Simon Detheridge
ea2782ff22
Merge pull request #1005 from sharelatex/spd-no-more-asterisks
...
Sanitize paths in all relevant ProjectEntityHandler methods
2018-10-10 10:44:13 +01:00
Ersun Warncke
7652e80800
add account merge error
2018-10-09 09:47:03 -04:00
Tim Alby
48e5c6b523
add UserMembership logic
2018-10-09 12:09:11 +01:00
Simon Detheridge
56dcbefb5b
Check for safe paths in all ProjectEntityHandler methods
...
Some import mechanisms (for example, Github project import) call methods such as 'upsert*' directly, bypassing existing filename checks.
Added checks to all methods in ProjectEntityHandler that can create or rename a file.
bug: overleaf/sharelatex#908
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-08 15:31:04 +01:00
Simon Detheridge
e66210d2af
Add method to sanitize full paths
...
For convenience, add a method to SafePath to break a path into components and verify the status of each one.
bug: overleaf/sharelatex#908
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-08 14:48:17 +01:00
Simon Detheridge
9c189303c1
Merge pull request #1002 from sharelatex/spd-email-cta-links
...
Add additional CTA link to emails
2018-10-08 13:56:21 +01:00
Simon Detheridge
af9c9517f3
Merge pull request #999 from sharelatex/as-validate-password-length
...
Validate password length
2018-10-08 13:55:25 +01:00
Jessica Lawshe
f04212c96f
Merge pull request #995 from sharelatex/ta-remove-confirmed-field
...
remove unused confirmed field from user model
2018-10-08 11:43:42 +01:00
Alasdair Smith
e129172553
Fix ordering of boolean check to be more readable
2018-10-08 11:25:24 +01:00
Alasdair Smith
04572f61bb
Fix copy/paste error
2018-10-08 10:44:26 +01:00
Alasdair Smith
676557a051
Refactor to validate in AuthenticationManager
2018-10-08 10:44:25 +01:00
Alasdair Smith
44c86b3769
Refactor to use password strength options
2018-10-08 10:44:25 +01:00
Alasdair Smith
bf60fe7f6c
Add error handling for InvalidError
2018-10-08 10:44:25 +01:00
Alasdair Smith
e99165b475
Validate password length when registering
2018-10-08 10:44:25 +01:00
Hugh O'Brien
cc962c3e6f
Merge pull request #978 from sharelatex/hb-use-exports-for-pdf-from-publish-modal
...
Generic Zip or Pdf Exports endpoint
2018-10-08 10:13:18 +01:00
Simon Detheridge
286f25529a
Remove secondary CTA link from account merge confirmation email
...
bug: sharelatex/web-sharelatex-internal#987
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-05 13:19:05 +01:00
Simon Detheridge
d316a76106
Revert "add plain text link to email address confirmation emails"
...
This reverts commit 48cd7e604dcc5f3b7ae8eb699f14b44bc073f107.
2018-10-05 13:16:42 +01:00
Simon Detheridge
a2ef0e1ae5
Add additional CTA link to emails
...
Some mail clients don't show the CTA button correctly, or at all. Add an additional, smaller link to the bottom of the email for people who can't see the button.
bug: sharelatex/web-sharelatex-internal#987
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-05 12:04:00 +01:00
Shane Kilkelly
4c2a90966a
Merge pull request #918 from sharelatex/sk-enable-sudo-mode-in-v2
...
Enable sudo-mode for v2
2018-10-05 10:05:24 +01:00
Simon Detheridge
2b8ce379f8
Lookup correct compiler when importing v1 templates
...
bug: overleaf/sharelatex#981
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-04 16:42:03 +01:00
Shane Kilkelly
2c47da553b
Add an error log if activating sudo-mode on login fails
2018-10-04 15:05:40 +01:00
Shane Kilkelly
778abaff6e
Remove stray log
2018-10-04 15:05:40 +01:00
Shane Kilkelly
2ef23194df
WIP: trying to get acceptance tests to pass
2018-10-04 15:05:40 +01:00
Shane Kilkelly
f9ed367148
Move the auth mechanism for sudo-mode into SudoModeHandler
2018-10-04 15:05:40 +01:00
Shane Kilkelly
254d74899b
WIP: enable sudo-mode for v2
2018-10-04 15:05:40 +01:00
Chrystal Maria Griffiths
e932eb074b
Merge pull request #992 from sharelatex/as-fix-mathjax
...
