* [third-party-datastore] use generic serializer for dropboxError
The `err` serializer will not pick up all the dropbox fields.
Co-authored-by: Thomas Mees <thomas.mees@overleaf.com>
* [third-party-datastore] handle user_suspended like insufficient_space
Unlink dropbox and display a notification (same key to clear later).
Co-authored-by: Thomas Mees <thomas.mees@overleaf.com>
* [third-party-datastore] skip retries when rejected with disallowed_name
Co-authored-by: Thomas Mees <thomas.mees@overleaf.com>
* [web] sort translations
* [web] update copy for dropbox_unlinked_because_suspended
Co-authored-by: Kamal Arkinstall <kamal.arkinstall@overleaf.com>
---------
Co-authored-by: Thomas Mees <thomas.mees@overleaf.com>
Co-authored-by: Kamal Arkinstall <kamal.arkinstall@overleaf.com>
GitOrigin-RevId: 8fbb9074d1d6eb879e904d79dd4b2a2c952ff902
* [web] reject upload requests without a file path
* [web] update copy on error message and link to contact form
Co-authored-by: Kamal Arkinstall <kamal.arkinstall@overleaf.com>
* [web] update copy: move dot to the end
---------
Co-authored-by: Kamal Arkinstall <kamal.arkinstall@overleaf.com>
GitOrigin-RevId: ba1ee81a91b046540caeb2f3f3da0e305611b35f
* [history-v1] move MockFilestore into shared place
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
* [history-v1] make back_fill_file_hash_fix_up compatible with Server Pro
---------
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: 70ea57e1503031d9f14dcd60c4c110e746450587
* In tests, post to `/user/emails/secondary` (6-digits) instead of the deprecated `/user/emails` (link-token)
* Update `addEmailAndConfirm` so it calls the right endpoint
* Remove unnecessary `userId` from `confirmEmail` and `addEmailAndConfirm` args
* Use `updateUser` to add unconfirmed email to user
* Confirm, then unconfirm emails, in order to test on unconfirmed emails
* Lowercase emails in `unconfirmSecondaryEmail`, so they get matched correctly
* Update UserEmailsTests.mjs with 6-digits flow, fetch, no `npm:async`
GitOrigin-RevId: 71b9ed65daebea5f22272240559caab375515f0c
* Create AdminCapabilities in admin-panel module
* Add `adminRolesEnabled` setting
* Use `PermissionsController.requirePermission` in admin-panel routes
* Update `adminCapabilities` to be an array
* Update frontend tests
* Rename `defaultAdminCapabilities` to `fullAdminCapabilities`
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Add tests to PermissionsManagerTests.js
* Get admin roles and capabilities from the database
* Add tests to admin-panel
* Fixup PermissionsManagerTests.js without admin-panel module
* Revert "Use `PermissionsController.requirePermission` in admin-panel routes"
This reverts commit ccbf3e3e3bca9239b786c662cba2ac6bd2f4117a.
* Revert "Fixup PermissionsManagerTests.js without admin-panel module"
This reverts commit 6d7ad207bb17c5ca4c12c489d4636a02c608926d.
* Revert "Add tests to PermissionsManagerTests.js"
This reverts commit 8f9cc911750911e1c4b74b631d8c8a1b1ca86630.
* Fix tests after the reverts
* Replace capabilities to more sensible examples ('modify-user-email' and 'view-project')
* Set `adminRolesEnabled: false` for now
* Return `[]` capabilities for non-admins
* Misc: types, test description, settings ordering
* Small refactor of AdminPermissions.mjs:
Reuse code with `getMissingCapabilities`
Throw when `requiredCapabilities` is empty
* Update tests after update
* Rename `checkAdminPermissions` to `hasAdminPermissions`
* Change role permissions to array instead of object
* Remove admin capabilities when `!Settings.adminPrivilegeAvailable`
* Return `[]` if there is no user id
* Throw if `user?._id` is missing
* Update services/web/modules/admin-panel/app/src/AdminPermissions.mjs
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Adjust to ForbiddenError constructor syntax
* Give empty capabilities for unknown role, update tests
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 1eec4f6a45e1cc3ae76a3a4603cec1ceba1c2322
* Rename `sendExistingSecondaryEmailConfirmationCode` to `sendExistingEmailConfirmationCode`
* Deduplicate error handling into `throwIfErrorResponse`
* Update `userHelper.confirmEmail` to use the 6-digits flow
GitOrigin-RevId: 91bdf7b185407b58520ca6b2aa1a7c71bdd23bc8
add support for fetching files via http from filestore in back_fill_file_hash script and tests
GitOrigin-RevId: 8dea6383ed6fe9ee6786a5695e2deee93b1cdd84
* [mics] fix "app" label in clsi-cache metrics in dev-env
* [clsi-cache] validate filePath when processing file
* [clsi-cache] meter ingress and egress bandwidth
Files are downloaded directly from nginx, hence we cannot meter egress
in clsi-cache easily.
GitOrigin-RevId: 24de8c41728f0e9c984113c1470dec6153e75f20
* Add types on existing Capabilities code
* Add ts-expect-error comments
* Minor code changes to satisfy types
* Remove ts-check because of unrelated errors
* Remove some ts-expect-error comments
* Revert "Remove some ts-expect-error comments"
This reverts commit 76cc0a073710eecf4f8b88f8579405838607f4d5.
* Remove the `@ts-check`s for now
It looks like typescript is somewhat flaky. We can re-enable this later
* Remove the `@ts-expect-error`s
* Remove return type
GitOrigin-RevId: 57bbd370654592c0662047e72e61f91bf38e0949
* [web] add error messages for payment failing to upgrade modal
* [web] show payment error on preview change page
* [web] add separate message for 3ds failure
GitOrigin-RevId: b2680ff9b4f01e42f31c1c11457f216a5eadf49d
* [web] Feature disablement status on user's admin panel
Adds a visual hint on the end user's admin panel when
dropbox/chat/ai features are disabled
GitOrigin-RevId: ded7a80120821ff606cc2c3b61bc2d82615c6026
This reverts commit 32bb3c66b61d0de8cbbfe1da08042f06b4f4342a, reversing
changes made to 5e87b704cd90478aedc8d8befa0aa5787a53177b.
Co-authored-by: Eric Mc Sween <5454374+emcsween@users.noreply.github.com>
GitOrigin-RevId: 10b51500e3429a637dc76e3cec7d6b2764708ddb
[web] Stop sending any event when trial changes to active for Stripe subscription on `customer.subscription.updated` stripe webhook event type
GitOrigin-RevId: 11256878cd2828036aad3130a05ad36d95466199
* Add search HTML tag and improve landmarks
* Add material symbol icons
* Add translation and improve landmarks
GitOrigin-RevId: bd0ddcce16348883c58ae547623b8e615b55df27
* Refactor project context to not use scope store
* Fix Cypress tests for project context changes
* Fix frontend React Testing Library tests for project context changes
* Remove redundant code
* Fix some project types in tests
* Remove unused import and fix a type
* Throw an error if updating the project in the project context before joining the project
* Fix some review panel tests
* Remove unused imports
GitOrigin-RevId: 2f0c928b651f387aa980c29aef7d1ba0649790a7
* [web] link to correct Stripe dashboard from admin panel
* [web] be more careful about constructing the base URL
* [web] be extra careful about accessing values in the subscription
* [web] switch to plain text environment variables
GitOrigin-RevId: 5fa802fce11967f56289b11476f39e2e1d5a9c74
* [terraform] clsi: add C3D trial
* [terraform] clsi: switch C3D to standard variant with local SSD
GitOrigin-RevId: 6e6ceeb93ee94800d8ce46557322da82dc99fc2a
[web] Simulate sending `payment-page-form-success` event when user successfully subscribe using Stripe
GitOrigin-RevId: 82243fc16d3410670e4e6e9c0ccd487a5f2253a3
* [history-v1] use POST requests for expiring redis buffer from cron
(cherry picked from commit 15780ac54e36b96e1aed9fd9eb6dfe9d4fbf842f)
* [history-v1] remove double claim of expire job
GitOrigin-RevId: 8b2eab07006a5819a47eed3f646b2a4d75f86e5b
* Move `hasLintingError` from scope to react state
* Move `permissionsLevel` to IdeReactContext states
* Get `permissionsLevel` from `useIdeReactContext()`
* Set `permissionsLevel` in mocked `IdeReactProvider`
* Replace `permissions` scope by React state
* Fixup `permission` changes
* Remove redundant type
GitOrigin-RevId: 6203c61f9ac429789624196bf67e508310f4577f
This prevents the bug "ReferenceError: Cannot access uninitialized variable" for users who don't have `window.requestIdleCallback`.
Fixes https://overleaf.sentry.io/issues/6724866295
GitOrigin-RevId: 129dcb72f24dc901ad600253bab7c58673e44321
* Test the scripts by adding fake ids
* Test Propensity errors
* Don't send Sentry event if `isPropensityNetworkError`
* Revert "Test Propensity errors"
This reverts commit 7052ca20d0bee3bb32b39fb90c473458a4375d7b.
* Revert "Test the scripts by adding fake ids"
This reverts commit 2ac797aadf24359917a10119155c5e41935a7482.
