Commit graph

1301 commits

Author SHA1 Message Date
Dane Everitt
e7e41d8ee8
Fix bulk power when spanning multiple nodes, closes #1526 2019-08-03 14:04:31 -07:00
Dane Everitt
81409947cf
Default to OOM killer being disabled, add back configuration option per-server 2019-08-03 13:41:24 -07:00
Dane Everitt
2198269a65
Fix allocations requiring an alias when generated via API. 2019-08-03 13:03:54 -07:00
Dane Everitt
58796e7441
Fix Server model to use correct relationship when returning subusers, closes #1589 2019-08-03 12:56:32 -07:00
Dane Everitt
fe9d86b66b
Add support for filtering servers in client list-all endpoint
closes #1608
2019-08-03 12:44:15 -07:00
Dane Everitt
47c12929c4
Fix two-factor token creation for iOS devices, closes #1624 2019-08-03 12:37:02 -07:00
Dane Everitt
02ac308042
Fix database host modification not properly showing SQL errors
This is caused by an old bug relating to not rolling back transactions properly causing session data to not be flashed back to the user properly.
2019-08-03 12:33:28 -07:00
Dane Everitt
c90fcea519
Add basic file listing functionality 2019-07-27 20:23:51 -07:00
Dane Everitt
b69ebb0790
Merge branch 'develop' of https://github.com/Pterodactyl/Panel into develop 2019-07-27 15:17:55 -07:00
Dane Everitt
48c39abfcb
Add database password rotation to view 2019-07-27 15:17:50 -07:00
PiggyPiglet
349114c960 Add a --settings-ui option for AppSettingsCommand (#1446)
* Add a --settings-ui option for AppSettingsCommand

Sorry if my code is below par, I don't know php. All this does is allow the APP_ENVIRONMENT_ONLY to be set via an option, which as far as I can tell, isn't currently possible. I've tested this on a local installation and it works.
2019-07-26 11:05:57 -04:00
Dane Everitt
215351eeb3
Merge branch 'develop' into feature/bulk-reinstall-command 2019-07-26 11:04:48 -04:00
Dane Everitt
ad61774171
Whoops, dont mess up logging in if the code starts with 0 2019-06-22 13:54:36 -07:00
Dane Everitt
212773d63c
Finish authentication flow for 2FA 2019-06-22 13:33:11 -07:00
Dane Everitt
56640253b9
Merge branch 'release/v0.7.14' into feature/react 2019-06-22 12:28:44 -07:00
Dane Everitt
092e7e79ff
Change 2FA service to generate the secret on our own and use an external QR service to display the image 2019-06-21 21:55:09 -07:00
Dane Everitt
2db7928b76
Don't expose existence of account when an incorrect password is provided and the user has 2FA enabled 2019-06-21 21:39:24 -07:00
Dane Everitt
19ef901768
Show success message to the user 2019-06-11 23:19:43 -07:00
Dane Everitt
bfdc1f766b
Support saving existing files 2019-05-27 15:30:49 -07:00
Dane Everitt
a8462bf109
Add initial support for opening a file in the file manager, still needs more work 2019-05-25 16:24:13 -07:00
Dane Everitt
d79fe6982f
Add support for file copy and deletion 2019-05-04 17:26:24 -07:00
Dane Everitt
811026895b
Update support for moving/renaming files and folders 2019-05-04 16:04:59 -07:00
Dane Everitt
eed4be49ab
Fix data being passed along to daemon 2019-05-01 21:58:35 -07:00
Dane Everitt
95d19bf09e
Update logic that handles creation of folders for a server 2019-05-01 21:45:39 -07:00
Dane Everitt
71eae1eb68
Update TwoFactorSetupService.php 2019-05-01 20:57:54 -07:00
Dane Everitt
5c99cae779
Merge branch 'develop' into feature/vuejs 2019-05-01 20:57:49 -07:00
Dane Everitt
c80c8564b8
Switch file manager listing to use panel API endpoint 2019-05-01 20:54:40 -07:00
saibotk
7277b6449b Replace 2FA QR Code generation (#1548)
Due to the Google API for generating the 2FA QR code will be shut down on 14.04.2019, this adds the package "pragmarx/google2fa-qrcode" and updates "pragmarx/google2fa" to version 5.x. 
