Dane Everitt
4be9e30eee
Include that 30 second limit on other 2FA checks
2017-02-01 23:05:19 -05:00
Dane Everitt
a93adce303
Only allow up to 30 seconds of overlap on comparing the 2FA tokens.
2017-02-01 23:02:54 -05:00
Dane Everitt
4abdee0efb
Better 2FA implementation on logins
2017-02-01 22:58:48 -05:00
Jakob Schrettenbrunner
24650b67be
Merge branch 'develop' into fix/trusted-proxies
...
sorry
2017-02-01 20:35:10 +01:00
Jakob Schrettenbrunner
8ab4faad8a
remove TRUSTED_PROXIES from .env.example
...
make style ci happy
2017-02-01 20:31:24 +01:00
Jakob Schrettenbrunner
ee26a7e8dd
add fideloper/proxy to support reverse proxies and load balancers
2017-02-01 20:10:28 +01:00
Dane Everitt
e5ed1c7f6a
One day eslint will have a PHP counterpart that works in Atom... 🤔
2017-01-31 20:04:34 -05:00
Dane Everitt
1679d866a5
Improved gzip detection
2017-01-27 16:47:50 -05:00
Dane Everitt
4b0197f2be
Implement basic security policy on daemon remote routes
2017-01-27 16:34:46 -05:00
Dane Everitt
9087feec4f
Remove build settings from packs.
2017-01-27 16:21:25 -05:00
Dane Everitt
4a6d62fded
Fix fatal error when trying to send server creation notification
2017-01-27 16:21:15 -05:00
Dane Everitt
e6d3e75024
Add new daemon routes for pack handling
2017-01-25 18:25:34 -05:00
Dane Everitt
95d0c646f9
Require packs to be a tarball
2017-01-25 18:25:34 -05:00
Dane Everitt
96e50506a1
Move notification email of server created into the event listener
2017-01-25 18:25:34 -05:00
Emmet Young
58de6125c2
Location should be validated on creation of a server,
2017-01-25 22:01:57 +11:00
Dane Everitt
a137e6ed72
Add base implementation of extendable events classes
...
Modified server deletion to use internal event handlers from the
Eloquent models themselves. Also added a few preliminary event handlers
in the `Pterodactyl\Events\<USer|Server> namespace that users can hook
into in EventServiceProvider to perform their own actions as they
please (such as push notifications and such).
2017-01-24 19:15:03 -05:00
Dane Everitt
bf7b58470a
Update copyright headers
2017-01-24 17:57:08 -05:00
Dane Everitt
b9512dccb8
Apply fixes from StyleCI ( #269 )
2017-01-23 17:11:25 -05:00
Dane Everitt
06232b84c2
Merge pull request #268 from hammerdawn/ThemeFixes
...
Repair the admin side add user functionality.
2017-01-23 17:10:32 -05:00
Emmet Young
9c87e03c0c
Repair the admin side add user functionality.
2017-01-23 13:24:14 +11:00
Dane Everitt
d21e6b8c90
Merge pull request #267 from hammerdawn/ThemeFixes
...
Theme Changes
2017-01-22 19:59:37 -05:00
Emmet Young
921c7b1725
Configuration JSON should be including the FQDN instead of localhost for the certificate path.
2017-01-23 11:14:55 +11:00
Dane Everitt
5f1bfcf980
Much cleaner code for updating user details front-end
2017-01-22 16:16:43 -05:00
Dane Everitt
9e54dabe5b
Display if subusers are using 2FA
2017-01-22 16:16:26 -05:00
Dane Everitt
edd26893a5
Adjust default theme in .env and note that http:// is required on URLs
2017-01-22 13:51:56 -05:00
Emmet Young
9025f1f583
Repair user creation functionality
...
Repair functionality of the make user console command (pterodactyl:user)
Fix up the user repository, was using the old $password instead of the changed format $data['password']
Change User model to allow root_admin to be a fillable item.