GitOrigin-RevId: 03c1e63e359d41ad83ce1ae5cc1063f1c59d0b4e
[web] Add missing publicKey to purchase add-on flow when user need to authenticate their payment via 3ds secure flow
GitOrigin-RevId: cc330cb8dad501479bbb3c5c5b4fc32ef9d36921
* [web] make SubscriptionController.cancelSubscription return a status
* [web] update acceptance test to match cancel subscription behavior
GitOrigin-RevId: 507809dcb7fa645c2a69e38cdf4a9e3f736622e1
* [web] Add script to check and fix duplicate collaborators in projects
* use batchedUpdate
* project-id param and BATCH_RANGE_START,
GitOrigin-RevId: 451549eaff255dfae3e55515786d7a68184d557f
* Move `pdf.logEntryAnnotations` to react state
* Remove unused scope `pdf.downloadUrl`
* Remove unused scope `pdf.url`
* Move `pdf.uncompiled` to react state
* Move `pdf.logEntries` to react state
* Remove `pdf` from `mockScope`
* Fix test: "renders annotations in the gutter"
GitOrigin-RevId: bf1d0ec30cc0ffcc1177871651483c296ed08baf
* Use meta tags for user info data
* Remove Back button
* Refactor syntax for conditional classes
* Inline meta tags
* Keep "Please go back and try again" text
* Shorthand classname
GitOrigin-RevId: 3b78bff04b4fb8dc7fdecf5b663d2a4f64c3218b
The breaking changes here are just for node version for the most part.
The one other breaking change has a workaround and shouldn't affect us
anyway.
GitOrigin-RevId: beb192a38cfc04f6b321e5ab44770a9a64110c30
* Rename `suppressGoogleAnalytics` to `suppressAnalytics`
* Add Propensity script
* Add LinkedIn Insight Tag script
* Version the cookie to prevent adding unconsented tracking
* Move tracking loaders to Typescript, insert them in foot_scripts.pug
* Show the cookie-banner when tracking other than GA is set
* Revert `oa` cookie versioning
* Remove `async` from propensity script
* Use shared tracking loader for Hotjar, LinkedIn, and Propensity
* Reusable `insertScript`
* Remove tracking-linkedin
* Test the scripts by adding fake ids
* Revert "Test the scripts by adding fake ids"
This reverts commit 50759bb6b40fd2684d1b967d83dd71e8517c3de9.
GitOrigin-RevId: 2a7b36bfc70ac1fc983f837dd4693a19a385cbc6
* Use the leadingIcon prop instead of spacing
* Remove duplicated ID
* Make the alt text to be empty since image is decorative
* Make switcher input visually hidden
The switcher's input previously used 'pointer-events: none', which prevented proper interaction in the test. It replaces that hack.
* Add accessibilityLabel to the info icon that is actually a clickable link
* Use more specific selectors
* It should display
* Use more specific selectors
* Use more specific selectors
GitOrigin-RevId: a555d96cf972d06dd5432f44a23b02355cedcd94
* Fix visited link colour
* Udpdate green link colors for the marketing pages
* Use the semantic color variables
GitOrigin-RevId: c53240cbd6f3608031d6e98db8203fe7bb414a9b
[web] Remove both "For teaching" and "Overleaf advisor programme" from our website navigation and pages
GitOrigin-RevId: 3189398e3f2fa9b19e828daeb890d89a336058b0
* [web] change status page URL to HTTPS everywhere
Also open all links to the status page or admin email in a new tab.
* [server-ce] explicit protocol matching
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
---------
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: d7d12eef4efc737c5d70fc969c862acae9faf14c
This is slightly different than done because done would resolve but I
think it is safer for the purpose done was being used in these changes.
GitOrigin-RevId: e60a912b82a8e544444a2776ea6aab7d2ea83bdb
* Import changes from Hackathon
https://github.com/overleaf/internal/pull/24501
* Update compile status: allow errors
* Update favicons. Use the ones from Figma
* Optimize and reuse path from favicon.svg
* Clear status favicon after 5s on active tab
* Rename hook from useCompileNotification to useStatusFavicon
* Add tests
* Revert changes to favicon.svg
* Query favicon on document.head
GitOrigin-RevId: 3972b1981abaf6c80273e0ed5b1bc05eb51bd689
* Add `no-restricted-globals` eslint rule
Co-authored-by: Rebeka <rebeka.dekany@overleaf.com>
* Change `self` to `window.self`
* Change `innerWidth` to `window.innerWidth`
* Change `confirm` to `window.confirm`
* Change `location` to `window.location`
* Use `location` from `useLocation` hook
* Use location from useLocation hook
Co-authored-by: Antoine <antoine.clausse@overleaf.com>
* Disable no-restricted-globals eslint rule for use of 'self'
* Use `confusing-browser-globals` from npm
* Prevent unexpected globals in workers, using `no-undef`
* Use `self` as a global in workers
* Use unexpected globals in workers, using `no-restricted-globals` in workers
---------
Co-authored-by: Rebeka <rebeka.dekany@overleaf.com>
Co-authored-by: Rebeka <o.dekany@gmail.com>
GitOrigin-RevId: 526986799f5f2edf53c7d978fa85c1e98189565f
* [project-history] add support for resync of history-ot ranges
* [project-history] avoid compressing sharejs and history-ot upgrades
* [document-updater] improve error message of some assertions
... by migrating the assertions like this:
```diff
-stub.calledWith().should.equal(true)
+stub.should.have.been.calledWith()
```
```diff
-stub.called.should.equal(false)
+stub.should.not.have.been.called
```
* [document-updater] move content field in resyncDocContent
* [document-updater] add support for resync of history-ot ranges
GitOrigin-RevId: e6104686a26934a5f25a8f095cbe00c163fbbaa7
* Enable Bootstrap 5 for the subscription error pages
* Override contact modal on the plans page
* Convert AI Assist related styles to CSS
* Extend single layout-website-redesign.pug template for both Bootstrap 3 and 5
* Formatting to tab indentation
* Add the switcher for AI Assist
* Fix translations in heading
GitOrigin-RevId: 54ddc35602831f1ec1fa83c9f67a091eefda7a77
* [web] fix typo in ESM migration of a db migration
* [web] migrate old migration to ESM
* [web] use batchedUpdate for bulk updates in old migrations
GitOrigin-RevId: a984f785c577c2ac4125c947b8a3efffa57e1eb7
* Hide the tooltip when Esc key is pressed
* Simplify ActionsDropdown
* Rename to tooltipDescription
* Use OLTooltip instead of Tooltip
GitOrigin-RevId: ee27cde2735ae3a0de5e37bfb8ab1dd99069742c
* [project-history] fix tests and cover callback for processing updates
The before setup was hiding that some tests were not doing what the
assertions were expecting.
* [project-history] fix callback signature when processing no updates
GitOrigin-RevId: 4fa14d47b9a1afd998316b0c9024d49760785a47
* Migrate the Try Premium for free page to Bootstrap 5
* Migrate the Overleaf Beta Program page to Bootstrap 5
* Fix buttons alignment on smaller screen size
* Migrate the Overleaf Bonus Program page to Bootstrap 5
GitOrigin-RevId: 811db783af6a86ab472aae95e075bfa301786a31
* [docstore] add endpoint for getting a projects comment thread ids
* [web] let docstore determine a projects comment thread ids
Also fetch the comment thread ids once when reverting project.
GitOrigin-RevId: c3ebab976821509c9627962e58918f9c6ebb0e1d
* Preserve resolve state in history when doing a restore
* added comment why is resovled property deleted
GitOrigin-RevId: fb1011cf98a658b302c6eef1da83fb1006bb2052
* Revert me: show fake data for donut chart
* Re-add `nvd3` styles in BS3
* Revert "Revert me: show fake data for donut chart"
This reverts commit b93e2aa5b0838571a5c4d96e85483b3d029038c7.
* Prettierignore nvd3.less
GitOrigin-RevId: 90702447244e7a2ddac495e9203c16c6bfc17bb0
* AI assist plans section
* fix merge issues, add tests
* translate img alt
* startInterval only if there are images found
* update casing for TeXGPT
* update mobile price font
* small design tweaks
GitOrigin-RevId: 87d993bb5da1929f99ab3b4721316961d78a46f5
* Add permissions checks for AI assist when trying to buy the addon
* more explicit check for DuplicateAddOnError
* remove useCapabilities()
GitOrigin-RevId: 1979e27410981e2ef020cecc731e228483d3315a
* [misc] migrate remaining references to our GCR repositories to AR
* [server-ce] fix retagging of texlive images
GitOrigin-RevId: 81f955ad4c4486ad42b29cbd6bcc9d5ef4b1a432
* [docstore] add endpoint for getting user ids of tracked changes
* [web] let docstore determine user ids of tracked changes
GitOrigin-RevId: 8d0a131555aa827f7ff80690fedc1aca26cf0817
These params are either used in a descendent or ancestor of the relevant
file and form part of the interface of the method even if they are not
directly used.
GitOrigin-RevId: 8bf64cecc69a9ae9e6c50797de5ce8db86757440
using @typescript-eslint/no-unused-vars reduces the number of false
positives in TS code. The changes:
1. Allow the arguments to a function to be checked (reporting only after
the last used variable)
2. Allow rest siblings to be checked
3. Allow these rules to be skipped with an _ prefix to a variable
GitOrigin-RevId: 1f6eac4109859415218248d5b2068a22b34cfd7e
* [web] skip db query when getting empty list of users
* [web] fetch token users in a single db query per access mode
GitOrigin-RevId: fa5d9edcb761bd5d5e5ea07d137a5a86efdbdd5c
[web] Bypass country requirement for Stripe if user is on staging or dev environment to ease the testing process
GitOrigin-RevId: 0924a57d3a1b7b530a3822fb8f9056a1dd7119e9
[web] Make user able to sync their email address in subscription dashboard for Stripe subscription
GitOrigin-RevId: 9abdc0e18ebea29b18c2041130946b9e50fa43db
* Revert me! Temporarily update code to test updates
* Update layout-no-js.pug to use BS5
* Migrate pages to BS5
* Revert "Revert me! Temporarily update code to test updates"
This reverts commit 03d980939dcbdc3f73ddf1e673acbc3fbfdfe2ec.
* Use `.error-container` class instead of BS5 utility
* Fix breakbpoints
* Use `.error-container` instead of utility class
GitOrigin-RevId: fd39c4f7278f175bbdeee24826f7a2226b1d7c70
* Remove `data-ol-auto-submit`, to test the page
* Migrate post-gateway.pug to BS5
* Revert "Remove `data-ol-auto-submit`, to test the page"
This reverts commit ee728b0bdda80d739bd09b2e4e9419303f7053db.