Due to now using BaconQR, Pterodactyl now needs the php-imagick extension to render the images.
2019-04-27 14:18:12 -04:00
Dane Everitt
0757d8856b
Add base code to support retrieving allocations as a client 2019-03-23 17:47:20 -07:00
Dane Everitt
d59c38eb4e
Fix a fallback route issue causing API calls to return unauth responses and not 404s
The fallback handler isn't scoped to a specific group, so the way this was setup caused requests to non-existent API routes to actually try and return the base view for Vue. This caused a mess of issues because that view is behind the middleware that expect sessions to be set, thus leading to very confusing authentication errors rather than a 404 response.
2019-03-23 17:41:43 -07:00
Arnaud Lier
4460b6835a Match original database password length when doing a password reset (#1509) 2019-03-23 14:04:57 -07:00
Isaac A
38cd8f2962
Allow nodes to be created on privileged ports 2019-03-16 21:18:46 -04:00
Dane Everitt
8955b5a660
Initial attempt trying to get file downloading to work 2019-03-16 17:10:04 -07:00
Dane Everitt
a66d7a3417
Merge branch 'develop' into feature/vuejs 2019-03-09 11:19:07 -08:00
Dane Everitt
3411df784a
Use the HttpExceptionInterface rather than a render function here 2019-03-03 13:57:18 -08:00
Dane Everitt
f15449f17b
Fix servers not being marked as install failed 2019-03-03 13:44:28 -08:00
Dane Everitt
cf31d4276c
Fix a bug causing DataIntegrityExceptions to not be caught correctly and cause a second exception... whoops. 2019-03-03 13:42:32 -08:00
Dane Everitt
114afb8646
Fix error transaction handling when creating a server.
There is a bug in the design of the application that affects users who encounter an exception under certain code pathways who are using the database to maintain their sessions.

What is happening is that a transaction is started, and I made the mistake of just assuming it would auto-rollback once the exception was caught by the handler. This is technically true, since once the request terminates the transaction is discarded by the SQL server. However, this also means that the session data set on that request would not be persisted as it runs in a middleware termination function, after the transaction is started.

Theoretically this would also affect any other terminable middleware as well, but the session is the only one I can think of right now

Co-Authored-By: Oreo Oreoniv <zkoz210@users.noreply.github.com>
Co-Authored-By: Stepan Fedotov <trixterthetux@users.noreply.github.com>
2019-03-02 18:28:28 -08:00
Dane Everitt
d9593b23ab
Paginate server results when viewing a node, closes #1404 2019-03-02 15:58:56 -08:00
Dane Everitt
50eb2a10ad
Fixes redis password saving, closes #1428 2019-03-02 15:38:46 -08:00
Dane Everitt
8253246955
Prevent an exception when creating databases with the same name on multiple hosts.