2017-01-23 00:47:09 +11:00
Dane Everitt
355697dbb5
Apply fixes from StyleCI ( #260 )
2017-01-21 15:56:32 -05:00
Dane Everitt
0e23f87724
Add task management views
2017-01-21 15:40:46 -05:00
Dane Everitt
db7b741b28
Show server status in sidebar properly on subuser views
2017-01-21 13:49:14 -05:00
Dane Everitt
8e9069cced
Subuser updates
2017-01-21 00:04:09 -05:00
Dane Everitt
3d2278ba3e
Add subuser list and new subuser views
...
Holy 🐄 translations are annoying to implement for these views.
2017-01-20 23:39:37 -05:00
Dane Everitt
994588c82d
Set the old theme on admin center until new theme is done
2017-01-20 17:19:42 -05:00
Dane Everitt
91178d78a4
Add support for creating files via file manager
2017-01-20 17:10:14 -05:00
Dane Everitt
83c776fc82
Fix up most of the file manager
2017-01-19 16:58:57 -05:00
Dane Everitt
88378ce983
Add allocations tab
...
Strips some core allocation features for now, will be added back with
more features once the theme is done.
2017-01-18 20:45:10 -05:00
Jakob Schrettenbrunner
c0df57c087
add isRootAdmin() method to User model to get rid of User->root_admin === 1
2017-01-18 21:13:05 +01:00
Dane Everitt
f6600f447f
Add Startup Params view
...
Translations might be the end of us.
2017-01-17 19:30:27 -05:00
Dane Everitt
e2eff27a56
Apply fixes from StyleCI
2017-01-17 23:21:33 +00:00
Dane Everitt
515e543c7f
Add SFTP and Database management pages to new theme.
2017-01-15 20:28:54 -05:00
Dane Everitt
c7f3bb5112
New theme assigned to server console page.
2017-01-15 18:52:22 -05:00
Dane Everitt
2fc852c6a4
Push 'Account' and 'Security' pages as well as 'My Servers'
2017-01-15 14:09:57 -05:00
Dane Everitt
1c85b1fbc4
Fix exception handler misnamed variable
2017-01-15 13:53:08 -05:00
Dane Everitt
457ed28b0b
Initial change of theme.
...
Only themed pages currently are login and reset password pages.
2017-01-14 21:32:33 -05:00
Dane Everitt
0d792f05c5
Properly handle no passed packs.
2017-01-13 23:21:37 -05:00
Dane Everitt
fee3f3df6f
Apply fixes from StyleCI ( #251 )
2017-01-13 23:17:32 -05:00
Dane Everitt
4979811885
Add ability to add a location via the CLI.
...
closes #242
2017-01-13 23:16:57 -05:00
Dane Everitt
d1e5253ca1
Add support for creating node through CLI.
2017-01-13 23:10:42 -05:00
Dane Everitt
b71604566e
Improved code to generate SFTP usernames
...
Fixes edge case where specific server names could cause daemon errors
due to an invalid SFTP username being created by the panel.
2017-01-13 22:22:25 -05:00
Dane Everitt
a5aa089d66
Apply fixes from StyleCI
2017-01-12 20:48:12 +00:00
Dane Everitt
e91362eee6
Update user controller
2017-01-12 15:40:24 -05:00
Dane Everitt
f292080483
Should close #244
...
What a peculiar bug. Also modifies code to try and return the correct
status code, as well as return JSON based errors on any request that
Laravel thinks should have a JSON based response.
2017-01-12 13:44:23 -05:00
Dane Everitt
6bd9663f59
Merge branch 'develop' into feature/service-changes
2017-01-12 13:15:37 -05:00
Jakob Schrettenbrunner
9f2ca17ea4
replace manual json headers with laravel response()->json()
...
better Carbon dependency
rename admin.nodes.configuration-token route
style fixes
2017-01-08 15:21:02 +01:00
Jakob Schrettenbrunner
f70b33d69c
one more styleci fix. don’t be that picky! 🙈
2017-01-07 18:40:55 +01:00
Jakob Schrettenbrunner
a661f71974
fix styleci issues
2017-01-07 18:39:41 +01:00
Jakob Schrettenbrunner
a1568e5acb
add button to generate token to node configuration tab
...