Fix mathjax incorrectly loading config
2018-10-04 15:01:05 +01:00
Chrystal Griffiths
13843f82a0
Use settings appName
2018-10-04 09:57:51 +01:00
Tim Alby
5ff66187a0
remove unused confirmed field from user model
2018-10-03 16:01:30 +01:00
Ersun Warncke
752658f773
Merge pull request #990 from sharelatex/ew-use-v1-doc-info-api
...
Use v1 Doc Info API for Token Access
2018-10-03 09:22:41 -04:00
Timothée Alby
e3cfa36b56
Merge pull request #984 from sharelatex/ta-email-cta-link
...
add plain text link to email address confirmation emails
2018-10-03 14:20:05 +01:00
Timothée Alby
c74c782cee
Merge pull request #961 from sharelatex/ta-account-sync-affiliations
...
Add getInstitutionsPlan Function
2018-10-03 14:19:56 +01:00
Alasdair Smith
fb8ed890f9
Correctly load Safe mathjax extention using provided config
2018-10-03 11:52:33 +01:00
Brian Gough
2b738907aa
Merge pull request #989 from sharelatex/bg-clean-up-broken-project-on-error
...
clean up broken project on error in ProjectDuplicator
2018-10-03 10:04:30 +01:00
Ersun Warncke
642b45d0d6
use v1 doc info api
2018-10-02 11:16:46 -04:00
Alasdair Smith
f90dd1b49a
Merge pull request #986 from sharelatex/as-sign-in-from-v2-post
...
Remove POST /docs custom handler, now handled by redirects
2018-10-02 14:06:57 +01:00
Brian Gough
4621234220
clean up broken project on error in ProjectDuplicator
2018-10-02 12:14:22 +01:00
Alasdair Smith
062f26dda3
Remove POST /docs custom handler, now handled by redirects
...
Implementing a system for signing into v1 via v2 using POSTs so the
unauthenticated route is no longer necessary
2018-09-28 14:11:38 +01:00
Tim Alby
4e9737bf71
add plain text link to email address confirmation emails
2018-09-28 13:36:31 +01:00
Alasdair Smith
1330c8da73
Also check if v1 project exported if not found for read-only tokens
2018-09-28 11:47:14 +01:00
Alasdair Smith
435fe11115
Check if v1 project was exported if not found
...
This prevents a redirect loop for projects which were exported but then
deleted on v2. v2 would not find the project, redirect to v1, which
would find that it was exported and redirect back to v2.
2018-09-28 11:47:14 +01:00
Brian Gough
6d5908f2f4
Merge pull request #893 from sharelatex/ja-fix-duplicate-text-in-email
...
Don't include the license name twice in invite emails
2018-09-28 11:15:40 +01:00
Brian Gough
1f6abd4e69
fix invalid project names when opening templates
2018-09-28 10:38:25 +01:00
Brian Gough
8f8694ad94
iterate over owned projects in a more robust way
2018-09-28 09:48:15 +01:00
Brian Gough
6b80d3563d
add support for creating unique project names
2018-09-28 09:48:15 +01:00
Alasdair Smith
45bd46bc01
Merge pull request #977 from sharelatex/as-encode-auth-with-v1-query-strings
...
Encode redirects which will auth with v1 first
2018-09-28 09:45:54 +01:00
hugh-obrien
52859cdfaa
make the zip fetching endpoint for exports generic to either zips or pdfs
2018-09-27 16:11:11 +01:00
Alasdair Smith
4f2c91a59a
Add new redirect option to auth with v1, which will urlencode the query string
...
This is necessary for the GET /docs endpoint, which can be used to send
urls as part of query parameters. If these are not encoded before
redirecting, they can become corrupted.
2018-09-27 12:19:16 +01:00
James Allen
0cb563816d
Don't enable legacy blog in v2
2018-09-27 10:56:14 +01:00
Alasdair Smith
c2ecccfa02
Use correct setting
2018-09-26 17:35:55 +01:00
Alasdair Smith
f2fa83a218
Fix /teams redirect using wrong setting
2018-09-26 17:04:40 +01:00