* Fix breakbpoints
* Use `layout-marketing`
GitOrigin-RevId: 73aa4da1e4ddae03d9c8e6671c6a8ccb89ecf0b0
* Remove `bootstrap5PageStatus = 'disabled'`
* Update from 'col-xs-' to 'col-'
* Rename LESS files to SCSS
* Rename local vars
* Refactor color variables to use SCSS variables in stylesheets
* Remove unused `.superscript`
It was added in 6696ffdd50
* Remove -moz and -webkit properties
* Remove unused(?) `.hub-circle img`
* Fix selector specificity for calendar display in daterange-picker
* Fix space/tab indents
* Fixup btn-link classes: fixes some borders
* Add support for svg.nvd3-iddle alongside svg.nvd3-svg in styles
* Add dropdown-item classes (improves styles)
* Replace `data-toggle` by `data-bs-toggle`
* Fixup table: remove .card class, add scope="col", add tbody
* Update dropdown caret icon
* Update icons to material symbols
* Remove green color override for links
* Remove/rearrange CSS unrelated to metrics module
* Add space after "by" in lags-container (by Day/Week/Month)
* Fix SCSS linting
* Re-add CSS that belongs in portals module
* Use `layout-react`
* Put table in Card. It still overflows but looks slightly better
* Fix columns breakbpoints
* Revert "Use `layout-react`"
This reverts commit a9e0d8f5c19d1dfd7417bf67b90799ad199a5913.
* Use css variables, use breakpoint mixins
* Add `.py-0` on subscriptions table card, so overflows appear less bad
GitOrigin-RevId: 55295ad76c112609baf43de4aa606d0c3da7a91f
* Replace action button to "Go to Account Settings" link in group-settings alert for email confirmation
* `bin/run web npm run extract-translations` & `make cleanup_unused_locales`
* Fix test capitalization
* Update "Go to account settings" to lowercase and link-styling
* `bin/run web npm run extract-translations`
* Fix test
GitOrigin-RevId: d66ce34556bdfc2a37f12900055640cc995ac140
* [web] hide sensitive data from joinProject when building project view
* [web] skip fetching members and invites for restricted users
* [web] fix owner features in joinProject view
* [web] separate invited members from owner
* [web] skip fetching users with empty members list
* [web] split await chain
Co-authored-by: Antoine Clausse <antoine.clausse@overleaf.com>
* [web] remove spurious parentheses
* [web] remove dead code
Co-authored-by: Antoine Clausse <antoine.clausse@overleaf.com>
---------
Co-authored-by: Antoine Clausse <antoine.clausse@overleaf.com>
GitOrigin-RevId: 5b4d874f974971e9c14d7412620805f8ebf63541
* handle 3DS challenges on the subscription dashboard
* add `/user/subscription/sync` endpoint
* upgrade `stripe-js` & rm `react-stripe-js`
* group related unit tests together
* add modules `SubscriptionController` unit tests and convert to async/await
* add `StripeClient` unit tests for 3DS failure
GitOrigin-RevId: 9da4758703f6ef4ec08248b328abddbbdd8e44ad
* feat: add ability to set restore point for subscriptions
* feat: update recurly client with ability to get past due invoices and fail invoices
* utility to retrieve last valid subscription
* create revert requests and fail invoices, revert subscriptions to previous valid states on failed upgrade payments
* add restore point and call to revert plans on failed payments
* code style for PaymentProviderEntities
* moving subs restore point check to SubscriptionController, and removing unecessary error
* adding ability to stop sub restores without a deploy
* ensure that subs restore point is set before changing plan
* changing reverted flag on subscription to count, and only reverting automatic invoices
* updating tests with restorepoint functions
* rethrow error after voiding restore point, and ensure that recurly failed_payment always gets a 200 response
* only void restore point if the changeRequest fails
GitOrigin-RevId: cf3074c13db22d1cf680b59c4d57817c390db23e
Isolation isn't required and it takes the setup contribution to our
tests down from over 60 seconds to single figures, greatly speeding up
the tests.
GitOrigin-RevId: 72516e420583fa2dfcef13f2cc50b0769a100baf
* Revert case-insensitivity in e2e tests
* Use `{ exact: false }` to filter createProject type
* Update server-ce/test/helpers/project.ts
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: b8b2f8439a55e9527358b13d9292779dc3509e9d
* Pull email context outside of `ResendConfirmationCodeModal`
* Use `loading` prop of button instead of deprecated Icon
* Swap notification order to clarify priority (no change in behaviour)
* Replace confirmation link action by confirmationCodeModal, and simplify code
* Change to secondary button variant in the Notification
* Display errors within the modal
* Increase ratelimit for resend-confirmation
* Copy changes
* Add stories on email confirmation notifications
* Fix other Notification stories
* Update tests
* Update services/web/frontend/js/features/settings/components/emails/confirm-email-form.tsx
Co-authored-by: Rebeka Dekany <50901361+rebekadekany@users.noreply.github.com>
* Remove placeholder on 6-digit code input
---------
Co-authored-by: Rebeka Dekany <50901361+rebekadekany@users.noreply.github.com>
GitOrigin-RevId: dad8bfd79505a2e7d065fd48791fd57c8a31e071
* [document-updater] flush history for projects with short queues ASAP
* [k8s] document-updater: enable short history queue for history-ot demo
* [project-history] flush history for projects with short queues ASAP
* [project-history] wait for mongo before running acceptance tests
* [k8s] project-history: enable short history queue for history-ot demo
* [project-history] change wait-for-mongo step in tests
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
---------
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: 3e989c409e8e9887655b35f2659ce0829e61b357
* Reinitialise Writefull toolbar after buying AI assist (#25596)
* Reinit Writefull toolbar after buying AI assist
* use refreshSession()
* add a timeout
* add a second refresh
* Increase a timeout for second refresh of writefull session (#25725)
GitOrigin-RevId: 7247ae45ca7de7f1f3778b1b22f49e2ff840a7ef
* [clsi] shed load when detecting out-of-disk condition
* [clsi] mark VM as unhealthy when detecting of-of-disk condition
GitOrigin-RevId: 25cda6785c0d973f50ec6206bee389804f35917e
* adding temporary rendering of the BS5 version of why-latex page
* adding first section on the page with new styling, that is compatible with BS5
* adding next section
* adding cards and copy pasting existing styling
* using variables instead of direct values
* fixing the styling of h3 in info-card
* adding next section and its styling
* adding variables
* adding features card section
* adding the next features card
* adding the next features card section
* adding another card section
* adding last feature card section
* adding next section
* adding next section
* adding next section
* adding begin now card
* running npm run lint:styles:fix
* making some style changes to match BS3 version for smaller screen under lg in BS5
* adding a width fix to image
* changing breakpoints to bring consistency in stylesheet
* adding vars
* adding split test
* removing the temporary rendering solution for the BS5 page
* adding splitTestHandler Stub
GitOrigin-RevId: 1257dff09e5371d68e102972e3544559800ca339
* [history-ot] rename remaining history-v1-ot references to history-ot
* [web] rename History-v1 OT -> History OT in admin panel
* [web] rename OT Migration -> History OT Migration in admin panel
GitOrigin-RevId: 103ce816d5320d6379d51009cdc08b8a71aa48e6
[web] Fix `disableElement` won't properly disable the element if using bs5 and applied on anchor tag
GitOrigin-RevId: 49ce8514be3e44e5e3a45f41751c94c77f34399b
* Update AI Assist wording on checkout page if not in rollout
* update wording when buyin addon
GitOrigin-RevId: 7133b4fd3efac8e8a7361dcc15d54367f809f16d
* [CE/SP] Update base image to node:22
Also triggers a rebuild of the image to ensure all dependencies are up to date
* Bump phusion image to noble-1.0.2
GitOrigin-RevId: 8dce9d3cc6e8df28fce7a15f2727e7bc4aa453fd
* Revert "Increase a timeout for second refresh of writefull session (#25725)"
This reverts commit 0a34bdde656ade863aead22f003253e13af37829.
* Revert "Reinitialise Writefull toolbar after buying AI assist (#25596)"
This reverts commit a2572d62bce0e344d92696e42d137a0b36574b3b.
GitOrigin-RevId: 3d51a4375059ab9f4494a7e18b132cc5db34e4cd
* Update AI Assist wording on checkout page if not in rollout
* update wording when buyin addon
GitOrigin-RevId: 20a90b14e97b1a8837e8be697c1a9666ed15a1c3
* Reinit Writefull toolbar after buying AI assist
* use refreshSession()
* add a timeout
* add a second refresh
GitOrigin-RevId: a2572d62bce0e344d92696e42d137a0b36574b3b
This will only happen with a same-origin request (or if someone has
tampered with the request - in which case they could set anything).
Co-authored-by: Tim Down <158919+timdown@users.noreply.github.com>
GitOrigin-RevId: 9dfe49f974a476bfe215768d3984dd60a381d37a
[web] Send analytics events and user properties when user's subscription is renewed with the same plan
GitOrigin-RevId: c21436d942e8b1a2b8c9fca5827826bf0e8b8bdb
[web] Send analytics events and user properties for cancelled and reactivated event in Stripe subscription
GitOrigin-RevId: 07a4e6395be334c90910b5d421624c4daa703d3b
* Run `bin/update_node 20.18.2 22.15.0`
* Remove expects on `fetchMock.callHistory.done()` to fix tests: are they necessary?