closes #1456
2019-03-02 15:31:25 -08:00
Dane Everitt
91c9cbba6f
[#1500] Correctly require disk_overallocate 2019-03-02 14:48:05 -08:00
Dane Everitt
50c5ab92aa
[#1500] Add support for limits array or base level values 2019-03-02 14:44:59 -08:00
Dane Everitt
a4d7985e51
[#1500] Fix allocation limit being required even though it isn't used. 2019-03-02 14:27:01 -08:00
Michael (Parker) Parker
62e68ec66f Fix for Locations PATCH endpoint (#1499) 2019-03-02 13:27:36 -08:00
Lance Pioch
db937af616 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-01-26 23:26:15 +00:00
Dane Everitt
136e4b5b7b
Fix some issues 2018-12-30 12:45:57 -08:00
Dane Everitt
21ffa08d66
Merge branch 'develop' into feature/vuejs 2018-12-16 14:20:35 -08:00
Oreo Oreoniv
c1fb38fb5e
Cleanup 2018-12-09 14:40:03 +03:00
Oreo Oreoniv
a4a758e202
Fixed StyleCI 2018-12-09 14:29:43 +03:00
Oreo Oreoniv
fb51659a04
Fixed checking of the language change 2018-12-09 14:27:30 +03:00
Oreo Oreoniv
04326a0786
Fixed PHPUnit test (Coverage) #1393 2018-12-03 21:09:25 +03:00
Jamsheed Mistri
34b166cde9 StyleCI fixes 2018-12-02 23:42:35 -08:00
Jamsheed Mistri
9cf7432835 Adding bulk reinstall command 2018-12-02 23:39:40 -08:00
Dane Everitt
7c73f21b30
Fix Node daemon secret not being reset, closes #1390 2018-12-02 13:40:12 -08:00
Dane Everitt
d6e9770937
Merge branch 'develop' into patch-1 2018-12-02 13:01:31 -08:00
Oreo Oreoniv
adcf0c9fee
Fixed Failed event
Thank you very much Laravel for not pointing out the changes to be made when upgrading from 5.6 to 5.7
2018-11-28 23:24:43 +03:00
zKoz210
2d7e889bcc Fixed StyleCI 2018-11-26 03:28:14 +03:00
zKoz210
0b4b1a3443 Initial update 2018-11-26 03:25:18 +03:00
Matthew Penner
0cbedd9c90 Fix LocationController#store() 2018-11-19 22:04:05 -07:00
Matthew Penner
4ad9b2627b Fix StoreLocationRequest namespace 2018-11-19 22:03:03 -07:00
Matthew Penner
afe128042f
Wait a second, that method doesn't return an array 2018-11-19 21:54:15 -07:00
Dane Everitt
9b654d2c76
Fix bug with client API denying access to routes, closes #1366 2018-11-10 15:27:50 -08:00
Dane Everitt
a9fa60a6fb
Respect pagination settings on frontend
closes #1335
2018-11-10 12:38:35 -08:00
Dane Everitt
d2991eafa1
Merge pull request #1363 from pterodactyl/feature/remove-phraseapp
Remove phraseapp because we no longer use it
2018-11-10 12:16:18 -08:00
mrkrabs
8ef368faa4
Rename app/Http/Controllers/API/Remote/ValidateKeyController.php to app/Http/Controllers/Api/Remote/ValidateKeyController.php 2018-11-07 18:17:27 +02:00
mrkrabs
7c64492557
Rename app/Http/Controllers/API/Remote/SftpController.php to app/Http/Controllers/Api/Remote/SftpController.php 2018-11-07 18:17:08 +02:00
mrkrabs
c9e207c15d
Rename app/Http/Controllers/API/Remote/EggRetrievalController.php to app/Http/Controllers/Api/Remote/EggRetrievalController.php 2018-11-07 18:16:50 +02:00
mrkrabs
cfbdf07b80
Rename app/Http/Controllers/API/Remote/EggInstallController.php to app/Http/Controllers/Api/Remote/EggInstallController.php 2018-11-07 18:16:28 +02:00
Dane Everitt
dd9730b5f8
Return permissions string when authenticating SFTP 2018-11-04 11:09:42 -08:00
Lance Pioch
fb13305641
Delete PhraseAppTranslator.php 2018-10-24 11:34:49 -04:00
Lance Pioch
74ca11c37d
Delete PhraseAppTranslationProvider.php 2018-10-24 11:32:00 -04:00
ayan4m1
c5608b1827 rework UI of mail settings page to allow for saving settings before testing 2018-10-13 21:30:47 -04:00
ayan4m1
8b61175c3b add exception message to fail message for mail test 2018-10-13 21:30:47 -04:00
ayan4m1
df9f0be839 styleci tweaks 2018-10-13 21:30:47 -04:00
ayan4m1
670efa3544 styleci tweaks 2018-10-13 21:30:47 -04:00
