Antoine Clausse
3140e46e68
* Replace token-link email with 6-digit code on SSO registration Unverified SSO emails previously received a long-lived token link (90-day TTL) via UserEmailsConfirmationHandler. This replaces that flow with the same 6-digit code verification used for password registration, redirecting through /registration/confirm-email. - SSOManager.registerSSO now always confirms email (caller must verify first); removes sendConfirmationEmail / _finishRegistration - SSOController._signUp sends confirmation code and stores pendingSSORegistration in session when IdP email_verified is false - New SSOConfirmEmailHandler completes registration after code check via completeSSOEmailConfirmation module hook - OnboardingController confirm-email handlers accept pendingSSORegistration alongside pendingUserRegistration confirmEmailFromToken (POST /user/emails/confirm) removal is deferred to a follow-up PR to avoid breaking in-flight 90-day tokens. Closes #28607 * Fix unverified-email edge cases; Add ORCID e2e tests; * Rename `confirmEmail` parameter to `emailVerifiedByIdP` in _signUp function * Remove `sendConfirmationEmail` * Mock getUserByAnyEmail in tests * Extract _finishSSORegistration helper to deduplicate the register → set session flags → allocate referral → finishSaasLogin → finishLogin sequence shared by both the direct and deferred (code-confirmed) paths. * Stop duplicating session data in pendingSSORegistration analyticsId, splitTests, and referal_* are already in the session at confirmation time — no need to copy them into pendingSSORegistration. Re-fetch splitTests fresh on completion instead. * Simplify the code * Remove dead confirmEmail template No callers remain after sendConfirmationEmail was deleted. The token-link flow (confirmEmailFromToken) only validates tokens, never sends email. * Remove dead reconfirmEmail template * Address comments from Copilot * Clear stale pending registration when starting a new flow * Add unit tests for completeSSOEmailConfirmation * Add `verificationMethod` param * Fix camelcase issues * Extract _createSSOUser and _registerAndFinish helpers to deduplicate registration logic * Remove obscure "registration_error" * Prevent FormTextIcon from shrinking * Enable "email_already_registered_sso" error * Misc. improvements to confirm-email-form.tsx * Remove `UserEmailsConfirmationHandler` mock Co-authored-by: Olzhas Askar <olzhas.askar@overleaf.com> * Add info on sso_email.pug page --------- Co-authored-by: Olzhas Askar <olzhas.askar@overleaf.com> GitOrigin-RevId: d0196ebc6d81ff61bcd27726d0b899b743d08d64
An open-source online real-time collaborative LaTeX editor.
Wiki • Server Pro • Contributing • Mailing List • Authors • License
Figure 1: A screenshot of a project being edited in Overleaf Community Edition.
Community Edition
Overleaf is an open-source online real-time collaborative LaTeX editor. We run a hosted version at www.overleaf.com, but you can also run your own local version, and contribute to the development of Overleaf.
Caution
Overleaf Community Edition is intended for use in environments where all users are trusted. Community Edition is not appropriate for scenarios where isolation of users is required due to Sandbox Compiles not being available. When not using Sandboxed Compiles, users have full read and write access to the
sharelatexcontainer resources (filesystem, network, environment variables) when running LaTeX compiles.
For more information on Sandbox Compiles check out our documentation.
Enterprise
If you want help installing and maintaining Overleaf in your lab or workplace, we offer an officially supported version called Overleaf Server Pro. It also includes more features for security (SSO with LDAP or SAML), administration and collaboration (e.g. tracked changes). Find out more!
Keeping up to date
Sign up to the mailing list to get updates on Overleaf releases and development.
Installation
We have detailed installation instructions in the Overleaf Toolkit.
Upgrading
If you are upgrading from a previous version of Overleaf, please see the Release Notes section on the Wiki for all of the versions between your current version and the version you are upgrading to.
Overleaf Docker Image
This repo contains two dockerfiles, Dockerfile-base, which builds the
sharelatex/sharelatex-base image, and Dockerfile which builds the
sharelatex/sharelatex (or "community") image.
The Base image generally contains the basic dependencies like wget, plus texlive.
We split this out because it's a pretty heavy set of
dependencies, and it's nice to not have to rebuild all of that every time.
The sharelatex/sharelatex image extends the base image and adds the actual Overleaf code
and services.
Use make build-base and make build-community from server-ce/ to build these images.
We use the Phusion base-image
(which is extended by our base image) to provide us with a VM-like container
in which to run the Overleaf services. Baseimage uses the runit service
manager to manage services, and we add our init-scripts from the server-ce/runit
folder.
Contributing
Please see the CONTRIBUTING file for information on contributing to the development of Overleaf.
Authors
License
The code in this repository is released under the GNU AFFERO GENERAL PUBLIC LICENSE, version 3. A copy can be found in the LICENSE file.
Copyright (c) Overleaf, 2014-2025.