Commit graph

23 commits

Author SHA1 Message Date
Tim Down
2807a35e24 Merge pull request #15728 from overleaf/td-lg-expire-password-tokens
Expire user password reset tokens when user changes their password

GitOrigin-RevId: 2d303eba947c224e71ebe60083abc7a8ff5207a5
2023-11-22 09:04:30 +00:00
Eric Mc Sween
680ebae30b Merge pull request #15172 from overleaf/em-promise-utils
Move util/promises from web into a shared library

GitOrigin-RevId: fe1980dc57b9dc8ce86fa1fad6a8a817e9505b3d
2023-10-20 08:04:05 +00:00
Eric Mc Sween
75abea72b0 Merge pull request #11492 from overleaf/em-rate-limiter
Move all remaining rate limiters to rate-limiter-flexible

GitOrigin-RevId: 163ab2aebecb281057e552dc75591dd02028990c
2023-01-31 09:03:44 +00:00
Eric Mc Sween
f97a543d41 Merge pull request #11255 from overleaf/em-rate-limiter
Introduce rate-limiter-flexible

GitOrigin-RevId: c787397e276fb81015c7d045d191f2ad81ef542d
2023-01-18 09:04:51 +00:00
June Kelly
3288f87dbe [web] Password set/reset: reject current password (redux) (#8956)
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
2022-09-28 08:06:54 +00:00
Jakob Ackermann
2117d24bda Merge pull request #7294 from overleaf/jpa-ratelimit-2fa-check
[web] rate-limit 2fa check requests

GitOrigin-RevId: da3d2f15c68cff101de807c1eae91edbd86481e7
2022-04-05 12:18:01 +00:00
Eric Mc Sween
5fc6d7dcb3 Merge pull request #5740 from overleaf/em-gcp-logging-web
Improve GCP logging for web

GitOrigin-RevId: b304c87a3fe46c29189f665eb3daf22c23d6eb8f
2021-11-11 09:03:09 +00:00
Eric Mc Sween
e5676a9643 Merge pull request #5648 from overleaf/em-revert-gcp-logging-web
Revert "Improve GCP logging for web"

GitOrigin-RevId: 92d446baf62108da1df92146eec12a2fe69d30ee
2021-11-02 09:03:29 +00:00
Eric Mc Sween
641b10cceb Merge pull request #5632 from overleaf/em-gcp-logging-web
Improve GCP logging for web

GitOrigin-RevId: 1198fab2e821a55563058171cfa435605216e337
2021-11-02 09:03:22 +00:00
Hugh O'Brien
f7900b474b Merge pull request #4799 from overleaf/hb-eslint-rules
Re-enable some eslint rules

GitOrigin-RevId: 16153adb839bb61784bb40fbc8e43da281fe090d
2021-09-15 08:03:43 +00:00
Alexandre Bourdin
9468e5cb4f Merge pull request #4338 from overleaf/ab-session-manager
Extract functions from AuthenticationController to SessionManager

GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883
2021-07-28 12:36:22 +00:00
Jakob Ackermann
5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
2021-07-08 02:08:28 +00:00
Alf Eaton
1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
2021-04-28 02:10:01 +00:00
Jakob Ackermann
4f8a905e9b Merge pull request #3909 from overleaf/jel-reconfirm-email-template
Add reconfirm email template

GitOrigin-RevId: 2488c79c25a7148f601e3e3e2021cdbee4be7b4c
2021-04-16 02:05:33 +00:00
Alf Eaton
1ebc8a79cb Merge pull request #3495 from overleaf/ae-prettier-2
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
2021-04-15 02:05:22 +00:00
Alf Eaton
2ff1cf43d6 Merge pull request #3470 from overleaf/eslint
Upgrade and configure ESLint

GitOrigin-RevId: ad5aeaf85e72c847a125ff3a9db99a12855e38aa
2020-12-16 03:08:28 +00:00
Jakob Ackermann
e3c6637339 Merge pull request #3187 from overleaf/jpa-mongodb-native
[misc] migrate the app to the native mongo driver

GitOrigin-RevId: 9030b18c4cf62e3a01d3d8f450bf0e02f9f89c22
2020-10-02 02:04:18 +00:00
Ersun Warncke
77b7b03ead add api rate limiting based on client_ip url param
GitOrigin-RevId: 2fffcce053d5bf452508774b555959610db9a2c7
2019-11-27 19:16:14 +00:00
Ersun Warncke
2c335802ca remove excessive logging
GitOrigin-RevId: 62024bbe0415a4fdae66eb1b9c6707e5faec7cd1
2019-11-27 12:17:32 +00:00
Ersun Warncke
af63c8de97 add email rate limiter on login
GitOrigin-RevId: a0da310e5537b420e46c9ed48f8b97051e7e933a
2019-11-13 12:55:30 +00:00
Eric Mc Sween
16ac5126cb Merge pull request #2181 from overleaf/sk-exclude-smoketest-user-from-rate-limits
Exclude smokeTest user from rate limits

GitOrigin-RevId: 01197ce9971477550e73989067adc631189382b1
2019-09-26 14:38:13 +00:00
Simon Detheridge
b86f46a4f8 Merge pull request #1885 from overleaf/sk-dep-upgrades-2019-06
Update logger, metrics, and redis client

GitOrigin-RevId: fa425f37c9065dc644da44f62e89a9955ce09f66
2019-07-02 09:16:23 +00:00
Alasdair Smith
0ca81de78c Merge pull request #1717 from overleaf/as-decaffeinate-backend
Decaffeinate backend

GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa
2019-05-29 09:32:21 +00:00