7c73f21b30
Fix Node daemon secret not being reset, closes #1390
2018-12-02 13:40:12 -08:00
d6e9770937
Merge branch 'develop' into patch-1
2018-12-02 13:01:31 -08:00
adcf0c9fee
Fixed Failed event
...
Thank you very much Laravel for not pointing out the changes to be made when upgrading from 5.6 to 5.7
2018-11-28 23:24:43 +03:00
2d7e889bcc
Fixed StyleCI
2018-11-26 03:28:14 +03:00
0b4b1a3443
Initial update
2018-11-26 03:25:18 +03:00
0cbedd9c90
Fix LocationController#store()
2018-11-19 22:04:05 -07:00
4ad9b2627b
Fix StoreLocationRequest namespace
2018-11-19 22:03:03 -07:00
afe128042f
Wait a second, that method doesn't return an array
2018-11-19 21:54:15 -07:00
9b654d2c76
Fix bug with client API denying access to routes, closes #1366
2018-11-10 15:27:50 -08:00
a9fa60a6fb
Respect pagination settings on frontend
...
closes #1335
2018-11-10 12:38:35 -08:00
8ef368faa4
Rename app/Http/Controllers/API/Remote/ValidateKeyController.php to app/Http/Controllers/Api/Remote/ValidateKeyController.php
2018-11-07 18:17:27 +02:00
7c64492557
Rename app/Http/Controllers/API/Remote/SftpController.php to app/Http/Controllers/Api/Remote/SftpController.php
2018-11-07 18:17:08 +02:00
c9e207c15d
Rename app/Http/Controllers/API/Remote/EggRetrievalController.php to app/Http/Controllers/Api/Remote/EggRetrievalController.php
2018-11-07 18:16:50 +02:00
cfbdf07b80
Rename app/Http/Controllers/API/Remote/EggInstallController.php to app/Http/Controllers/Api/Remote/EggInstallController.php
2018-11-07 18:16:28 +02:00
c5608b1827
rework UI of mail settings page to allow for saving settings before testing
2018-10-13 21:30:47 -04:00
8b61175c3b
add exception message to fail message for mail test
2018-10-13 21:30:47 -04:00
df9f0be839
styleci tweaks
2018-10-13 21:30:47 -04:00
670efa3544
styleci tweaks
2018-10-13 21:30:47 -04:00
ace58dd1df
allow test of mail system no matter the type
2018-10-13 21:30:47 -04:00
1b03ae2efe
remove Log::debug() call
2018-10-13 21:30:47 -04:00
fd3e5fc73e
add SMTP mail tester
2018-10-13 21:30:47 -04:00
b6205463db
Merge branch 'develop' into feature/vuejs
2018-09-23 13:14:46 -07:00
262ef78fae
Allow deletion of multiple allocations at once ( #1322 )
2018-09-18 21:43:18 -07:00
5ca13839cf
Merge branch 'develop' into feature/vue-serverview
2018-09-05 21:34:59 -07:00
f9542c98e2
Fix tests broken by bad namespaces
2018-09-03 15:59:30 -07:00
fd49e524c8
Update middleware code
2018-09-03 15:17:53 -07:00
4d62e4c7b9
Merge branch 'develop' into pr/1128
2018-09-03 15:10:23 -07:00
3bb9bf04e5
Pass the updated model through for updating node config, rather than old model, ref #1237
2018-09-03 14:54:50 -07:00
5bd3f59455
Fix schedules running twice, closes #1288
2018-09-03 14:32:33 -07:00
178b8f8ce6
More logical time handling
2018-08-31 21:00:13 -07:00
f3efe546da
Fix broken namespace for autoloader
2018-08-31 20:34:57 -07:00
e906ada528
Better handling when deleting a database
2018-08-26 14:01:00 -07:00
0999ec93c3
More logic for deleting databases
2018-08-25 15:07:42 -07:00
9be2aa4ca9
Push beginning of DB deletion stuff
2018-08-25 14:43:21 -07:00
c28e9c1ab7
Add ability to create new database through the UI
2018-08-22 22:29:20 -07:00
17796fb1c4
Add basic database listing for server
2018-08-21 21:47:01 -07:00
e9f8751c4c
More filemanager work, directory browsing working
2018-08-13 22:58:58 -07:00
92a9146b61
Improve filemanager, get first level folders listing
2018-08-06 23:14:13 -07:00
8db9d9bbee
Very rough go at connecting to socket and rendering console data for server
2018-07-20 23:45:07 -07:00
f2d2725ca0
Merge branch 'feature/vuejs' into feature/vue-serverview
2018-07-15 16:50:11 -07:00
be2c76c24a
Add tests for password changing
2018-07-15 11:44:18 -07:00
8bbe6bc279
Add test, fix behavior of model creation
2018-07-14 22:58:33 -07:00
550c622d3b
Obliterate JWT from codebase
2018-07-14 22:48:09 -07:00
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
eafc4408eb
Fix broken unit tests
2018-07-14 21:49:49 -07:00
c82f273d85
Fix remaining broken tests
2018-07-04 19:38:23 -07:00
6c20ea9881
Add tests for changed controllers
2018-07-04 19:20:33 -07:00
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account
2018-07-04 18:12:57 -07:00
af9af78938
Merge branch 'develop' into feature/vuejs
2018-07-04 18:09:07 -07:00
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
...
