* Rename token -> code
* Add test: don't verify SSO emails through the 6-digits verification
* Add a test on `/user/emails/resend-confirmation-code`
* Rename to `confirmationEmailMiddleware`
* Add `Modules.middleware('confirmationEmailMiddleware')` to `/user/emails/send-confirmation-code`
* Log attempted verifications of SAML emails
GitOrigin-RevId: ccc11831c860b219711cd57bba1a76ac975e71fb
* [web] Group audit log link in settings
Adds a link to access the `/manage/groups/:subscription_id/audit-logs`
endpoint
* [web] Add `group-audit-logs` split test for gradual rollout
GitOrigin-RevId: 60d6c9917ca54ff5e228996e7454a901f0f3b9ca
* [history-v1] use String.padStart instead of lodash.padStart
* [web] download binary files in clsi from filestore via new endpoints
* [server-ce] tests: Cypress.env() is parsing boolean values
* [server-ce] tests: run history migration as root
GitOrigin-RevId: bdf6c0e542531ccc4b3f13d2ed68ca0d31e580e9
* [dsmp] Add a route for accepting changes
* change the payload to accept both change id and range
* remove project lookup
* Remove try/catch from DsMobileAppManager test
GitOrigin-RevId: afd4f793e9389cad97555cfb6675944e5fcf9b84
* [web] reject upload requests without a file path
* [web] update copy on error message and link to contact form
Co-authored-by: Kamal Arkinstall <kamal.arkinstall@overleaf.com>
* [web] update copy: move dot to the end
---------
Co-authored-by: Kamal Arkinstall <kamal.arkinstall@overleaf.com>
GitOrigin-RevId: ba1ee81a91b046540caeb2f3f3da0e305611b35f
* Create AdminCapabilities in admin-panel module
* Add `adminRolesEnabled` setting
* Use `PermissionsController.requirePermission` in admin-panel routes
* Update `adminCapabilities` to be an array
* Update frontend tests
* Rename `defaultAdminCapabilities` to `fullAdminCapabilities`
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Add tests to PermissionsManagerTests.js
* Get admin roles and capabilities from the database
* Add tests to admin-panel
* Fixup PermissionsManagerTests.js without admin-panel module
* Revert "Use `PermissionsController.requirePermission` in admin-panel routes"
This reverts commit ccbf3e3e3bca9239b786c662cba2ac6bd2f4117a.
* Revert "Fixup PermissionsManagerTests.js without admin-panel module"
This reverts commit 6d7ad207bb17c5ca4c12c489d4636a02c608926d.
* Revert "Add tests to PermissionsManagerTests.js"
This reverts commit 8f9cc911750911e1c4b74b631d8c8a1b1ca86630.
* Fix tests after the reverts
* Replace capabilities to more sensible examples ('modify-user-email' and 'view-project')
* Set `adminRolesEnabled: false` for now
* Return `[]` capabilities for non-admins
* Misc: types, test description, settings ordering
* Small refactor of AdminPermissions.mjs:
Reuse code with `getMissingCapabilities`
Throw when `requiredCapabilities` is empty
* Update tests after update
* Rename `checkAdminPermissions` to `hasAdminPermissions`
* Change role permissions to array instead of object
* Remove admin capabilities when `!Settings.adminPrivilegeAvailable`
* Return `[]` if there is no user id
* Throw if `user?._id` is missing
* Update services/web/modules/admin-panel/app/src/AdminPermissions.mjs
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Adjust to ForbiddenError constructor syntax
* Give empty capabilities for unknown role, update tests
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 1eec4f6a45e1cc3ae76a3a4603cec1ceba1c2322
* Rename `sendExistingSecondaryEmailConfirmationCode` to `sendExistingEmailConfirmationCode`
* Deduplicate error handling into `throwIfErrorResponse`
* Update `userHelper.confirmEmail` to use the 6-digits flow
GitOrigin-RevId: 91bdf7b185407b58520ca6b2aa1a7c71bdd23bc8
* [mics] fix "app" label in clsi-cache metrics in dev-env
* [clsi-cache] validate filePath when processing file
* [clsi-cache] meter ingress and egress bandwidth
Files are downloaded directly from nginx, hence we cannot meter egress
in clsi-cache easily.
GitOrigin-RevId: 24de8c41728f0e9c984113c1470dec6153e75f20
* Add types on existing Capabilities code
* Add ts-expect-error comments
* Minor code changes to satisfy types
* Remove ts-check because of unrelated errors
* Remove some ts-expect-error comments
* Revert "Remove some ts-expect-error comments"
This reverts commit 76cc0a073710eecf4f8b88f8579405838607f4d5.
* Remove the `@ts-check`s for now
It looks like typescript is somewhat flaky. We can re-enable this later
* Remove the `@ts-expect-error`s
* Remove return type
GitOrigin-RevId: 57bbd370654592c0662047e72e61f91bf38e0949
* [web] add error messages for payment failing to upgrade modal
* [web] show payment error on preview change page
* [web] add separate message for 3ds failure
GitOrigin-RevId: b2680ff9b4f01e42f31c1c11457f216a5eadf49d
This reverts commit 32bb3c66b61d0de8cbbfe1da08042f06b4f4342a, reversing
changes made to 5e87b704cd90478aedc8d8befa0aa5787a53177b.
Co-authored-by: Eric Mc Sween <5454374+emcsween@users.noreply.github.com>
GitOrigin-RevId: 10b51500e3429a637dc76e3cec7d6b2764708ddb