* Set node version to `22.x` in linked-url-proxy
* Increase test timeout to 30s in `github-sync`, Add waiting steps
* Define `navigator.onLine` in tests setup
GitOrigin-RevId: 75eb556e9f51b665e57497a0879b6915d14069ce
* [document-updater] Don't return promises within functions with callbacks
Remove the errors:
DeprecationWarning: Calling promisify on a function that returns a Promise is likely a mistake
https://cloudlogging.app.goo.gl/YHDhoarvLEw2w9rXA
* Remove some more unnecessary returns in functions with callbacks, for consistency
* Add `sendCanaryAppliedOp` to excluded methods for promisification
GitOrigin-RevId: fa6d3e47c4e6561dc29d4c15e57c3289fc1f3dfa
* Revert "[clsi-cache] only use sharding from updated project editor tabs (#25326)"
This reverts commit 1754276bed3186c0536055c983e32476cc90d416.
* [clsi-cache] remove non sharded instances
GitOrigin-RevId: aa3ac46140dfc1722a3350cf7071e5b11af61199
* Improve announced button and link labels for screen reader users
* Improve labels for integration widgets and update test
* Make integration widget IDs to be required
GitOrigin-RevId: 1e0124ef63a91fb63dffd79881c60794bccb9d27
* Add script to update null references in for readOnly_refs and pendingReviewer_refs
* update script to only update readOnly_refs
* clean up
* use projectAuditLogEntries to find relevant projects
* use updateOne
GitOrigin-RevId: bbeaa04b837ebb657c802598f0de72879f641bd0
This flag will control whether or not a particular client is allowed to
use PKCE instead of a client secret when requesting an access token.
GitOrigin-RevId: b9471112a485233308410e0cb7f20e20a613a971
* [clsi] tell frontend when synctex mapping was downloaded from clsi-cache
* [web] emit event when synctex mapping was downloaded from clsi-cache
GitOrigin-RevId: 1f6b7e0faaa7dd76449aad566802da971a4cf9ed
* [web] move building of compile from cache response into manager
* [web] retry fetching initial compile from cache response
GitOrigin-RevId: b4dc89f1b91d99e869c0c7789881dc72d8a5761f
* [web] settle on a single split-test for the clsi-cache rollout
Use the split-test that was used for rolling out the writes so that we
can use their already populated caches.
* [clsi-cache] fix non-sharded clsi-cache in dev-env
GitOrigin-RevId: 6ebd6369183342fe6d5e325b760d011fd1d57516
* [history-v1-ot] initial implementation of using doc-level history-v1-ot
* [web] fix advancing of the otMigrationStage
Use 'nextStage' for the user provided, desired stage when advancing.
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
* [document-updater] document size check in editor-core
* [history-ot] rename history-v1-ot to history-ot and add types
* [history-ot] apply review feedback
- remove extra !!
- merge variable assignment when processing diff-match-match output
- add helper function for getting docstore lines view of StringFileData
Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
* Revert "[document-updater] add safe rollback point for history-ot (#25283)"
This reverts commit d7230dd14a379a27d2c6ab03a006463a18979d06
Signed-off-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
---------
Signed-off-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
GitOrigin-RevId: 89c497782adb0427635d50d02263d6f535b12481
* Improve FileTooLargeError handling in FileWriter.js
* handle errors on passThrough stream
* unlink files on error
* fail `writeUrlToDisk` if content-length header is too large
With Node 22, the test `Open In Overleaf - when POSTing a snip_uri for a file that is too large` fails.
I initially tried replacing it with a check of the `content-length` header. But then I managed to make the old test pass by adding a handler (`passThrough.on('error', ...)`)
* Unlink files asynchronously, add stream destroys on error
* Remove eslint disables
* Remove `stream.on('error', ...)` and `passThrough.on('error', ...)`
* Revert `Content-Length` check
* Re-add `stream.on('error', errorHandler)`; Remove it on 'response'
* Only report unlink errors there is an error(!!) that's not ENOENT
GitOrigin-RevId: fefe49519ec6f54df5eef69a2c2a75518f9d3748
This removes some DeprecationWarnings in history-v1
The update should be safe:
```
3.0.0 / 2018-11-20
Ensure config array items and objects are sealed @fgheorghe
This required a major version bump in case someone
relied on the ability to mutate non-sealed data.
2.0.0 / 2018-07-26
Potential for backward incompatibility requiring a major version bump.
Safe to upgrade to major version 2 if you're using a recent NodeJS version and you're not trying to mutate config arrays.
Added array immutability - jacobemerick
Removed Node V.4 support
```
https://github.com/node-config/node-config/blob/master/History.md
GitOrigin-RevId: 8384247d1ad2cd659703b4ba50edf7212076dcf3
* Reapply "[web] Promisify ClsiCookieManager and CompileController (reapply and fix)"
This reverts commit 98cb9127ff2b7c7c347c560766f749265d712490.
* Fix: Use query parameters correctly (!!)
* Add unit test on `checkIsLoadSheddingEvent`
* Remove interference between tests: rename to `ClsiCookieManager2` when it's re-sandboxed
* Add test: 'should report "cycle" when other is UP'
GitOrigin-RevId: 3146b149954b908830226cb03b51d9adfa08ec2e
* `"@google-cloud/profiler": "^6.0.3"`
* `bin/npm update pprof`
* `bin/npm update nan`
* `bin/npm update @google-cloud/profiler`
* Ignore false positive of `@typescript-eslint/return-await`
> Returning an awaited value that is not a promise is not allowed
Though the function was promisified
GitOrigin-RevId: 24dbe3e8df2b55c0b9583ac79a61e0956ac3fac0
* [web] refactor startup sequence
The primary objective here is to call loadGlobalBlobs() only once.
But to get there, we need to reorder things and add extra try/catch
sections to ensure we are not letting the global uncaughtException
handler catch startup errors.
Co-authored-by: Antoine Clausse <antoine.clausse@overleaf.com>
* [web] add metrics for startup steps
Co-authored-by: Antoine Clausse <antoine.clausse@overleaf.com>
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: c73edea02516e919d55b896588dcd1862835fedf
* Delete unused file error.pug
* Revert-me: Enable 2FA locally
* Migrate 2FA pages to BS5
* Add BS5 notification classes to hydrate-form.js
* Revert "Revert-me: Enable 2FA locally"
This reverts commit 2874bedb05e579623e5beb6cf518aa8608808802.
* Fix: Re-add .text-capitalize on button
* Use `notification` mixin for success state
* Append complex notifications with icons in `showMessages`
* Keep the BS3 version of the notification in `showMessages`, move the BS5 implementation to `createNotificationFromMessageBS5`
Check the Boostrap version with `!window?.Frontend?.['bootstrap-3']`, which is a bit hacky
* Update breakpoings in 2FA form to leave more room for error notification
* Address PR comments:
* Remove useless `createTextNode`
* Use `isBootstrap5`
* `Setup` -> `Set Up`
GitOrigin-RevId: d7285853ea1191da7711b7bada8d65ff064bc27d
* [clsi-cache] shard per zone into three instances
Keep the old instance as read fallback. We can remove it in 4 days.
Disk size: 2Ti gives us the maximum write throughput of 240MiB/s on a
N2D instance with fewer than 8 vCPUs.
* [clsi] fix format
* [k8s] clsi-cache: bring back storage-classes
* [k8s] clsi-cache: fix reference to zonal storage-classes
* [k8s] clsi-cache: add logging configs
* [clsi] improve sharding
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
* [clsi] fix sharding
Index needs to be positive.
* [clsi] fix sharding
The random part is static per machine/process.
* [clsi] restrict clsi-cache to user projects
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
* [k8s] clsi-cache: align CLSI_CACHE_NGINX_HOST with service LB
---------
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: 1efb1b3245c8194c305420b25e774ea735251fb3
- Remove settings ignore, they are inconsistent and break local prettier
- Remove .dockerignore files, only root ignore file is used
- Move .idea/.run/*.swp/coverage to root
- Remove .npmrc entries, we are no longer writing the rc file
- Remove node_modules/.DS_Store, is contained in root
- Remove cruft
GitOrigin-RevId: 3025fd5acaef343312f55149466c638e759a6e1f
Fix bug where clicking on comment/change in mini panel would not open full panel in new editor
GitOrigin-RevId: e7db345e01b881255a1651b37dec637f04692f3e
* [k8s] clsi-cache: increase the number of workers
* [clsi-cache] add a global limit on concurrent writes
* [k8s] clsi-cache: increase timeouts for health checks
* [k8s] clsi-cache: align resource requests with current usage
GitOrigin-RevId: 2aba881ac0e581aa8db78a30d2c58afee6702318
* Revert-me: Add `user-activate` to SAAS modules
* Migrate user-activate module to BS5
* Add loading state to button
* Revert "Revert-me: Add `user-activate` to SAAS modules"
This reverts commit 0584005953bf470ab21697e5c5448c566d95ca5d.
* Remove `bootstrap5PageStatus` var in register.pug
GitOrigin-RevId: 45fffc902e69a0b8f6e2a1a9c0381c9e844fafca
* Add script to remove emails with commas and replace them emails to support with encoded former emails
* Enhance RemoveEmailsWithCommasScriptTest to verify unchanged user data
GitOrigin-RevId: 6961995f2a143ac1c53bc2eeb183808a4be7dd02
* Refactor `ClsiCookieManager` to use async/await
* Refactor `CompileController` to use async/await
* Fix tests: CompileControllerTests.js
* Fix tests: ClsiCookieManagerTests.js
* Fixup: keep old object key (`serverId`->`clsiServerId`)
* Prefix non-express methods with an underscore
* Use async versions of `rclient` methods
* Fix: `canContinue` must be `false` when rate limited (!!)
* Remove unused `ClsiCookieManager.getCookieJar`
* Remove bad comments
* Fix linting
* Replace `request` by `@overleaf/fetch-utils`
* Replace `callsFake` by `resolves`
* Update `catch` block after request->fetch update: check status code
* Re-add timeout of 30s (was removed in 3df75ab5ccc8a63bd69a6a6e6052ef0451b76220)
* `npm run format:fix`
* Don't throw on 4xx errors; keep functionality similar to the current implementation using `request`.
