Commit graph

863 commits

Author SHA1 Message Date
Dane Everitt
91c9cbba6f
[#1500] Correctly require disk_overallocate 2019-03-02 14:48:05 -08:00
Dane Everitt
50c5ab92aa
[#1500] Add support for limits array or base level values 2019-03-02 14:44:59 -08:00
Michael (Parker) Parker
62e68ec66f Fix for Locations PATCH endpoint (#1499) 2019-03-02 13:27:36 -08:00
Lance Pioch
db937af616 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-01-26 23:26:15 +00:00
Dane Everitt
136e4b5b7b
Fix some issues 2018-12-30 12:45:57 -08:00
Dane Everitt
21ffa08d66
Merge branch 'develop' into feature/vuejs 2018-12-16 14:20:35 -08:00
Oreo Oreoniv
c1fb38fb5e
Cleanup 2018-12-09 14:40:03 +03:00
Oreo Oreoniv
a4a758e202
Fixed StyleCI 2018-12-09 14:29:43 +03:00
Oreo Oreoniv
fb51659a04
Fixed checking of the language change 2018-12-09 14:27:30 +03:00
Oreo Oreoniv
04326a0786
Fixed PHPUnit test (Coverage) #1393 2018-12-03 21:09:25 +03:00
Dane Everitt
7c73f21b30
Fix Node daemon secret not being reset, closes #1390 2018-12-02 13:40:12 -08:00
Dane Everitt
d6e9770937
Merge branch 'develop' into patch-1 2018-12-02 13:01:31 -08:00
Oreo Oreoniv
adcf0c9fee
Fixed Failed event
Thank you very much Laravel for not pointing out the changes to be made when upgrading from 5.6 to 5.7
2018-11-28 23:24:43 +03:00
zKoz210
2d7e889bcc Fixed StyleCI 2018-11-26 03:28:14 +03:00
zKoz210
0b4b1a3443 Initial update 2018-11-26 03:25:18 +03:00
Matthew Penner
0cbedd9c90 Fix LocationController#store() 2018-11-19 22:04:05 -07:00
Matthew Penner
4ad9b2627b Fix StoreLocationRequest namespace 2018-11-19 22:03:03 -07:00
Matthew Penner
afe128042f
Wait a second, that method doesn't return an array 2018-11-19 21:54:15 -07:00
Dane Everitt
9b654d2c76
Fix bug with client API denying access to routes, closes #1366 2018-11-10 15:27:50 -08:00
Dane Everitt
a9fa60a6fb
Respect pagination settings on frontend
closes #1335
2018-11-10 12:38:35 -08:00
mrkrabs
8ef368faa4
Rename app/Http/Controllers/API/Remote/ValidateKeyController.php to app/Http/Controllers/Api/Remote/ValidateKeyController.php 2018-11-07 18:17:27 +02:00
mrkrabs
7c64492557
Rename app/Http/Controllers/API/Remote/SftpController.php to app/Http/Controllers/Api/Remote/SftpController.php 2018-11-07 18:17:08 +02:00
mrkrabs
c9e207c15d
Rename app/Http/Controllers/API/Remote/EggRetrievalController.php to app/Http/Controllers/Api/Remote/EggRetrievalController.php 2018-11-07 18:16:50 +02:00
mrkrabs
cfbdf07b80
Rename app/Http/Controllers/API/Remote/EggInstallController.php to app/Http/Controllers/Api/Remote/EggInstallController.php 2018-11-07 18:16:28 +02:00
ayan4m1
c5608b1827 rework UI of mail settings page to allow for saving settings before testing 2018-10-13 21:30:47 -04:00
ayan4m1
8b61175c3b add exception message to fail message for mail test 2018-10-13 21:30:47 -04:00
ayan4m1
df9f0be839 styleci tweaks 2018-10-13 21:30:47 -04:00
ayan4m1
670efa3544 styleci tweaks 2018-10-13 21:30:47 -04:00
ayan4m1
ace58dd1df allow test of mail system no matter the type 2018-10-13 21:30:47 -04:00
ayan4m1
1b03ae2efe remove Log::debug() call 2018-10-13 21:30:47 -04:00
ayan4m1
fd3e5fc73e add SMTP mail tester 2018-10-13 21:30:47 -04:00
Dane Everitt
b6205463db
Merge branch 'develop' into feature/vuejs 2018-09-23 13:14:46 -07:00
Andrew DeLisa
262ef78fae Allow deletion of multiple allocations at once (#1322) 2018-09-18 21:43:18 -07:00
Dane Everitt
5ca13839cf
