June Kelly 3288f87dbe [web] Password set/reset: reject current password (redux) (#8956) ... * [web] set-password: reject same as current password * [web] Add 'peek' operation on tokens This allows us to improve the UX of the reset-password form, by not invalidating the token in the case where the new password will be rejected by validation logic. We give up to three attempts before invalidating the token. * [web] Add hide-on-error feature to async forms This allows us to hide the form elements when certain named error conditions occur. * [web] reset-password: handle same-password rejection We also change the implementation to use the new peekValueFromToken API, and to expire the token explicitely after it has been used to set the new password. * [web] Validate OneTimeToken when loading password reset form * [web] Rate limit GET: /user/password/set Now that we are peeking at OneTimeToken when accessing this page, we add rate to the GET request, matching that of the POST request. * [web] Tidy up pug layout and mongo query for token peeking Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com> GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a		2022-09-28 08:06:54 +00:00
..
_mixins
admin
beta_program
general
layout	Merge pull request #9700 from overleaf/ii-dashboard-mobile-view	2022-09-26 08:04:38 +00:00
project	Merge pull request #9622 from overleaf/mf-add-portal-templates-2	2022-09-27 08:04:00 +00:00
referal
subscriptions	Merge pull request #9705 from overleaf/tm-bts2022-banner-message	2022-09-23 08:04:53 +00:00
translations
user	[web] Password set/reset: reject current password (redux) (#8956)	2022-09-28 08:06:54 +00:00
user_membership
view_templates
_cookie_banner.pug
_google_analytics.pug
_metadata.pug
layout-base.pug
layout-marketing.pug
layout.pug