Thanks to Trixter#0001 on Discord for this security report.
There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.
This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.
Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account
2018-07-02 21:01:04 -07:00
48cb01f438
Merge branch 'develop' into feature/vuejs
2018-07-02 21:00:42 -07:00
1ffb5acfad
Send an email when a server is marked as installed ( #1213 )
...
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
304d947536
Allow creating subuser with no permissions
2018-06-30 18:25:46 -07:00
974318ffb4
Logout other sessions when password is changed
...
closes #1222
2018-06-30 17:50:58 -07:00
7711b697ad
Finalize two-factor handling on account.
2018-06-20 23:05:35 -07:00
0cc895f2d5
Finalize email/password changing in UI
2018-06-17 16:53:24 -07:00
fce394f6bd
Change email handling and logout function
2018-06-16 14:30:20 -07:00
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal.
2018-06-16 14:05:39 -07:00
b8b9acd0e6
Get the base email update working through the API.
...
Still going to need to determine the best course of action to update the token on the client side.
2018-06-11 22:56:57 -07:00
05478e3277
Merge branch 'feature/vuejs' into feature/vue-serverview
2018-06-11 21:06:12 +02:00
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
5bcabbde35
Get dashboard in a more working state
2018-06-05 23:42:34 -07:00
e948d81d8a
Base attempt at using vuex to handle logins
2018-06-05 23:00:01 -07:00
e65854c8c2
Merge branch 'feature/vuejs' into feature/vue-serverview
2018-06-02 23:28:55 -07:00
02b29a66ea
Use client API to get resource use for a server
2018-06-02 19:08:53 -07:00
d73e5a2274
Fixed my fix to fix the 500 error on /api/application/nodes when not specifying a daemon_base ( #1182 )
2018-06-02 14:34:01 -07:00
969b16a563
Apply fixes from StyleCI
...
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
b56f3a8671
Expanded the middleware test
2018-06-01 16:22:06 +02:00
e9ac014bf4
Removed the use of Auth facade and removed unnecesary option
2018-06-01 16:10:32 +02:00
3bb9e5e8a8
Merge branch 'develop' of https://github.com/stanjg/panel into feature/user-specific-language
2018-06-01 15:58:09 +02:00
e0d67ff857
Merge branch 'feature/vuejs' into feature/vue-serverview
2018-05-31 23:01:24 -07:00
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist
2018-05-31 22:59:39 -07:00
5f70502f20
Merge branch 'develop' into feature/vuejs
2018-05-31 22:59:16 -07:00
fd8d7c3571
Merge pull request #1130 from stanjg/feature/stats-page
...