Merge branch 'develop' into feature/vue-serverview 2018-09-05 21:34:59 -07:00
Dane Everitt
f9542c98e2
Fix tests broken by bad namespaces 2018-09-03 15:59:30 -07:00
Dane Everitt
fd49e524c8
Update middleware code 2018-09-03 15:17:53 -07:00
Dane Everitt
4d62e4c7b9
Merge branch 'develop' into pr/1128 2018-09-03 15:10:23 -07:00
Dane Everitt
3bb9bf04e5
Pass the updated model through for updating node config, rather than old model, ref #1237 2018-09-03 14:54:50 -07:00
Dane Everitt
5bd3f59455
Fix schedules running twice, closes #1288 2018-09-03 14:32:33 -07:00
Dane Everitt
178b8f8ce6
More logical time handling 2018-08-31 21:00:13 -07:00
Dane Everitt
f3efe546da
Fix broken namespace for autoloader 2018-08-31 20:34:57 -07:00
Dane Everitt
e906ada528
Better handling when deleting a database 2018-08-26 14:01:00 -07:00
Dane Everitt
0999ec93c3
More logic for deleting databases 2018-08-25 15:07:42 -07:00
Dane Everitt
9be2aa4ca9
Push beginning of DB deletion stuff 2018-08-25 14:43:21 -07:00
Dane Everitt
c28e9c1ab7
Add ability to create new database through the UI 2018-08-22 22:29:20 -07:00
Dane Everitt
17796fb1c4
Add basic database listing for server 2018-08-21 21:47:01 -07:00
Dane Everitt
e9f8751c4c
More filemanager work, directory browsing working 2018-08-13 22:58:58 -07:00
Dane Everitt
92a9146b61
Improve filemanager, get first level folders listing 2018-08-06 23:14:13 -07:00
Dane Everitt
8db9d9bbee
Very rough go at connecting to socket and rendering console data for server 2018-07-20 23:45:07 -07:00
Dane Everitt
f2d2725ca0
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-07-15 16:50:11 -07:00
Dane Everitt
be2c76c24a
Add tests for password changing 2018-07-15 11:44:18 -07:00
Dane Everitt
8bbe6bc279
Add test, fix behavior of model creation 2018-07-14 22:58:33 -07:00
Dane Everitt
550c622d3b
Obliterate JWT from codebase 2018-07-14 22:48:09 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-14 22:42:58 -07:00
Dane Everitt
eafc4408eb
Fix broken unit tests 2018-07-14 21:49:49 -07:00
Dane Everitt
c82f273d85
Fix remaining broken tests 2018-07-04 19:38:23 -07:00
Dane Everitt
6c20ea9881
Add tests for changed controllers 2018-07-04 19:20:33 -07:00
Dane Everitt
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-04 18:12:57 -07:00
Dane Everitt
af9af78938
Merge branch 'develop' into feature/vuejs 2018-07-04 18:09:07 -07:00
Dane Everitt
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
Dane Everitt
603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-02 21:01:04 -07:00
Dane Everitt
48cb01f438
Merge branch 'develop' into feature/vuejs 2018-07-02 21:00:42 -07:00
Stan
1ffb5acfad Send an email when a server is marked as installed (#1213)
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
Dane Everitt
304d947536
Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt
974318ffb4
Logout other sessions when password is changed
closes #1222
2018-06-30 17:50:58 -07:00
Dane Everitt
7711b697ad
Finalize two-factor handling on account. 2018-06-20 23:05:35 -07:00
Dane Everitt
0cc895f2d5
Finalize email/password changing in UI 2018-06-17 16:53:24 -07:00
Dane Everitt
fce394f6bd
Change email handling and logout function 2018-06-16 14:30:20 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal. 2018-06-16 14:05:39 -07:00
Dane Everitt
b8b9acd0e6
Get the base email update working through the API.
Still going to need to determine the best course of action to update the token on the client side.