ayan4m1
ace58dd1df allow test of mail system no matter the type 2018-10-13 21:30:47 -04:00
ayan4m1
1b03ae2efe remove Log::debug() call 2018-10-13 21:30:47 -04:00
ayan4m1
fd3e5fc73e add SMTP mail tester 2018-10-13 21:30:47 -04:00
Dane Everitt
b6205463db
Merge branch 'develop' into feature/vuejs 2018-09-23 13:14:46 -07:00
Dane Everitt
29237fd1ef
Merge pull request #1330 from ayan4m1/feature/exception-logging
Simple query exception logging
2018-09-18 21:44:29 -07:00
Andrew DeLisa
262ef78fae Allow deletion of multiple allocations at once (#1322) 2018-09-18 21:43:18 -07:00
ayan4m1
9f6875ed61 log query exception message during settings boot 2018-09-16 13:20:57 -04:00
Dane Everitt
5ca13839cf
Merge branch 'develop' into feature/vue-serverview 2018-09-05 21:34:59 -07:00
Dane Everitt
f9542c98e2
Fix tests broken by bad namespaces 2018-09-03 15:59:30 -07:00
Dane Everitt
fd49e524c8
Update middleware code 2018-09-03 15:17:53 -07:00
Dane Everitt
4d62e4c7b9
Merge branch 'develop' into pr/1128 2018-09-03 15:10:23 -07:00
Dane Everitt
c6112b4234
Fix tests 2018-09-03 14:59:00 -07:00
Dane Everitt
3bb9bf04e5
Pass the updated model through for updating node config, rather than old model, ref #1237 2018-09-03 14:54:50 -07:00
Dane Everitt
7ed9c7cb93
Correctly store changes to upload size limit, closes #1237 2018-09-03 14:53:58 -07:00
Dane Everitt
5bd3f59455
Fix schedules running twice, closes #1288 2018-09-03 14:32:33 -07:00
Dane Everitt
413a22a3d5
Changes to job running to clean up code 2018-09-03 14:04:25 -07:00
Dane Everitt
bcb3f5d5fa
Fix handling of times 2018-08-31 21:12:10 -07:00
Dane Everitt
178b8f8ce6
More logical time handling 2018-08-31 21:00:13 -07:00
Dane Everitt
e5636405f3
Drop carbon, use chronos 2018-08-31 20:52:15 -07:00
Dane Everitt
f3efe546da
Fix broken namespace for autoloader 2018-08-31 20:34:57 -07:00
Dane Everitt
e906ada528
Better handling when deleting a database 2018-08-26 14:01:00 -07:00
Dane Everitt
0999ec93c3
More logic for deleting databases 2018-08-25 15:07:42 -07:00
Dane Everitt
9be2aa4ca9
Push beginning of DB deletion stuff 2018-08-25 14:43:21 -07:00
Dane Everitt
c28e9c1ab7
Add ability to create new database through the UI 2018-08-22 22:29:20 -07:00
Dane Everitt
17796fb1c4
Add basic database listing for server 2018-08-21 21:47:01 -07:00
Dane Everitt
e9f8751c4c
More filemanager work, directory browsing working 2018-08-13 22:58:58 -07:00
Dane Everitt
92a9146b61
Improve filemanager, get first level folders listing 2018-08-06 23:14:13 -07:00
Dane Everitt
8db9d9bbee
Very rough go at connecting to socket and rendering console data for server 2018-07-20 23:45:07 -07:00
Dane Everitt
f2d2725ca0
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-07-15 16:50:11 -07:00
Dane Everitt
be2c76c24a
Add tests for password changing 2018-07-15 11:44:18 -07:00
Dane Everitt
8bbe6bc279
Add test, fix behavior of model creation 2018-07-14 22:58:33 -07:00
Dane Everitt
550c622d3b
Obliterate JWT from codebase 2018-07-14 22:48:09 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-14 22:42:58 -07:00
Dane Everitt
a7fae86e58
Treat unauthenticated exceptions the same as everything else 2018-07-14 22:42:38 -07:00
Dane Everitt
eafc4408eb
Fix broken unit tests 2018-07-14 21:49:49 -07:00
Dane Everitt
c82f273d85
Fix remaining broken tests 2018-07-04 19:38:23 -07:00
Dane Everitt
6c20ea9881
Add tests for changed controllers 2018-07-04 19:20:33 -07:00
Dane Everitt
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-04 18:12:57 -07:00
Dane Everitt
af9af78938
Merge branch 'develop' into feature/vuejs 2018-07-04 18:09:07 -07:00
Dane Everitt
