Dane Everitt
659c33f0e8
Fixes a bug that allows a user to bypass 2FA authentication requirements
...
This bug was reported to us by a user (@Ferry#1704) on Discord on
Monday, November 7th, 2016.
It was disclosed that it was possible to bypass the 2FA checkpoint by
clicking outside of the modal which would prompt the modal to close,
but not submit the form. The user could then press the login button
which would trigger an error. Due to this error being triggered the
authentication attempt was not cancelled. On the next page load the
application recognized the user as logged in and continued on to the
panel.
At no time was it possible to login without using the correct email
address and password.
As a result of this bug we have re-factored the Authentication code for
logins to address the persistent session. Previously accounts were
manually logged back out on 2FA failure. However, as this bug
demonstrated, causing a fatal error in the code would prevent the
logout code from firing, thus preserving their session state.
This commit modifies the code to use a non-persistent login to handle
2FA checking. In order for the session to be saved the application must
complete all portions of the login without any errors, at which point
the user is persistently authenticated using Auth::login().
This resolves the ability to cause an exception and bypass 2FA
verification.
2016-11-07 15:55:57 -05:00
Dane Everitt
48994c1354
Fix the other user bug...
2016-11-04 21:50:47 -04:00
Dane Everitt
4359252545
Fix a @schrej bug
2016-11-04 21:46:16 -04:00
Dane Everitt
61e65294af
Fix bug preventing rendering of database hosts when not linked to a node.
2016-11-04 20:44:56 -04:00
Jakob
e65dc5708d
Validate password on reset according to rules ( #158 )
...
* move password rules to Models\User::PASSWORD_RULES
* validate new password according to rules on password reset
* add password requirements info to auth.passwords.reset view
2016-10-30 16:02:39 -04:00
Dane Everitt
6fd7c78f0c
Add server deletion to a queue.
...
This action allows servers to be deleted, but only be soft-deleted for
10 minutes. After that time period the server will be completely
removed from the database and daemon. This allows some safety if a
server is accidentally deleted.
Force deleting a server will still work. If the daemon is in-accessible
the server will fail to be deleted. When server is soft-deleted admins
can still view its information page in the admin CP, however the server
will be suspended and inaccessible on the front-end or though the
daemon.
Admins can manually delete the server ahead of the delete timer, or if
it failed to delete previously they can do an immediate retry.
2016-10-27 20:05:29 -04:00
Dane Everitt
bef717b202
add typeahead support for owner email when adding new server
...
closes #144
pic: http://s3.pterodactyl.io/UpPSJ.png
2016-10-21 15:22:47 -04:00
Dane Everitt
f24347d1bd
Remove old admin routes, fix display to non-admins
...
Complete!
2016-10-20 18:40:16 -04:00
Dane Everitt
b1a9a59707
Update middleware to handle wildcards correctly.
2016-10-20 18:35:55 -04:00
Dane Everitt
53ec2c55ec
Add front-end support for adding and deleting API keys.
2016-10-20 18:20:58 -04:00
Dane Everitt
dfeed013ba
Server API obey's the subuser permissions as well
2016-10-20 17:04:58 -04:00
Dane Everitt
125856d92f
Support for server info and minor changes to API setup
2016-10-20 16:42:54 -04:00
Dane Everitt
5a03ce7e1a
Add support for controlling server power from API.
2016-10-20 13:39:39 -04:00
Dane Everitt
745c735b32
Add initial basic API changes
...
New route is `/api/me`
2016-10-14 20:22:23 -04:00
Dane Everitt
126df09152
Fix route handling
2016-10-14 17:17:35 -04:00
Dane Everitt
7cf7a5a961
Split account things into own controllers.
2016-10-14 17:15:36 -04:00
Dane Everitt
63058d8c8e
Super early base implementation of notifications from daemon
2016-10-14 16:20:24 -04:00
Dane Everitt
649b18c8d1
support for server filtering
...
closes #125
2016-10-12 17:12:27 -04:00
Dane Everitt
84a4c8b7f4
API enhancements, return node config, return 200 not 201
2016-10-12 15:42:23 -04:00
Dane Everitt
c8a73fa608
Log the error output for API
2016-10-07 16:10:54 -04:00
Dane Everitt
af68dbed8f
Add support for base API logging of all requests
...
ref #31
2016-10-07 16:06:09 -04:00
Dane Everitt
06422b2055
fix up API route return
2016-10-07 14:26:50 -04:00
Dane Everitt
06756af994
add ?daemon=true option to API for servers
2016-10-06 23:56:32 -04:00
Dane Everitt
9d10c2a757
Support custom user id though API, closes #115
2016-10-06 22:36:59 -04:00
Dane Everitt
77198b48df
Support folders within folders for JS path
2016-10-06 17:27:30 -04:00
Dane Everitt
8330e26b39
Update routes to reflect daemon changes
2016-10-04 21:38:32 -04:00
Dane Everitt
4d922b6a0c
Clean up file adding and listing
2016-10-03 21:09:20 -04:00
Dane Everitt
fb4d122a2a
More updates to file manager
...