Added a statistics page to monitor the panel usage
2018-05-31 22:56:58 -07:00
ccf3e3511f
Renamed middleware, and fixed the test
2018-05-31 16:40:18 +02:00
013dde75ae
Renamed the field and made some improvements
2018-05-31 16:34:35 +02:00
11d96c44d1
Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview
2018-05-29 00:04:51 +02:00
378a1859cf
Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview
2018-05-29 00:04:41 +02:00
a1444b047e
Fix JWT handling for API access when logging in
2018-05-28 14:59:48 -07:00
6e5c365018
Use the client API to load servers on the listing page
2018-05-28 13:23:40 -07:00
ad69193ac0
Add JWT to login forms
2018-05-28 12:48:42 -07:00
89f47c6dbb
mocked server page and better navigation and overall layout
2018-05-28 00:37:03 +02:00
6f2fcabf22
Add very basic server search and dynamic rendering functionality
2018-05-26 23:17:02 -07:00
9d8830a2d7
Get initial mockup of new server list up
2018-05-26 17:20:36 -07:00
60e1ffa564
Added a test for the controller and cleaned up the controller
2018-05-27 00:16:13 +02:00
cf90f56777
Merge branch 'develop' into feature/vuejs-auth
2018-05-26 12:17:14 -07:00
7a81c61ad8
Wording changes and fix of major fail last commit
2018-05-26 21:02:47 +02:00
86e7085396
Cleaned up the controller and prepared for tests
2018-05-26 20:58:49 +02:00
e648e50d90
Write some example tests for @stanjg
2018-05-26 11:00:28 -07:00
e3bbd85f3f
Merge branch 'develop' into pr/1129
2018-05-26 10:34:29 -07:00
0e1b4661ce
Don't allow access to manage page if server failed installing
2018-05-23 22:23:26 -07:00
6967b9ba12
Fix exception thrown due to lack of pre-validation on the model.
...
closes #1158
2018-05-20 17:11:52 -07:00
b4e510fbe3
Fixes before release
2018-05-20 16:49:54 -07:00
7e2e5fd7c1
Merge branch 'develop' into feature/upgrade-laravel-to-5.6
2018-05-20 16:30:42 -07:00
00df0b66a6
Merge pull request #1148 from pterodactyl/feature/doc-block-improvements
...
@throws docblock improvements
2018-05-20 16:25:59 -07:00
002efddc96
Merge pull request #1146 from pterodactyl/feature/windows-pathinfo-support
...
Add support for Windows, replace all backslashes with forwardslashes
2018-05-20 16:24:58 -07:00
71257c67bf
Add more throwing
2018-05-13 12:42:22 -04:00
3bc2397795
Library doesn't exist anymore
2018-05-13 12:42:16 -04:00
f82b419d47
Update php doc blocks
2018-05-13 12:42:11 -04:00
53829399de
Make sure this trust proxies is also changed
2018-05-13 11:59:25 -04:00
f42f211e65
Add support for Windows, replace all back slashes with forward slashes
2018-05-13 11:39:44 -04:00
e2dc0638d9
Fix app/ spelling errors
2018-05-13 11:12:41 -04:00
095d85bb60
Added the server as argument, and improved the bug fix
2018-05-06 17:59:11 +02:00
06a67bb4bb
Cleaned up some duplicate code
2018-05-05 10:39:20 +02:00
28a97fea54
Polished it up
2018-05-04 22:48:43 +02:00
93a7d11c28
Made a base
2018-05-04 18:45:37 +02:00
86c8ecdcdf
Added the actual logic
2018-05-04 15:02:51 +02:00
17a72d0895
StyleCI fixes
2018-05-04 14:05:42 +02:00
9ae25538c3
Made it so users can switch languages themselves
2018-05-04 13:08:41 +02:00
9a06647435
Added support for user specific languages
2018-05-04 12:56:30 +02:00
4fad244073
Show correct auth error.
2018-04-08 16:16:04 -05:00
b6e94d9a1e
Code cleanup
2018-04-08 16:00:52 -05:00
6d970a4cc3
Finalize login page!
2018-04-08 15:46:32 -05:00
d63624f607
Working login form with password reset functionality.
2018-04-08 15:18:13 -05:00
c3e462ab2f
Cleanup login/reset functionality, address security issue with 2FA pathways
2018-04-07 16:17:51 -05:00
4f3c668420
Refactor auth controllers to be cleaner and easier to maintain
2018-04-07 12:35:15 -05:00
324b989a29
Get a working rough copy of the login page
2018-04-01 17:46:16 -05:00
791cbaa5ce
Get things into a somewhat working state on the login form
2018-03-31 15:52:11 -05:00
3e2ac981a9
Add API endpoint for getting server resource utilization, closes #900
...
This endpoint is throttled to 15 requests per minute to avoid destroying the daemon since clients can use it.
