Commit graph

96 commits

Author SHA1 Message Date
Ersun Warncke
dc06069dff add oauth2-server
GitOrigin-RevId: d10f565973f8b762c5aa51aa11e73105b016d3ae
2019-05-13 12:04:46 +00:00
Timothée Alby
54186d9db1 Add linked accounts section to user settings page (#1705)
Add linked accounts section to user settings page

GitOrigin-RevId: d2bb26a3bfb3946144a05b98f58d50a2c57f3040
2019-04-23 14:34:55 +00:00
Jessica Lawshe
f455a11aa8 Merge pull request #1655 from sharelatex/jel-user-must-reconfirm
Reconfirm user accounts

GitOrigin-RevId: 0343ff745e881cd51b5efbfb97404b6b926905c8
2019-04-17 14:14:19 +00:00
Hugh O'Brien
5edead4446 Merge pull request #1694 from sharelatex/hb-clear-ip-notifications
Remove notification for university enrolment on affiliation add

GitOrigin-RevId: 67df66ad6c6e9e16b6573fa15eb34293adaa0287
2019-04-15 16:09:16 +00:00
Shane Kilkelly
90cb50f4ac Merge pull request #1609 from sharelatex/sk-upgrade-bcrypt-3
Upgrade bcrypt to version 3, and specify minor-version of hash function

GitOrigin-RevId: 9282664a628e4b50839a1bb6f7ee895f3f9f15ca
2019-03-25 09:50:41 +00:00
Timothée Alby
b39626751a Merge pull request #1499 from sharelatex/ta-open-redirect-fix
Prevent Open Redirects

GitOrigin-RevId: 8cd2ead74de60f47b728ac227c21440281b111a5
2019-02-12 15:47:41 +00:00
Simon Detheridge
c7f30bdfec Merge pull request #1494 from sharelatex/spd-overleaf-v1-oauth-state
Use 'state' parameter to prefent CSRF attacks when authenticating with v1

GitOrigin-RevId: bf5f8ddffa391d8f3ca84d3588df906b08eb018d
2019-02-11 11:42:20 +00:00
Simon Detheridge
da6711dc99 Merge pull request #1275 from sharelatex/hb-authorization-flags
Authorization flags for metrics

GitOrigin-RevId: 651587c11317bfc8bb7b1e8143e8c2c820683cb5
2019-01-11 14:44:17 +00:00
Simon Detheridge
4c191953d3 Merge pull request #1356 from sharelatex/spd-password-complexity
Make password validation more consistent between backend and frontend

GitOrigin-RevId: 6ba729da842bf474cf7e9b5e0b2435db0544737c
2019-01-11 14:43:49 +00:00
Paulo Jorge Reis
e139abb110 Merge pull request #1273 from sharelatex/ja-password-reset-v1
Handle v1-only users in v2 password reset flow

GitOrigin-RevId: 38ce8e9aebd3330b980e73640a23661d8015d4f3
2018-12-18 11:48:53 +00:00
Jessica Lawshe
7666c8a481 Merge pull request #1236 from sharelatex/jel-password-reset
Reset password via API request to v1

GitOrigin-RevId: 00b0306ca77df650595a762382a8a63b05a945f6
2018-12-14 16:02:14 +00:00
James Allen
12004962fb Merge pull request #1221 from sharelatex/ew-collabratec-zip-upload-api
collabratec zip upload api

GitOrigin-RevId: cf93d47112404e9dcbecd723aa806fc213c057f3
2018-12-05 12:32:31 +00:00
Douglas Lovell
aae0484458 Merge branch 'master' into dcl-i1207
GitOrigin-RevId: c947041ca99860d4afb62ecfd28ba6fe1c717bfc
2018-11-30 13:24:27 +00:00
Douglas Lovell
ed3147a58f Allow open from template button when lacking source
GitOrigin-RevId: 8fd49bff6cc0f66d041bb70f9345b2744978be3a
2018-11-30 13:24:23 +00:00
Simon Detheridge
50cba1a86f Merge pull request #1153 from sharelatex/spd-open-in-overleaf-local-storage
Use browser local storage instead of session for tex snippets

GitOrigin-RevId: 9609dc882c37ccd2f58bf6d36ea851bbe746fa25
2018-11-26 16:53:31 +00:00
Ersun Warncke
f3b92bbeec Collabratec Get Projects API (#1092)
collabratec get projects api

