1f92a7de33
Authenticate that the request is coming from someone that should even know about the server
2020-03-28 16:23:18 -07:00
d9d4c0590c
Fix silent failure mode when recaptcha is enabled
2019-12-15 16:13:44 -08:00
c17f9ba8a9
Move server view management parts to new controller and clean up code
2019-11-24 12:50:16 -08:00
7543ef085d
Format files
2019-09-05 21:32:57 -07:00
95d19bf09e
Update logic that handles creation of folders for a server
2019-05-01 21:45:39 -07:00
5ca13839cf
Merge branch 'develop' into feature/vue-serverview
2018-09-05 21:34:59 -07:00
fd49e524c8
Update middleware code
2018-09-03 15:17:53 -07:00
4d62e4c7b9
Merge branch 'develop' into pr/1128
2018-09-03 15:10:23 -07:00
f3efe546da
Fix broken namespace for autoloader
2018-08-31 20:34:57 -07:00
0999ec93c3
More logic for deleting databases
2018-08-25 15:07:42 -07:00
9be2aa4ca9
Push beginning of DB deletion stuff
2018-08-25 14:43:21 -07:00
8bbe6bc279
Add test, fix behavior of model creation
2018-07-14 22:58:33 -07:00
550c622d3b
Obliterate JWT from codebase
2018-07-14 22:48:09 -07:00
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
eafc4408eb
Fix broken unit tests
2018-07-14 21:49:49 -07:00
c82f273d85
Fix remaining broken tests
2018-07-04 19:38:23 -07:00
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal.
2018-06-16 14:05:39 -07:00
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
5bcabbde35
Get dashboard in a more working state
2018-06-05 23:42:34 -07:00
b56f3a8671
Expanded the middleware test
2018-06-01 16:22:06 +02:00
e9ac014bf4
Removed the use of Auth facade and removed unnecesary option
2018-06-01 16:10:32 +02:00
3bb9e5e8a8
Merge branch 'develop' of https://github.com/stanjg/panel into feature/user-specific-language
2018-06-01 15:58:09 +02:00
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist
2018-05-31 22:59:39 -07:00
013dde75ae
Renamed the field and made some improvements
2018-05-31 16:34:35 +02:00
a1444b047e
Fix JWT handling for API access when logging in
2018-05-28 14:59:48 -07:00
6e5c365018
Use the client API to load servers on the listing page
2018-05-28 13:23:40 -07:00
ad69193ac0
Add JWT to login forms
2018-05-28 12:48:42 -07:00
e648e50d90
Write some example tests for @stanjg
2018-05-26 11:00:28 -07:00
e3bbd85f3f
Merge branch 'develop' into pr/1129
2018-05-26 10:34:29 -07:00
b4e510fbe3
Fixes before release
2018-05-20 16:49:54 -07:00
7e2e5fd7c1
Merge branch 'develop' into feature/upgrade-laravel-to-5.6
2018-05-20 16:30:42 -07:00
53829399de
Make sure this trust proxies is also changed
2018-05-13 11:59:25 -04:00
e2dc0638d9
Fix app/ spelling errors
2018-05-13 11:12:41 -04:00
86c8ecdcdf
Added the actual logic
2018-05-04 15:02:51 +02:00
17a72d0895
StyleCI fixes
2018-05-04 14:05:42 +02:00
9a06647435
Added support for user specific languages
2018-05-04 12:56:30 +02:00
ef371a508d
Change check on debugbar to use debug not environment
2018-03-10 12:03:23 -06:00
a4f03f5d02
Handle missing daemon keys better and fix subuser missing key errors
2018-03-03 21:31:44 -06:00
bcb69603ad
Add support for user management of databases
2018-03-02 19:03:55 -06:00
8f72571895
Fix IP access middleware
2018-02-28 23:39:59 -06:00
cef3e4ced4
Add base routes for managing servers as a client
2018-02-27 21:28:43 -06:00
9a32b9fd03
Merge branch 'develop' into feature/client-api
2018-02-27 21:04:18 -06:00
23e07689a7
Handle 404 errors in API bindings correctly to avoid explosing that a resource exists before validating a key
2018-02-27 21:04:04 -06:00
e28973bcae
Move everything around as needed to get things setup for the client API
2018-02-25 15:30:56 -06:00
5b6d3b8325
Slightly more clear errors
2018-02-24 12:27:41 -06:00
2ec76d283b
Fix bad API behavior
2018-02-04 15:38:38 -06:00
8afced3410
Add nests & eggs
...
Cleanup middleware handling and parameters on controllers...
2018-01-27 12:38:56 -06:00
de07b3cc7f
Add server database management support to API.
2018-01-25 22:34:53 -06:00
3e327b8b0e
Use more logical route binding to not reveal resources on the API unless authenticated.
2018-01-20 15:33:04 -06:00
0e7f8cedf0
Reorganize API files
2018-01-19 19:58:57 -06:00
c3b9738364
Implement application API Keys
2018-01-18 21:36:15 -06:00
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
...
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
ad3a954256
Rename APIKey to ApiKey
2018-01-14 12:06:15 -06:00
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
...
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
a31e5875dc
First round of changes to API to support simpler permissions.