GitOrigin-RevId: ef161f6c252d13f407e9cf28029b62061d6b992f
* Remove redundant class conflicting with focus styling
* Make the toolbar in the popover focusable via keyboard
* Focus to the first context menu item via keyboard only
GitOrigin-RevId: 7d3e2af4ba96654b5b2312b3999483c2a439b406
* Fix AI assist links based on annual/monthly switch
* use translations for annually discount
GitOrigin-RevId: eaf10720eb162c8ecbd891e8f73475db0c02b9f9
* [clsi] merge sandboxed compiles config from Server Pro and SaaS
* [clsi] reorder fallback env vars
Co-authored-by: Mathew Evans <matt.evans@overleaf.com>
* [server-pro] bump version of expected release with these changes
---------
Co-authored-by: Mathew Evans <matt.evans@overleaf.com>
GitOrigin-RevId: bada93fec89bcc3f2bab85b6e60b2e27de88b9c2
* [web] stopOnFirstError=true does not conflict with =false locally
Allow stopOnFirstError to be enabled in the compile from cache and
disabled locally.
Compiles that passed with stopOnFirstError=true will also pass with
stopOnFirstError=false. The inverse does not hold, and we need to
recompile.
* [web] record event when using compile from cache
* [web] record event when falling back to clsi-cache
* [web] make clsi-cache a premium feature
* [k8s] clsi-cache: increase disk size for beta rollout
NOTE: As this is a premium feature and paid servers run in zones c+d, we
do not need to scale up clsi-cache in zone b for now.
* [web] enable full sampling of compile-result-backend events
* [web] fix frontend tests
* [web] be more verbose when determining access to clsi-cache feature
GitOrigin-RevId: 6fd663e16085187876eb225f7f33eeeaf69d2b2a
* Remove hacks that conditionally hid `ds-nav` survey
* Remove `getAssignment` of `sidebar-navigation-ui-update`
* Remove `hasDsNav`: make it true everywhere
* Remove dead code
* Update Footer so thin footer is shown in SP/CE
* Run `web$ make cleanup_unused_locales` & `bin/run web npm run extract-translations`
* [server-pro] fix learn wiki tests following DS navigation changes
* [server-pro] tests: remove logout action before switching session
* [server-pro] tests: fix logout test
* [server-pro] tests: use new css class for sidebar on project dashboard
* Revert "should add a documentation entry to the nav bar" test change
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 93eb7a1b03bb4e54ad1770150d83778b8f7f6727
* Use OLIconButton for buttons lacking visible text
* Ensure correct ARIA attr for the Layout dropdown
* Add a tooltip to Layout button
* Add "Open dev tool" aria-label
* Add accessible names to the rail tab items
* Remove unused IconProps export
GitOrigin-RevId: 185937384cf5ec87b32238111d6621ac07789fb4
* Set `"type": "module"` in package.json
* Update imports to include file extensions
* Update imports to include file extensions in test files
* Convert webpack files to ESM
* Update configureStore.js for ESM
* Make static-assets CJS, and rename with .cjs
* Misc: update imports to `node:path`
* Add vitest; Remove chai, mocha, sinon, expect, jsdom
* Return promises in conversion-controller, to make testing easier
* Update tests to vitest syntax
* Fix JSON import syntax and babel config
* Import combobo from NPM
* Rename `app.js` to `app.cjs`
This should prevent errors in the production app (https://console.cloud.google.com/cloud-build/builds;region=us-east1/8b42465c-0d07-4a08-b856-aa18c13fae46?project=overleaf-ops)
### Before
```
node@ea395ce612a8:/overleaf/services/latexqc$ node app.js
[...]
ReferenceError: require is not defined in ES module scope, you can use import instead
This file is being treated as an ES module because it has a '.js' file extension and '/overleaf/services/latexqc/package.json' contains "type": "module". To treat it as a CommonJS script, rename it to use the '.cjs' file extension.
at file:///overleaf/services/latexqc/app.js:2:1
at ModuleJob.run (node:internal/modules/esm/module_job:234:25)
at async ModuleLoader.import (node:internal/modules/esm/loader:473:24)
at async asyncRunEntryPointWithESMLoader (node:internal/modules/run_main:122:5)
```
### After
```
node@ea395ce612a8:/overleaf/services/latexqc$ node app.cjs
--------------------------
===> 😊 Starting Server . . .
===> Environment: production
===> Listening on port: 8082
--------------------------
```
* Rename `app.js` to `app.cjs` (Fixup forgotten one)
* Rename `app.js` to `app.cjs` (Fixup 2)
* Rename asset files to `.js`
Fixes:
```
Refused to execute script from 'https://staging-latexqc.ieee.org/assets/9d6cc24692a7f912ff06.cjs' because its MIME type ('application/octet-stream') is not executable, and strict MIME type checking is enabled.
```
GitOrigin-RevId: f0b618f7fc4062fb6bdc3779dfc5defc5f72d614
- use beforeEach to ensure tests do not interfere with each other
Notably, the 'when the ops come in a single linear order' test suite
had state-changing tests that were dependent on the correct order.
Also, the assigment of 'this.firstOpTimestamp' was in a test.
- consolidate populating project and doc ids
The doc reference in this.update was undefined.
- fix doc reference in updates
There were two misuses of 'doc_id' instead of 'doc'.
- Move mocking of MockWebApi.getDocument to the top and use
sinon.resetHistory() or sinon.restore() for controlling the stub.
- Add another test for simple transforming of updates
See 'when another client is sending a concurrent update'.
GitOrigin-RevId: 61ca8a1b0172920ad6ab1b604a9b9259cebddaad
* Replace `diskusage` by `fs` in clsi
* Replace `diskusage` by `fs` in clsi-cache
* Update disk space calculations to include block size in bytes
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Add warning comments about Docker-for-Mac fs stats being off by a factor
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 02ea07e531b89bb3d10ddfe780348b19cbddad1f
* Update git bridge logo based on current theme
* Use GithubLogo black instead of GithubLogo
* Add missing logos
* Update dropbox logo
* Revert default DropboxLogoBlack size
* Remove white background from DropboxLogo
* Rename GitBridgeLogo to GitLogo
GitOrigin-RevId: 00d08716d9ccb0df7912dba39ec0477d672dc56d
* [web] provide an actual rootFolder from EditorProviders in tests
- Fixup SocketIOMock and ShareJS mocks to provide the complete interface
- Extend SocketIOMock interface to count event listeners
- Fixup test that did not expect to find a working rootDoc
* [web] expose imageName from ProjectContext
* [clsi-cache] check compiler settings before using compile from cache
* [web] avoid fetching initial compile from clsi-cache in PDF detach tab
GitOrigin-RevId: e3c754a7ceca55f03a317e1bc8ae45ed12cc2f02
* [misc] freeze time before any other unit test setup steps
Freezing it after other work (notably sandboxed-module imports) will
result in flaky tests.
* [web] update the projects lastUpdated timestamp when changing file-tree
GitOrigin-RevId: b82b2ff74dc31886f3c4bd300375117eead6e0cd
* Update share modal copy for reviewer role
* fix ShareProjectModal test
* use "limited_to_n_collaborators_per_project"
GitOrigin-RevId: f5afcb18a3921a6b1132a4c323af9d8395a7d07b
* [clsi] drop support for docker-in-docker
* [clsi] run SyncTeX in specific output dir rather than compile dir
* [clsi] store output.synctex.gz outside of tar-ball in clsi-cache
* [clsi] add documentation for rewriting of docker bind-mounts
* [server-pro] update env vars for sandboxed compiles in sample config
GitOrigin-RevId: 8debd7102ac612544961f237aa4ff1c530aa3da3
* [clsi-lb] forward ?clsiserverid=cache requests to clsi-cache
* [web] use clsi-cache in frontend
* [web] upgrade compile from cache to full compile when triggered inflight
* [web] fix pdf-js-viewer.spec.tsx tests -- add ?clsiserverid=foo to url
* [web] fix renamed reference after merge
* [web] fix download of other output files and use specific build
* [web] consolidate validation of filename into ClsiCacheHandler
* [web] remove unused projectName from getLatestBuildFromCache
* [web] avoid hitting the same clsi-cache instance first all the time
* [web] update documentation
GitOrigin-RevId: d48265a7ba89d6731092640e1492bc9f103f5c33
* [clsi-cache] initial revision of the clsi-cache service
* [clsi] send output files to clsi-cache and import from clsi-cache
* [web] pass editorId to clsi
* [web] clear clsi-cache when clearing clsi cache
* [web] add split-tests for controlling clsi-cache rollout
* [web] populate clsi-cache when cloning/creating project from template
* [clsi-cache] produce less noise when populating cache hits 404
* [clsi-cache] push docker image to AR
* [clsi-cache] push docker image to AR
* [clsi-cache] allow compileGroup in job payload
* [clsi-cache] set X-Zone header from latest endpoint
* [clsi-cache] use method POST for /enqueue endpoint
* [web] populate clsi-cache in zone b with template data
* [clsi-cache] limit number of editors per project/user folder to 10
* [web] clone: populate the clsi-cache unless the TeXLive release changed
* [clsi-cache] keep user folder when clearing cache as anonymous user
* [clsi] download old output.tar.gz when synctex finds empty compile dir
* [web] fix lint
* [clsi-cache] multi-zonal lookup of single build output
* [clsi-cache] add more validation and limits
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
* [clsi] do not include clsi-cache tar-ball in output.zip
* [clsi-cache] fix reference after remaining constant
Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
* [web] consolidate validation of filename into ClsiCacheHandler
* [clsi-cache] extend metrics and event tracking
- break down most of the clsi metrics by label
- compile=initial - new compile dir without previous output files
- compile=recompile - recompile in existing compile dir
- compile=from-cache - compile using previous clsi-cache
- extend segmentation on compile-result-backend event
- isInitialCompile=true - found new compile dir at start of request
- restoredClsiCache=true - restored compile dir from clsi-cache
* [clsi] rename metrics labels for download of clsi-cache
This is in preparation for synctex changes.
