Commit graph

222 commits

Author SHA1 Message Date
Dane Everitt
659c33f0e8
Fixes a bug that allows a user to bypass 2FA authentication requirements
This bug was reported to us by a user (@Ferry#1704) on Discord on
Monday, November 7th, 2016.

It was disclosed that it was possible to bypass the 2FA checkpoint by
clicking outside of the modal which would prompt the modal to close,
but not submit the form. The user could then press the login button
which would trigger an error. Due to this error being triggered the
authentication attempt was not cancelled. On the next page load the
application recognized the user as logged in and continued on to the
panel.

At no time was it possible to login without using the correct email
address and password.

As a result of this bug we have re-factored the Authentication code for
logins to address the persistent session. Previously accounts were
manually logged back out on 2FA failure. However, as this bug
demonstrated, causing a fatal error in the code would prevent the
logout code from firing, thus preserving their session state.

This commit modifies the code to use a non-persistent login to handle
2FA checking. In order for the session to be saved the application must
complete all portions of the login without any errors, at which point
the user is persistently authenticated using Auth::login().

This resolves the ability to cause an exception and bypass 2FA
verification.
2016-11-07 15:55:57 -05:00
Dane Everitt
e77b984596
remove beta notice. 🎉🎉🎉 2016-11-04 22:01:30 -04:00
Jakob
6c6a49e709 only push stuff from the terminal outputQueue if there is something inside
this allows to scroll on the console again
2016-11-01 23:22:07 +01:00
Jakob
e65dc5708d Validate password on reset according to rules (#158)
* move password rules to Models\User::PASSWORD_RULES

* validate new password according to rules on password reset

* add password requirements info to auth.passwords.reset view
2016-10-30 16:02:39 -04:00
Dane Everitt
0741ab6833
Revamped resource graphing, uses chart.js 2016-10-30 00:06:55 -04:00
Dane Everitt
013c36fe81
💣 destroy player listing 2016-10-29 21:46:53 -04:00
Dane Everitt
d3220fa553
Fixes double error display on login forms 2016-10-29 20:29:26 -04:00
Dane Everitt
51c07bf1f2
🎉 Add support for uploading files from file listing! 🎉
closes #22
2016-10-28 18:21:12 -04:00
Dane Everitt
63d7062f3c
Make dates a little more user friendly 2016-10-28 16:34:23 -04:00
Dane Everitt
449324fa1c
Show spinner when decompressing files. 2016-10-28 15:54:57 -04:00
Dane Everitt
ac82194ed4
Faster file uploads and less console spam 2016-10-28 15:39:58 -04:00
Dane Everitt
ff93d6ce16
Rebase 2016-10-27 20:14:24 -04:00
Dane Everitt
6fd7c78f0c
Add server deletion to a queue.
This action allows servers to be deleted, but only be soft-deleted for
10 minutes. After that time period the server will be completely
removed from the database and daemon. This allows some safety if a
server is accidentally deleted.

Force deleting a server will still work. If the daemon is in-accessible
the server will fail to be deleted. When server is soft-deleted admins
can still view its information page in the admin CP, however the server
will be suspended and inaccessible on the front-end or though the
daemon.

