk-password-reset-ux-improvements
...
[web] Password Reset UX Improvements
GitOrigin-RevId: d62575ff965e045823bfb7268db892188cf709ed
2023-02-10 16:33:14 +00:00
June Kelly
be7b424a63
Merge pull request #11436 from overleaf/jk-increase-password-min-length-to-8
...
[web] Increase the minimum password length to 8 characters
GitOrigin-RevId: 94eb3c5605183b5e189babd3342dc308f403ebbd
2023-02-02 09:02:56 +00:00
ilkin-overleaf
2675cab92e
Merge pull request #10394 from overleaf/ii-password-reset-and-strength-checking
...
[web] Password reset strength checking and UI updates
GitOrigin-RevId: 442a5c9e7e9d0a61d3ae649f3526bc3c02fd5704
2022-12-07 09:03:36 +00:00
June Kelly
3288f87dbe
[web] Password set/reset: reject current password (redux) ( #8956 )
...
* [web] set-password: reject same as current password
* [web] Add 'peek' operation on tokens
This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.
We give up to three attempts before invalidating the token.
* [web] Add hide-on-error feature to async forms
This allows us to hide the form elements when certain
named error conditions occur.
* [web] reset-password: handle same-password rejection
We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.
* [web] Validate OneTimeToken when loading password reset form
* [web] Rate limit GET: /user/password/set
Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.
* [web] Tidy up pug layout and mongo query for token peeking
Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
2022-09-28 08:06:54 +00:00
Henry Oswald
5f1abee345
Merge pull request #8939 from overleaf/revert-8882-jk-web-reject-same-password
...
Revert "[web] Password set/reset: reject current password"
GitOrigin-RevId: f14f970fe93064658a8659537c5cb417e34e2751
2022-07-20 08:04:00 +00:00
June Kelly
d04ea76081
Merge pull request #8882 from overleaf/jk-web-reject-same-password
...
[web] Password set/reset: reject current password
GitOrigin-RevId: 2c40dda4926d9c68564ae5126b3393b9286bb661
2022-07-20 08:03:36 +00:00
June Kelly
000f849381
Merge pull request #6143 from overleaf/jk-register-password-validation
...
[web] Password length validation on register
GitOrigin-RevId: 8d97d92f3176f25c5af29479ba85789eac28540a
2022-01-13 09:03:16 +00:00
Hugh O'Brien
3b95ac6d88
Merge pull request #5688 from overleaf/jpa-invalid-password-message
...
[web] password reset: validate user password ahead of invalidating token
GitOrigin-RevId: ba3e6549f53675a2216e2fc24293276c1968d416
2021-11-10 09:02:38 +00:00
June Kelly
5141f7b452
Merge pull request #5199 from overleaf/jk-de-ng-form-messages-role
...
[web] Improve a11y of form-messages
GitOrigin-RevId: 36360bc188f9a582e891d50328a6f27b414dce2a
2021-09-27 08:03:10 +00:00
Jakob Ackermann
891947770c
Merge pull request #5124 from overleaf/jk-de-ng-set-password-page
...
[web] de-ng set password form
GitOrigin-RevId: d8ebf9f794454d5772e13ab783892d2bba6eed87
2021-09-24 08:03:23 +00:00
Jessica Lawshe
bb882c697c
Merge pull request #4288 from overleaf/jel-skip-to-content
...
Add "Skip to content" to improve accessibility
GitOrigin-RevId: 43368a65057656bdea10b6be3c598d68bd8e2d40
2021-07-28 02:06:54 +00:00
Jakob Ackermann
9d00c351a8
Merge pull request #4327 from overleaf/jpa-pw-reset-captcha
...
[misc] add captcha on password reset requests
GitOrigin-RevId: 9a23b9c9dee2c56345e9c1846861c05c25126802
2021-07-28 02:06:02 +00:00
Alf Eaton
8227e68aca
Improve form "for" and "autocomplete" attributes ( #3822 )
...
GitOrigin-RevId: 2ce35d57526fc36b5a974d0f940ef6ba08806864
2021-04-01 02:05:32 +00:00
Miguel Serrano
d65db1acf0
Merge pull request #3824 from overleaf/jpa-password-reset-email-forwarding
...
[misc] fix passing around of users email as part of password reset
GitOrigin-RevId: 54e8cde9867a2ce735bc7ebe281ead19ef49e6cd
2021-04-01 02:05:04 +00:00
Alf Eaton
a5637651b5
Add Content-Security-Policy header ( #3783 )
...
* Add Content-Security-Policy header
* Add nonce attribute to script tags
* Use source-map for webpack devtool
* Add ng-csp attribute when CSP is enabled
* Allow overriding CSP settings with environment variables
* Hook into render and allow routes to disable the CSP header
GitOrigin-RevId: a873736a3514198165f1b2f1e18d002b65f20d30
2021-03-26 03:04:55 +00:00
Jakob Ackermann
7609b741fa
Merge pull request #3768 from overleaf/jpa-xss-10
...
[views] mitigate Angular XSS on password reset page
GitOrigin-RevId: 65f423fcb1a3afff0f396bb8e173d1e1bcff056a
2021-03-18 03:04:45 +00:00
Thomas
2d8167fa0a
Merge pull request #3675 from overleaf/tm-main-landmarks-a11y
...
Add main landmark roles to multiple templates
GitOrigin-RevId: 80ae851fae015b21a3210d71d04287c0c9a3024d
2021-03-05 03:05:00 +00:00
Jessica Lawshe
552fb56b74
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token
...
Update audit log when password reset by token
GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf
2020-08-13 15:46:10 +00:00
Ersun Warncke
d624c29b6f
remove v1 deps for password change/reset
...
GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7
2019-07-17 15:09:24 +00:00
Simon Detheridge
82672269c4
Merge pull request #1862 from overleaf/em-json-stringify
...
Globally apply StringHelper.stringifyJsonForScript()
GitOrigin-RevId: 82dc812a43a1e6f389471380a6a430c0a18dcec2
2019-06-17 15:14:25 +00:00
Jessica Lawshe
7666c8a481
Merge pull request #1236 from sharelatex/jel-password-reset
...
Reset password via API request to v1
GitOrigin-RevId: 00b0306ca77df650595a762382a8a63b05a945f6
2018-12-14 16:02:14 +00:00
Shane Kilkelly
57cd54bf55
WIP: migrate from jade to pug
2017-01-20 12:03:02 +00:00