Commit graph

1108 commits

Author SHA1 Message Date
Dane Everitt
fd49e524c8
Update middleware code 2018-09-03 15:17:53 -07:00
Dane Everitt
4d62e4c7b9
Merge branch 'develop' into pr/1128 2018-09-03 15:10:23 -07:00
Dane Everitt
c6112b4234
Fix tests 2018-09-03 14:59:00 -07:00
Dane Everitt
3bb9bf04e5
Pass the updated model through for updating node config, rather than old model, ref #1237 2018-09-03 14:54:50 -07:00
Dane Everitt
7ed9c7cb93
Correctly store changes to upload size limit, closes #1237 2018-09-03 14:53:58 -07:00
Dane Everitt
5bd3f59455
Fix schedules running twice, closes #1288 2018-09-03 14:32:33 -07:00
Dane Everitt
413a22a3d5
Changes to job running to clean up code 2018-09-03 14:04:25 -07:00
Dane Everitt
bcb3f5d5fa
Fix handling of times 2018-08-31 21:12:10 -07:00
Dane Everitt
178b8f8ce6
More logical time handling 2018-08-31 21:00:13 -07:00
Dane Everitt
e5636405f3
Drop carbon, use chronos 2018-08-31 20:52:15 -07:00
Dane Everitt
f3efe546da
Fix broken namespace for autoloader 2018-08-31 20:34:57 -07:00
Dane Everitt
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
Stan
1ffb5acfad Send an email when a server is marked as installed (#1213)
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
Dane Everitt
d2bc791d74
Fix links sent to users when accounts are created
closes #1093
2018-06-30 18:47:31 -07:00
Dane Everitt
304d947536
Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt
96699b192e
Don't verify SSL signatures in dev
[skip ci]
2018-06-30 18:24:35 -07:00
Dane Everitt
974318ffb4
Logout other sessions when password is changed
closes #1222
2018-06-30 17:50:58 -07:00
Sergzy
bad9ae58e8 Fix environment_variables name (#1212) 2018-06-30 13:25:40 -07:00
Jacob Gee-Clarke
d73e5a2274 Fixed my fix to fix the 500 error on /api/application/nodes when not specifying a daemon_base (#1182) 2018-06-02 14:34:01 -07:00
Dane Everitt
969b16a563 Apply fixes from StyleCI
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
stanjg
b56f3a8671
Expanded the middleware test 2018-06-01 16:22:06 +02:00
stanjg
e9ac014bf4
Removed the use of Auth facade and removed unnecesary option 2018-06-01 16:10:32 +02:00
stanjg
3bb9e5e8a8 Merge branch 'develop' of https://github.com/stanjg/panel into feature/user-specific-language 2018-06-01 15:58:09 +02:00
Dane Everitt
fd8d7c3571
Merge pull request #1130 from stanjg/feature/stats-page
Added a statistics page to monitor the panel usage
2018-05-31 22:56:58 -07:00
stanjg
ccf3e3511f
Renamed middleware, and fixed the test 2018-05-31 16:40:18 +02:00
stanjg
013dde75ae
Renamed the field and made some improvements 2018-05-31 16:34:35 +02:00
stanjg
60e1ffa564
Added a test for the controller and cleaned up the controller 2018-05-27 00:16:13 +02:00
stanjg
7a81c61ad8
Wording changes and fix of major fail last commit 2018-05-26 21:02:47 +02:00
stanjg
86e7085396
Cleaned up the controller and prepared for tests 2018-05-26 20:58:49 +02:00
Dane Everitt
e648e50d90
Write some example tests for @stanjg 2018-05-26 11:00:28 -07:00
Dane Everitt
e3bbd85f3f
Merge branch 'develop' into pr/1129 2018-05-26 10:34:29 -07:00
Dane Everitt
0e1b4661ce
Don't allow access to manage page if server failed installing 2018-05-23 22:23:26 -07:00
Dane Everitt
6967b9ba12
Fix exception thrown due to lack of pre-validation on the model.
