sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,145 Commits 61 Branches 128 Tags 29 MiB
Commit Graph

1118 Commits

Author SHA1 Message Date
Dane Everitt 5ca13839cf
Merge branch 'develop' into feature/vue-serverview 2018-09-05 21:34:59 -07:00
Dane Everitt f9542c98e2
Fix tests broken by bad namespaces 2018-09-03 15:59:30 -07:00
Dane Everitt fd49e524c8
Update middleware code 2018-09-03 15:17:53 -07:00
Dane Everitt 4d62e4c7b9
Merge branch 'develop' into pr/1128 2018-09-03 15:10:23 -07:00
Dane Everitt c6112b4234
Fix tests 2018-09-03 14:59:00 -07:00
Dane Everitt 3bb9bf04e5
Pass the updated model through for updating node config, rather than old model, ref #1237 2018-09-03 14:54:50 -07:00
Dane Everitt 7ed9c7cb93
Correctly store changes to upload size limit, closes #1237 2018-09-03 14:53:58 -07:00
Dane Everitt 5bd3f59455
Fix schedules running twice, closes #1288 2018-09-03 14:32:33 -07:00
Dane Everitt 413a22a3d5
Changes to job running to clean up code 2018-09-03 14:04:25 -07:00
Dane Everitt bcb3f5d5fa
Fix handling of times 2018-08-31 21:12:10 -07:00
Dane Everitt 178b8f8ce6
More logical time handling 2018-08-31 21:00:13 -07:00
Dane Everitt e5636405f3
Drop carbon, use chronos 2018-08-31 20:52:15 -07:00
Dane Everitt f3efe546da
Fix broken namespace for autoloader 2018-08-31 20:34:57 -07:00
Dane Everitt e906ada528
Better handling when deleting a database 2018-08-26 14:01:00 -07:00
Dane Everitt 0999ec93c3
More logic for deleting databases 2018-08-25 15:07:42 -07:00
Dane Everitt 9be2aa4ca9
Push beginning of DB deletion stuff 2018-08-25 14:43:21 -07:00
Dane Everitt c28e9c1ab7
Add ability to create new database through the UI 2018-08-22 22:29:20 -07:00
Dane Everitt 17796fb1c4
Add basic database listing for server 2018-08-21 21:47:01 -07:00
Dane Everitt e9f8751c4c
More filemanager work, directory browsing working 2018-08-13 22:58:58 -07:00
Dane Everitt 92a9146b61
Improve filemanager, get first level folders listing 2018-08-06 23:14:13 -07:00
Dane Everitt 8db9d9bbee
Very rough go at connecting to socket and rendering console data for server 2018-07-20 23:45:07 -07:00
Dane Everitt f2d2725ca0
Merge branch 'feature/vuejs' into feature/vue-serverview 2018-07-15 16:50:11 -07:00
Dane Everitt be2c76c24a
Add tests for password changing 2018-07-15 11:44:18 -07:00
Dane Everitt 8bbe6bc279
Add test, fix behavior of model creation 2018-07-14 22:58:33 -07:00
Dane Everitt 550c622d3b
Obliterate JWT from codebase 2018-07-14 22:48:09 -07:00
Dane Everitt 6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-14 22:42:58 -07:00
Dane Everitt a7fae86e58
Treat unauthenticated exceptions the same as everything else 2018-07-14 22:42:38 -07:00
Dane Everitt eafc4408eb
Fix broken unit tests 2018-07-14 21:49:49 -07:00
Dane Everitt c82f273d85
Fix remaining broken tests 2018-07-04 19:38:23 -07:00
Dane Everitt 6c20ea9881
Add tests for changed controllers 2018-07-04 19:20:33 -07:00
Dane Everitt 5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-04 18:12:57 -07:00
Dane Everitt af9af78938
Merge branch 'develop' into feature/vuejs 2018-07-04 18:09:07 -07:00
Dane Everitt 8f5bd214a4
[Security] Address 2FA bypass in password reset functionality 
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
 2018-07-04 11:41:56 -07:00
Dane Everitt 603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-02 21:01:04 -07:00
Dane Everitt 48cb01f438
Merge branch 'develop' into feature/vuejs 2018-07-02 21:00:42 -07:00
Stan 1ffb5acfad Send an email when a server is marked as installed (#1213) 
Co-authored-by: @stanjg
 2018-07-01 14:34:40 -07:00
Dane Everitt d2bc791d74
Fix links sent to users when accounts are created 
closes #1093
 2018-06-30 18:47:31 -07:00
Dane Everitt 304d947536
Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt 96699b192e
Don't verify SSL signatures in dev 
[skip ci]
 2018-06-30 18:24:35 -07:00
Dane Everitt 974318ffb4
Logout other sessions when password is changed 
closes #1222
 2018-06-30 17:50:58 -07:00
Sergzy bad9ae58e8 Fix environment_variables name (#1212) 2018-06-30 13:25:40 -07:00
Dane Everitt 7711b697ad
Finalize two-factor handling on account. 2018-06-20 23:05:35 -07:00
Dane Everitt 0cc895f2d5
Finalize email/password changing in UI 2018-06-17 16:53:24 -07:00
Dane Everitt fce394f6bd
Change email handling and logout function 2018-06-16 14:30:20 -07:00
Dane Everitt e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal. 2018-06-16 14:05:39 -07:00
Dane Everitt 24bb8da43d
Fix CSS issue with login page due to input classes 2018-06-16 12:43:32 -07:00
Dane Everitt b8b9acd0e6
Get the base email update working through the API. 
Still going to need to determine the best course of action to update the token on the client side.
 2018-06-11 22:56:57 -07:00
Jakob Schrettenbrunner 05478e3277 Merge branch 'feature/vuejs' into feature/vue-serverview 2018-06-11 21:06:12 +02:00
Dane Everitt 03c83c084a
Revert use of cookies, go back to using a JWT 2018-06-06 22:49:44 -07:00
Dane Everitt 4ffe6c96ad
Fix support for hot reloading without requiring anything special in the app 2018-06-06 21:44:52 -07:00