andrew rumble and Copybot
032deaf05c
Switch to mongodb-legacy
...
GitOrigin-RevId: 11e09528c153de6b7766d18c3c90d94962190371
2024-08-21 08:04:24 +00:00
Antoine Clausse and Copybot
5f2718cf29
[web] Make rate-limit on login consistent, prevent "trim/case bypass" ( #19555 )
...
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`
* Lowercase the email to avoid rate-limit bypass
* Remove unit test "when the users rate limit"
* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`
This should address the `trim()` bypass
* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`
We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"
* Add acceptance test for rate limit
* Add comment on rate limits
* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity
* Make the login rate limits configurable from the settings
GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
2024-07-30 08:04:26 +00:00
Jakob Ackermann and Copybot
84a2b25a3c
Merge pull request #17401 from overleaf/jpa-skip-hibp-known-device
...
[web] skip HIBP check from known devices
GitOrigin-RevId: 897df02492aafeac010753c7c306e02bde5b1fd8
2024-03-05 09:03:37 +00:00
Mathias Jakobsen and Copybot
c371732e6e
Merge pull request #16186 from overleaf/mj-mongo-object-id
...
[web] Use constructor for ObjectId
GitOrigin-RevId: 9eb8b377ea599605b72af237d1ab12f4d8287162
2023-12-19 09:04:02 +00:00
June Kelly and Copybot
9e824ac93c
Merge pull request #9951 from overleaf/jk-audit-failed-login-attempts
...
[web] Audit failed login attempts
GitOrigin-RevId: 19325f808f77584891e1e12b5ed7aaa16aa6aec9
2022-10-20 08:03:44 +00:00
Miguel Serrano and Copybot
74f44e655a
Merge pull request #9617 from overleaf/msm-audit-log-collections
...
Move project/user audit logs to their own collections
GitOrigin-RevId: f6f89b3e2815c0fe5691a79eceb35b77b3c370d8
2022-09-30 08:04:17 +00:00
Jakob Ackermann and Copybot
8e77ada424
Merge pull request #6417 from overleaf/jpa-device-history
...
[web] add cookie/JWE based device history for skipping captcha challenge
GitOrigin-RevId: b091564bfd93f7e587d396c860fd864f220f4b63
2022-01-27 09:03:34 +00:00
June Kelly and Copybot
c72ec548bb
Merge pull request #5976 from overleaf/jk-login-audit-log-type
...
[web] Add 'method' info to login audit log
GitOrigin-RevId: 093fe885bc1b688aebd640d6762f031c752191d4
2022-01-14 09:02:28 +00:00
Jakob Ackermann and Copybot
13b8321986
Merge pull request #5375 from overleaf/jpa-401-failed-login
...
[web] send a non success status code for failed logins in Server CE/Pro
GitOrigin-RevId: 1aace4456c8602af26a362346bfc462e1476b0f7
2021-10-07 08:04:49 +00:00
Alf Eaton and Copybot
1be43911b4
Merge pull request #3942 from overleaf/prettier-trailing-comma
...
Set Prettier's "trailingComma" setting to "es5"
GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
2021-04-28 02:10:01 +00:00
Alf Eaton and Copybot
1ebc8a79cb
Merge pull request #3495 from overleaf/ae-prettier-2
...
Upgrade Prettier to v2
GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
2021-04-15 02:05:22 +00:00
Shane Kilkelly and Copybot
04fa863f9f
Merge pull request #3892 from overleaf/sk-reroll-csrf
...
Regenerate CSRF token on login
GitOrigin-RevId: 501582b34794a822f4c9fe3af2575b5756511e06
2021-04-10 02:05:13 +00:00
Timothée Alby and Copybot
8ec7ebe645
Merge pull request #3713 from overleaf/jpa-login-event-drop-pii
...
[AuthenticationController] do not include PII as part of login event
GitOrigin-RevId: 274378b3a21945637dc33d2cfb39a53e9aaad9b7
2021-03-30 02:05:09 +00:00