closes #1158
2018-05-20 17:11:52 -07:00
Dane Everitt
fae5acf99f
Fix bug when loading server owner dropdown
closes #1137
2018-05-20 17:00:50 -07:00
Dane Everitt
b4e510fbe3
Fixes before release 2018-05-20 16:49:54 -07:00
Dane Everitt
7e2e5fd7c1
Merge branch 'develop' into feature/upgrade-laravel-to-5.6 2018-05-20 16:30:42 -07:00
Dane Everitt
00df0b66a6
Merge pull request #1148 from pterodactyl/feature/doc-block-improvements
@throws docblock improvements
2018-05-20 16:25:59 -07:00
Dane Everitt
002efddc96
Merge pull request #1146 from pterodactyl/feature/windows-pathinfo-support
Add support for Windows, replace all backslashes with forwardslashes
2018-05-20 16:24:58 -07:00
Dane Everitt
457e461f45
Merge pull request #1144 from pterodactyl/feature/spelling
Spellchecked the whole application
2018-05-20 16:24:09 -07:00
Lance Pioch
6a4443b751 Fix the styling 2018-05-13 17:41:01 -04:00
Lance Pioch
02379b657d Replace the log writer class with the new one 2018-05-13 16:40:31 -04:00
Lance Pioch
b232055676 Fix style change 2018-05-13 12:43:59 -04:00
Lance Pioch
71257c67bf Add more throwing 2018-05-13 12:42:22 -04:00
Lance Pioch
3bc2397795 Library doesn't exist anymore 2018-05-13 12:42:16 -04:00
Lance Pioch
f82b419d47 Update php doc blocks 2018-05-13 12:42:11 -04:00
Lance Pioch
8bf030793f Replace loggin contract 2018-05-13 12:25:34 -04:00
Lance Pioch
9cbada17b2 Merge branch 'feature/cron-job-fix' into feature/upgrade-laravel-to-5.6 2018-05-13 11:59:51 -04:00
Lance Pioch
53829399de Make sure this trust proxies is also changed 2018-05-13 11:59:25 -04:00
Lance Pioch
f42f211e65 Add support for Windows, replace all back slashes with forward slashes 2018-05-13 11:39:44 -04:00
Lance Pioch
e2dc0638d9 Fix app/ spelling errors 2018-05-13 11:12:41 -04:00
Lance Pioch
ba96829d13 Fix cron jobs by removing the extra unusable argument 2018-05-13 00:42:25 -04:00
Xander Smeets
5f6ee45f44 Fixed typo (#1134) 2018-05-06 11:22:30 -07:00
stanjg
095d85bb60
Added the server as argument, and improved the bug fix 2018-05-06 17:59:11 +02:00
stanjg
06a67bb4bb
Cleaned up some duplicate code 2018-05-05 10:39:20 +02:00
stanjg
28a97fea54
Polished it up 2018-05-04 22:48:43 +02:00
stanjg
93a7d11c28
Made a base 2018-05-04 18:45:37 +02:00
stanjg
86c8ecdcdf
Added the actual logic 2018-05-04 15:02:51 +02:00
stanjg
17a72d0895
StyleCI fixes 2018-05-04 14:05:42 +02:00
stanjg
9ae25538c3
Made it so users can switch languages themselves 2018-05-04 13:08:41 +02:00
stanjg
9a06647435
Added support for user specific languages 2018-05-04 12:56:30 +02:00
Lance Pioch
88fd83d413 Remove unused imports (#1102) 2018-04-08 15:37:27 -05:00
Lance Pioch
ceff5acb85 Public is just the boolean (#1101) 2018-04-08 15:36:40 -05:00
Dane Everitt
68f0811273
Merge branch 'feature/api-integration-testing' into develop 2018-03-26 19:55:28 -05:00
Stan
f1a76ec7fd Add description field to nodes (#1065) 2018-03-26 13:57:24 -05:00
Stan
56478d81da Added cast for 'public' field (#1085)
The missing cast was resulting in the API to send a 0 or 1 instead of true or false for the public field
2018-03-26 13:56:58 -05:00
Dane Everitt
565c5ddc52
Add integration tests for nests 2018-03-25 17:41:36 -05:00
Dane Everitt
bde4d4187f
Merge branch 'develop' into feature/api-integration-testing 2018-03-21 22:25:16 -05:00
Dane Everitt
b96c2d16ee
Added validation to variable validation rules to validate that the validation rules are valid
closes #988
2018-03-17 15:09:09 -05:00
Dane Everitt
3e2ac981a9
Add API endpoint for getting server resource utilization, closes #900
This endpoint is throttled to 15 requests per minute to avoid destroying the daemon since clients can use it.