Not doing individual commits for this, tons of changes for tons of
different aspects across multiple files.
2016-10-01 23:09:55 -04:00
Dane Everitt
71245cb531
Minor changes to support better dynamic JS loading
2016-09-30 20:53:08 -04:00
Dane Everitt
831399184f
clean up front-end port allocation handling
2016-09-30 18:21:02 -04:00
Dane Everitt
bd7fd836ff
clean up node allocation
2016-09-30 17:12:36 -04:00
Dane Everitt
16222d1bd7
redirect if no locations
2016-09-30 16:05:39 -04:00
Dane Everitt
2e88c51ac7
If value is empty set to null
2016-09-30 16:01:36 -04:00
Dane Everitt
a9d0b4a4fe
Add support for setting IP aliases though panel
2016-09-29 21:34:20 -04:00
Dane Everitt
723e34a784
redirect to allocation tab when created
2016-09-29 17:47:47 -04:00
Dane Everitt
d9f1a7faf7
allow setting variable options to "0", closes #87
2016-09-17 20:25:13 -04:00
Dane Everitt
812b869be8
add ability to change servers docker image
2016-09-17 20:14:36 -04:00
Dane Everitt
7dd00d6d88
Fix startup executable display bug
2016-09-16 18:44:12 -04:00
Dane Everitt
bcd4b35890
Startup not required, fix display executable bug
2016-09-16 18:39:36 -04:00
Dane Everitt
06c680ee52
Fix redirect on server delete
2016-09-14 18:36:33 -04:00
Dane Everitt
c2d0a5adb3
Fix exception loading typo
2016-09-14 18:36:33 -04:00
Dane Everitt
228d6b1b21
Clean up exception handling code, closes #81
...
Makes sure things get logged properly.
2016-09-07 16:12:06 -04:00
Dane Everitt
e0bff4db8e
closes #85 , also fixes route names
2016-09-07 15:28:57 -04:00
Dane Everitt
9fb0cb420e
Add subuser support to tasks
...
Also allow task creation…
2016-09-05 17:39:58 -04:00
Dane Everitt
9b4a0ed143
Add task toggle and delete
2016-09-05 17:13:22 -04:00
Dane Everitt
7529e961de
Add back API ( #80 )
...
Re-implements the API after it was removed in the Laravel 5.3 upgrade.
2016-09-05 16:21:36 -04:00
Dane Everitt
b02df8e610
Implement base notifications support ( #77 )
...
* initial implementation of notifications
* typehint UUID returns. Fixes that notifications bug
2016-09-05 12:00:56 -04:00
Dane Everitt
b3ca8a3732
Fix password reset redirection path
2016-09-04 19:08:46 -04:00
Dane Everitt
afb5011fbe
Update to Laravel 5.3
...
[BREAKING] — REMOVES REMOTE API
A new API will need to be implemented properly using the new Laravel
Passport OAuth2 system. DingoAPI was becoming too unstable and
development wasn’t really moving along enough to continue to rely on it.
2016-09-03 17:09:00 -04:00
Dane Everitt
8e657a0bf0
Remove old 'active' column and replace some references with 'suspended' in place
2016-09-01 21:21:01 -04:00
Dane Everitt
38eae88bd0
Add support for suspension
2016-09-01 21:16:38 -04:00
Dane Everitt
e8c175f385
Add IP Aliasing ( #72 )
...
* complete support for IP Alias's throughout panel
Includes a database change and probably better allocation handling
anyways
closes #37
2016-08-31 16:03:37 -04:00
Dane Everitt
4d31004cf4
Suppress overly verbose error output to users
2016-08-16 19:20:58 -04:00
Dane Everitt
445b2f20eb
closes #69
2016-08-16 19:06:03 -04:00
Dane Everitt
5233d6e87b
Add database password change support and fix column name
2016-08-16 00:07:10 -04:00
Dane Everitt
67d9f9f4ab
Improve scheduled task layout and data handling
2016-03-18 16:23:10 -04:00
Dane Everitt
e7436aab2b
Add active session management
2016-02-26 00:35:23 -05:00
Dane Everitt
f6be06164f
fix user controller; closes #58 , closes #59
2016-02-21 01:15:37 -05:00
Dane Everitt
48b9bc0c52
add support for variable creation and deletion
2016-02-21 00:38:03 -05:00
Dane Everitt
dcf2f6fa0a
fix up urls to follow a cleaner pattern
2016-02-21 00:07:03 -05:00
Dane Everitt
dcfdb89e3c
add support for deleting service option
2016-02-20 16:55:05 -05:00
Dane Everitt
1e9bf1c220
Add support for adding new service option
2016-02-20 16:45:13 -05:00
Dane Everitt
177bd4ec9d
add ability to delete a service
2016-02-20 16:23:04 -05:00
Dane Everitt
a50bb5da14
add ability to create new service
2016-02-20 16:02:49 -05:00
Dane Everitt
e42547a1ff
add support for editing service options
2016-02-20 15:59:37 -05:00
Dane Everitt
ad5e253a07
Really basic initial implementation of service management
2016-02-15 15:21:28 -05:00
Dane Everitt
217762a2eb
More complete implementation of database management in panel.
