mirror of
https://github.com/overleaf/overleaf.git
synced 2025-01-13 09:21:34 +00:00
3288f87dbe
* [web] set-password: reject same as current password * [web] Add 'peek' operation on tokens This allows us to improve the UX of the reset-password form, by not invalidating the token in the case where the new password will be rejected by validation logic. We give up to three attempts before invalidating the token. * [web] Add hide-on-error feature to async forms This allows us to hide the form elements when certain named error conditions occur. * [web] reset-password: handle same-password rejection We also change the implementation to use the new peekValueFromToken API, and to expire the token explicitely after it has been used to set the new password. * [web] Validate OneTimeToken when loading password reset form * [web] Rate limit GET: /user/password/set Now that we are peeking at OneTimeToken when accessing this page, we add rate to the GET request, matching that of the POST request. * [web] Tidy up pug layout and mongo query for token peeking Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com> GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a |
||
|---|---|---|
| .. | ||
| helpers | ||
| mocks | ||
| AdminEmailTests.js | ||
| AdminOnlyLoginTests.js | ||
| AdminPrivilegeAvailableTests.js | ||
| ApiClsiTests.js | ||
| AuthenticationTests.js | ||
| AuthorizationTests.js | ||
| BackFillDeletedFilesTests.js | ||
| BackFillDocNameForDeletedDocsTests.js | ||
| BackFillDummyDocMetaTests.js | ||
| BetaProgramTests.js | ||
| BodyParserErrorsTest.js | ||
| CaptchaTests.js | ||
| CloseSiteTests.js | ||
| ConvertArchivedState.js | ||
| DeleteOrphanedDocsOnlineCheckTests.js | ||
| DeletionTests.js | ||
| DocUpdateTests.js | ||
| EditorHttpControllerTests.js | ||
| HaveIBeenPwnedApiTests.js | ||
| HealthCheckControllerTests.js | ||
| Init.js | ||
| LearnTest.js | ||
| LinkedFilesTests.js | ||
| ModelTests.js | ||
| MongoHelper.js | ||
| PasswordResetTests.js | ||
| PasswordUpdateTests.js | ||
| PrimaryEmailCheckTests.js | ||
| ProjectCRUDTests.js | ||
| ProjectDuplicateNameTests.js | ||
| ProjectFeaturesTests.js | ||
| ProjectInviteTests.js | ||
| ProjectOwnershipTransferTests.js | ||
| ProjectStructureMongoLockTest.js | ||
| ProjectStructureTests.js | ||
| RedirectUrlsTests.js | ||
| RegenerateDuplicateReferralIdsTests.js | ||
| RegistrationTests.js | ||
| RestoringFilesTest.js | ||
| SecurityHeadersTests.js | ||
| SessionTests.js | ||
| SettingsTests.js | ||
| SharingTests.js | ||
| TagsTests.js | ||
| TokenAccessTests.js | ||
| TpdsUpdateTests.js | ||
| UnsupportedBrowserTests.js | ||
| UserHelperTests.js | ||
| UserMembershipAuthorizationTests.js | ||
| UserReconfirmTests.js | ||