add info message after node creation about token generation
2017-01-07 18:27:19 +01:00
Jakob Schrettenbrunner
52a395ac9a
fix forgotten rename of NodeConfigurationToken
2017-01-07 18:26:45 +01:00
Jakob Schrettenbrunner
e1e159b7de
add ability to generate a token to retrieve the config for a specific node
2017-01-07 18:10:11 +01:00
Jakob Schrettenbrunner
ef1fa4c4e6
add method to get config as json to node model
2017-01-07 18:06:09 +01:00
Dane Everitt
d9de884de3
Apply fixes from StyleCI
2017-01-03 22:46:30 +00:00
Dane Everitt
c1bf757623
Fix service option name being set wrongly after adding a new variable. closes #208
2017-01-03 17:44:48 -05:00
Dane Everitt
aa6e733ba5
Switch filemanager and EULA check to use pure Javascript methods
...
Removes the need for the javascript to be parsed by Blade template
engine by using a defined javascript variable with the values that are
necessary for checking everything and passing the correct values.
This does make it so that if a user does not have permission to do
something they could theoretically make the option show up in the
context menu, however when they click it, it will simply return an
error by the daemon.
2017-01-03 16:47:33 -05:00
Dane Everitt
39731f99da
Merge pull request #226 from hammerdawn/APICHANGE
...
Allow listing a user by both ID and email. Useful for checking if a u…
2017-01-02 22:00:45 -05:00
Emmet Young
3f5bf099ae
Use DaneEveritt's shortened query call.
2017-01-03 13:40:35 +11:00
Dane Everitt
6331a29962
Merge pull request #228 from Pterodactyl/analysis-XWDo3P
...
Apply fixes from StyleCI
2016-12-30 17:18:54 -05:00
Dane Everitt
a1dff5cda0
Push updated languages
2016-12-30 17:17:36 -05:00
Dane Everitt
fb182ffb4a
Apply fixes from StyleCI
2016-12-30 22:00:06 +00:00
Dane Everitt
0afa568095
Address two bugs in subuser system.
...
1.) Prevents adding the owner of a server as a subuser which could
potentially break things.
2.) Prevents adding duplicate subusers for a server.
2016-12-30 16:28:43 -05:00
Dane Everitt
7848f63e05
Fix error thrown on 0
values for variables, closes #223
2016-12-30 16:00:51 -05:00
Dane Everitt
43786b1d2a
Block addition of more than 2000 ports at once, closes #219
2016-12-30 15:50:37 -05:00
Dane Everitt
9a494d8245
Adjust server name requirements, closes #205
2016-12-30 15:46:10 -05:00
Emmet Young
b5d3417167
Allow listing a user by both ID and email. Useful for checking if a user exists by its email.
2016-12-29 22:56:45 +11:00
Dane Everitt
a49dee2416
Add base implementation of service retrieval. 🏇
...
There is currently no authentication middleware on this route.
2016-12-14 18:54:43 -05:00
Dane Everitt
fd360f6475
Fix data pack assignment
2016-12-14 17:17:16 -05:00
Dane Everitt
efda0dd009
Apply fixes from StyleCI
2016-12-14 21:56:25 +00:00
Dane Everitt
fc38b09e1f
Merge branch 'develop' into feature/service-changes
2016-12-14 16:53:53 -05:00
spaceemotion
a85ac87ae8
Refactor to use more laravel logic and improve compatibility with older PHP versions ( #206 )
...
* Fix @param namespaces for PHPDocs in ServerPolicy
* Reduce permission check duplication in ServerPolicy
This introduces a new checkPermission method to reduce code duplication when checking for permissions.
* Simplify logic to list accessible servers for the user
We can directly use the pluck function that laravel collections provide to simplify the logic.
* Fix pagination issue when databases/servers exceed 20
Laravels strips out the currently selected tab (or any GET query for that matter) by default when using pagination. the appends() methods helps with keeping that information.
* Refactor unnecessary array_merge calls
We can just append to the array instead of constantly merging a new copy.