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
Dane Everitt
603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-02 21:01:04 -07:00
Dane Everitt
48cb01f438
Merge branch 'develop' into feature/vuejs 2018-07-02 21:00:42 -07:00
Stan
1ffb5acfad Send an email when a server is marked as installed (#1213)
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
Dane Everitt
d2bc791d74
Fix links sent to users when accounts are created
closes #1093
2018-06-30 18:47:31 -07:00
Dane Everitt
304d947536
Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt
96699b192e
Don't verify SSL signatures in dev
[skip ci]
2018-06-30 18:24:35 -07:00
Dane Everitt
974318ffb4
Logout other sessions when password is changed
closes #1222
2018-06-30 17:50:58 -07:00
Sergzy
bad9ae58e8 Fix environment_variables name (#1212) 2018-06-30 13:25:40 -07:00
Dane Everitt
7711b697ad
Finalize two-factor handling on account. 2018-06-20 23:05:35 -07:00
Dane Everitt
0cc895f2d5
Finalize email/password changing in UI 2018-06-17 16:53:24 -07:00
Dane Everitt
fce394f6bd
Change email handling and logout function 2018-06-16 14:30:20 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal. 2018-06-16 14:05:39 -07:00
Dane Everitt
24bb8da43d
Fix CSS issue with login page due to input classes 2018-06-16 12:43:32 -07:00
Dane Everitt
b8b9acd0e6
Get the base email update working through the API.
Still going to need to determine the best course of action to update the token on the client side.
2018-06-11 22:56:57 -07:00
Jakob Schrettenbrunner
05478e3277 Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-11 21:06:12 +02:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT 2018-06-06 22:49:44 -07:00
Dane Everitt
4ffe6c96ad
Fix support for hot reloading without requiring anything special in the app 2018-06-06 21:44:52 -07:00
Dane Everitt
5bcabbde35
Get dashboard in a more working state 2018-06-05 23:42:34 -07:00
Dane Everitt
e948d81d8a
Base attempt at using vuex to handle logins 2018-06-05 23:00:01 -07:00
Dane Everitt
80b0816718
Better support for CSS and JS 2018-06-03 19:35:50 -07:00
Dane Everitt
e65854c8c2
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-02 23:28:55 -07:00
Dane Everitt
02b29a66ea
Use client API to get resource use for a server 2018-06-02 19:08:53 -07:00
Jacob Gee-Clarke
d73e5a2274 Fixed my fix to fix the 500 error on /api/application/nodes when not specifying a daemon_base (#1182) 2018-06-02 14:34:01 -07:00
Dane Everitt
969b16a563 Apply fixes from StyleCI
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
stanjg
b56f3a8671
Expanded the middleware test 2018-06-01 16:22:06 +02:00
stanjg
e9ac014bf4
Removed the use of Auth facade and removed unnecesary option 2018-06-01 16:10:32 +02:00
stanjg
3bb9e5e8a8 Merge branch 'develop' of https://github.com/stanjg/panel into feature/user-specific-language 2018-06-01 15:58:09 +02:00
Dane Everitt
e0d67ff857
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-05-31 23:01:24 -07:00
Dane Everitt
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist 2018-05-31 22:59:39 -07:00
Dane Everitt
5f70502f20
Merge branch 'develop' into feature/vuejs 2018-05-31 22:59:16 -07:00
Dane Everitt
fd8d7c3571
Merge pull request #1130 from stanjg/feature/stats-page
Added a statistics page to monitor the panel usage
2018-05-31 22:56:58 -07:00
stanjg
ccf3e3511f
Renamed middleware, and fixed the test 2018-05-31 16:40:18 +02:00
stanjg
013dde75ae
Renamed the field and made some improvements 2018-05-31 16:34:35 +02:00
Jakob Schrettenbrunner
11d96c44d1 Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview 2018-05-29 00:04:51 +02:00