Admins can manually delete the server ahead of the delete timer, or if
it failed to delete previously they can do an immediate retry.
2016-10-27 20:05:29 -04:00
Dane Everitt
0b044b3cc6
fixes bug that would allow deleting the default allocation for a server. 2016-10-23 18:59:13 -04:00
Dane Everitt
0a481b325c
Clean up server display a bit 2016-10-23 18:55:41 -04:00
Dane Everitt
6b011fcd36
Add file manager refresh without reload; ❤️ @parkervcp 2016-10-21 18:09:35 -04:00
Dane Everitt
6b89dbd451
Fix errors on node graphs
These graphs will be removed in a future release, so I’m not going to
make them look pretty right now.
2016-10-21 17:37:47 -04:00
Dane Everitt
ad906e0680
FQDN support for allocations, and JS bug fix. 2016-10-21 17:33:26 -04:00
Dane Everitt
6731f7ffbc
Modernize user pages a bit 2016-10-21 15:50:10 -04:00
Dane Everitt
bef717b202
add typeahead support for owner email when adding new server
closes #144
pic: http://s3.pterodactyl.io/UpPSJ.png
2016-10-21 15:22:47 -04:00
Dane Everitt
f9f751b7f2
fixes server overview listing location as the node 2016-10-21 14:48:04 -04:00
Dane Everitt
8660fcdc60 Merge pull request #149 from Pterodactyl/feature/better-api
Implement better API system
2016-10-20 18:41:16 -04:00
Dane Everitt
f24347d1bd
Remove old admin routes, fix display to non-admins
Complete!
2016-10-20 18:40:16 -04:00
Dane Everitt
53ec2c55ec
Add front-end support for adding and deleting API keys. 2016-10-20 18:20:58 -04:00
Dane Everitt
b3f078add2 Merge pull request #146 from ET-Bent/patch-1
Fix node view in admin panel
2016-10-17 12:29:51 -04:00
ET-Bent
7d1cba8d52 Better name scheming for console 2016-10-17 00:09:28 +02:00
ET-Bent
ce5374ea6b Fix node view in admin panel 2016-10-17 00:07:55 +02:00
Dane Everitt
745c735b32
Add initial basic API changes
New route is `/api/me`
2016-10-14 20:22:23 -04:00
Dane Everitt
7cf7a5a961
Split account things into own controllers. 2016-10-14 17:15:36 -04:00
Dane Everitt
e5ffb15020
Add support for new file upload mechanics 2016-10-13 21:03:49 -04:00
Dane Everitt
649b18c8d1
support for server filtering
closes #125
2016-10-12 17:12:27 -04:00
Dane Everitt
0fe0f750c4
node status in list, closes #124 2016-10-07 15:15:04 -04:00
Dane Everitt
b850256657
Fix auto-deploy checkbox behavior 2016-10-07 13:47:14 -04:00
Dane Everitt
06756af994
add ?daemon=true option to API for servers 2016-10-06 23:56:32 -04:00
Dane Everitt
a2fc511e7e
Add permissions for filemanager stuff to subusers 2016-10-06 20:29:21 -04:00
Dane Everitt
956e9279d3
fixed width icons 2016-10-06 19:48:51 -04:00
Dane Everitt
eca4e61a4d
Add file/folder create support from dropdown menu
closes #126
2016-10-06 19:39:45 -04:00
Dane Everitt
1d747ec647
Support for file copying 2016-10-06 19:15:40 -04:00
Dane Everitt
5356ee379e
Fix for chrome escape key, also fixes unbind issue with file manager after escaping
closes #122
closes #121
2016-10-06 17:53:28 -04:00
Dane Everitt
1512c73bb5
Use logical move route name 2016-10-06 17:30:17 -04:00
Dane Everitt
d06f83a0cd
Better parent click finding, fixes bugs when clicking directly on words 2016-10-06 17:27:50 -04:00
Dane Everitt
24d49be150
Pesky spaces... fixes extra space on end of sftp password, closes #116 2016-10-04 22:32:36 -04:00
Dane Everitt
520afb449c
Fixes overlay huge table for session listing, closes #105 2016-10-04 22:27:22 -04:00
Dane Everitt
9c7b753576
Complete code for new file manager 2016-10-04 21:38:22 -04:00
Dane Everitt
4d922b6a0c
Clean up file adding and listing 2016-10-03 21:09:20 -04:00
Dane Everitt
81dc74a175
File adding support, editor enhancements, JS improved. 2016-10-03 20:22:28 -04:00
Dane Everitt
50b377d08c
Add deletion support and improved rename erroring 2016-10-03 19:35:10 -04:00
Dane Everitt
cf9a70ddca
Add file deletion support, fix renaming deleting URL hash 2016-10-03 16:36:12 -04:00
Dane Everitt
72a57604df
Be more logical in file naming... 2016-10-03 15:15:06 -04:00
Dane Everitt
cff59a2f88
update 'back to manager' link 2016-10-03 15:14:58 -04:00