Commit graph

256 commits

Author SHA1 Message Date
Dane Everitt
39731f99da Merge pull request #226 from hammerdawn/APICHANGE
Allow listing a user by both ID and email. Useful for checking if a u…
2017-01-02 22:00:45 -05:00
Emmet Young
3f5bf099ae Use DaneEveritt's shortened query call. 2017-01-03 13:40:35 +11:00
Dane Everitt
6331a29962 Merge pull request #228 from Pterodactyl/analysis-XWDo3P
Apply fixes from StyleCI
2016-12-30 17:18:54 -05:00
Dane Everitt
a1dff5cda0
Push updated languages 2016-12-30 17:17:36 -05:00
Dane Everitt
fb182ffb4a Apply fixes from StyleCI 2016-12-30 22:00:06 +00:00
Dane Everitt
0afa568095
Address two bugs in subuser system.
1.) Prevents adding the owner of a server as a subuser which could
potentially break things.
2.) Prevents adding duplicate subusers for a server.
2016-12-30 16:28:43 -05:00
Dane Everitt
7848f63e05
Fix error thrown on 0 values for variables, closes #223 2016-12-30 16:00:51 -05:00
Dane Everitt
43786b1d2a
Block addition of more than 2000 ports at once, closes #219 2016-12-30 15:50:37 -05:00
Dane Everitt
9a494d8245
Adjust server name requirements, closes #205 2016-12-30 15:46:10 -05:00
Emmet Young
b5d3417167 Allow listing a user by both ID and email. Useful for checking if a user exists by its email. 2016-12-29 22:56:45 +11:00
spaceemotion
a85ac87ae8 Refactor to use more laravel logic and improve compatibility with older PHP versions (#206)
* Fix @param namespaces for PHPDocs in ServerPolicy

* Reduce permission check duplication in ServerPolicy

This introduces a new checkPermission method to reduce code duplication when checking for permissions.

* Simplify logic to list accessible servers for the user

We can directly use the pluck function that laravel collections provide to simplify the logic.

* Fix pagination issue when databases/servers exceed 20

Laravels strips out the currently selected tab (or any GET query for that matter) by default when using pagination. the appends() methods helps with keeping that information.

* Refactor unnecessary array_merge calls

We can just append to the array instead of constantly merging a new copy.

* Fix accessing “API Access” on some versions of PHP

The “new” word is reserved and should not be used as a method name.

http://stackoverflow.com/questions/9575590/why-am-i-getting-an-unexpected-t-new-error-in-php

* Fix revoking API keys on older versions of php (5.6)

“string” was not a valid function argument type yet, so revoking keys results in an error on older installations.

* Fix issues with API due to methods named “list”

“list” is yet another reserved keyword in PHP and messes up older installations of PHP (5.6).
This renames all methods named “list” to “lists”. The API route names are left untouched (e.g. still called “api.admin.users.list”).

* Refactor and shorten some API logic

Used laravel collection methods where applicable to directly transform the values instead of converting back and forth.
This also removes some dead variables that were never used as well as getting rid of a n+1 problem in the Service API (loading service variables afterwards, not during the model creation).

* Return model save status in repositories where applicable

* Fix typo in ServicePolicy#powerStart

* Apply StyleCI corrections
2016-12-12 14:30:57 -05:00
Dane Everitt
c1fb0a665f Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00
Emmet Young
f687fab9a2 API: ability to search for an allocation based on the assigned server id (#194) 2016-12-04 22:17:35 -05:00
Dane Everitt
9ae716ee42
show container ID for server in panel
Also shows the UID of the user to ease permissions setting

closes #160
2016-12-02 19:35:08 -05:00
Dane Everitt
2ac734d595
Update node config sent over API 2016-12-02 19:12:29 -05:00
Dane Everitt
259b220dfc
misc file cleanup 2016-12-02 18:45:08 -05:00
Dane Everitt
3cd0a8337f
Add ability to filter user list 2016-12-02 18:41:52 -05:00
Dane Everitt
ed5b7559ec
Fixes potential for generated password to not meet own validation requirements 2016-12-01 19:16:40 -05:00
Dane Everitt
1eb1f96e71
Add support for updating the daemon's configuration file automatically. 2016-12-01 18:33:32 -05:00
Emmet Young
a03add7e4f Allow API to set a custom ID for server creation. (#187)
* Allow API to set a custom ID for server creation.

Useful when dealing with billing systems such as WHMCS

* Correct API code changes based on feedback.
2016-11-30 11:01:22 -05:00
Jakob
03c6f986d2 fix api /servers/{id}/build
remove unrelated error thrown every time
2016-11-30 12:26:23 +01:00
Dane Everitt
f6275058d0
Support for hostnames in database connection field. 2016-11-26 20:27:36 -05:00
Dane Everitt
946512bac9
search for owner:<email> correctly. 2016-11-26 20:18:46 -05:00
Dane Everitt
90cd2b677e
Add version checking to daemon and panel
Also includes some buttons for users to get help from the panel.
2016-11-26 19:29:57 -05:00
Dane Everitt
1ad715f1a3
Improve database management for servers, fixes #181 2016-11-26 17:34:14 -05:00
Dane Everitt
723b608e0c
Implement node deletion properly, fixes #173 2016-11-26 16:29:13 -05:00
Dane Everitt
0e89ecb427
Handle node:<param> properly when doing server searches
Uses the node name rather than the node’s ID by default.
2016-11-26 16:19:25 -05:00
Dane Everitt
659c33f0e8
Fixes a bug that allows a user to bypass 2FA authentication requirements
This bug was reported to us by a user (@Ferry#1704) on Discord on
Monday, November 7th, 2016.

