Commit graph

698 commits

Author SHA1 Message Date
Dane Everitt
f2d2725ca0
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-07-15 16:50:11 -07:00
Dane Everitt
550c622d3b
Obliterate JWT from codebase 2018-07-14 22:48:09 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-14 22:42:58 -07:00
Dane Everitt
6c20ea9881
Add tests for changed controllers 2018-07-04 19:20:33 -07:00
Dane Everitt
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-04 18:12:57 -07:00
Dane Everitt
af9af78938
Merge branch 'develop' into feature/vuejs 2018-07-04 18:09:07 -07:00
Dane Everitt
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
Dane Everitt
603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-02 21:01:04 -07:00
Dane Everitt
48cb01f438
Merge branch 'develop' into feature/vuejs 2018-07-02 21:00:42 -07:00
Stan
1ffb5acfad Send an email when a server is marked as installed (#1213)
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
Dane Everitt
304d947536
Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt
974318ffb4
Logout other sessions when password is changed
closes #1222
2018-06-30 17:50:58 -07:00
Dane Everitt
7711b697ad
Finalize two-factor handling on account. 2018-06-20 23:05:35 -07:00
Dane Everitt
0cc895f2d5
Finalize email/password changing in UI 2018-06-17 16:53:24 -07:00
Dane Everitt
fce394f6bd
Change email handling and logout function 2018-06-16 14:30:20 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal. 2018-06-16 14:05:39 -07:00
Dane Everitt
b8b9acd0e6
Get the base email update working through the API.
Still going to need to determine the best course of action to update the token on the client side.
2018-06-11 22:56:57 -07:00
Jakob Schrettenbrunner
05478e3277 Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-11 21:06:12 +02:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT 2018-06-06 22:49:44 -07:00
Dane Everitt
e948d81d8a
Base attempt at using vuex to handle logins 2018-06-05 23:00:01 -07:00
Dane Everitt
e65854c8c2
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-02 23:28:55 -07:00
Dane Everitt
02b29a66ea
Use client API to get resource use for a server 2018-06-02 19:08:53 -07:00
Dane Everitt
969b16a563 Apply fixes from StyleCI
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
stanjg
3bb9e5e8a8 Merge branch 'develop' of https://github.com/stanjg/panel into feature/user-specific-language 2018-06-01 15:58:09 +02:00
Dane Everitt
e0d67ff857
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-05-31 23:01:24 -07:00
Dane Everitt
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist 2018-05-31 22:59:39 -07:00
Dane Everitt
5f70502f20
Merge branch 'develop' into feature/vuejs 2018-05-31 22:59:16 -07:00
Dane Everitt
fd8d7c3571
Merge pull request #1130 from stanjg/feature/stats-page
Added a statistics page to monitor the panel usage
2018-05-31 22:56:58 -07:00
Jakob Schrettenbrunner
11d96c44d1 Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview 2018-05-29 00:04:51 +02:00
Jakob Schrettenbrunner
378a1859cf Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview 2018-05-29 00:04:41 +02:00
Dane Everitt
a1444b047e
Fix JWT handling for API access when logging in 2018-05-28 14:59:48 -07:00
Dane Everitt
6e5c365018
Use the client API to load servers on the listing page 2018-05-28 13:23:40 -07:00
Dane Everitt
ad69193ac0
Add JWT to login forms 2018-05-28 12:48:42 -07:00
Jakob Schrettenbrunner
89f47c6dbb mocked server page and better navigation and overall layout 2018-05-28 00:37:03 +02:00
Dane Everitt
6f2fcabf22
Add very basic server search and dynamic rendering functionality 2018-05-26 23:17:02 -07:00
Dane Everitt
9d8830a2d7
Get initial mockup of new server list up 2018-05-26 17:20:36 -07:00
stanjg
60e1ffa564
Added a test for the controller and cleaned up the controller 2018-05-27 00:16:13 +02:00
Dane Everitt
cf90f56777
Merge branch 'develop' into feature/vuejs-auth 2018-05-26 12:17:14 -07:00
stanjg
7a81c61ad8
Wording changes and fix of major fail last commit 2018-05-26 21:02:47 +02:00
stanjg
86e7085396
Cleaned up the controller and prepared for tests 2018-05-26 20:58:49 +02:00
Dane Everitt
0e1b4661ce
Don't allow access to manage page if server failed installing 2018-05-23 22:23:26 -07:00
Dane Everitt
6967b9ba12
Fix exception thrown due to lack of pre-validation on the model.