2018-06-11 22:56:57 -07:00
Jakob Schrettenbrunner
05478e3277 Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-11 21:06:12 +02:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT 2018-06-06 22:49:44 -07:00
Dane Everitt
5bcabbde35
Get dashboard in a more working state 2018-06-05 23:42:34 -07:00
Dane Everitt
e948d81d8a
Base attempt at using vuex to handle logins 2018-06-05 23:00:01 -07:00
Dane Everitt
e65854c8c2
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-02 23:28:55 -07:00
Dane Everitt
02b29a66ea
Use client API to get resource use for a server 2018-06-02 19:08:53 -07:00
Jacob Gee-Clarke
d73e5a2274 Fixed my fix to fix the 500 error on /api/application/nodes when not specifying a daemon_base (#1182) 2018-06-02 14:34:01 -07:00
Dane Everitt
969b16a563 Apply fixes from StyleCI
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
stanjg
b56f3a8671
Expanded the middleware test 2018-06-01 16:22:06 +02:00
stanjg
e9ac014bf4
Removed the use of Auth facade and removed unnecesary option 2018-06-01 16:10:32 +02:00
stanjg
3bb9e5e8a8 Merge branch 'develop' of https://github.com/stanjg/panel into feature/user-specific-language 2018-06-01 15:58:09 +02:00
Dane Everitt
e0d67ff857
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-05-31 23:01:24 -07:00
Dane Everitt
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist 2018-05-31 22:59:39 -07:00
Dane Everitt
5f70502f20
Merge branch 'develop' into feature/vuejs 2018-05-31 22:59:16 -07:00
Dane Everitt
fd8d7c3571
Merge pull request #1130 from stanjg/feature/stats-page
Added a statistics page to monitor the panel usage
2018-05-31 22:56:58 -07:00
stanjg
ccf3e3511f
Renamed middleware, and fixed the test 2018-05-31 16:40:18 +02:00
stanjg
013dde75ae
Renamed the field and made some improvements 2018-05-31 16:34:35 +02:00
Jakob Schrettenbrunner
11d96c44d1 Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview 2018-05-29 00:04:51 +02:00
Jakob Schrettenbrunner
378a1859cf Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview 2018-05-29 00:04:41 +02:00
Dane Everitt
a1444b047e
Fix JWT handling for API access when logging in 2018-05-28 14:59:48 -07:00
Dane Everitt
6e5c365018
Use the client API to load servers on the listing page 2018-05-28 13:23:40 -07:00
Dane Everitt
ad69193ac0
Add JWT to login forms 2018-05-28 12:48:42 -07:00
Jakob Schrettenbrunner
89f47c6dbb mocked server page and better navigation and overall layout 2018-05-28 00:37:03 +02:00
Dane Everitt
6f2fcabf22
Add very basic server search and dynamic rendering functionality 2018-05-26 23:17:02 -07:00
Dane Everitt
9d8830a2d7
Get initial mockup of new server list up 2018-05-26 17:20:36 -07:00
stanjg
60e1ffa564
Added a test for the controller and cleaned up the controller 2018-05-27 00:16:13 +02:00
Dane Everitt
cf90f56777
Merge branch 'develop' into feature/vuejs-auth 2018-05-26 12:17:14 -07:00
stanjg
7a81c61ad8
Wording changes and fix of major fail last commit 2018-05-26 21:02:47 +02:00
stanjg
86e7085396
Cleaned up the controller and prepared for tests 2018-05-26 20:58:49 +02:00
Dane Everitt
e648e50d90
Write some example tests for @stanjg 2018-05-26 11:00:28 -07:00
Dane Everitt
e3bbd85f3f
Merge branch 'develop' into pr/1129 2018-05-26 10:34:29 -07:00
Dane Everitt
0e1b4661ce
Don't allow access to manage page if server failed installing 2018-05-23 22:23:26 -07:00
Dane Everitt
6967b9ba12
Fix exception thrown due to lack of pre-validation on the model.
