436e686037
Apply php-cs-fixer changes
2021-08-07 16:10:24 -07:00
cec96062e3
Get client API tests back into passing order
2021-08-07 16:08:29 -07:00
5a1cceb9d2
Fix bindings for schedule tasks
2021-08-07 15:45:36 -07:00
2203a4d87e
Normalize logic across client and application API
2021-08-07 11:55:49 -07:00
bc1db626e7
Fix up subuser controller to use better binding checks
2021-08-07 11:15:44 -07:00
74426a97f4
Simplify logic for checking for missing unbound models
2021-08-07 11:15:30 -07:00
4d1a7e6637
Improve client API route model binding and prevent accidental route access without valid model binds
2021-08-04 22:20:43 -07:00
47b895a98a
Update existing application API to use simplified user permission checking
2021-08-04 21:15:19 -07:00
b47d262ee0
Initial pass at deleting as much removed logic as possible; still need to migrate old keys and permissions over
2021-08-04 21:15:18 -07:00
01c03b6b77
Merge branch 'develop' into feature/react-admin
2021-06-06 14:06:14 -06:00
9656378783
Fix 401 error typo ( #3393 )
2021-06-03 13:35:51 -07:00
a87fef37ec
Merge branch 'develop' into feature/react-admin
2021-02-07 16:16:22 -07:00
e30a765071
Simplify logic when a server is in an unsupported state
2021-01-30 13:28:31 -08:00
5737b5dc5d
api(application): fix requests
2021-01-23 18:17:35 -07:00
c449ca5155
Use more standardized phpcs
2021-01-23 12:33:34 -08:00
a043071e3c
Update to Laravel 8
...
Co-authored-by: Matthew Penner <me@matthewp.io>
2021-01-23 12:12:54 -08:00
e8dcd30e0c
[security] fix resources not properly returning an error when they don't match the server in the URL
...
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.
Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
2021-01-19 21:19:17 -08:00
6c39288def
Clarify error messaging for transfers
2020-12-24 10:14:10 -08:00
37cfa151b6
Use ServerTransferringException
2020-12-17 10:37:14 -07:00
e69d9b2c26
Update comment in AuthenticateServerAccess.php
2020-12-17 10:35:54 -07:00
fd848985ee
Add ServerTransferringException, use is_null
2020-12-17 10:35:54 -07:00
e6c4a68e4a
Update logic for tracking a server's transfer state
2020-12-17 10:35:54 -07:00
df64026449
Update AuthenticateIPAccess.php
...
Fix a 500 error when processing a request with an IP filter
2020-11-08 21:57:22 -05:00
c00e5b36a5
Return all servers for a node as a paginated response
...
Avoids crashing the PHP process and avoids a bad runaway N+1 query issue that previously existed.
2020-10-31 11:14:28 -07:00
f31a6d3967
Fix parameter bindings for client API routes; closes pterodactyl/panel#2359
2020-09-27 10:39:18 -07:00
906cfce81c
Don't return a 403 when returning resources for a suspended server; closes #2279
2020-08-30 09:54:59 -07:00
540cc82e3d
Don't resolve database hosts; closes #2237
2020-08-19 20:38:51 -07:00
61e9771333
Code cleanup for subuser API endpoints; closes #2247
2020-08-19 20:21:12 -07:00
2278927fb6
Update allocations to support ids; protect endpoints; support notes
2020-07-09 20:36:08 -07:00
06ece0e624
Fix AuthenticateServerAccess middleware spelling issue.
2020-07-05 15:48:02 -04:00
fde8465f35
Show a better error when JSON data cannot be parsed in the request
2020-06-30 20:05:11 -07:00
536180ed0c
Return Http test cases to a passing state
2020-06-23 21:59:37 -07:00
16e14621c8
Better error messaging when server is suspended
2020-06-22 20:22:52 -07:00
6056b6f45d
Show console when an admin is viewing an installing server
2020-04-26 13:21:39 -07:00
658a959e5d
Fix trailing comma in DaemonAuthenticate.php, change ServerDetailsController.php to use node authentication
2020-04-10 17:54:50 -06:00
2532a73425
Don't throw errors if bad data is sent in the header
2020-04-10 15:53:19 -07:00
7557dddf49
Store node daemon tokens in an encrypted manner
2020-04-10 15:15:38 -07:00
be05d2df81
Add support for generating a signed URL for downloading a file from the daemon
2020-04-04 19:54:59 -07:00
1f92a7de33
Authenticate that the request is coming from someone that should even know about the server
2020-03-28 16:23:18 -07:00
7543ef085d
Format files
2019-09-05 21:32:57 -07:00
95d19bf09e
Update logic that handles creation of folders for a server
2019-05-01 21:45:39 -07:00
0999ec93c3
More logic for deleting databases
2018-08-25 15:07:42 -07:00
9be2aa4ca9
Push beginning of DB deletion stuff
2018-08-25 14:43:21 -07:00
8bbe6bc279
Add test, fix behavior of model creation
2018-07-14 22:58:33 -07:00
550c622d3b
Obliterate JWT from codebase
2018-07-14 22:48:09 -07:00
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
c82f273d85
Fix remaining broken tests
2018-07-04 19:38:23 -07:00
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal.
2018-06-16 14:05:39 -07:00
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
5bcabbde35
Get dashboard in a more working state
2018-06-05 23:42:34 -07:00
Dane Everitt
Matthew Penner
Alex
Matt Malec
DarthShmev