closes #1158
2018-05-20 17:11:52 -07:00
Dane Everitt
00df0b66a6
Merge pull request #1148 from pterodactyl/feature/doc-block-improvements
@throws docblock improvements
2018-05-20 16:25:59 -07:00
Dane Everitt
002efddc96
Merge pull request #1146 from pterodactyl/feature/windows-pathinfo-support
Add support for Windows, replace all backslashes with forwardslashes
2018-05-20 16:24:58 -07:00
Lance Pioch
71257c67bf Add more throwing 2018-05-13 12:42:22 -04:00
Lance Pioch
3bc2397795 Library doesn't exist anymore 2018-05-13 12:42:16 -04:00
Lance Pioch
f82b419d47 Update php doc blocks 2018-05-13 12:42:11 -04:00
Lance Pioch
f42f211e65 Add support for Windows, replace all back slashes with forward slashes 2018-05-13 11:39:44 -04:00
Lance Pioch
e2dc0638d9 Fix app/ spelling errors 2018-05-13 11:12:41 -04:00
stanjg
095d85bb60
Added the server as argument, and improved the bug fix 2018-05-06 17:59:11 +02:00
stanjg
06a67bb4bb
Cleaned up some duplicate code 2018-05-05 10:39:20 +02:00
stanjg
28a97fea54
Polished it up 2018-05-04 22:48:43 +02:00
stanjg
93a7d11c28
Made a base 2018-05-04 18:45:37 +02:00
stanjg
17a72d0895
StyleCI fixes 2018-05-04 14:05:42 +02:00
stanjg
9ae25538c3
Made it so users can switch languages themselves 2018-05-04 13:08:41 +02:00
Dane Everitt
4fad244073
Show correct auth error. 2018-04-08 16:16:04 -05:00
Dane Everitt
b6e94d9a1e
Code cleanup 2018-04-08 16:00:52 -05:00
Dane Everitt
6d970a4cc3
Finalize login page! 2018-04-08 15:46:32 -05:00
Dane Everitt
d63624f607
Working login form with password reset functionality. 2018-04-08 15:18:13 -05:00
Dane Everitt
c3e462ab2f
Cleanup login/reset functionality, address security issue with 2FA pathways 2018-04-07 16:17:51 -05:00
Dane Everitt
4f3c668420
Refactor auth controllers to be cleaner and easier to maintain 2018-04-07 12:35:15 -05:00
Dane Everitt
324b989a29
Get a working rough copy of the login page 2018-04-01 17:46:16 -05:00
Dane Everitt
3e2ac981a9
Add API endpoint for getting server resource utilization, closes #900
This endpoint is throttled to 15 requests per minute to avoid destroying the daemon since clients can use it.
2018-03-17 14:01:53 -05:00
Dane Everitt
f8e98e9c9e
Add ability to change server name, closes #563 2018-03-10 14:44:21 -06:00
Dane Everitt
e55d3c1a9a
Add check on SFTP page to make sure the permission is assigned before showing 2018-03-10 14:26:00 -06:00
Dane Everitt
40c74ae1e7
Add validation to prevent invalid ports, closes #1034 2018-03-10 13:10:40 -06:00
Dane Everitt
4964d294f6
Throw 504 where necessary 2018-03-06 22:17:01 -06:00
Dane Everitt
c739f292e4
paginate databases when viewing a host 2018-03-03 17:52:35 -06:00
Dane Everitt
c6137db529
Fix build limit management in Admin CP 2018-03-02 19:49:09 -06:00
Dane Everitt
bcb69603ad
Add support for user management of databases 2018-03-02 19:03:55 -06:00
Dane Everitt
07893effa3
Add initial go at user created databases for servers, still needs cleaning 2018-03-01 21:27:37 -06:00
Dane Everitt
070239abcf
Fix inability to edit certain environment vars and start line, closes #1008 2018-03-01 19:26:11 -06:00
Dane Everitt
85bdbdce14
Better handling of file download requests 2018-03-01 19:19:19 -06:00
Dane Everitt
838b9a9093
Add support for filesystem caching, closes #993 2018-03-01 18:46:59 -06:00
Dane Everitt
9b93629f45
Add UI for client API keys 2018-02-28 23:30:39 -06:00
Dane Everitt
2017e640b6
Add client API 2018-02-28 22:51:04 -06:00
Dane Everitt
4e12c289ed
Add command sending 2018-02-27 22:09:34 -06:00
Dane Everitt
cef3e4ced4
Add base routes for managing servers as a client 2018-02-27 21:28:43 -06:00
Dane Everitt
e28973bcae
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00
Dane Everitt
fb1b2406b5
Add API endpoint to get a server by external ID 2018-02-24 14:09:09 -06:00
Dane Everitt
baeffef24b
Fix bad permissions check on server API route 2018-02-24 12:15:21 -06:00
Dane Everitt
633bba6d6e
Add support for external_id on servers, closes #975 2018-02-24 11:57:12 -06:00
Dane Everitt
f655188c58
Fix searching servers 2018-02-24 11:48:24 -06:00
Dane Everitt
4b9f025e98
Fix exception when trying to edit a host, ref #957 2018-02-18 14:10:12 -06:00
Dane Everitt
50809cad36
Fix exception when no 2FA token is entered when enabling or disabling 2018-02-18 13:15:10 -06:00
