Dane Everitt
550c622d3b
Obliterate JWT from codebase
2018-07-14 22:48:09 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
Dane Everitt
6c20ea9881
Add tests for changed controllers
2018-07-04 19:20:33 -07:00
Dane Everitt
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account
2018-07-04 18:12:57 -07:00
Dane Everitt
af9af78938
Merge branch 'develop' into feature/vuejs
2018-07-04 18:09:07 -07:00
Dane Everitt
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
...
Thanks to Trixter#0001 on Discord for this security report.
There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.
This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.
Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
Dane Everitt
603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account
2018-07-02 21:01:04 -07:00
Dane Everitt
48cb01f438
Merge branch 'develop' into feature/vuejs
2018-07-02 21:00:42 -07:00
Stan
1ffb5acfad
Send an email when a server is marked as installed ( #1213 )
...
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
Dane Everitt
304d947536
Allow creating subuser with no permissions
2018-06-30 18:25:46 -07:00
Dane Everitt
974318ffb4
Logout other sessions when password is changed
...
closes #1222
2018-06-30 17:50:58 -07:00
Dane Everitt
7711b697ad
Finalize two-factor handling on account.
2018-06-20 23:05:35 -07:00
Dane Everitt
0cc895f2d5
Finalize email/password changing in UI
2018-06-17 16:53:24 -07:00
Dane Everitt
fce394f6bd
Change email handling and logout function
2018-06-16 14:30:20 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal.
2018-06-16 14:05:39 -07:00
Dane Everitt
b8b9acd0e6
Get the base email update working through the API.
...
Still going to need to determine the best course of action to update the token on the client side.
2018-06-11 22:56:57 -07:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
Dane Everitt
e948d81d8a
Base attempt at using vuex to handle logins
2018-06-05 23:00:01 -07:00
Dane Everitt
02b29a66ea
Use client API to get resource use for a server
2018-06-02 19:08:53 -07:00
Dane Everitt
969b16a563
Apply fixes from StyleCI
...
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
Dane Everitt
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist
2018-05-31 22:59:39 -07:00
Dane Everitt
5f70502f20
Merge branch 'develop' into feature/vuejs
2018-05-31 22:59:16 -07:00
Dane Everitt
fd8d7c3571
Merge pull request #1130 from stanjg/feature/stats-page
...
Added a statistics page to monitor the panel usage
2018-05-31 22:56:58 -07:00
Dane Everitt
a1444b047e
Fix JWT handling for API access when logging in
2018-05-28 14:59:48 -07:00
Dane Everitt
6e5c365018
Use the client API to load servers on the listing page
2018-05-28 13:23:40 -07:00
Dane Everitt
ad69193ac0
Add JWT to login forms
2018-05-28 12:48:42 -07:00
Dane Everitt
6f2fcabf22
Add very basic server search and dynamic rendering functionality
2018-05-26 23:17:02 -07:00
Dane Everitt
9d8830a2d7
Get initial mockup of new server list up
2018-05-26 17:20:36 -07:00
stanjg
60e1ffa564
Added a test for the controller and cleaned up the controller
2018-05-27 00:16:13 +02:00
Dane Everitt
cf90f56777
Merge branch 'develop' into feature/vuejs-auth
2018-05-26 12:17:14 -07:00
stanjg
7a81c61ad8
Wording changes and fix of major fail last commit
2018-05-26 21:02:47 +02:00
stanjg
86e7085396
Cleaned up the controller and prepared for tests
2018-05-26 20:58:49 +02:00
Dane Everitt
0e1b4661ce
Don't allow access to manage page if server failed installing
2018-05-23 22:23:26 -07:00
Dane Everitt
6967b9ba12
Fix exception thrown due to lack of pre-validation on the model.
...
closes #1158
2018-05-20 17:11:52 -07:00
Dane Everitt
00df0b66a6
Merge pull request #1148 from pterodactyl/feature/doc-block-improvements
...
@throws docblock improvements
2018-05-20 16:25:59 -07:00
Dane Everitt
002efddc96
Merge pull request #1146 from pterodactyl/feature/windows-pathinfo-support
...
Add support for Windows, replace all backslashes with forwardslashes
2018-05-20 16:24:58 -07:00
Lance Pioch
71257c67bf
Add more throwing
2018-05-13 12:42:22 -04:00
Lance Pioch
3bc2397795
Library doesn't exist anymore
2018-05-13 12:42:16 -04:00
Lance Pioch
f82b419d47
Update php doc blocks
2018-05-13 12:42:11 -04:00
Lance Pioch
f42f211e65
Add support for Windows, replace all back slashes with forward slashes
2018-05-13 11:39:44 -04:00
Lance Pioch
e2dc0638d9
Fix app/ spelling errors
2018-05-13 11:12:41 -04:00
stanjg
095d85bb60
Added the server as argument, and improved the bug fix
2018-05-06 17:59:11 +02:00
stanjg
06a67bb4bb
Cleaned up some duplicate code
2018-05-05 10:39:20 +02:00
stanjg
28a97fea54
Polished it up
2018-05-04 22:48:43 +02:00
stanjg
93a7d11c28
Made a base
2018-05-04 18:45:37 +02:00
Dane Everitt
4fad244073
Show correct auth error.
2018-04-08 16:16:04 -05:00
Dane Everitt
b6e94d9a1e
Code cleanup
2018-04-08 16:00:52 -05:00
Dane Everitt
6d970a4cc3
Finalize login page!
2018-04-08 15:46:32 -05:00
Dane Everitt
d63624f607
Working login form with password reset functionality.
2018-04-08 15:18:13 -05:00
Dane Everitt
c3e462ab2f
Cleanup login/reset functionality, address security issue with 2FA pathways
2018-04-07 16:17:51 -05:00