Dane Everitt
e8dcd30e0c
[security] fix resources not properly returning an error when they don't match the server in the URL
...
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.
Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
2021-01-19 21:19:17 -08:00
Dane Everitt
6c39288def
Clarify error messaging for transfers
2020-12-24 10:14:10 -08:00
Matthew Penner
37cfa151b6
Use ServerTransferringException
2020-12-17 10:37:14 -07:00
Matthew Penner
e69d9b2c26
Update comment in AuthenticateServerAccess.php
2020-12-17 10:35:54 -07:00
Matthew Penner
fd848985ee
Add ServerTransferringException, use is_null
2020-12-17 10:35:54 -07:00
Matthew Penner
e6c4a68e4a
Update logic for tracking a server's transfer state
2020-12-17 10:35:54 -07:00
Dane Everitt
d22456d9ca
Block API access when 2FA is required on account; closes #2791
2020-12-06 13:56:14 -08:00
Matt Malec
df64026449
Update AuthenticateIPAccess.php
...
Fix a 500 error when processing a request with an IP filter
2020-11-08 21:57:22 -05:00
Dane Everitt
c00e5b36a5
Return all servers for a node as a paginated response
...
Avoids crashing the PHP process and avoids a bad runaway N+1 query issue that previously existed.
2020-10-31 11:14:28 -07:00
Dane Everitt
f31a6d3967
Fix parameter bindings for client API routes; closes pterodactyl/panel#2359
2020-09-27 10:39:18 -07:00
Dane Everitt
906cfce81c
Don't return a 403 when returning resources for a suspended server; closes #2279
2020-08-30 09:54:59 -07:00
Dane Everitt
540cc82e3d
Don't resolve database hosts; closes #2237
2020-08-19 20:38:51 -07:00
Dane Everitt
61e9771333
Code cleanup for subuser API endpoints; closes #2247
2020-08-19 20:21:12 -07:00
Dane Everitt
2278927fb6
Update allocations to support ids; protect endpoints; support notes
2020-07-09 20:36:08 -07:00
DarthShmev
06ece0e624
Fix AuthenticateServerAccess middleware spelling issue.
2020-07-05 15:48:02 -04:00
Dane Everitt
fde8465f35
Show a better error when JSON data cannot be parsed in the request
2020-06-30 20:05:11 -07:00
Dane Everitt
756a21ff04
Remove unused code
2020-06-24 20:38:13 -07:00
Dane Everitt
536180ed0c
Return Http test cases to a passing state
2020-06-23 21:59:37 -07:00
Dane Everitt
16e14621c8
Better error messaging when server is suspended
2020-06-22 20:22:52 -07:00
Dane Everitt
6056b6f45d
Show console when an admin is viewing an installing server
2020-04-26 13:21:39 -07:00
Matthew Penner
658a959e5d
Fix trailing comma in DaemonAuthenticate.php, change ServerDetailsController.php to use node authentication
2020-04-10 17:54:50 -06:00
Dane Everitt
2532a73425
Don't throw errors if bad data is sent in the header
2020-04-10 15:53:19 -07:00
Dane Everitt
7557dddf49
Store node daemon tokens in an encrypted manner
2020-04-10 15:15:38 -07:00
Dane Everitt
be05d2df81
Add support for generating a signed URL for downloading a file from the daemon
2020-04-04 19:54:59 -07:00
Dane Everitt
1f92a7de33
Authenticate that the request is coming from someone that should even know about the server
2020-03-28 16:23:18 -07:00
Dane Everitt
d9d4c0590c
Fix silent failure mode when recaptcha is enabled
2019-12-15 16:13:44 -08:00
Dane Everitt
c17f9ba8a9
Move server view management parts to new controller and clean up code
2019-11-24 12:50:16 -08:00
Dane Everitt
7543ef085d
Format files
2019-09-05 21:32:57 -07:00
Dane Everitt
95d19bf09e
Update logic that handles creation of folders for a server
2019-05-01 21:45:39 -07:00
Dane Everitt
5ca13839cf
Merge branch 'develop' into feature/vue-serverview
2018-09-05 21:34:59 -07:00
Dane Everitt
fd49e524c8
Update middleware code
2018-09-03 15:17:53 -07:00
Dane Everitt
4d62e4c7b9
Merge branch 'develop' into pr/1128
2018-09-03 15:10:23 -07:00
Dane Everitt
f3efe546da
Fix broken namespace for autoloader
2018-08-31 20:34:57 -07:00
Dane Everitt
0999ec93c3
More logic for deleting databases
2018-08-25 15:07:42 -07:00
Dane Everitt
9be2aa4ca9
Push beginning of DB deletion stuff
2018-08-25 14:43:21 -07:00
Dane Everitt
8bbe6bc279
Add test, fix behavior of model creation
2018-07-14 22:58:33 -07:00
Dane Everitt
550c622d3b
Obliterate JWT from codebase
2018-07-14 22:48:09 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
Dane Everitt
eafc4408eb
Fix broken unit tests
2018-07-14 21:49:49 -07:00
Dane Everitt
c82f273d85
Fix remaining broken tests
2018-07-04 19:38:23 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal.
2018-06-16 14:05:39 -07:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
Dane Everitt
5bcabbde35
Get dashboard in a more working state
2018-06-05 23:42:34 -07:00
stanjg
b56f3a8671
Expanded the middleware test
2018-06-01 16:22:06 +02:00
stanjg
e9ac014bf4
Removed the use of Auth facade and removed unnecesary option
2018-06-01 16:10:32 +02:00
stanjg
3bb9e5e8a8
Merge branch 'develop' of https://github.com/stanjg/panel into feature/user-specific-language
2018-06-01 15:58:09 +02:00
Dane Everitt
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist
2018-05-31 22:59:39 -07:00
stanjg
013dde75ae
Renamed the field and made some improvements
2018-05-31 16:34:35 +02:00
Dane Everitt
a1444b047e
Fix JWT handling for API access when logging in
2018-05-28 14:59:48 -07:00
Dane Everitt
6e5c365018
Use the client API to load servers on the listing page
2018-05-28 13:23:40 -07:00