2018-03-17 14:01:53 -05:00
f8e98e9c9e
Add ability to change server name, closes #563
2018-03-10 14:44:21 -06:00
e55d3c1a9a
Add check on SFTP page to make sure the permission is assigned before showing
2018-03-10 14:26:00 -06:00
40c74ae1e7
Add validation to prevent invalid ports, closes #1034
2018-03-10 13:10:40 -06:00
ef371a508d
Change check on debugbar to use debug not environment
2018-03-10 12:03:23 -06:00
4964d294f6
Throw 504 where necessary
2018-03-06 22:17:01 -06:00
a4f03f5d02
Handle missing daemon keys better and fix subuser missing key errors
2018-03-03 21:31:44 -06:00
c739f292e4
paginate databases when viewing a host
2018-03-03 17:52:35 -06:00
dff7e8f734
Fix server creation in UI and API
2018-03-02 23:11:30 -06:00
c6137db529
Fix build limit management in Admin CP
2018-03-02 19:49:09 -06:00
bcb69603ad
Add support for user management of databases
2018-03-02 19:03:55 -06:00
07893effa3
Add initial go at user created databases for servers, still needs cleaning
2018-03-01 21:27:37 -06:00
87b96bdfc8
Add core logic to allow for limited databases and allocations
2018-03-01 20:08:27 -06:00
5f6c153537
Validate resource existence before validating data sent
2018-03-01 20:00:14 -06:00
070239abcf
Fix inability to edit certain environment vars and start line, closes #1008
2018-03-01 19:26:11 -06:00
85bdbdce14
Better handling of file download requests
2018-03-01 19:19:19 -06:00
838b9a9093
Add support for filesystem caching, closes #993
2018-03-01 18:46:59 -06:00
0a39a9b6bf
Don't require an environment variable to be present if none are required anyways, closes #1007
2018-03-01 18:35:53 -06:00
8f72571895
Fix IP access middleware
2018-02-28 23:39:59 -06:00
9b93629f45
Add UI for client API keys
2018-02-28 23:30:39 -06:00
2017e640b6
Add client API
2018-02-28 22:51:04 -06:00
4e12c289ed
Add command sending
2018-02-27 22:09:34 -06:00
cef3e4ced4
Add base routes for managing servers as a client
2018-02-27 21:28:43 -06:00
9a32b9fd03
Merge branch 'develop' into feature/client-api
2018-02-27 21:04:18 -06:00
23e07689a7
Handle 404 errors in API bindings correctly to avoid explosing that a resource exists before validating a key
2018-02-27 21:04:04 -06:00
e28973bcae
Move everything around as needed to get things setup for the client API
2018-02-25 15:30:56 -06:00
8daf97021a
Add ability to modify external id for a server
2018-02-25 14:45:16 -06:00
6a4b5e04e2
Fix broken external_id handling when creating servers
2018-02-25 14:43:40 -06:00
fb1b2406b5
Add API endpoint to get a server by external ID
2018-02-24 14:09:09 -06:00
a1e704d3a7
Add back server sidebar list
2018-02-24 13:58:48 -06:00
5b6d3b8325
Slightly more clear errors
2018-02-24 12:27:41 -06:00
baeffef24b
Fix bad permissions check on server API route
2018-02-24 12:15:21 -06:00
807521b97c
Fix schedules with no names being uneditable
2018-02-24 12:04:14 -06:00
633bba6d6e
Add support for external_id on servers, closes #975
2018-02-24 11:57:12 -06:00
f655188c58
Fix searching servers
2018-02-24 11:48:24 -06:00
620c624e6f
Fix exception thrown when accessing /nests/:id/eggs/:id API endpoint
2018-02-24 11:11:57 -06:00
4b9f025e98
Fix exception when trying to edit a host, ref #957
2018-02-18 14:10:12 -06:00
3fb02a4b3c
Fix FQDN failing validation in database host UI, ref #957
2018-02-18 13:43:54 -06:00
50809cad36
Fix exception when no 2FA token is entered when enabling or disabling
2018-02-18 13:15:10 -06:00
d52f8d9215
Fix behavior of validation when creating egg variables
2018-02-17 13:09:54 -06:00
8e1aa15dba
Fixes a bug that would cause non-editable variables on the front-end to throw a validation error
2018-02-15 20:58:51 -06:00
bf537922a3
Fix username validation and auto-generation, closes #927
2018-02-11 16:39:50 -06:00
cfb7415e2a
Fix data integrity exception, closes #922
2018-02-10 14:01:49 -06:00
db29b04c39
Fix improper allocation id validation on API
2018-02-07 22:50:22 -06:00
a9c1946319
Add support for finding a user by external ID.
