Commit graph

177 commits

Author SHA1 Message Date
Dane Everitt
2203a4d87e
Normalize logic across client and application API 2021-08-07 11:55:49 -07:00
Dane Everitt
bc1db626e7
Fix up subuser controller to use better binding checks 2021-08-07 11:15:44 -07:00
Dane Everitt
74426a97f4
Simplify logic for checking for missing unbound models 2021-08-07 11:15:30 -07:00
Dane Everitt
4d1a7e6637
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-04 22:20:43 -07:00
Dane Everitt
47b895a98a
Update existing application API to use simplified user permission checking 2021-08-04 21:15:19 -07:00
Dane Everitt
b47d262ee0
Initial pass at deleting as much removed logic as possible; still need to migrate old keys and permissions over 2021-08-04 21:15:18 -07:00
Dane Everitt
d60e8a193b
Very basic working implementation of sanctum for API validation 2021-08-04 21:15:16 -07:00
Matthew Penner
59f2ea37d8 ui(auth): add support for using a security key 2021-07-17 14:45:23 -06:00
Matthew Penner
01c03b6b77 Merge branch 'develop' into feature/react-admin 2021-06-06 14:06:14 -06:00
Alex
9656378783
Fix 401 error typo (#3393) 2021-06-03 13:35:51 -07:00
Matthew Penner
a87fef37ec Merge branch 'develop' into feature/react-admin 2021-02-07 16:16:22 -07:00
Dane Everitt
e30a765071
Simplify logic when a server is in an unsupported state 2021-01-30 13:28:31 -08:00
Dane Everitt
0a2c89e9f4
Reeformat with new rules post merge 2021-01-25 19:20:51 -08:00
Dane Everitt
663143de0b
Merge branch 'develop' into dane/restore-backups 2021-01-25 19:16:40 -08:00
Matthew Penner
5737b5dc5d api(application): fix requests 2021-01-23 18:17:35 -07:00
Dane Everitt
c449ca5155
Use more standardized phpcs 2021-01-23 12:33:34 -08:00
Dane Everitt
a043071e3c
Update to Laravel 8
Co-authored-by: Matthew Penner <me@matthewp.io>
2021-01-23 12:12:54 -08:00
Dane Everitt
e8dcd30e0c
[security] fix resources not properly returning an error when they don't match the server in the URL
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.

Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
2021-01-19 21:19:17 -08:00
Dane Everitt
a75a347d65
Remove suspended & installing fields, replace with single status field 2021-01-17 15:51:56 -08:00
Dane Everitt
6c39288def
Clarify error messaging for transfers 2020-12-24 10:14:10 -08:00
Matthew Penner
37cfa151b6 Use ServerTransferringException 2020-12-17 10:37:14 -07:00
Matthew Penner
e69d9b2c26 Update comment in AuthenticateServerAccess.php 2020-12-17 10:35:54 -07:00
Matthew Penner
fd848985ee Add ServerTransferringException, use is_null 2020-12-17 10:35:54 -07:00
Matthew Penner
e6c4a68e4a Update logic for tracking a server's transfer state 2020-12-17 10:35:54 -07:00
Dane Everitt
d22456d9ca
Block API access when 2FA is required on account; closes #2791 2020-12-06 13:56:14 -08:00
Matt Malec
df64026449
Update AuthenticateIPAccess.php
Fix a 500 error when processing a request with an IP filter
2020-11-08 21:57:22 -05:00
Dane Everitt
c00e5b36a5
Return all servers for a node as a paginated response
Avoids crashing the PHP process and avoids a bad runaway N+1 query issue that previously existed.
2020-10-31 11:14:28 -07:00
Dane Everitt
f31a6d3967
Fix parameter bindings for client API routes; closes pterodactyl/panel#2359 2020-09-27 10:39:18 -07:00
Dane Everitt
906cfce81c
Don't return a 403 when returning resources for a suspended server; closes #2279 2020-08-30 09:54:59 -07:00
Dane Everitt
540cc82e3d
Don't resolve database hosts; closes #2237 2020-08-19 20:38:51 -07:00
Dane Everitt
61e9771333
Code cleanup for subuser API endpoints; closes #2247 2020-08-19 20:21:12 -07:00
Dane Everitt
2278927fb6
Update allocations to support ids; protect endpoints; support notes 2020-07-09 20:36:08 -07:00
DarthShmev
06ece0e624
Fix AuthenticateServerAccess middleware spelling issue. 2020-07-05 15:48:02 -04:00
Dane Everitt
fde8465f35
Show a better error when JSON data cannot be parsed in the request 2020-06-30 20:05:11 -07:00
Dane Everitt
756a21ff04
Remove unused code 2020-06-24 20:38:13 -07:00
Dane Everitt
536180ed0c
Return Http test cases to a passing state 2020-06-23 21:59:37 -07:00
Dane Everitt
16e14621c8
Better error messaging when server is suspended 2020-06-22 20:22:52 -07:00
Dane Everitt
6056b6f45d
Show console when an admin is viewing an installing server 2020-04-26 13:21:39 -07:00
Matthew Penner
658a959e5d Fix trailing comma in DaemonAuthenticate.php, change ServerDetailsController.php to use node authentication 2020-04-10 17:54:50 -06:00
Dane Everitt
2532a73425
Don't throw errors if bad data is sent in the header 2020-04-10 15:53:19 -07:00
Dane Everitt
7557dddf49
Store node daemon tokens in an encrypted manner 2020-04-10 15:15:38 -07:00
Dane Everitt
be05d2df81
Add support for generating a signed URL for downloading a file from the daemon 2020-04-04 19:54:59 -07:00
Dane Everitt
1f92a7de33
Authenticate that the request is coming from someone that should even know about the server 2020-03-28 16:23:18 -07:00
Dane Everitt
d9d4c0590c
Fix silent failure mode when recaptcha is enabled 2019-12-15 16:13:44 -08:00
Dane Everitt
c17f9ba8a9
Move server view management parts to new controller and clean up code 2019-11-24 12:50:16 -08:00
Dane Everitt
7543ef085d
Format files 2019-09-05 21:32:57 -07:00
Dane Everitt
95d19bf09e
Update logic that handles creation of folders for a server 2019-05-01 21:45:39 -07:00
Dane Everitt
5ca13839cf
Merge branch 'develop' into feature/vue-serverview 2018-09-05 21:34:59 -07:00
Dane Everitt
fd49e524c8
Update middleware code 2018-09-03 15:17:53 -07:00
Dane Everitt
4d62e4c7b9
Merge branch 'develop' into pr/1128 2018-09-03 15:10:23 -07:00