closes #1158
2018-05-20 17:11:52 -07:00
Dane Everitt
b4e510fbe3
Fixes before release 2018-05-20 16:49:54 -07:00
Dane Everitt
7e2e5fd7c1
Merge branch 'develop' into feature/upgrade-laravel-to-5.6 2018-05-20 16:30:42 -07:00
Dane Everitt
00df0b66a6
Merge pull request #1148 from pterodactyl/feature/doc-block-improvements
@throws docblock improvements
2018-05-20 16:25:59 -07:00
Dane Everitt
002efddc96
Merge pull request #1146 from pterodactyl/feature/windows-pathinfo-support
Add support for Windows, replace all backslashes with forwardslashes
2018-05-20 16:24:58 -07:00
Lance Pioch
71257c67bf Add more throwing 2018-05-13 12:42:22 -04:00
Lance Pioch
3bc2397795 Library doesn't exist anymore 2018-05-13 12:42:16 -04:00
Lance Pioch
f82b419d47 Update php doc blocks 2018-05-13 12:42:11 -04:00
Lance Pioch
53829399de Make sure this trust proxies is also changed 2018-05-13 11:59:25 -04:00
Lance Pioch
f42f211e65 Add support for Windows, replace all back slashes with forward slashes 2018-05-13 11:39:44 -04:00
Lance Pioch
e2dc0638d9 Fix app/ spelling errors 2018-05-13 11:12:41 -04:00
stanjg
095d85bb60
Added the server as argument, and improved the bug fix 2018-05-06 17:59:11 +02:00
stanjg
06a67bb4bb
Cleaned up some duplicate code 2018-05-05 10:39:20 +02:00
stanjg
28a97fea54
Polished it up 2018-05-04 22:48:43 +02:00
stanjg
93a7d11c28
Made a base 2018-05-04 18:45:37 +02:00
stanjg
86c8ecdcdf
Added the actual logic 2018-05-04 15:02:51 +02:00
stanjg
17a72d0895
StyleCI fixes 2018-05-04 14:05:42 +02:00
stanjg
9ae25538c3
Made it so users can switch languages themselves 2018-05-04 13:08:41 +02:00
stanjg
9a06647435
Added support for user specific languages 2018-05-04 12:56:30 +02:00
Dane Everitt
4fad244073
Show correct auth error. 2018-04-08 16:16:04 -05:00
Dane Everitt
b6e94d9a1e
Code cleanup 2018-04-08 16:00:52 -05:00
Dane Everitt
6d970a4cc3
Finalize login page! 2018-04-08 15:46:32 -05:00
Dane Everitt
d63624f607
Working login form with password reset functionality. 2018-04-08 15:18:13 -05:00
Dane Everitt
c3e462ab2f
Cleanup login/reset functionality, address security issue with 2FA pathways 2018-04-07 16:17:51 -05:00
Dane Everitt
4f3c668420
Refactor auth controllers to be cleaner and easier to maintain 2018-04-07 12:35:15 -05:00
Dane Everitt
324b989a29
Get a working rough copy of the login page 2018-04-01 17:46:16 -05:00
Dane Everitt
791cbaa5ce
Get things into a somewhat working state on the login form 2018-03-31 15:52:11 -05:00
Dane Everitt
3e2ac981a9
Add API endpoint for getting server resource utilization, closes #900
This endpoint is throttled to 15 requests per minute to avoid destroying the daemon since clients can use it.
2018-03-17 14:01:53 -05:00
Dane Everitt
f8e98e9c9e
Add ability to change server name, closes #563 2018-03-10 14:44:21 -06:00
Dane Everitt
e55d3c1a9a
Add check on SFTP page to make sure the permission is assigned before showing 2018-03-10 14:26:00 -06:00
Dane Everitt
40c74ae1e7
Add validation to prevent invalid ports, closes #1034 2018-03-10 13:10:40 -06:00
Dane Everitt
ef371a508d
Change check on debugbar to use debug not environment 2018-03-10 12:03:23 -06:00
Dane Everitt
4964d294f6
Throw 504 where necessary 2018-03-06 22:17:01 -06:00
Dane Everitt
a4f03f5d02
Handle missing daemon keys better and fix subuser missing key errors 2018-03-03 21:31:44 -06:00
Dane Everitt
c739f292e4
paginate databases when viewing a host 2018-03-03 17:52:35 -06:00
Dane Everitt
dff7e8f734
Fix server creation in UI and API 2018-03-02 23:11:30 -06:00
Dane Everitt
c6137db529
Fix build limit management in Admin CP 2018-03-02 19:49:09 -06:00
Dane Everitt
bcb69603ad
Add support for user management of databases 2018-03-02 19:03:55 -06:00
Dane Everitt
07893effa3
Add initial go at user created databases for servers, still needs cleaning 2018-03-01 21:27:37 -06:00
Dane Everitt
87b96bdfc8
Add core logic to allow for limited databases and allocations 2018-03-01 20:08:27 -06:00
Dane Everitt
5f6c153537
Validate resource existence before validating data sent 2018-03-01 20:00:14 -06:00
Dane Everitt
070239abcf
Fix inability to edit certain environment vars and start line, closes #1008 2018-03-01 19:26:11 -06:00
Dane Everitt
85bdbdce14
Better handling of file download requests 2018-03-01 19:19:19 -06:00
Dane Everitt
838b9a9093
Add support for filesystem caching, closes #993 2018-03-01 18:46:59 -06:00
Dane Everitt
0a39a9b6bf
Don't require an environment variable to be present if none are required anyways, closes #1007 2018-03-01 18:35:53 -06:00
Dane Everitt
8f72571895
Fix IP access middleware 2018-02-28 23:39:59 -06:00
Dane Everitt
9b93629f45
Add UI for client API keys 2018-02-28 23:30:39 -06:00
Dane Everitt
2017e640b6
Add client API 2018-02-28 22:51:04 -06:00