Dane Everitt
8e1aa15dba
Fixes a bug that would cause non-editable variables on the front-end to throw a validation error 2018-02-15 20:58:51 -06:00
Dane Everitt
bf537922a3
Fix username validation and auto-generation, closes #927 2018-02-11 16:39:50 -06:00
Dane Everitt
a9c1946319
Add support for finding a user by external ID. 2018-02-07 21:56:11 -06:00
Dane Everitt
2e693067b8
Add search to API endpoints 2018-02-07 21:33:44 -06:00
Dane Everitt
dd54c5abb1
Fix user password handling in Admin CP 2018-02-07 21:13:40 -06:00
Dane Everitt
2ec76d283b
Fix bad API behavior 2018-02-04 15:38:38 -06:00
Dane Everitt
d4d9eda57a
Add schedule edit support 2018-02-04 13:51:24 -06:00
Dane Everitt
ff8b5fc5a3
Fix exception when modifying existing DB host, closes #910 2018-02-04 12:59:14 -06:00
Dane Everitt
48c933fa0f
fix exception when deleting allocations, closes #908 2018-02-03 12:22:10 -06:00
Dane Everitt
ffa09d81e2
Pass strings for deletion of user sessions, closes #906 2018-02-03 12:18:18 -06:00
Dane Everitt
7a19019980
Fix suspension/installed handling for servers
closes Pterodactyl/Panel#891
2018-01-30 22:40:21 -06:00
Dane Everitt
c599112021
Finalize server management API 2018-01-30 20:36:59 -06:00
Dane Everitt
5ed164e13e
Implement server creation though the API.
Also implements auto-deployment to specific locations and ports.
2018-01-28 17:14:14 -06:00
Dane Everitt
97ee95b4da
Fix some error handling 2018-01-27 13:26:43 -06:00
Dane Everitt
8afced3410
Add nests & eggs
Cleanup middleware handling and parameters on controllers...
2018-01-27 12:38:56 -06:00
Dane Everitt
de07b3cc7f
Add server database management support to API. 2018-01-25 22:34:53 -06:00
Dane Everitt
2bd691efad
Add database list endpoint, add more resource name magic 2018-01-25 21:26:06 -06:00
Dane Everitt
aca0819bcd
Add server build management to API 2018-01-21 16:02:03 -06:00
Dane Everitt
17f6f3eeb6
Add server details modification endpoint to API. 2018-01-20 16:03:23 -06:00
Dane Everitt
17544481b5
More server management via the API 2018-01-20 13:48:02 -06:00
Dane Everitt
3724559468
Forgotten changes 2018-01-19 21:48:26 -06:00
Dane Everitt
a497a3d153
Make server listing and single server view API endpoints work 2018-01-19 21:47:06 -06:00
Dane Everitt
74bdbea6a4
Sneaky files 2018-01-19 20:01:56 -06:00
Dane Everitt
0e7f8cedf0
Reorganize API files 2018-01-19 19:58:57 -06:00
Dane Everitt
c3b9738364
Implement application API Keys 2018-01-18 21:36:15 -06:00
Dane Everitt
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
Dane Everitt
7aa540b895
Remove api permissions table 2018-01-14 12:05:18 -06:00
Dane Everitt
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
Dane Everitt
11c4f3f6f2
Finish putting permissions on the API 2018-01-13 14:08:19 -06:00
Dane Everitt
d644a53951
Update users & locations to use new permissions format 2018-01-12 20:39:15 -06:00
Dane Everitt
a31e5875dc
First round of changes to API to support simpler permissions. 2018-01-11 22:49:46 -06:00
Dane Everitt
0e24c669c4
docblock 2018-01-11 20:08:49 -06:00
Dane Everitt
cf21fd5a4b
More API updates, better support for node config edits 2018-01-10 23:19:03 -06:00
Dane Everitt
800e2df6b2
Merge branch 'develop' into feature/api-v1
# Conflicts:
#	app/Contracts/Repository/RepositoryInterface.php
#	app/Repositories/Eloquent/EloquentRepository.php
#	app/Services/Nodes/NodeUpdateService.php
#	tests/Unit/Services/Nodes/NodeUpdateServiceTest.php
2018-01-10 20:55:22 -06:00
Dane Everitt
22511c8e24
Fix allocation behavior, closes #712 2018-01-08 22:12:19 -06:00
Dane Everitt
036bea2b94
Update schedule process to allow toggling/triggering via UI 2018-01-08 21:43:10 -06:00
Dane Everitt
adcab5969a
Fix server description nullablility 2018-01-06 12:58:30 -06:00
Dane Everitt
d2afc29a80
Refactor how repositories for the daemon work. 2018-01-05 18:27:47 -06:00
Dane Everitt
60eb60013c
Update repository base code to be cleaner and make use of PHP 7 features 2018-01-04 22:49:50 -06:00
Dane Everitt
f32cee3ae5
Add location control through API 2018-01-03 21:14:53 -06:00
Dane Everitt
15289b76a7
Finish first round of User/Node API additions
Will still need some tweaking and improvements to allow everything to be used.
