Commit graph

729 commits

Author SHA1 Message Date
Dane Everitt
867dbf3bd2
Update all the client API endpoints to use new permissions codes 2019-11-03 17:13:47 -08:00
Dane Everitt
543884876f
Add basic subuser listing for servers 2019-11-03 12:20:11 -08:00
Dane Everitt
0b9c6bd21d
Proxy file downloads through the panel rather than having to get creative with download tokens 2019-10-26 14:36:37 -07:00
Dane Everitt
ac52810ef6
Don't try to parse JSON being returned from the API 2019-09-29 15:32:22 -07:00
Dane Everitt
326d346f92
Handle errors sent back over the sockt 2019-09-28 13:09:47 -07:00
Dane Everitt
030b8ed4fd
Change to support websocket JWT connections 2019-09-24 21:22:11 -07:00
Dane Everitt
18c4b951e6
First pass at converting websocket to send a token along with every call 2019-09-24 20:20:29 -07:00
Dane Everitt
67ff67a1bd
Add endpoints to return a server's egg configuration 2019-09-22 15:30:53 -07:00
Dane Everitt
086018751d
Add underlying code to handle authenticating websocket credentials 2019-09-08 17:48:37 -07:00
Dane Everitt
b99ea53ca1
Update client API endpoints to not use deprecated function 2019-09-05 21:41:20 -07:00
Dane Everitt
7543ef085d
Format files 2019-09-05 21:32:57 -07:00
Dane Everitt
26e4ff1f62
Update to use new repository and standard laravel notation for controllers 2019-09-05 21:31:12 -07:00
Dane Everitt
62cd03d684
Fix command sending error handling and bad assertion order 2019-09-05 21:16:36 -07:00
Dane Everitt
ee0da206c1
Update command sending from server API to use new daemon code 2019-09-05 21:11:19 -07:00
Dane Everitt
161e0f6165
Deprecate old way of using repositories for daemon things 2019-09-05 20:33:27 -07:00
Dane Everitt
bd8b708c32
[L6] Update cache methods to use defined times and not ints 2019-09-04 20:24:46 -07:00
Dane Everitt
fb9c106448
Update server listing and associated logic to pull from the panel dynamiacally 2019-08-17 16:03:10 -07:00
Lance Pioch
37631a1d49 Missing return statement (#1673)
Otherwise this errors out with $host not being found
2019-08-10 13:19:52 -07:00
Dane Everitt
81143e231a
Merge branch 'master' into develop 2019-08-04 13:49:26 -07:00
Dane Everitt
eb81e1ed20
Support special characters in database password, closes #1508 2019-08-03 14:42:32 -07:00
Dane Everitt
81409947cf
Default to OOM killer being disabled, add back configuration option per-server 2019-08-03 13:41:24 -07:00
Dane Everitt
fe9d86b66b
Add support for filtering servers in client list-all endpoint
closes #1608
2019-08-03 12:44:15 -07:00
Dane Everitt
02ac308042
Fix database host modification not properly showing SQL errors
This is caused by an old bug relating to not rolling back transactions properly causing session data to not be flashed back to the user properly.
