overleaf/services
June Kelly 3288f87dbe [web] Password set/reset: reject current password (redux) (#8956)
* [web] set-password: reject same as current password

* [web] Add 'peek' operation on tokens

This allows us to improve the UX of the reset-password form,
by not invalidating the token in the case where the new
password will be rejected by validation logic.

We give up to three attempts before invalidating the token.

* [web] Add hide-on-error feature to async forms

This allows us to hide the form elements when certain
named error conditions occur.

* [web] reset-password: handle same-password rejection

We also change the implementation to use the new
peekValueFromToken API, and to expire the token explicitely
after it has been used to set the new password.

* [web] Validate OneTimeToken when loading password reset form

* [web] Rate limit GET: /user/password/set

Now that we are peeking at OneTimeToken when accessing this page,
we add rate to the GET request, matching that of the POST request.

* [web] Tidy up pug layout and mongo query for token peeking

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
2022-09-28 08:06:54 +00:00
..
chat Merge pull request #9455 from overleaf/em-recreate-dropbox-entities 2022-09-02 08:05:09 +00:00
clsi Remove deprecated grunt code (#9506) 2022-09-16 08:05:37 +00:00
contacts Merge pull request #9455 from overleaf/em-recreate-dropbox-entities 2022-09-02 08:05:09 +00:00
docstore Merge pull request #9723 from overleaf/bg-log-large-docs-in-docstore-archive 2022-09-27 08:03:49 +00:00
document-updater Merge pull request #9647 from overleaf/bg-dropbox-to-overleaf-existing-doc 2022-09-22 08:04:11 +00:00
filestore Merge pull request #9455 from overleaf/em-recreate-dropbox-entities 2022-09-02 08:05:09 +00:00
git-bridge Merge pull request #9309 from overleaf/msm-error-git-bridge-link 2022-08-31 08:03:52 +00:00
notifications Merge pull request #9455 from overleaf/em-recreate-dropbox-entities 2022-09-02 08:05:09 +00:00
real-time Update socket.io to overleaf/socket.io#0.9.19-overleaf-6 (#9392) 2022-09-21 08:05:25 +00:00
spelling Merge pull request #9455 from overleaf/em-recreate-dropbox-entities 2022-09-02 08:05:09 +00:00
track-changes Merge pull request #9455 from overleaf/em-recreate-dropbox-entities 2022-09-02 08:05:09 +00:00
web [web] Password set/reset: reject current password (redux) (#8956) 2022-09-28 08:06:54 +00:00