2018-01-11 22:49:46 -06:00
60eb60013c
Update repository base code to be cleaner and make use of PHP 7 features
2018-01-04 22:49:50 -06:00
b9d67459b2
Update to Laravel 5.5 ( #814 )
2017-12-17 13:07:38 -06:00
f9df463d32
Implement a better management interface for Settings ( #809 )
2017-12-14 21:05:26 -06:00
285485d7b0
Change how API keys are validated ( #771 )
2017-12-03 14:29:14 -06:00
975597b4d0
Implement changes to administrative user revocation, closes #733
2017-12-03 14:00:47 -06:00
20beb2f280
Fix error causing tasks to be un-deletable.
...
closes #786
2017-12-01 20:10:06 -06:00
6409fffdad
Implement fix to allow root admins to view all servers.
...
closes #722
2017-11-05 12:38:39 -06:00
ecdd133b75
Fix daemon auth
2017-11-04 17:16:44 -05:00
71b90650de
Fix failing test suite
2017-11-04 12:49:05 -05:00
7882250baf
Add more middleware tests
2017-11-03 18:16:49 -05:00
7b3393aff9
More middleware tests
2017-11-01 20:45:43 -05:00
d844a36167
Begin adding unit tests for middleware
2017-10-29 21:40:34 -05:00
79decafdc8
Update all the middlewares
2017-10-29 12:37:25 -05:00
e0d03513e4
Cleanup frontend controllers and middleware
2017-10-27 21:42:53 -05:00
058e490ec4
Implement Panel changes to support internal SFTP subsystem on Daemon ( #703 )
2017-10-25 00:35:25 -04:00
97dc0519d6
Add database management back to front-end and begin some refactoring
...
Here we go again boys...
2017-10-18 22:32:19 -05:00
048784607d
Minor bug fixes
2017-09-30 11:45:24 -05:00
fb8a26f141
Merge branch 'develop' into feature/api-daemon-changes
2017-09-25 21:46:44 -05:00
e56f4cdd33
Update license headers on files.
2017-09-25 21:43:01 -05:00
09d958249d
Add togglable 2FA user requirements ( #635 )
2017-09-25 15:58:16 -10:00
7d1c233c49
Final adjustments to Daemon <-> Panel communication change
2017-09-24 21:12:30 -05:00
906a699ee2
Begin implementation of new daemon authentication scheme
2017-09-23 20:45:25 -05:00
7f76684453
More schedule changes
2017-09-13 21:46:43 -05:00
2ac90b50f2
Begin refactoring Tasks to be apart of the Scheduler system
2017-09-12 23:45:19 -05:00
f157c06d04
Fix PHPCS to order by length not alphabetical
2017-09-04 19:07:00 -05:00
dc310ffdea
Finish subuser controller
2017-09-04 18:12:13 -05:00
8f14ee989d
Apply fixes from StyleCI
2017-09-03 21:41:03 +00:00
4532811fcd
Improved middleware, console page now using new setup
2017-09-02 21:35:33 -05:00
3ee5803416
Massive PHPCS linting
2017-08-21 22:10:48 -05:00
9515128b8a
Respond 401 not 404 when bad request token
2017-06-28 20:05:50 -05:00
5bdd75eb94
Fix IP checking in API middleware, closes #425
2017-05-06 23:02:12 -04:00
4306eaa00e
For english language, will be fixed in 0.6.1 when translations are more complete and better implemented.
2017-05-06 22:06:57 -04:00
5651d9ae2b
Fix authentication code for daemon requests.
2017-05-02 20:11:56 -04:00
5cc28a0716
Fixing timing attack vuln. on HMAC comparison ( #409 )
2017-04-24 16:49:03 -04:00
93d79994f8
Apply fixes from StyleCI ( #372 )
2017-04-09 19:16:39 -04:00
db4df2bfa1
Push basis of new API key policy
...
Will need to revisit this another day when I’m fresh to figure out the
best method to do this.
2017-04-07 21:25:17 -04:00
c071efd008
Finish API routes for users.
2017-04-02 15:52:53 -04:00
97773300ed
Better middleware for routes, cleaned up API, removed old API calls
...
New API routes for Server allow specifying which fractal objects to
load into the request, thus making it possible to fine-tune what data
is returned.
2017-04-02 13:19:39 -04:00
ddb82ac3ca
Add initial user server transformer for API.
2017-04-02 00:49:53 -04:00
87530cdc01
Initial moves to new API scheme.
...
Implements a better middleware for handling API authentication, as well
as cleaner route handling.
2017-04-02 00:11:52 -04:00
9c303456fb
Update codebase to L5.4 ( #367 )
2017-04-01 17:59:43 -04:00
2dec659dd1
Fix syntax error.
2017-03-31 21:47:53 -04:00
c7d4c3aa76
Send default response
2017-03-31 21:16:00 -04:00
ff57e2ff85
Cleanup recaptcha middleware
2017-03-31 21:12:49 -04:00
451dd7ebc8
Apply fixes from StyleCI ( #364 )
2017-03-31 20:48:35 -04:00
Dane Everitt
stanjg
Lance Pioch
Fillerino