2019-08-03 12:33:28 -07:00
Dane Everitt
c90fcea519
Add basic file listing functionality 2019-07-27 20:23:51 -07:00
Dane Everitt
48c39abfcb
Add database password rotation to view 2019-07-27 15:17:50 -07:00
Dane Everitt
212773d63c
Finish authentication flow for 2FA 2019-06-22 13:33:11 -07:00
Dane Everitt
56640253b9
Merge branch 'release/v0.7.14' into feature/react 2019-06-22 12:28:44 -07:00
Dane Everitt
092e7e79ff
Change 2FA service to generate the secret on our own and use an external QR service to display the image 2019-06-21 21:55:09 -07:00
Dane Everitt
2db7928b76
Don't expose existence of account when an incorrect password is provided and the user has 2FA enabled 2019-06-21 21:39:24 -07:00
Dane Everitt
19ef901768
Show success message to the user 2019-06-11 23:19:43 -07:00
Dane Everitt
bfdc1f766b
Support saving existing files 2019-05-27 15:30:49 -07:00
Dane Everitt
a8462bf109
Add initial support for opening a file in the file manager, still needs more work 2019-05-25 16:24:13 -07:00
Dane Everitt
d79fe6982f
Add support for file copy and deletion 2019-05-04 17:26:24 -07:00
Dane Everitt
811026895b
Update support for moving/renaming files and folders 2019-05-04 16:04:59 -07:00
Dane Everitt
95d19bf09e
Update logic that handles creation of folders for a server 2019-05-01 21:45:39 -07:00
Dane Everitt
5c99cae779
Merge branch 'develop' into feature/vuejs 2019-05-01 20:57:49 -07:00
Dane Everitt
c80c8564b8
Switch file manager listing to use panel API endpoint 2019-05-01 20:54:40 -07:00
Dane Everitt
0757d8856b
Add base code to support retrieving allocations as a client 2019-03-23 17:47:20 -07:00
Arnaud Lier
4460b6835a Match original database password length when doing a password reset (#1509) 2019-03-23 14:04:57 -07:00
Dane Everitt
8955b5a660
Initial attempt trying to get file downloading to work 2019-03-16 17:10:04 -07:00
Dane Everitt
a66d7a3417
Merge branch 'develop' into feature/vuejs 2019-03-09 11:19:07 -08:00
Dane Everitt
f15449f17b
Fix servers not being marked as install failed 2019-03-03 13:44:28 -08:00
Dane Everitt
d9593b23ab
Paginate server results when viewing a node, closes #1404 2019-03-02 15:58:56 -08:00
Lance Pioch
db937af616 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-01-26 23:26:15 +00:00
Dane Everitt
136e4b5b7b
Fix some issues 2018-12-30 12:45:57 -08:00
Dane Everitt
21ffa08d66
Merge branch 'develop' into feature/vuejs 2018-12-16 14:20:35 -08:00
Dane Everitt
7c73f21b30
Fix Node daemon secret not being reset, closes #1390 2018-12-02 13:40:12 -08:00
Dane Everitt
d6e9770937
Merge branch 'develop' into patch-1 2018-12-02 13:01:31 -08:00
Oreo Oreoniv
adcf0c9fee
Fixed Failed event
Thank you very much Laravel for not pointing out the changes to be made when upgrading from 5.6 to 5.7
2018-11-28 23:24:43 +03:00
zKoz210
2d7e889bcc Fixed StyleCI 2018-11-26 03:28:14 +03:00
zKoz210
0b4b1a3443 Initial update 2018-11-26 03:25:18 +03:00
Matthew Penner
0cbedd9c90 Fix LocationController#store() 2018-11-19 22:04:05 -07:00
Matthew Penner
afe128042f
Wait a second, that method doesn't return an array 2018-11-19 21:54:15 -07:00
Dane Everitt
9b654d2c76
Fix bug with client API denying access to routes, closes #1366 2018-11-10 15:27:50 -08:00
Dane Everitt
a9fa60a6fb
Respect pagination settings on frontend
closes #1335
2018-11-10 12:38:35 -08:00
mrkrabs
8ef368faa4
Rename app/Http/Controllers/API/Remote/ValidateKeyController.php to app/Http/Controllers/Api/Remote/ValidateKeyController.php 2018-11-07 18:17:27 +02:00
mrkrabs
7c64492557
Rename app/Http/Controllers/API/Remote/SftpController.php to app/Http/Controllers/Api/Remote/SftpController.php 2018-11-07 18:17:08 +02:00
mrkrabs
c9e207c15d
Rename app/Http/Controllers/API/Remote/EggRetrievalController.php to app/Http/Controllers/Api/Remote/EggRetrievalController.php 2018-11-07 18:16:50 +02:00
mrkrabs
cfbdf07b80
Rename app/Http/Controllers/API/Remote/EggInstallController.php to app/Http/Controllers/Api/Remote/EggInstallController.php 2018-11-07 18:16:28 +02:00
