Commit graph

2018 commits

Author SHA1 Message Date
Matthew Penner
5909731aa1
api(remote): fix wrong type in egg config service 2022-04-01 09:59:07 -06:00
Dane Everitt
f51b730f51
Better user search filtering 2022-03-12 17:06:14 -05:00
Dane Everitt
2ee8ac557a
Add "*" filter for user searching 2022-03-12 16:08:00 -05:00
Dane Everitt
93febff5e8
Include footer on the table 2022-02-27 16:15:11 -05:00
Dane Everitt
764811c927
Fix incompatible signatures after update 2022-02-27 10:50:31 -05:00
Dane Everitt
134ba508e2
Fix i18n 2022-02-26 12:01:05 -05:00
Dane Everitt
0dddcfca36
Continue to throw exceptions when file is not found 2022-02-26 11:54:12 -05:00
Dane Everitt
c16fa92904
Cleanup php-cs-fixer 2022-02-26 11:51:18 -05:00
Dane Everitt
0e1c3a76f4
Test cleanup 2022-02-26 11:49:59 -05:00
Dane Everitt
e236f74d1d
First pass at getting us on Laravel 9 2022-02-26 11:15:20 -05:00
Dane Everitt
cc43a6ec64
Drop remaining references to alerts package 2022-02-26 10:40:45 -05:00
Dane Everitt
cb4d4b5ce6
Make personal access tokens soft-deletable; update front-end 2022-02-20 13:07:12 -05:00
Dane Everitt
fb1f75353d
Run cs-fixer on files 2022-02-13 19:06:53 -05:00
Dane Everitt
afd0a8f768
Update phpstan 2022-02-13 19:04:11 -05:00
Dane Everitt
e683c0a518
Fix failing tests related to these changes 2022-02-13 18:32:02 -05:00
Dane Everitt
341ff6e178
Cleanup test framework; drop all the unused browser tests 2022-02-13 17:59:53 -05:00
Dane Everitt
fac4902ccc
Don't trigger an internal error if hitting 2fa endpoint and it isn't enabled 2022-02-13 17:33:12 -05:00
Dane Everitt
9032699deb
Use SWR for security key index 2022-02-13 15:44:19 -05:00
Dane Everitt
b43e8835bb
Don't store a new key on every login 2022-02-13 15:06:08 -05:00
Dane Everitt
2d2352017d
Fix login authentication using security key 2022-02-13 14:57:45 -05:00
Dane Everitt
09497c234a
Support authenticating the provided key when loggin in 2022-02-13 14:44:50 -05:00
Dane Everitt
54c7207836
Fix authentication request creation 2022-02-13 14:23:20 -05:00
Dane Everitt
969d40d6c1
Logic cleanup after a bit of dust collection 2022-02-13 14:15:18 -05:00
Dane Everitt
8971e78ab5
Merge branch 'v2' into dane/webauthn 2022-02-13 13:46:15 -05:00
Dane Everitt
cd84663ffe
Fix missing import from merge 2022-02-13 13:17:33 -05:00
Dane Everitt
ca6f501c70
Merge branch 'develop' into v2 2022-02-13 12:55:02 -05:00
Alex
5120590e47
ref: remove google analytics (#3912) 2022-02-05 09:08:43 -08:00
Dane Everitt
0a4ba6a7dc
Force https on URLs when behind proxy; closes #3623 2022-01-23 12:58:44 -05:00
Dane Everitt
dfa329ddf2
[security] ensure session is only for that request when authenticating user API key
https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv
2022-01-19 21:09:17 -05:00
Matthew Penner
1eaf411cb4
node: lowercase fqdn in letsencrypt path (#3890) 2022-01-17 19:56:57 -07:00
Alex
28f7a809a5
fix: exception localization (#3850)
resolves #3849
2022-01-15 08:10:37 -08:00
Matthew Penner
d1c9af8f04
Merge branch 'develop' into v2 2022-01-08 15:20:23 -07:00
Alex
b8bf537737
cmd(setup): validate email input, closes #3175 (#3716) 2021-12-04 10:52:09 -08:00
Dane Everitt
bf9cbe2c6d
Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints 2021-11-16 20:02:18 -08:00
Matthew Penner
ce0bc477c2
ui(admin): fix egg variables 2021-11-04 14:33:24 -06:00
Matthew Penner
5359ef8407
api(app): allow removing a server's startup command 2021-11-04 11:47:08 -06:00
Matthew Penner
34d20b2bf0
api: remove old debug logs 2021-11-04 11:37:33 -06:00
Dane Everitt
17c03e9a4d
Fix broken session management for application api 2021-11-03 21:33:21 -07:00
Dane Everitt
60eff40a0c
Fix session management on client API requests; closes #3727
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.

Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).

This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.

In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
2021-11-03 20:51:39 -07:00
Matthew Penner
728adfe388
server(startup): make startup nullable; resolves #3721 2021-11-03 15:32:53 -06:00
Dane Everitt
cdd8eabcc0
Add phpstan for static analysis (#3718) 2021-10-30 13:41:38 -07:00
Matthew Penner
871d0bdd1c
ui(admin): add egg exporting 2021-10-30 14:23:29 -06:00
Matthew Penner
70cf5c17aa
ui(admin): basic server creation 2021-10-29 00:04:28 -06:00
Matthew Penner
c48d573cc9
Merge branch 'develop' into v2 2021-10-28 22:59:12 -06:00
Matthew Penner
5e99bb8dd6
ui(admin): fix server startup variables 2021-10-24 16:05:00 -06:00
Alex
ef4410bac6
expose uptime to client resources API endpoint (#3705)
resolves #3704
2021-10-24 10:12:17 -07:00
Matthew Penner
0e870ab256
fix integration tests 2021-10-23 14:17:05 -06:00
Matthew Penner
2948e344d2
fix integration tests 2021-10-23 13:34:41 -06:00
Matthew Penner
b966069946
Merge branch 'develop' into v2 2021-10-23 13:26:25 -06:00
Dane Everitt
22a8b2b3a2
Use more standardized rate limiting in Laravel; apply limits to auth routes 2021-10-23 12:17:16 -07:00