GitOrigin-RevId: c733aecf515cf75ca1ae9c454efa7a35f09cf495
2018-11-06 13:48:49 +00:00
Ersun Warncke
365158f283 Merge pull request #1047 from sharelatex/ew-oauth-authorization
add oauth middlewear

GitOrigin-RevId: b68360763e1060fdbcbb4348d3d691a803fbfa41
2018-10-30 18:31:47 +00:00
Alasdair Smith
e129172553 Fix ordering of boolean check to be more readable 2018-10-08 11:25:24 +01:00
Alasdair Smith
04572f61bb Fix copy/paste error 2018-10-08 10:44:26 +01:00
Alasdair Smith
676557a051 Refactor to validate in AuthenticationManager 2018-10-08 10:44:25 +01:00
Alasdair Smith
44c86b3769 Refactor to use password strength options 2018-10-08 10:44:25 +01:00
Shane Kilkelly
2c47da553b Add an error log if activating sudo-mode on login fails 2018-10-04 15:05:40 +01:00
Shane Kilkelly
2ef23194df WIP: trying to get acceptance tests to pass 2018-10-04 15:05:40 +01:00
Shane Kilkelly
c95d925d56 When regenerating session, don't copy the __tmp key 2018-09-19 09:28:59 +01:00
hugh-obrien
1e04a09ec6 remove unnecessary error returns and ip fetching 2018-09-07 18:15:32 +01:00
hugh-obrien
8ef90a0dcb move call for creating ip matched notifcation to project controller 2018-09-05 15:40:59 +01:00
hugh-obrien
bf2ea4e7b3 test against ip matcher for notification on login if different from previous ip 2018-09-05 11:22:26 +01:00
Nate Stemen
4d991aa176 Merge branch 'master' into ns-use-regex-test 2018-08-27 14:26:51 -04:00
Nate Stemen
ebea8a8633 use regex test instead of match when only bool needed 2018-08-27 14:25:01 -04:00
Alasdair Smith
9bc3fa2df0 Pass req to preDoPassportLogin module hook 2018-08-17 12:04:05 +01:00
Shane Kilkelly
d8c9a96619 If we're creating v1 accounts, don't allow login for users already linked up 2018-08-03 14:58:29 +01:00
Shane Kilkelly
299de369e5 Refactor the way logins are finished off and sessions established 2018-07-17 16:27:24 +01:00
Shane Kilkelly
b4f8108277 Move the pre-login async code into a helper function 2018-07-13 11:51:11 +01:00
Douglas Lovell
1df5b0b942 Fixup mixed indentation 2018-06-29 19:36:59 -03:00
Shane Kilkelly
0f131d940d Enforce stricter password policy.
- Check minimum password lengths
- Set default policy to 6-128 chars
2017-07-24 11:06:47 +01:00
Shane Kilkelly
0e26222551 Don't redirect to images, icons, etc, in login workflow 2017-05-12 15:46:16 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Henry Oswald
cff922a0f5 idendify -> identify 2017-03-22 16:01:26 +00:00
Henry Oswald
ebdce6169e idendifyUser on login 2017-03-22 15:50:49 +00:00
Shane Kilkelly
1137ab0715 Don't record redirect to static asset paths 2017-01-17 14:35:37 +00:00
Shane Kilkelly
f5ced03074 Set redirect when sending user to login page.
Allows smart redirecting to work when public access is turned off.
2017-01-10 15:42:36 +00:00
Shane Kilkelly
395135a655 Merge branch 'sk-post-login-redirect' 2016-11-28 09:52:14 +00:00
Henry Oswald
f130470971 log ip address of user when logging in 2016-11-25 11:59:50 +00:00
Shane Kilkelly
167f01857a Remove stray next params. 2016-11-24 14:15:01 +00:00
Shane Kilkelly
22101d0305 If user is sent to login page with explicit redirect, obey 2016-11-24 11:38:13 +00:00
Shane Kilkelly
cee3326ce3 fix omission of 'length' 2016-11-22 17:06:05 +00:00
Shane Kilkelly
8a4352fff2 Set redirect when redirecting from restricted 2016-11-22 16:54:03 +00:00
Shane Kilkelly
8089bb55a4 use session for the post-login redirect, remove redir query string. 2016-11-22 14:24:36 +00:00
Shane Kilkelly
bfa0e7cf89 WIP: start moving web sessions to cluster 2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00