It was disclosed that it was possible to bypass the 2FA checkpoint by
clicking outside of the modal which would prompt the modal to close,
but not submit the form. The user could then press the login button
which would trigger an error. Due to this error being triggered the
authentication attempt was not cancelled. On the next page load the
application recognized the user as logged in and continued on to the
panel.

At no time was it possible to login without using the correct email
address and password.

As a result of this bug we have re-factored the Authentication code for
logins to address the persistent session. Previously accounts were
manually logged back out on 2FA failure. However, as this bug
demonstrated, causing a fatal error in the code would prevent the
logout code from firing, thus preserving their session state.

This commit modifies the code to use a non-persistent login to handle
2FA checking. In order for the session to be saved the application must
complete all portions of the login without any errors, at which point
the user is persistently authenticated using Auth::login().

This resolves the ability to cause an exception and bypass 2FA
verification.
2016-11-07 15:55:57 -05:00
Dane Everitt
48994c1354
Fix the other user bug... 2016-11-04 21:50:47 -04:00
Dane Everitt
4359252545
Fix a @schrej bug 2016-11-04 21:46:16 -04:00
Dane Everitt
cd3f5ed6fe
Correct password setting for MySQL user 2016-11-04 20:47:40 -04:00
Dane Everitt
61e65294af
Fix bug preventing rendering of database hosts when not linked to a node. 2016-11-04 20:44:56 -04:00
Dane Everitt
a55220da39
Fix missing environment variables relating to queues 2016-10-30 18:34:50 -04:00
Jakob
e65dc5708d Validate password on reset according to rules (#158)
* move password rules to Models\User::PASSWORD_RULES

* validate new password according to rules on password reset

* add password requirements info to auth.passwords.reset view
2016-10-30 16:02:39 -04:00
Dane Everitt
6fd7c78f0c
Add server deletion to a queue.
This action allows servers to be deleted, but only be soft-deleted for
10 minutes. After that time period the server will be completely
removed from the database and daemon. This allows some safety if a
server is accidentally deleted.

Force deleting a server will still work. If the daemon is in-accessible
the server will fail to be deleted. When server is soft-deleted admins
can still view its information page in the admin CP, however the server
will be suspended and inaccessible on the front-end or though the
daemon.

Admins can manually delete the server ahead of the delete timer, or if
it failed to delete previously they can do an immediate retry.
2016-10-27 20:05:29 -04:00
Dane Everitt
dbec99498d
run task manager tasks at lowest priority 2016-10-27 18:50:10 -04:00
Dane Everitt
bb96039bf1
use low priority queue for tasks 2016-10-27 16:35:50 -04:00
Dane Everitt
55c9f0f2f2
Delete databases when we delete a server. 2016-10-23 19:21:57 -04:00
Dane Everitt
08b236ac1d
better port checking, don't send rebuild unless things are changed. 2016-10-23 19:07:29 -04:00
Dane Everitt
0b044b3cc6
fixes bug that would allow deleting the default allocation for a server. 2016-10-23 18:59:13 -04:00
Dane Everitt
dda5d9aa01
Fix no error display if adding a server with an invalid email 2016-10-23 18:48:14 -04:00
Dane Everitt
ad906e0680
FQDN support for allocations, and JS bug fix. 2016-10-21 17:33:26 -04:00
Dane Everitt
176d92176e
Run tasks every minute as needed
Clear logs every month (configurable) for old tasks logs.
2016-10-21 16:36:40 -04:00
Dane Everitt
bef717b202
add typeahead support for owner email when adding new server
closes #144
pic: http://s3.pterodactyl.io/UpPSJ.png
2016-10-21 15:22:47 -04:00
Dane Everitt
f24347d1bd
Remove old admin routes, fix display to non-admins
Complete!
2016-10-20 18:40:16 -04:00
Dane Everitt
b1a9a59707
Update middleware to handle wildcards correctly. 2016-10-20 18:35:55 -04:00
Dane Everitt
0f4648b13a
Fixes adding api keys a little more 2016-10-20 18:29:34 -04:00
Dane Everitt
53ec2c55ec
Add front-end support for adding and deleting API keys. 2016-10-20 18:20:58 -04:00
Dane Everitt
dfeed013ba
Server API obey's the subuser permissions as well 2016-10-20 17:04:58 -04:00
Dane Everitt
9fd8a087b8
Revert some changes that cause issues with other URLs 2016-10-20 16:48:37 -04:00