2018-01-01 15:11:44 -06:00
Dane Everitt
d21f70c04b
Merge branch 'develop' into feature/api-v1 2018-01-01 13:33:06 -06:00
Dane Everitt
0ec5a4e08c
Fix some file management bugs, closes #621 2018-01-01 13:21:10 -06:00
Dane Everitt
8a38a8af4a
Update file manager to account for new API error responses 2017-12-31 10:39:07 -06:00
Dane Everitt
46d7ba7585
Merge branch 'develop' into feature/api-v1 2017-12-31 10:32:28 -06:00
Dane Everitt
5efee34378
close #840 2017-12-30 20:25:04 -06:00
Dane Everitt
54b6fb5ebd
More work on the API utilizing Laravel 5.5 exception rendering
Also corrects API format to maintain JSONAPI spec
2017-12-17 14:57:05 -06:00
Dane Everitt
b9d67459b2
Update to Laravel 5.5 (#814) 2017-12-17 13:07:38 -06:00
Dane Everitt
f30f4b45ba
Merge branch 'feature/laravel-55-update' into feature/api-v1 2017-12-16 17:19:35 -06:00
Dane Everitt
c6cece51ee
Fix the surprisingly few broken tests 2017-12-16 13:35:32 -06:00
Dane Everitt
3c48947f9d
Fix known issues from the upgrade guide 2017-12-16 13:15:09 -06:00
Dane Everitt
4a65dff940
Implement admin user management API routes 2017-12-16 11:31:18 -06:00
Dane Everitt
a1da8a3c9d
Merge branch 'develop' into feature/api-v1 2017-12-14 21:12:17 -06:00
Dane Everitt
f9df463d32
Implement a better management interface for Settings (#809) 2017-12-14 21:05:26 -06:00
Dane Everitt
285485d7b0
Change how API keys are validated (#771) 2017-12-03 14:29:14 -06:00
Dane Everitt
975597b4d0
Implement changes to administrative user revocation, closes #733 2017-12-03 14:00:47 -06:00
Dane Everitt
20beb2f280 Fix error causing tasks to be un-deletable.
closes #786
2017-12-01 20:10:06 -06:00
Dane Everitt
4c57b5e8ee Merge branch 'develop' into feature/api-v1 2017-11-26 13:22:25 -06:00
Dane Everitt
47f2ca0673 Fix incorrect CPU usage display for limited servers, closes #758 2017-11-26 13:17:40 -06:00
Dane Everitt
0bb44a4972 Fix server startup dropdown for egg being incorrect, fixes #778 2017-11-25 12:27:08 -06:00
Dane Everitt
698c121e11
First round of API additions 2017-11-19 16:30:00 -06:00
Dane Everitt
47e14ccaae
API key UI changes and backend storage of the keys 2017-11-19 13:32:17 -06:00
Dane Everitt
6f52f4a614
Push updates to login page, mostly UI enhancements. 2017-11-18 15:09:58 -06:00
Dane Everitt
c7c2c1a45e
Implement changes to 2FA system (#761) 2017-11-18 13:35:33 -05:00
Dane Everitt
26eeffd764
Fix bug preventing changing of the server startup on first save attempt. 2017-11-11 15:07:01 -06:00