ayan4m1
c5608b1827 rework UI of mail settings page to allow for saving settings before testing 2018-10-13 21:30:47 -04:00
ayan4m1
8b61175c3b add exception message to fail message for mail test 2018-10-13 21:30:47 -04:00
ayan4m1
df9f0be839 styleci tweaks 2018-10-13 21:30:47 -04:00
ayan4m1
670efa3544 styleci tweaks 2018-10-13 21:30:47 -04:00
ayan4m1
ace58dd1df allow test of mail system no matter the type 2018-10-13 21:30:47 -04:00
ayan4m1
1b03ae2efe remove Log::debug() call 2018-10-13 21:30:47 -04:00
ayan4m1
fd3e5fc73e add SMTP mail tester 2018-10-13 21:30:47 -04:00
Dane Everitt
b6205463db
Merge branch 'develop' into feature/vuejs 2018-09-23 13:14:46 -07:00
Andrew DeLisa
262ef78fae Allow deletion of multiple allocations at once (#1322) 2018-09-18 21:43:18 -07:00
Dane Everitt
5ca13839cf
Merge branch 'develop' into feature/vue-serverview 2018-09-05 21:34:59 -07:00
Dane Everitt
f9542c98e2
Fix tests broken by bad namespaces 2018-09-03 15:59:30 -07:00
Dane Everitt
4d62e4c7b9
Merge branch 'develop' into pr/1128 2018-09-03 15:10:23 -07:00
Dane Everitt
3bb9bf04e5
Pass the updated model through for updating node config, rather than old model, ref #1237 2018-09-03 14:54:50 -07:00
Dane Everitt
5bd3f59455
Fix schedules running twice, closes #1288 2018-09-03 14:32:33 -07:00
Dane Everitt
178b8f8ce6
More logical time handling 2018-08-31 21:00:13 -07:00
Dane Everitt
e906ada528
Better handling when deleting a database 2018-08-26 14:01:00 -07:00
Dane Everitt
9be2aa4ca9
Push beginning of DB deletion stuff 2018-08-25 14:43:21 -07:00
Dane Everitt
c28e9c1ab7
Add ability to create new database through the UI 2018-08-22 22:29:20 -07:00
Dane Everitt
17796fb1c4
Add basic database listing for server 2018-08-21 21:47:01 -07:00
Dane Everitt
e9f8751c4c
More filemanager work, directory browsing working 2018-08-13 22:58:58 -07:00
Dane Everitt
92a9146b61
Improve filemanager, get first level folders listing 2018-08-06 23:14:13 -07:00
Dane Everitt
8db9d9bbee
Very rough go at connecting to socket and rendering console data for server 2018-07-20 23:45:07 -07:00
Dane Everitt
f2d2725ca0
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-07-15 16:50:11 -07:00
Dane Everitt
550c622d3b
Obliterate JWT from codebase 2018-07-14 22:48:09 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-14 22:42:58 -07:00
Dane Everitt
6c20ea9881
Add tests for changed controllers 2018-07-04 19:20:33 -07:00
Dane Everitt
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-04 18:12:57 -07:00
Dane Everitt
af9af78938
Merge branch 'develop' into feature/vuejs 2018-07-04 18:09:07 -07:00
Dane Everitt
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
Dane Everitt
603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-02 21:01:04 -07:00
Dane Everitt
48cb01f438
Merge branch 'develop' into feature/vuejs 2018-07-02 21:00:42 -07:00
Stan
1ffb5acfad Send an email when a server is marked as installed (#1213)
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
Dane Everitt
304d947536
Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt
974318ffb4
Logout other sessions when password is changed
closes #1222
2018-06-30 17:50:58 -07:00
Dane Everitt
7711b697ad
Finalize two-factor handling on account. 2018-06-20 23:05:35 -07:00
Dane Everitt
0cc895f2d5
Finalize email/password changing in UI 2018-06-17 16:53:24 -07:00
Dane Everitt
fce394f6bd
Change email handling and logout function 2018-06-16 14:30:20 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal. 2018-06-16 14:05:39 -07:00
Dane Everitt
b8b9acd0e6
Get the base email update working through the API.
Still going to need to determine the best course of action to update the token on the client side.
2018-06-11 22:56:57 -07:00
Jakob Schrettenbrunner
05478e3277 Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-11 21:06:12 +02:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT 2018-06-06 22:49:44 -07:00