Commit graph

2299 commits

Author SHA1 Message Date
Dane Everitt
ec8e434375
Set the 2fa image to always have a consistent height, less jarring transition 2018-07-04 19:00:20 -07:00
Dane Everitt
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-04 18:12:57 -07:00
Dane Everitt
6419b1cf81
Handle password reset logic change for 2fa 2018-07-04 18:11:43 -07:00
Dane Everitt
af9af78938
Merge branch 'develop' into feature/vuejs 2018-07-04 18:09:07 -07:00
Dane Everitt
d9948f2876
Update changelog 2018-07-04 11:42:57 -07:00
Dane Everitt
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
Dane Everitt
b342d4dc6b
Change v:serve to match the new vagrant setup 2018-07-03 23:11:22 -07:00
Dane Everitt
603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-02 21:01:04 -07:00
Dane Everitt
48cb01f438
Merge branch 'develop' into feature/vuejs 2018-07-02 21:00:42 -07:00
Jan
422e5dd99f Update strings.php (#1227)
Fixed typo.
2018-07-02 15:04:16 -07:00
Dane Everitt
8915c3ec28
Update dependencies 2018-07-01 14:50:11 -07:00
Lance Pioch
b5022766df Do not keep processing the file/folder paths if the user has cancelled the operation and fix #1124 (#1177) 2018-07-01 14:42:01 -07:00
Stan
1ffb5acfad Send an email when a server is marked as installed (#1213)
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
Dane Everitt
c42605e495
Merge branch 'develop' of https://github.com/Pterodactyl/Panel into develop 2018-07-01 13:50:56 -07:00
Dane Everitt
eeb4d88cbd
Disable codecov failing PRs 2018-07-01 13:50:55 -07:00
Isaac A
b6d18b0a36 Add support for authentication via Unix socket (#1206)
Co-authored-by: @tenten8401
2018-07-01 13:47:00 -07:00
Dane Everitt
1df3efdfb0
Fix eggs (#1224) 2018-06-30 18:52:32 -07:00
Dane Everitt
d2bc791d74
Fix links sent to users when accounts are created
closes #1093
2018-06-30 18:47:31 -07:00
Dane Everitt
304d947536
Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt
96699b192e
Don't verify SSL signatures in dev
[skip ci]
2018-06-30 18:24:35 -07:00
Dane Everitt
59730dcbc9
Speed up tests, allow coverage to fail since thats a slow process 2018-06-30 18:01:23 -07:00
Dane Everitt
5a97f54013
Try concurrent build process for travis 2018-06-30 17:55:41 -07:00
Dane Everitt
974318ffb4
Logout other sessions when password is changed
closes #1222
2018-06-30 17:50:58 -07:00
Matthew Penner
1da05a2ee2 Fix typo (#1210) 2018-06-30 13:25:51 -07:00
Sergzy
bad9ae58e8 Fix environment_variables name (#1212) 2018-06-30 13:25:40 -07:00
Stan
ad9ed5ea00 Fixed the permission (#1217) 2018-06-30 13:23:48 -07:00
Dane Everitt
7711b697ad
Finalize two-factor handling on account. 2018-06-20 23:05:35 -07:00
Dane Everitt
0cc895f2d5
Finalize email/password changing in UI 2018-06-17 16:53:24 -07:00
Dane Everitt
81da55d46b
Actually fix the endless redirect loop when the application needs a fresh JWT. 2018-06-17 15:06:34 -07:00
Dane Everitt
5c3d3f6ce9
Better support for mobile devices on login and account pages 2018-06-16 18:04:48 -07:00
Dane Everitt
941c585c73
Fix animations being nuked on production compilation 2018-06-16 17:13:03 -07:00
Dane Everitt
074a929315
Fix icon size in production compiled assets 2018-06-16 17:05:06 -07:00
Dane Everitt
7d509e8ae5
Remove the glow on inputs in Safari/Chrome 2018-06-16 17:00:35 -07:00
Dane Everitt
462e59e330
Make modals look sane on phones 2018-06-16 16:50:18 -07:00
Dane Everitt
ac7cefb83f
Make the account page mobile friendly 2018-06-16 16:43:52 -07:00
Dane Everitt
4e4a183f48
Put the modal more at the top, looks funky in middle 2018-06-16 16:27:53 -07:00
Dane Everitt
d6959ea3dd
Add a basic modal template to be used 2018-06-16 16:25:26 -07:00
Dane Everitt
84fecb7a92
Import only the needed things from lodash 2018-06-16 15:05:36 -07:00
Dane Everitt
fce394f6bd
Change email handling and logout function 2018-06-16 14:30:20 -07:00
Dane Everitt
ca0c35bf82
Avoid getting stuck in an endless redirect loop... 2018-06-16 14:27:23 -07:00
Dane Everitt
1acedc2de2
Remove luxon completely. 2018-06-16 14:11:58 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal. 2018-06-16 14:05:39 -07:00
Dane Everitt
24bb8da43d
Fix CSS issue with login page due to input classes 2018-06-16 12:43:32 -07:00
Dane Everitt
b8b9acd0e6
Get the base email update working through the API.
Still going to need to determine the best course of action to update the token on the client side.
2018-06-11 22:56:57 -07:00
Dane Everitt
14927c3e7e
Add base UI for account management 2018-06-11 22:36:43 -07:00
Dane Everitt
e5e66fdb58
Fix error handling in dashboard 2018-06-11 20:42:01 -07:00
Jakob Schrettenbrunner
05478e3277 Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-11 21:06:12 +02:00
Jakob Schrettenbrunner
f971cdf9ca add v:serve shortcut for vagrant
automatically install nodejs and yarn
add some info on change detection in vagrant to BUILDING.md
2018-06-11 00:32:54 +02:00
Jakob Schrettenbrunner
5e3f705a4c add postcss for proper css compiling 2018-06-11 00:32:07 +02:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT 2018-06-06 22:49:44 -07:00