* Fix accessing “API Access” on some versions of PHP
The “new” word is reserved and should not be used as a method name.
http://stackoverflow.com/questions/9575590/why-am-i-getting-an-unexpected-t-new-error-in-php
* Fix revoking API keys on older versions of php (5.6)
“string” was not a valid function argument type yet, so revoking keys results in an error on older installations.
* Fix issues with API due to methods named “list”
“list” is yet another reserved keyword in PHP and messes up older installations of PHP (5.6).
This renames all methods named “list” to “lists”. The API route names are left untouched (e.g. still called “api.admin.users.list”).
* Refactor and shorten some API logic
Used laravel collection methods where applicable to directly transform the values instead of converting back and forth.
This also removes some dead variables that were never used as well as getting rid of a n+1 problem in the Service API (loading service variables afterwards, not during the model creation).
* Return model save status in repositories where applicable
* Fix typo in ServicePolicy#powerStart
* Apply StyleCI corrections
2016-12-12 14:30:57 -05:00
Dane Everitt
c1fb0a665f
Apply fixes from StyleCI
2016-12-07 22:46:38 +00:00
Emmet Young
f687fab9a2
API: ability to search for an allocation based on the assigned server id ( #194 )
2016-12-04 22:17:35 -05:00
Dane Everitt
9ae716ee42
show container ID for server in panel
...
Also shows the UID of the user to ease permissions setting
closes #160
2016-12-02 19:35:08 -05:00
Dane Everitt
2ac734d595
Update node config sent over API
2016-12-02 19:12:29 -05:00
Dane Everitt
259b220dfc
misc file cleanup
2016-12-02 18:45:08 -05:00
Dane Everitt
3cd0a8337f
Add ability to filter user list
2016-12-02 18:41:52 -05:00
Dane Everitt
ed5b7559ec
Fixes potential for generated password to not meet own validation requirements
2016-12-01 19:16:40 -05:00
Dane Everitt
1eb1f96e71
Add support for updating the daemon's configuration file automatically.
2016-12-01 18:33:32 -05:00
Emmet Young
a03add7e4f
Allow API to set a custom ID for server creation. ( #187 )
...
* Allow API to set a custom ID for server creation.
Useful when dealing with billing systems such as WHMCS
* Correct API code changes based on feedback.
2016-11-30 11:01:22 -05:00
Jakob
03c6f986d2
fix api /servers/{id}/build
...
remove unrelated error thrown every time
2016-11-30 12:26:23 +01:00
Dane Everitt
75de060a55
Fix pack selector
2016-11-27 14:57:23 -05:00
Dane Everitt
c4a4b84bd3
Add service pack reference to server and send to daemon
2016-11-27 14:50:10 -05:00
Dane Everitt
238f08f222
Add pack selection to view
2016-11-27 14:30:44 -05:00
Dane Everitt
9eb14614c2
Merge branch 'develop' into feature/service-changes
2016-11-27 14:01:13 -05:00
Dane Everitt
f6275058d0
Support for hostnames in database connection field.
2016-11-26 20:27:36 -05:00
Dane Everitt
946512bac9
search for owner:<email> correctly.
2016-11-26 20:18:46 -05:00
Dane Everitt
90cd2b677e
Add version checking to daemon and panel
...
Also includes some buttons for users to get help from the panel.
2016-11-26 19:29:57 -05:00
Dane Everitt
1ad715f1a3
Improve database management for servers, fixes #181
2016-11-26 17:34:14 -05:00
Dane Everitt
723b608e0c
Implement node deletion properly, fixes #173
2016-11-26 16:29:13 -05:00
Dane Everitt
0e89ecb427
Handle node:<param> properly when doing server searches
...
Uses the node name rather than the node’s ID by default.
2016-11-26 16:19:25 -05:00
Dane Everitt
fc2ce11a39
Add template, add files when new service is added.
2016-11-18 18:22:26 -05:00
Dane Everitt
5600f3201c
Add support for deleting service packs.