* [clsi] use constant for limit of entries in output.tar.gz
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
* [clsi-cache] fix cloning of project cache
---------
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: 4901a65497af13be1549af7f38ceee3188fcf881
Note: "connected" here means across all real-time pods.
- editing_session_mode, counter
- mode=connect - a client connected
- mode=disconnect - a client disconnect
- mode=update - continuous editing
- status=empty - all clients disconnected
- status=single - a single client is connected
- status=multi - multiple clients are connected
- project_not_empty_since histogram with buckets [0,1h,2h,1d,2d,1w,30d]
- status=empty/single/multi as described above
GitOrigin-RevId: 1cc42e72bbb5aae754399bdbc3f8771642f35c22
* Fix `fix_malformed_filetree`'s `fixName`
* Fix findUniqueName with missing names in siblings
* Add test showcasing another bug: shifted arrays in filetree folder
* Update `removeNulls` to use `_id`
* Update services/web/app/src/Features/Project/ProjectLocator.js
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Add FIXME about file names uniqueness
* Rename `obj` to `project`
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 3ed795ae0621800603395f7b50626ac89c39199d
@ -37,6 +37,12 @@ The present "extended" version of Overleaf CE includes:
- Symbol Palette
- "From External URL" feature
> [!CAUTION]
> Overleaf Community Edition is intended for use in environments where **all** users are trusted. Community Edition is **not** appropriate for scenarios where isolation of users is required due to Sandbox Compiles not being available. When not using Sandboxed Compiles, users have full read and write access to the `sharelatex` container resources (filesystem, network, environment variables) when running LaTeX compiles.
Therefore, in any environment where not all users can be fully trusted, it is strongly recommended to enable the Sandboxed Compiles feature available in the Extended Community Edition.
For more information on Sandbox Compiles check out Overleaf [documentation](https://docs.overleaf.com/on-premises/configuration/overleaf-toolkit/server-pro-only-configuration/sandboxed-compiles).
## Enterprise
If you want help installing and maintaining Overleaf in your lab or workplace, Overleaf offers an officially supported version called [Overleaf Server Pro](https://www.overleaf.com/for/enterprises).
@ -44,959 +50,16 @@ If you want help installing and maintaining Overleaf in your lab or workplace, O
## Installation
Detailed installation instructions can be found in the [Overleaf Toolkit](https://github.com/overleaf/toolkit/).
To run a custom image, add a file named docker-compose.override.yml with the following or similar content into the `overleaf-toolkit/config directory`:
```yml
---
services:
sharelatex:
image: sharelatex/sharelatex:ext-ce
volumes:
- ../config/certs:/overleaf/certs
```
Here, the attached volume provides convenient access for the container to the certificates needed for SAML or LDAP authentication.
If you want to build a Docker image of the extended CE based on the upstream v5.4.0 codebase, you can check out the corresponding tag by running:
```
git checkout v5.4.0-ext-v2
```
After building the image, switch to the latest state of the repository and check the `server-ce/hotfix` directory. If a subdirectory matching your version (e.g., `5.4.0`) exists, build a patched image.
Alternatively, you can download a prebuilt image from Docker Hub:
```
docker pull overleafcep/sharelatex:5.4.0-ext-v2
```
Make sure to update the image name in overleaf-toolkit/config/docker-compose.override.yml accordingly.
### New in `v5.4.0-ext-v2`:
- Added "From External URL" feature
- Introduced Template Gallery
- Improved keyboard input experience in the Symbol Palette
- Fixed compilation error when using the `minted` package
## Sandboxed Compiles
To enable sandboxed compiles (also known as "Sibling containers"), set the following configuration options in `overleaf-toolkit/config/overleaf.rc`:
```
SERVER_PRO=true
SIBLING_CONTAINERS_ENABLED=true
```
The following environment variables are used to specify which TeX Live images to use for sandboxed compiles:
- `ALL_TEX_LIVE_DOCKER_IMAGES`**(required)**
* A comma-separated list of TeX Live images to use. These images will be downloaded or updated.
To skip downloading the images, set `SIBLING_CONTAINERS_PULL=false` in `config/overleaf.rc`.
- `ALL_TEX_LIVE_DOCKER_IMAGE_NAMES`
* A comma-separated list of friendly names for the images. If omitted, the version name will be used (e.g., `latest-full`).
- `TEX_LIVE_DOCKER_IMAGE`**(required)**
* The default TeX Live image that will be used for compiling new projects. The environment variable `ALL_TEX_LIVE_DOCKER_IMAGES` must include this image.
Users can select the image for their project in the project menu.
Here is an example where the default TeX Live image is `latest-full` from Docker Hub, but the `TL2024-historic` image can be used for older projects:
TEMPLATE_ACADEMIC_JOURNAL_DESCRIPTION=Templates for academic journal submissions, including formats for major publishers and preprint servers.
TEMPLATE_BIBLIOGRAPHY_NAME=Bibliographies
TEMPLATE_BIBLIOGRAPHY_DESCRIPTION=Styles for creating and managing bibliographies with BibTeX or BibLaTeX. Suitable for use in academic papers, theses, and reports.
TEMPLATE_BOOK_NAME=Books
TEMPLATE_BOOK_DESCRIPTION=Templates for writing books or long-form documents, including chapter structuring, front matter, and indexing.
TEMPLATE_CALENDAR_NAME=Calendars
TEMPLATE_CALENDAR_DESCRIPTION=Templates to create yearly, monthly, or weekly calendars. Useful for personal planners or event scheduling.
TEMPLATE_CV_NAME=CVs and résumés
TEMPLATE_CV_DESCRIPTION=Templates for CVs and résumés with various formats for academic, industry, and creative positions.
TEMPLATE_FORMAL_LETTER_NAME=Formal letters
TEMPLATE_FORMAL_LETTER_DESCRIPTION=Templates for professional letters, such as cover letters, recommendation letters, and official correspondence.
TEMPLATE_HOMEWORK_NAME=Assignments
TEMPLATE_HOMEWORK_DESCRIPTION=Templates for homework, coursework, and problem sets. Designed to be clean and well-structured for students and educators.
TEMPLATE_NEWSLETTER_NAME=Newsletters
TEMPLATE_NEWSLETTER_DESCRIPTION=Templates for creating newsletters with formats for academic, corporate, or community communications.
TEMPLATE_POSTER_NAME=Posters
TEMPLATE_POSTER_DESCRIPTION=Templates for scientific and academic posters, typically used in conferences and research presentations.
TEMPLATE_PRESENTATION_NAME=Presentations
TEMPLATE_PRESENTATION_DESCRIPTION=Templates for Beamer and other presentation formats, tailored for academic talks and lectures.
TEMPLATE_REPORT_NAME=Reports
TEMPLATE_REPORT_DESCRIPTION=Templates for technical, lab, or project reports. Includes sections for figures, tables, and references.
TEMPLATE_THESIS_NAME=Theses
TEMPLATE_THESIS_DESCRIPTION=Templates for writing theses and dissertations, following institutional formatting and citation guidelines.
TEMPLATE_ALL_NAME=All templates
TEMPLATE_ALL_DESCRIPTION=Browse a collection of all available LaTeX templates, categorized by document type, style, and purpose.
```
</details>
## Authentication Methods
The following authentication methods are supported: local authentication, LDAP authentication, SAML authentication,
and OpenID Connect (OIDC) authentication. Local authentication is always active. The environment variable `EXTERNAL_AUTH`
specifies which external authentication methods are activated. The value of this variable is a list. If the list includes `ldap`, `saml`, or `oidc`,
then LDAP authentication, SAML authentication, and OIDC authentication will be activated, respectively.
For example: `EXTERNAL_AUTH=ldap saml oidc`
This configuration activates all available authentication methods, although this is rarely necessary.
<details>
<summary><h3>Local Authentication</h3></summary>
Password of local users stored in the MongoDB database. An admin user can create a new local user. For details, visit the
[wiki of Overleaf project](https://github.com/overleaf/overleaf/wiki/Creating-and-managing-users).
It is possible to enforce password restrictions on local users:
* `OVERLEAF_PASSWORD_VALIDATION_MIN_LENGTH`: The minimum length required
* `OVERLEAF_PASSWORD_VALIDATION_MAX_LENGTH`: The maximum length allowed
* `OVERLEAF_PASSWORD_VALIDATION_PATTERN`: is used to validate password strength
- `abc123`– password requires 3 letters and 3 numbers and be at least 6 characters long
- `aA`– password requires lower and uppercase letters and be at least 2 characters long
- `ab$3`– it must contain letters, digits and symbols and be at least 4 characters long
- There are 4 groups of characters: letters, UPPERcase letters, digits, symbols. Anything that is neither a letter nor a digit is considered to be a symbol.
</details>
<details>
<summary><h3>LDAP Authentication</h3></summary>
Internally, Overleaf LDAP uses the [passport-ldapauth](https://github.com/vesse/passport-ldapauth) library. Most of these configuration options are passed through to the `server` config object which is used to configure `passport-ldapauth`. If you are having issues configuring LDAP, it is worth reading the README for `passport-ldapauth` to understand the configuration it expects.
When using Local and LDAP authentication methods, a user enters a `username` and `password` in the login form. If LDAP authentication is enabled, it is attempted first:
1. An LDAP user is searched for in the LDAP directory using the filter defined by `OVERLEAF_LDAP_SEARCH_FILTER` and authenticated.
2. If authentication is successful, the Overleaf users database is checked for a user with the primary email address that matches the email address of the authenticated LDAP user:
- If a matching user is found, the `hashedPassword` field for this user is deleted (if it exists). This ensures that the user can only log in via LDAP authentication in the future.
- If no matching user is found, a new Overleaf user is created using the email, first name, and last name retrieved from the LDAP server.
3. If LDAP authentication fails or is unsuccessful, local authentication is attempted.
#### Environment Variables
- `OVERLEAF_LDAP_URL`**(required)**
* URL of the LDAP server.
