github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2025-01-23 21:41:45 +00:00
Code Issues Projects Releases Packages Wiki Activity
overleaf/services/web/test/unit/src
History
Antoine Clausse 5f2718cf29 [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555) 
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`

* Lowercase the email to avoid rate-limit bypass

* Remove unit test "when the users rate limit"

* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`

This should address the `trim()` bypass

* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`

We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"

* Add acceptance test for rate limit

* Add comment on rate limits

* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity

* Make the login rate limits configurable from the settings

GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
2024-07-30 08:04:26 +00:00
..
Analytics Merge pull request #18225 from overleaf/em-typescript-eslint 2024-05-27 10:22:20 +00:00
Authentication [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555) 2024-07-30 08:04:26 +00:00
Authorization Merge pull request #19301 from overleaf/jdt-collaborator-ai-usage 2024-07-26 08:04:35 +00:00
BetaProgram Merge pull request #18225 from overleaf/em-typescript-eslint 2024-05-27 10:22:20 +00:00
BrandVariations
Chat Merge pull request #18778 from overleaf/mj-web-chat-restore-tests 2024-06-11 08:04:51 +00:00
Collaborators Merge pull request #19249 from overleaf/ii-invite-token-response 2024-07-15 09:05:02 +00:00
Compile Merge pull request #18538 from overleaf/ar-add-download-all-link-in-web 2024-06-03 08:04:07 +00:00
Contact Merge pull request #16859 from overleaf/jpa-sharelatex-cleanup 2024-02-09 09:04:11 +00:00
Cooldown
Docstore Merge pull request #16859 from overleaf/jpa-sharelatex-cleanup 2024-02-09 09:04:11 +00:00
Documents Merge pull request #18516 from overleaf/em-web-resolved-comment-ids 2024-05-28 08:04:01 +00:00
DocumentUpdater Merge pull request #17958 from overleaf/mj-web-revert-file 2024-05-29 08:04:16 +00:00
Downloads
Editor Merge pull request #16980 from overleaf/jpa-join-project-remove-sl-2 2024-02-13 09:03:39 +00:00
Email Merge pull request #18225 from overleaf/em-typescript-eslint 2024-05-27 10:22:20 +00:00
Errors Merge pull request #15419 from overleaf/em-error-request-logging 2023-10-31 09:04:36 +00:00
Exports Merge pull request #18116 from overleaf/jpa-bulk-replace-localhost 2024-04-26 08:04:39 +00:00
FileStore Merge pull request #16859 from overleaf/jpa-sharelatex-cleanup 2024-02-09 09:04:11 +00:00
HelperFiles Merge pull request #18116 from overleaf/jpa-bulk-replace-localhost 2024-04-26 08:04:39 +00:00
helpers Allow individual docs to be downloaded from the file tree (#17137) 2024-02-22 09:04:48 +00:00
History Merge pull request #19400 from overleaf/dp-duplicate-file-folder-name 2024-07-25 08:05:08 +00:00
InactiveData Merge pull request #17065 from overleaf/dp-mongoose-callback-inactive-project-manager 2024-02-20 09:04:33 +00:00
infrastructure Merge pull request #17596 from overleaf/rh-permissions-policy 2024-04-08 08:04:29 +00:00
Institutions Merge pull request #17525 from overleaf/ae-upgrade-prettier 2024-03-26 09:04:05 +00:00
Metadata Promisify Metadata feature (#19361) 2024-07-24 08:05:19 +00:00
Newsletter Merge pull request #18021 from overleaf/rh-mailchimp-api 2024-04-22 08:04:33 +00:00
Notifications Merge pull request #16859 from overleaf/jpa-sharelatex-cleanup 2024-02-09 09:04:11 +00:00
PasswordReset Merge pull request #19152 from overleaf/jdt-project-permissions 2024-07-03 08:04:19 +00:00
Project Merge pull request #19400 from overleaf/dp-duplicate-file-folder-name 2024-07-25 08:05:08 +00:00
Publishers
Referal Merge pull request #16911 from overleaf/dp-mongoose-callback-referal-allocator 2024-02-09 09:07:22 +00:00
References Merge pull request #15242 from overleaf/mf-index-all-references-after-bib-is-modified 2023-10-19 08:03:25 +00:00
SamlLog Merge pull request #17831 from overleaf/msm-filter-saml-error-log 2024-05-28 08:04:10 +00:00
Security Merge pull request #18153 from overleaf/jpa-validate-session-in-store 2024-05-03 08:04:25 +00:00
Settings [web] Use localized number formatting for currencies (#17622) 2024-04-19 08:03:54 +00:00
Spelling [web] Tighten check for spelling language (#19297) 2024-07-15 09:01:45 +00:00
SplitTests Merge pull request #18717 from overleaf/jel-isSplitTestActive 2024-06-06 08:05:01 +00:00
Subscription Add serverside checks for changing the user access level after link sharing changes (#19168) 2024-07-01 08:04:16 +00:00
SystemMessages Merge pull request #17084 from overleaf/dp-mongoose-callback-system-message-manager 2024-02-20 09:04:38 +00:00
Tags Merge pull request #16186 from overleaf/mj-mongo-object-id 2023-12-19 09:04:02 +00:00
Templates Return the Promise from an expressified async function (#19359) 2024-07-15 09:05:29 +00:00
ThirdPartyDataStore Merge pull request #18252 from overleaf/jpa-refactor-for-flaky-test 2024-05-09 08:05:23 +00:00
TokenAccess bypass linking sharing admin redirect for internal projects (#19314) 2024-07-16 08:04:35 +00:00
Tutorial Add this.clock.restore() to TutorialHandlerTests (#17191) 2024-02-20 09:05:34 +00:00
Uploads Merge pull request #17525 from overleaf/ae-upgrade-prettier 2024-03-26 09:04:05 +00:00
User [web] Remove overleaf-integration overrides for /user/emails/delete & /user/emails/resend_confirmation (#19438) 2024-07-29 08:04:24 +00:00
UserMembership Merge pull request #17418 from overleaf/msm-expressify-usermembershipctlr 2024-03-12 09:03:20 +00:00