2016-11-18 17:31:57 -05:00
Dane Everitt
d4729427aa
Support for uploading templates for installing packs
2016-11-16 17:22:22 -05:00
Dane Everitt
e09659a88f
support for pack editing
2016-11-16 16:09:28 -05:00
Dane Everitt
09c2dcc1b6
Support for viewing and exporting packs
2016-11-15 23:12:47 -05:00
Dane Everitt
a1bc6fa2d3
Push changes that support creations of service packs and basic listing
2016-11-15 20:20:32 -05:00
Dane Everitt
1f47eda3b3
Run 'pterodactyl:cleanservices' twice a day to prevent a huge file buildup
2016-11-09 17:59:57 -05:00
Dane Everitt
cfd5e0e854
Implement base service file modification through panel
2016-11-09 17:58:14 -05:00
Dane Everitt
659c33f0e8
Fixes a bug that allows a user to bypass 2FA authentication requirements
...
This bug was reported to us by a user (@Ferry#1704) on Discord on
Monday, November 7th, 2016.
It was disclosed that it was possible to bypass the 2FA checkpoint by
clicking outside of the modal which would prompt the modal to close,
but not submit the form. The user could then press the login button
which would trigger an error. Due to this error being triggered the
authentication attempt was not cancelled. On the next page load the
application recognized the user as logged in and continued on to the
panel.
At no time was it possible to login without using the correct email
address and password.
As a result of this bug we have re-factored the Authentication code for
logins to address the persistent session. Previously accounts were
manually logged back out on 2FA failure. However, as this bug
demonstrated, causing a fatal error in the code would prevent the
logout code from firing, thus preserving their session state.
This commit modifies the code to use a non-persistent login to handle
2FA checking. In order for the session to be saved the application must
complete all portions of the login without any errors, at which point
the user is persistently authenticated using Auth::login().
This resolves the ability to cause an exception and bypass 2FA
verification.
2016-11-07 15:55:57 -05:00
Dane Everitt
48994c1354
Fix the other user bug...
2016-11-04 21:50:47 -04:00
Dane Everitt
4359252545
Fix a @schrej bug
2016-11-04 21:46:16 -04:00
Dane Everitt
cd3f5ed6fe
Correct password setting for MySQL user
2016-11-04 20:47:40 -04:00
Dane Everitt
61e65294af
Fix bug preventing rendering of database hosts when not linked to a node.
2016-11-04 20:44:56 -04:00
Dane Everitt
a55220da39
Fix missing environment variables relating to queues
2016-10-30 18:34:50 -04:00
Jakob
e65dc5708d
Validate password on reset according to rules ( #158 )
...
* move password rules to Models\User::PASSWORD_RULES
* validate new password according to rules on password reset
* add password requirements info to auth.passwords.reset view
2016-10-30 16:02:39 -04:00
Dane Everitt
6fd7c78f0c
Add server deletion to a queue.
...
This action allows servers to be deleted, but only be soft-deleted for
10 minutes. After that time period the server will be completely
removed from the database and daemon. This allows some safety if a
server is accidentally deleted.
Force deleting a server will still work. If the daemon is in-accessible
the server will fail to be deleted. When server is soft-deleted admins
can still view its information page in the admin CP, however the server
will be suspended and inaccessible on the front-end or though the
daemon.
Admins can manually delete the server ahead of the delete timer, or if
it failed to delete previously they can do an immediate retry.
2016-10-27 20:05:29 -04:00
Dane Everitt
dbec99498d
run task manager tasks at lowest priority
2016-10-27 18:50:10 -04:00
Dane Everitt
bb96039bf1
use low priority queue for tasks
2016-10-27 16:35:50 -04:00
Dane Everitt
55c9f0f2f2
Delete databases when we delete a server.
2016-10-23 19:21:57 -04:00
Dane Everitt
08b236ac1d
better port checking, don't send rebuild unless things are changed.
2016-10-23 19:07:29 -04:00
Dane Everitt
0b044b3cc6
fixes bug that would allow deleting the default allocation for a server.
