Commit graph

1690 commits

Author SHA1 Message Date
Shane Kilkelly
fcb04472a1 De-duplicate logic in TokenAccessController 2017-11-01 14:05:29 +00:00
Shane Kilkelly
d8486afe5d Account for higher-access in the token read-only path too 2017-11-01 14:01:00 +00:00
Shane Kilkelly
9984ab081e Generalise the higher-access logic for read-write token path 2017-11-01 11:50:04 +00:00
Shane Kilkelly
b36849d262 Remove a dead event 2017-11-01 11:03:07 +00:00
Shane Kilkelly
a212fb1a05 Add "[TokenAccess]" context to log lines 2017-10-31 14:27:43 +00:00
Shane Kilkelly
5fe5125a5c Add ability to show/hide the new token-access ui 2017-10-30 13:48:25 +00:00
Shane Kilkelly
239f56ca0e add unique index to both token fields 2017-10-27 14:58:55 +01:00
Shane Kilkelly
83bd78f467 More sensible conversion of byte-buffer to array 2017-10-27 10:38:55 +01:00
Shane Kilkelly
ec94e59388 Fix error-handling in setPublicAccessLevel 2017-10-26 16:39:24 +01:00
Shane Kilkelly
18443b55cb Refactor token generator, and use crypto for numerics 2017-10-26 16:01:53 +01:00
Shane Kilkelly
d2a17c2745 Add rate-limiting to the token endpoints 2017-10-26 14:11:31 +01:00
Shane Kilkelly
8561b69ee9 Remove tokenMembers sync to clients 2017-10-25 11:29:05 +01:00
Shane Kilkelly
74c231826d WIP: track changes with token-access 2017-10-25 10:34:18 +01:00
Shane Kilkelly
dc39e447b2 Change findAllUsersProjects, produce and object rather than lists 2017-10-20 11:49:20 +01:00
Shane Kilkelly
d710d284fe Merge branch 'sk-unlisted-projects' of github.com:sharelatex/web-sharelatex-internal into sk-unlisted-projects 2017-10-20 10:11:33 +01:00
Shane Kilkelly
0e44b319db Change anonToken and such to anonymousAccessToken 2017-10-20 10:10:21 +01:00
John Lees-Miller
30f67008a0 Fix typo 2017-10-20 09:19:18 +01:00
Shane Kilkelly
eab77aba91 Abstract away the token-protection logic 2017-10-19 16:26:01 +01:00
Shane Kilkelly
97706acbac Fix indentation 2017-10-19 14:54:59 +01:00
Shane Kilkelly
5572a0e873 Merge branch 'sk-unlisted-projects' of github.com:sharelatex/web-sharelatex-internal into sk-unlisted-projects 2017-10-19 14:46:05 +01:00
Shane Kilkelly
d8717a06a2 Fix track-changes with token-access 2017-10-19 14:42:17 +01:00
John Lees-Miller
3383a057a1 Fix typo
(The typo came from my comment in Overleaf many years ago.)
2017-10-19 11:47:47 +01:00
Shane Kilkelly
7d2bde85ff Add a setting to enable anonymous read-and-write link sharing 2017-10-18 13:04:37 +01:00
Shane Kilkelly
9c247d5f59 On project list, only show projects once, with max access 2017-10-17 11:10:31 +01:00
Shane Kilkelly
855fe2e143 If user is project owner, don't add them as a token user 2017-10-16 16:44:20 +01:00
Shane Kilkelly
ad999a72b6 If a token-based project not found, check private overleaf project 2017-10-16 13:20:15 +01:00
Shane Kilkelly
490ccc6051 Add commentary to token-generator, and move token-alpha to top level 2017-10-13 11:37:38 +01:00
Shane Kilkelly
ac513a1355 Refactor to not pass req down into Auth modules 2017-10-13 11:20:57 +01:00
Shane Kilkelly
dcf601fe80 Only show token-based projects if accessLevel is set to token-based 2017-10-12 15:47:29 +01:00
Shane Kilkelly
9a7c8c5842 Revert "Remove remaining traces of UserStub"
This reverts commit ab6b4c32254a20b940c489b8b5b56237433cc0f6.
2017-10-12 15:08:48 +01:00
Shane Kilkelly
16416463c6 Update removeUserFromProject to account for token-access 2017-10-12 11:49:02 +01:00
Shane Kilkelly
6feedf5520 Use crypto module for token generation 2017-10-12 11:36:45 +01:00
Shane Kilkelly
22c5f41fb6 Add logging for token generation 2017-10-12 11:25:16 +01:00
Shane Kilkelly
fe708fcc04 Generate all missing tokens 2017-10-12 11:19:26 +01:00
Shane Kilkelly
70b1e42e36 Add deprecation comment regarding legacy access-levels 2017-10-12 11:00:39 +01:00
Shane Kilkelly
6e09165452 Refactor auth sources 2017-10-12 10:57:11 +01:00
Shane Kilkelly
1a4ffe7708 Remove un-necessary call to getProject from archiveProject path 2017-10-09 11:30:55 +01:00
Shane Kilkelly
ad68adee9a Add more commentary on the anonymous path 2017-10-09 11:13:55 +01:00
Shane Kilkelly
e73de3bfd4 Fix whitespace in function signature 2017-10-09 10:57:23 +01:00
Shane Kilkelly
732ce9417b Don't create tokens on project by default 2017-10-09 10:25:20 +01:00
Shane Kilkelly
d386f79a76 Clean up 2017-10-06 16:10:33 +01:00
Shane Kilkelly
91abb6eed6 If project is not tokenBased, don't count members of token arrays 2017-10-06 15:57:22 +01:00
Shane Kilkelly
387854db7a Fix an embarassing mistake, generate tokens dynamically, not once. 2017-10-06 13:24:10 +01:00
Shane Kilkelly
bb0dad3353 Safe access to potentially-null project 2017-10-05 14:19:21 +01:00
Shane Kilkelly
b8d90a1a99 Show token-access projects on the dashboard 2017-10-05 13:20:06 +01:00
Shane Kilkelly
e4e558c0e6 Hide access tokens if user is not the project owner.
This prevents sneaky read-only users from sniffing out the read-write
link via the browser console.
2017-10-05 13:18:30 +01:00
Shane Kilkelly
6482cd7dd8 Generate tokens on old projects if they're not present 2017-10-04 16:31:24 +01:00
Shane Kilkelly
b6c2a8f7f7 Tidy up callbacks 2017-10-03 14:14:22 +01:00
Shane Kilkelly
7b33f8b4c2 Unit test TokenAccessController 2017-10-03 14:04:59 +01:00
Shane Kilkelly
ede497f4b3 Unit test TokenAccessHandler 2017-10-03 10:02:26 +01:00