- Example: `ldaps://ldap.example.com:636` (LDAP over SSL)
- Example: `ldap://ldap.example.com:389` (unencrypted or STARTTLS, if configured).
- `OVERLEAF_LDAP_EMAIL_ATT`
* The email attribute returned by the LDAP server, default `mail`. Each LDAP user must have at least one email address.
If multiple addresses are provided, only the first one will be used.
- `OVERLEAF_LDAP_FIRST_NAME_ATT`
* The property name holding the first name of the user which is used in the application, usually `givenName`.
- `OVERLEAF_LDAP_LAST_NAME_ATT`
* The property name holding the family name of the user which is used in the application, usually `sn`.
- `OVERLEAF_LDAP_NAME_ATT`
* The property name holding the full name of the user, usually `cn`. If either of the two previous variables is not defined,
the first and/or last name of the user is extracted from this variable. Otherwise, it is not used.
- `OVERLEAF_LDAP_PLACEHOLDER`
* The placeholder for the login form, defaults to `Username`.
- `OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN`
* If set to `true`, updates the LDAP user `first_name` and `last_name` field on login, and turn off the user details form on the `/user/settings`
page for LDAP users. Otherwise, details will be fetched only on first login.
- `OVERLEAF_LDAP_BIND_DN`
* The distinguished name of the LDAP user that should be used for the LDAP connection
(this user should be able to search/list accounts on the LDAP server),
e.g., `cn=ldap_reader,dc=example,dc=com`. If not defined, anonymous binding is used.
- `OVERLEAF_LDAP_BIND_CREDENTIALS`
* Password for `OVERLEAF_LDAP_BIND_DN`.
- `OVERLEAF_LDAP_BIND_PROPERTY`
* Property of the user to bind against the client, defaults to `dn`.
- `OVERLEAF_LDAP_SEARCH_BASE`**(required)**
* The base DN from which to search for users. E.g., `ou=people,dc=example,dc=com`.
- `OVERLEAF_LDAP_SEARCH_FILTER`
* LDAP search filter with which to find a user. Use the literal '{{username}}' to have the given username be interpolated in for the LDAP search.
- Example: `(|(uid={{username}})(mail={{username}}))` (user can login with email or with login name).
* The scope of the search can be `base`, `one`, or `sub` (default).
- `OVERLEAF_LDAP_SEARCH_ATTRIBUTES`
* JSON array of attributes to fetch from the LDAP server, e.g., `["uid", "mail", "givenName", "sn"]`.
By default, all attributes are fetched.
- `OVERLEAF_LDAP_STARTTLS`
* If `true`, LDAP over TLS is used.
- `OVERLEAF_LDAP_TLS_OPTS_CA_PATH`
* Path to the file containing the CA certificate used to verify the LDAP server's SSL/TLS certificate. If there are multiple certificates, then
it can be a JSON array of paths to the certificates. The files must be accessible to the docker container.
- Example (one certificate): `/overleaf/certs/ldap_ca_cert.pem`
- Example (multiple certificates): `["/overleaf/certs/ldap_ca_cert1.pem", "/overleaf/certs/ldap_ca_cert2.pem"]`
- `OVERLEAF_LDAP_TLS_OPTS_REJECT_UNAUTH`
* If `true`, the server certificate is verified against the list of supplied CAs.
- `OVERLEAF_LDAP_CACHE`
* If `true`, then up to 100 credentials at a time will be cached for 5 minutes.
- `OVERLEAF_LDAP_TIMEOUT`
* How long the client should let operations live for before timing out, ms (Default: Infinity).
- `OVERLEAF_LDAP_CONNECT_TIMEOUT`
* How long the client should wait before timing out on TCP connections, ms (Default: OS default).
- `OVERLEAF_LDAP_IS_ADMIN_ATT` and `OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE`
* When both environment variables are set, the login process updates `user.isAdmin = true` if the LDAP profile contains the attribute specified by
`OVERLEAF_LDAP_IS_ADMIN_ATT` and its value either matches `OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE` or is an array containing `OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE`,
otherwise `user.isAdmin` is set to `false`. If either of these variables is not set, then the admin status is only set to `true` during admin user
creation in Launchpad.
The following five variables are used to configure how user contacts are retrieved from the LDAP server.
- `OVERLEAF_LDAP_CONTACTS_FILTER`
* The filter used to search for users in the LDAP server to be loaded into contacts. The placeholder '{{userProperty}}' within the filter is replaced with the value of
the property specified by `OVERLEAF_LDAP_CONTACTS_PROPERTY` from the LDAP user initiating the search. If not defined, no users are retrieved from the LDAP server into contacts.
- `OVERLEAF_LDAP_CONTACTS_SEARCH_BASE`
* Specifies the base DN from which to start searching for the contacts. Defaults to `OVERLEAF_LDAP_SEARCH_BASE`.
- `OVERLEAF_LDAP_CONTACTS_SEARCH_SCOPE`
* The scope of the search can be `base`, `one`, or `sub` (default).
- `OVERLEAF_LDAP_CONTACTS_PROPERTY`
* Specifies the property of the user object that will replace the '{{userProperty}}' placeholder in the `OVERLEAF_LDAP_CONTACTS_FILTER`.
- `OVERLEAF_LDAP_CONTACTS_NON_LDAP_VALUE`
* Specifies the value of the `OVERLEAF_LDAP_CONTACTS_PROPERTY` if the search is initiated by a non-LDAP user. If this variable is not defined, the resulting filter
will match nothing. The value `*` can be used as a wildcard.
The above example results in loading into the contacts of the current LDAP user all LDAP users who have the same UNIX `gid`. Non-LDAP users will have all LDAP users with UNIX `gid=1000` in their contacts.
where `someuser` is the uid of an existing user, will always produce a non-empty search result.
As a result, **every user will be granted admin rights**, not just `someuser`, as one might expect.
</details>
</details>
</details>
<details>
<summary><h3>SAML Authentication</h3></summary>
Internally, Overleaf SAML module uses the [passport-saml](https://github.com/node-saml/passport-saml) library, most of the following
configuration options are passed through to `passport-saml`. If you are having issues configuring SAML, it is worth reading the README
for `passport-saml` to get a feel for the configuration it expects.
When using the SAML authentication method, a user is redirected to the Identity Provider (IdP) authentication site.
If the IdP successfully authenticates the user, the Overleaf users database is checked for a record containing a `samlIdentifiers` field structured as follows:
```
samlIdentifiers: [
{
externalUserId: "...",
providerId: "1",
userIdAttribute: "..."
}
]
```
The `externalUserId` must match the value of the property specified by `userIdAttribute` in the user profile returned by the IdP server.
If no matching record is found, the database is searched for a user with the primary email address matching the email in the IdP user profile:
- If such a user is found, the `hashedPassword` field is deleted to disable local authentication, and the `samlIdentifiers` field is added.
- If no matching user is found, a new user is created with the email address and `samlIdentifiers` from the IdP profile.
**Note:** Currently, only one SAML IdP is supported. The `providerId` field in `samlIdentifiers` is fixed to `'1'`.
#### Environment Variables
- `OVERLEAF_SAML_IDENTITY_SERVICE_NAME`
* Display name for the identity service, used on the login page (default: `Log in with SAML IdP`).
- `OVERLEAF_SAML_USER_ID_FIELD`
* The value of this attribute will be used by Overleaf as the external user ID, defaults to `nameID`.
- `OVERLEAF_SAML_EMAIL_FIELD`
* Name of the Email field in user profile, defaults to `nameID`.
- `OVERLEAF_SAML_FIRST_NAME_FIELD`
* Name of the firstName field in user profile, defaults to `givenName`.
- `OVERLEAF_SAML_LAST_NAME_FIELD`
* Name of the lastName field in user profile, defaults to `lastName`
- `OVERLEAF_SAML_UPDATE_USER_DETAILS_ON_LOGIN`
* If set to `true`, updates the user `first_name` and `last_name` field on login,
and turn off the user details form on `/user/settings` page.
* Expected saml response Audience, defaults to value of `OVERLEAF_SAML_ISSUER`.
- `OVERLEAF_SAML_IDP_CERT`**(required)**
* Path to a file containing the Identity Provider's public certificate, used to validate the signatures of incoming SAML responses. If the Identity Provider has multiple valid signing certificates, then
it can be a JSON array of paths to the certificates.
- Example (one certificate): `/overleaf/certs/idp_cert.pem`
- Example (multiple certificates): `["/overleaf/certs/idp_cert.pem", "/overleaf/certs/idp_cert_old.pem"]`
- `OVERLEAF_SAML_PUBLIC_CERT`
* Path to a file containing public signing certificate used to embed in auth requests in order for the IdP to validate the signatures of the incoming SAML Request. It's required when setting up the [metadata endpoint](#metadata-for-the-identity-provider)
when the strategy is configured with a `OVERLEAF_SAML_PRIVATE_KEY`. A JSON array of paths to certificates can be provided to support certificate rotation. When supplying an array of certificates, the first entry in the array should match the
current `OVERLEAF_SAML_PRIVATE_KEY`. Additional entries in the array can be used to publish upcoming certificates to IdPs before changing the `OVERLEAF_SAML_PRIVATE_KEY`.
- `OVERLEAF_SAML_PRIVATE_KEY`
* Path to a file containing a PEM-formatted private key matching the `OVERLEAF_SAML_PUBLIC_CERT` used to sign auth requests sent by passport-saml.
- `OVERLEAF_SAML_DECRYPTION_CERT`
* Path to a file containing public certificate, used for the [metadata endpoint](#metadata-for-the-identity-provider).
- `OVERLEAF_SAML_DECRYPTION_PVK`
* Path to a file containing private key matching the `OVERLEAF_SAML_DECRYPTION_CERT` that will be used to attempt to decrypt any encrypted assertions that are received.