2016-10-23 18:59:13 -04:00
Dane Everitt
dda5d9aa01
Fix no error display if adding a server with an invalid email
2016-10-23 18:48:14 -04:00
Dane Everitt
ad906e0680
FQDN support for allocations, and JS bug fix.
2016-10-21 17:33:26 -04:00
Dane Everitt
176d92176e
Run tasks every minute as needed
...
Clear logs every month (configurable) for old tasks logs.
2016-10-21 16:36:40 -04:00
Dane Everitt
bef717b202
add typeahead support for owner email when adding new server
...
closes #144
pic: http://s3.pterodactyl.io/UpPSJ.png
2016-10-21 15:22:47 -04:00
Dane Everitt
f24347d1bd
Remove old admin routes, fix display to non-admins
...
Complete!
2016-10-20 18:40:16 -04:00
Dane Everitt
b1a9a59707
Update middleware to handle wildcards correctly.
2016-10-20 18:35:55 -04:00
Dane Everitt
0f4648b13a
Fixes adding api keys a little more
2016-10-20 18:29:34 -04:00
Dane Everitt
53ec2c55ec
Add front-end support for adding and deleting API keys.
2016-10-20 18:20:58 -04:00
Dane Everitt
dfeed013ba
Server API obey's the subuser permissions as well
2016-10-20 17:04:58 -04:00
Dane Everitt
9fd8a087b8
Revert some changes that cause issues with other URLs
2016-10-20 16:48:37 -04:00
Dane Everitt
125856d92f
Support for server info and minor changes to API setup
2016-10-20 16:42:54 -04:00
Dane Everitt
5a03ce7e1a
Add support for controlling server power from API.
2016-10-20 13:39:39 -04:00
Dane Everitt
745c735b32
Add initial basic API changes
...
New route is `/api/me`
2016-10-14 20:22:23 -04:00
Dane Everitt
126df09152
Fix route handling
2016-10-14 17:17:35 -04:00
Dane Everitt
7cf7a5a961
Split account things into own controllers.
2016-10-14 17:15:36 -04:00
Dane Everitt
073ef638b8
fix wording in notification event
2016-10-14 16:25:57 -04:00
Dane Everitt
63058d8c8e
Super early base implementation of notifications from daemon
2016-10-14 16:20:24 -04:00
Dane Everitt
c989dd0cc2
Send notification when server is created for user
2016-10-14 15:58:52 -04:00
Dane Everitt
a115c71433
Change SFTP username to be name_uuidShort
2016-10-14 15:34:01 -04:00
Dane Everitt
f65e41a1af
flags for setup scripts, closes #134
2016-10-12 19:02:18 -04:00
Dane Everitt
649b18c8d1
support for server filtering
...
closes #125
2016-10-12 17:12:27 -04:00
Dane Everitt
84a4c8b7f4
API enhancements, return node config, return 200 not 201
2016-10-12 15:42:23 -04:00
Dane Everitt
c8a73fa608
Log the error output for API
2016-10-07 16:10:54 -04:00
Dane Everitt
af68dbed8f
Add support for base API logging of all requests
...
ref #31
2016-10-07 16:06:09 -04:00
Dane Everitt
06422b2055
fix up API route return
2016-10-07 14:26:50 -04:00
Dane Everitt
9d55e93e9e
Fix auto-deploy not throwing proper exception
2016-10-07 14:26:37 -04:00
Dane Everitt
06756af994
add ?daemon=true option to API for servers
2016-10-06 23:56:32 -04:00
Dane Everitt
fbfaec6b20
create server with user ID or email
2016-10-06 22:43:50 -04:00
Dane Everitt
9d10c2a757
Support custom user id though API, closes #115
2016-10-06 22:36:59 -04:00
Dane Everitt
c347a6756c
Save set image to database
2016-10-06 22:32:54 -04:00
Dane Everitt
a2fc511e7e
Add permissions for filemanager stuff to subusers
2016-10-06 20:29:21 -04:00
Dane Everitt
77198b48df
Support folders within folders for JS path
2016-10-06 17:27:30 -04:00