2018-03-17 14:01:53 -05:00
Dane Everitt
21cd0688e0
Added giant warning message if you attempt to change an encryption key once one has been set. 2018-03-10 15:18:24 -06:00
Dane Everitt
f8e98e9c9e
Add ability to change server name, closes #563 2018-03-10 14:44:21 -06:00
Dane Everitt
e55d3c1a9a
Add check on SFTP page to make sure the permission is assigned before showing 2018-03-10 14:26:00 -06:00
Dane Everitt
abd2a42471
Fix data integrity exception thrown when attempting to store updated server egg variables 2018-03-10 13:55:24 -06:00
Dane Everitt
40c74ae1e7
Add validation to prevent invalid ports, closes #1034 2018-03-10 13:10:40 -06:00
Dane Everitt
e5c59c4984
Change exception handling for display exception 2018-03-10 13:02:41 -06:00
Dane Everitt
ef371a508d
Change check on debugbar to use debug not environment 2018-03-10 12:03:23 -06:00
Dane Everitt
dfb002fb33
Change config value for daemon 2018-03-08 23:35:36 -06:00
Dane Everitt
5839034e8f
Fix egg copy from, closes #995 2018-03-06 23:07:00 -06:00
Dane Everitt
4964d294f6
Throw 504 where necessary 2018-03-06 22:17:01 -06:00
Dane Everitt
ac9f83a8fe
Fix test to run with new bootstrapping 2018-03-04 22:42:33 -06:00
Dane Everitt
e8ea218f20
Add integration test for remaining application api user endpoints 2018-03-04 22:35:57 -06:00
Dane Everitt
bbbab4bf81
Handle error codes from custom rules better 2018-03-04 22:21:23 -06:00
Dane Everitt
e2aa01c9cc
First go at integration tests 2018-03-04 16:30:16 -06:00
Dane Everitt
36837df0a6
Use beginning of UUID for server uuidShort 2018-03-03 22:20:53 -06:00
Dane Everitt
85e75a2808
Fix bulk key revocation 2018-03-03 21:53:07 -06:00
Dane Everitt
d7efb4c4a2
Fix inability to revoke admin tokens from daemon 2018-03-03 21:45:10 -06:00
Dane Everitt
a4f03f5d02
Handle missing daemon keys better and fix subuser missing key errors 2018-03-03 21:31:44 -06:00
Dane Everitt
6d217869e0
Don't load daemon key on server models automatically. 2018-03-03 18:09:49 -06:00
Dane Everitt
a31334c0c5
Fix SQl queries being executed unnecessarily when listing servers 2018-03-03 18:00:23 -06:00
Dane Everitt
c739f292e4
paginate databases when viewing a host 2018-03-03 17:52:35 -06:00
Dane Everitt
dff7e8f734
Fix server creation in UI and API 2018-03-02 23:11:30 -06:00
Dane Everitt
0135f7ee8e
Add test for new command 2018-03-02 21:26:42 -06:00
Dane Everitt
021710aa1c
Add bulk power management via CLI 2018-03-02 20:58:58 -06:00
Dane Everitt
c6137db529
Fix build limit management in Admin CP 2018-03-02 19:49:09 -06:00
Dane Everitt
e39353a18d
Add tests for new service 2018-03-02 19:37:21 -06:00
Dane Everitt
bcb69603ad
Add support for user management of databases 2018-03-02 19:03:55 -06:00
Dane Everitt
07893effa3
Add initial go at user created databases for servers, still needs cleaning 2018-03-01 21:27:37 -06:00
Dane Everitt
87b96bdfc8
Add core logic to allow for limited databases and allocations 2018-03-01 20:08:27 -06:00
Dane Everitt
5f6c153537
Validate resource existence before validating data sent 2018-03-01 20:00:14 -06:00
Dane Everitt
070239abcf
Fix inability to edit certain environment vars and start line, closes #1008 2018-03-01 19:26:11 -06:00