- `OVERLEAF_SAML_SIGNATURE_ALGORITHM`
* Optionally set the signature algorithm for signing requests,
valid values are 'sha1' (default), 'sha256' (prefered), 'sha512' (most secure, check if your IdP supports it).
- `OVERLEAF_SAML_ADDITIONAL_PARAMS`
* JSON dictionary of additional query params to add to all requests.
- `OVERLEAF_SAML_ADDITIONAL_AUTHORIZE_PARAMS`
* JSON dictionary of additional query params to add to 'authorize' requests.
- Example: `{"some_key": "some_value"}`
- `OVERLEAF_SAML_IDENTIFIER_FORMAT`
* Name identifier format to request from the identity provider (default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`).
If using `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`, ensure the `OVERLEAF_SAML_EMAIL_FIELD` envirionment variable is defined.
If `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` is required, you must also define the `OVERLEAF_SAML_ID_FIELD` environment variable,
which can, for example, be set to the user's email address.
- `OVERLEAF_SAML_ACCEPTED_CLOCK_SKEW_MS`
* Time in milliseconds of skew that is acceptable between client and server when checking OnBefore and NotOnOrAfter assertion
condition validity timestamps. Setting to -1 will disable checking these conditions entirely. Default is 0.
* `AttributeConsumingServiceIndex` attribute to add to AuthnRequest to instruct the IdP which attribute set to attach
to the response ([link](http://blog.aniljohn.com/2014/01/data-minimization-front-channel-saml-attribute-requests.html)).
- `OVERLEAF_SAML_AUTHN_CONTEXT`
* JSON array of name identifier format values to request auth context. Default: `["urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"]`.
- `OVERLEAF_SAML_FORCE_AUTHN`
* If `true`, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user,
even if they possess a valid session.
- `OVERLEAF_SAML_DISABLE_REQUESTED_AUTHN_CONTEXT`
* If `true`, do not request a specific auth context. For example, you can this this to `true` to allow additional contexts such as password-less logins (`urn:oasis:names:tc:SAML:2.0:ac:classes:X509`). Support for additional contexts is dependant on your IdP.
- `OVERLEAF_SAML_AUTHN_REQUEST_BINDING`
* If set to `HTTP-POST`, will request authentication from IdP via HTTP POST binding, otherwise defaults to HTTP-Redirect.
- `OVERLEAF_SAML_VALIDATE_IN_RESPONSE_TO`
* If `always`, then InResponseTo will be validated from incoming SAML responses.
* If `never`, then InResponseTo won't be validated (default).
* If `ifPresent`, then InResponseTo will only be validated if present in the incoming SAML response.
- `OVERLEAF_SAML_WANT_ASSERTIONS_SIGNED` and `OVERLEAF_SAML_WANT_AUTHN_RESPONSE_SIGNED`
* When set to `true` (default), Overleaf expects the SAML Assertions, respectively the entire SAML Authentication Response, to be signed by the IdP.
When both options are `false`, at least one of the assertions or the response must be signed.
- `OVERLEAF_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS`
* Defines the expiration time when a Request ID generated for a SAML request will not be valid if seen
in a SAML response in the `InResponseTo` field. Default: 28800000 (8 hours).
- `OVERLEAF_SAML_LOGOUT_URL`
* base address to call with logout requests (default: `entryPoint`).
* JSON dictionary of additional query params to add to 'logout' requests.
- `OVERLEAF_SAML_IS_ADMIN_FIELD` and `OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE`
* When both environment variables are set, the login process updates `user.isAdmin = true` if the profile returned by the SAML IdP contains the attribute specified by
`OVERLEAF_SAML_IS_ADMIN_FIELD` and its value either matches `OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE` or is an array containing `OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE`,
otherwise `user.isAdmin` is set to `false`. If either of these variables is not set, then the admin status is only set to `true` during admin user
creation in Launchpad.
#### Metadata for the Identity Provider
The current version of Overleaf CE includes and endpoint to retrieve Service Provider Metadata: `http://my-overleaf-instance.com/saml/meta`
The Identity Provider will need to be configured to recognize the Overleaf server as a "Service Provider". Consult the documentation for your SAML server for instructions on how to do this.
Below is an example of appropriate Service Provider metadata:
Internally, Overleaf OIDC module uses the [passport-openidconnect](https://github.com/jaredhanson/passport-openidconnect) library.
If you are having issues configuring OpenID Connect, it is worth reading the README for `passport-openidconnect` to get a feel for the configuration it expects.
When using the OIDC authentication method, a user is redirected to the Identity Provider (IdP) authentication site.
If the IdP successfully authenticates the user, the Overleaf users database is checked for a record containing a `thirdPartyIdentifiers` field structured as follows:
```
thirdPartyIdentifiers: [
{
externalUserId: "...",
externalData: null,
providerId: "..."
}
]
```
The `externalUserId` must match the user ID in the profile returned by the IdP server (see the `OVERLEAF_OIDC_USER_ID_FIELD` environment variable), and `providerId`
must match the ID of the OIDC provider (see the `OVERLEAF_OIDC_PROVIDER_ID`).
If no matching record is found, the database is searched for a user with the primary email address matching the email in the IdP user profile:
- If such a user is found, the `thirdPartyIdentifiers` field is updated.
- If no matching user is found, a new user is created with the email address and `thirdPartyIdentifiers` from the IdP profile.
In both cases, the user is said to be 'linked' to the external OIDC user. The user can be unlinked from the OIDC provider on the `/user/settings` page.
#### Environment Variables
The values of the following five required variables can be found using `.well-known/openid-configuration` endpoint of your OpenID Provider (OP).
- `OVERLEAF_OIDC_ISSUER`**(required)**
- `OVERLEAF_OIDC_AUTHORIZATION_URL`**(required)**
- `OVERLEAF_OIDC_TOKEN_URL`**(required)**
- `OVERLEAF_OIDC_USER_INFO_URL`**(required)**
- `OVERLEAF_OIDC_LOGOUT_URL`**(required)**
The values of the following two required variables will be provided by the admin of your OP
- `OVERLEAF_OIDC_CLIENT_ID`**(required)**
- `OVERLEAF_OIDC_CLIENT_SECRET`**(required)**
- `OVERLEAF_OIDC_SCOPE`
* Default: `openid profile email`
- `OVERLEAF_OIDC_PROVIDER_ID`
* Arbitrary ID of the OP, defaults to `oidc`.
- `OVERLEAF_OIDC_PROVIDER_NAME`
* The name of the OP, used in the `Linked Accounts` section of the `/user/settings` page, defaults to `OIDC Provider`.
- `OVERLEAF_OIDC_IDENTITY_SERVICE_NAME`
* Display name for the identity service, used on the login page (default: `Log in with $OVERLEAF_OIDC_PROVIDER_NAME`).
- `OVERLEAF_OIDC_PROVIDER_DESCRIPTION`
* Description of OP, used in the `Linked Accounts` section (default: `Log in with $OVERLEAF_OIDC_PROVIDER_NAME`).
- `OVERLEAF_OIDC_PROVIDER_INFO_LINK`
* `Learn more` URL in the OP description, default: no `Learn more` link in the description.
- `OVERLEAF_OIDC_PROVIDER_HIDE_NOT_LINKED`
* Do not show OP on the `/user/settings` page, if the user's account is not linked with the OP, default `false`.
- `OVERLEAF_OIDC_USER_ID_FIELD`
* The value of this attribute will be used by Overleaf as the external user ID, defaults to `id`.
Other possible reasonable values are `email` and `username` (corresponding to `preferred_username` OIDC claim).
- `OVERLEAF_OIDC_UPDATE_USER_DETAILS_ON_LOGIN`
* If set to `true`, updates the user `first_name` and `last_name` field on login,
and disables the user details form on `/user/settings` page.
- `OVERLEAF_OIDC_IS_ADMIN_FIELD` and `OVERLEAF_OIDC_IS_ADMIN_FIELD_VALUE`
* When both environment variables are set, the login process updates `user.isAdmin = true` if the profile returned by the OP contains the attribute specified by
`OVERLEAF_OIDC_IS_ADMIN_FIELD` and its value matches `OVERLEAF_OIDC_IS_ADMIN_FIELD_VALUE`, otherwise `user.isAdmin` is set to `false`.
If `OVERLEAF_OIDC_IS_ADMIN_FIELD` is `email` then the value of the attribute `emails[0].value` is used for match checking.
The redirect URL for your OpenID Provider is `https://my-overleaf-instance.com/oidc/login/callback`.
Configuration details and release history for the Extended Community Edition can be found on the [Extended CE Wiki Page](https://github.com/yu-i-i/overleaf-cep/wiki).
## Overleaf Docker Image
This repo contains two dockerfiles, [`Dockerfile-base`](server-ce/Dockerfile-base), which builds the
`sharelatex/sharelatex-base` image, and [`Dockerfile`](server-ce/Dockerfile) which builds the
`sharelatex/sharelatex` (or "community") image.
`sharelatex/sharelatex-base:ext-ce` image, and [`Dockerfile`](server-ce/Dockerfile) which builds the
`sharelatex/sharelatex:ext-ce` image.
The Base image generally contains the basic dependencies like `wget`, plus `texlive`.
We split this out because it's a pretty heavy set of
This is split out because it's a pretty heavy set of
dependencies, and it's nice to not have to rebuild all of that every time.
The `sharelatex/sharelatex` image extends the base image and adds the actual Overleaf code
@ -1004,17 +67,16 @@ and services.
Use `make build-base` and `make build-community` from `server-ce/` to build these images.
We use the [Phusion base-image](https://github.com/phusion/baseimage-docker)
(which is extended by our `base` image) to provide us with a VM-like container
The [Phusion base-image](https://github.com/phusion/baseimage-docker)
(which is extended by the `base` image) provides a VM-like container
in which to run the Overleaf services. Baseimage uses the `runit` service
manager to manage services, and we add our init-scripts from the `server-ce/runit`
folder.
manager to manage services, and init scripts from the `server-ce/runit`