092e7e79ff
Change 2FA service to generate the secret on our own and use an external QR service to display the image
2019-06-21 21:55:09 -07:00
2db7928b76
Don't expose existence of account when an incorrect password is provided and the user has 2FA enabled
2019-06-21 21:39:24 -07:00
4460b6835a
Match original database password length when doing a password reset ( #1509 )
2019-03-23 14:04:57 -07:00
f15449f17b
Fix servers not being marked as install failed
2019-03-03 13:44:28 -08:00
d9593b23ab
Paginate server results when viewing a node, closes #1404
2019-03-02 15:58:56 -08:00
8253246955
Prevent an exception when creating databases with the same name on multiple hosts.
...
closes #1456
2019-03-02 15:31:25 -08:00
91c9cbba6f
[ #1500 ] Correctly require disk_overallocate
2019-03-02 14:48:05 -08:00
50c5ab92aa
[ #1500 ] Add support for limits array or base level values
2019-03-02 14:44:59 -08:00
62e68ec66f
Fix for Locations PATCH endpoint ( #1499 )
2019-03-02 13:27:36 -08:00
db937af616
Apply fixes from StyleCI
...
[ci skip] [skip ci]
2019-01-26 23:26:15 +00:00
c1fb38fb5e
Cleanup
2018-12-09 14:40:03 +03:00
a4a758e202
Fixed StyleCI
2018-12-09 14:29:43 +03:00
fb51659a04
Fixed checking of the language change
2018-12-09 14:27:30 +03:00
04326a0786
Fixed PHPUnit test (Coverage) #1393
2018-12-03 21:09:25 +03:00
7c73f21b30
Fix Node daemon secret not being reset, closes #1390
2018-12-02 13:40:12 -08:00
d6e9770937
Merge branch 'develop' into patch-1
2018-12-02 13:01:31 -08:00
adcf0c9fee
Fixed Failed event
...
Thank you very much Laravel for not pointing out the changes to be made when upgrading from 5.6 to 5.7
2018-11-28 23:24:43 +03:00
2d7e889bcc
Fixed StyleCI
2018-11-26 03:28:14 +03:00
0b4b1a3443
Initial update
2018-11-26 03:25:18 +03:00
0cbedd9c90
Fix LocationController#store()
2018-11-19 22:04:05 -07:00
4ad9b2627b
Fix StoreLocationRequest namespace
2018-11-19 22:03:03 -07:00
afe128042f
Wait a second, that method doesn't return an array
2018-11-19 21:54:15 -07:00
9b654d2c76
Fix bug with client API denying access to routes, closes #1366
2018-11-10 15:27:50 -08:00
a9fa60a6fb
Respect pagination settings on frontend
...
closes #1335
2018-11-10 12:38:35 -08:00
8ef368faa4
Rename app/Http/Controllers/API/Remote/ValidateKeyController.php to app/Http/Controllers/Api/Remote/ValidateKeyController.php
2018-11-07 18:17:27 +02:00
7c64492557
Rename app/Http/Controllers/API/Remote/SftpController.php to app/Http/Controllers/Api/Remote/SftpController.php
2018-11-07 18:17:08 +02:00
c9e207c15d
Rename app/Http/Controllers/API/Remote/EggRetrievalController.php to app/Http/Controllers/Api/Remote/EggRetrievalController.php
2018-11-07 18:16:50 +02:00
cfbdf07b80
Rename app/Http/Controllers/API/Remote/EggInstallController.php to app/Http/Controllers/Api/Remote/EggInstallController.php
2018-11-07 18:16:28 +02:00
c5608b1827
rework UI of mail settings page to allow for saving settings before testing
2018-10-13 21:30:47 -04:00
8b61175c3b
add exception message to fail message for mail test
2018-10-13 21:30:47 -04:00
df9f0be839
styleci tweaks
2018-10-13 21:30:47 -04:00
670efa3544
styleci tweaks
2018-10-13 21:30:47 -04:00
ace58dd1df
allow test of mail system no matter the type
2018-10-13 21:30:47 -04:00
1b03ae2efe
remove Log::debug() call
2018-10-13 21:30:47 -04:00
fd3e5fc73e
add SMTP mail tester
2018-10-13 21:30:47 -04:00
262ef78fae
Allow deletion of multiple allocations at once ( #1322 )
2018-09-18 21:43:18 -07:00
f9542c98e2
Fix tests broken by bad namespaces
2018-09-03 15:59:30 -07:00
fd49e524c8
Update middleware code
2018-09-03 15:17:53 -07:00
4d62e4c7b9
Merge branch 'develop' into pr/1128
2018-09-03 15:10:23 -07:00
3bb9bf04e5
Pass the updated model through for updating node config, rather than old model, ref #1237
2018-09-03 14:54:50 -07:00
5bd3f59455
Fix schedules running twice, closes #1288
2018-09-03 14:32:33 -07:00
178b8f8ce6
More logical time handling
2018-08-31 21:00:13 -07:00
f3efe546da
Fix broken namespace for autoloader
2018-08-31 20:34:57 -07:00
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
...
Thanks to Trixter#0001 on Discord for this security report.
There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.
This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.
Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
1ffb5acfad
Send an email when a server is marked as installed ( #1213 )
...
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
304d947536
Allow creating subuser with no permissions
2018-06-30 18:25:46 -07:00
974318ffb4
Logout other sessions when password is changed
...
closes #1222
2018-06-30 17:50:58 -07:00
d73e5a2274
Fixed my fix to fix the 500 error on /api/application/nodes when not specifying a daemon_base ( #1182 )
2018-06-02 14:34:01 -07:00
969b16a563
Apply fixes from StyleCI
...
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
b56f3a8671
Expanded the middleware test
2018-06-01 16:22:06 +02:00
Dane Everitt
Arnaud Lier
Michael (Parker) Parker
Lance Pioch
Oreo Oreoniv
Matthew Penner
Matthew Penner
mrkrabs
ayan4m1
Andrew DeLisa
Stan
Jacob Gee-Clarke