...
Still missing ability to change passwords for databases, but that will
come soon.
2016-02-14 21:43:20 -05:00
Dane Everitt
a36f3dd875
Fix startup variable editing to allow admin full control
2016-02-13 17:36:03 -05:00
Dane Everitt
a903ae313a
Add per-service-option startup & executable
...
Also fixes display issue on front-end where users could see and edit
hidden settings
Fixes a bug in relation to #57
2016-02-13 17:29:52 -05:00
Dane Everitt
5678d643cd
Very basic view of databases and database servers on the system
2016-02-13 00:18:32 -05:00
Dane Everitt
7013d10987
Add basic support for per-server databases
...
Still missing ability to define database servers
2016-02-08 18:03:05 -05:00
Dane Everitt
a9ced7d474
Very basic initial auto-deploy script setup
2016-02-05 23:41:16 -05:00
Dane Everitt
4d99d57820
fix associated server display; closes #43
2016-01-25 19:14:32 -05:00
Dane Everitt
333aa73be5
Remove exception logging for connection error; closes #40
2016-01-25 18:42:27 -05:00
Dane Everitt
873f39d574
fix download error; closes #39
2016-01-25 18:39:34 -05:00
Dane Everitt
7bb0190ffa
Change hmac method
2016-01-22 21:56:54 -05:00
Dane Everitt
aac498808c
closes #30
2016-01-22 21:53:11 -05:00
Dane Everitt
be48fbd418
Fix allocation selection
2016-01-22 21:43:56 -05:00
Dane Everitt
fbd1b3f097
Improved display for server view if not installed
2016-01-22 20:39:16 -05:00
Dane Everitt
be47565c78
Update to match new installer processing.
2016-01-22 20:31:47 -05:00
Dane Everitt
4719b20a27
Implement server startup stuff
2016-01-22 19:40:48 -05:00
Dane Everitt
52229d5d2e
Add SFTP management to server front-end
2016-01-21 23:58:08 -05:00
Dane Everitt
63f4d08f0f
Add language switching support
2016-01-20 22:39:02 -05:00
Dane Everitt
b63fc02cef
Add settings to panel
2016-01-20 22:08:13 -05:00
Dane Everitt
591cc8648d
Fix user creation
2016-01-20 22:08:13 -05:00
Dane Everitt
40c68a5391
Add title to copyright
2016-01-20 16:05:16 -05:00
Dane Everitt
026df6a36f
Relicense project under MIT
...
Permission obtained from @DDynamic. Contributions from other users were
removed since we did not obtain permission from them for the re-license.
From this point forward all contributors must have a signed Contributor
License Agreement on file.
2016-01-20 15:56:40 -05:00
Dane Everitt
b0bcb879d0
Add license details to add app files.
2016-01-19 19:10:39 -05:00
Dane Everitt
ac6edc4d64
Completed subuser system
2016-01-18 19:57:10 -05:00
Dane Everitt
b7666bdb05
Basic initial subuser management
2016-01-18 01:24:33 -05:00
Dane Everitt
644f26fbfe
Add location creation
2016-01-16 23:10:46 -05:00
Dane Everitt
fb5533f107
add location editing
2016-01-16 22:57:28 -05:00
Dane Everitt
21a95a5d0e
Add location delete support
2016-01-16 22:29:35 -05:00
Dane Everitt
861af87e93
Fix password reset system
2016-01-16 21:57:10 -05:00
Dane Everitt
8e92f96999
Fix logout
2016-01-16 21:45:35 -05:00
Dane Everitt
c701aa0825
Add support for CIDR ranges on API
2016-01-16 20:17:46 -05:00
Dane Everitt
317698a84a
encrypt API keys
2016-01-16 20:11:31 -05:00
Dane Everitt
3e595ca856
Add API Management to admin CP
2016-01-16 19:56:48 -05:00
Dane Everitt
ade16e64c8
Fix api route permission
2016-01-16 17:34:07 -05:00
Dane Everitt
a6bc36a710
add initial api management page
2016-01-16 01:20:27 -05:00