2018-02-07 21:56:11 -06:00
2e693067b8
Add search to API endpoints
2018-02-07 21:33:44 -06:00
dd54c5abb1
Fix user password handling in Admin CP
2018-02-07 21:13:40 -06:00
2ec76d283b
Fix bad API behavior
2018-02-04 15:38:38 -06:00
d4d9eda57a
Add schedule edit support
2018-02-04 13:51:24 -06:00
ff8b5fc5a3
Fix exception when modifying existing DB host, closes #910
2018-02-04 12:59:14 -06:00
0b00895261
fix saving of egg variable values, closes #905
2018-02-03 12:36:57 -06:00
d9355b93b4
Fix exception when adjusting mail settings, closes #907
2018-02-03 12:28:39 -06:00
48c933fa0f
fix exception when deleting allocations, closes #908
2018-02-03 12:22:10 -06:00
ffa09d81e2
Pass strings for deletion of user sessions, closes #906
2018-02-03 12:18:18 -06:00
7a19019980
Fix suspension/installed handling for servers
...
closes Pterodactyl/Panel#891
2018-01-30 22:40:21 -06:00
c599112021
Finalize server management API
2018-01-30 20:36:59 -06:00
5ed164e13e
Implement server creation though the API.
...
Also implements auto-deployment to specific locations and ports.
2018-01-28 17:14:14 -06:00
97ee95b4da
Fix some error handling
2018-01-27 13:26:43 -06:00
8afced3410
Add nests & eggs
...
Cleanup middleware handling and parameters on controllers...
2018-01-27 12:38:56 -06:00
de07b3cc7f
Add server database management support to API.
2018-01-25 22:34:53 -06:00
2bd691efad
Add database list endpoint, add more resource name magic
2018-01-25 21:26:06 -06:00
407120a854
Merge branch 'develop' into feature/api-v1
2018-01-21 17:06:31 -06:00
655d2485b5
Fix error causing inability to save variables.
2018-01-21 17:02:25 -06:00
aca0819bcd
Add server build management to API
2018-01-21 16:02:03 -06:00
d3dba3fcf9
Fix bug when modifying server descriptions
2018-01-21 14:45:20 -06:00
8dcab927e5
Merge branch 'develop' into feature/api-v1
2018-01-21 14:31:32 -06:00
c369151397
Allow editing symlinked files
2018-01-21 14:24:59 -06:00
2212f28351
Don't break the page if no variable rules are provided.
2018-01-21 11:58:59 -06:00
17f6f3eeb6
Add server details modification endpoint to API.
2018-01-20 16:03:23 -06:00
3e327b8b0e
Use more logical route binding to not reveal resources on the API unless authenticated.
2018-01-20 15:33:04 -06:00
17544481b5
More server management via the API
2018-01-20 13:48:02 -06:00
3724559468
Forgotten changes
2018-01-19 21:48:26 -06:00
a497a3d153
Make server listing and single server view API endpoints work
2018-01-19 21:47:06 -06:00
74bdbea6a4
Sneaky files
2018-01-19 20:01:56 -06:00
0e7f8cedf0
Reorganize API files
2018-01-19 19:58:57 -06:00
c3b9738364
Implement application API Keys
2018-01-18 21:36:15 -06:00
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
...
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
ad3a954256
Rename APIKey to ApiKey
2018-01-14 12:06:15 -06:00
7aa540b895
Remove api permissions table
2018-01-14 12:05:18 -06:00
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
...
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
11c4f3f6f2
Finish putting permissions on the API
2018-01-13 14:08:19 -06:00
Dane Everitt
Oreo Oreoniv
Matthew Penner
Matthew Penner
mrkrabs
ayan4m1
Andrew DeLisa
Stan
Jakob Schrettenbrunner
Jacob Gee-Clarke
Lance Pioch