Commit Graph

302 Commits

Author SHA1 Message Date
Jakob d230ee179a Merge pull request #299 from Pterodactyl/feature/allow-login-with-username
allow to use the username for login as well
2017-02-16 20:47:25 +01:00
Jakob Schrettenbrunner 4fc832838b use ‚required|string‘ to validate usernames 2017-02-16 20:45:36 +01:00
Jakob Schrettenbrunner 0b2c5279a8 allow to use the username for login as well
add translation strings
2017-02-16 20:40:21 +01:00
Dane Everitt c8ae776ab8
Fix settings redirection for server 2017-02-16 14:04:15 -05:00
Dane Everitt 2e134b7a55
Set out some roach traps to catch all these 🐛 2017-02-16 13:56:28 -05:00
Dane Everitt 516e2dc5ee
Add back API key deletion 2017-02-16 12:57:48 -05:00
Dane Everitt 19d352619e
More singularization and correct file names. 2017-02-12 16:03:17 -05:00
Dane Everitt 8ba479e51f
Singularize model names. 2017-02-12 16:02:23 -05:00
Dane Everitt 7c916ad38f Apply fixes from StyleCI (#294) 2017-02-12 15:10:39 -05:00
Dane Everitt a14df81f27 Merge branch 'develop' into feature/updated-models 2017-02-10 20:30:20 -05:00
Dane Everitt 32a1dc17ed
API model updates, as well as general model updates and code fixes. 2017-02-10 20:26:38 -05:00
Dane Everitt c70d31c08f
More model updates. 2017-02-10 17:36:58 -05:00
Dane Everitt 3b3002b77a
API Model updates. 2017-02-10 17:29:10 -05:00
Dane Everitt efef356870
Assorted model code updates. 2017-02-10 17:18:46 -05:00
Dane Everitt ba175e6b55
Cleanup location model and controller for Admin. 2017-02-10 17:09:56 -05:00
Dane Everitt 0720bfe62f
Cleanup database query code. 2017-02-10 17:03:58 -05:00
Dane Everitt 99812b0407
More subuser Model updates. 2017-02-09 19:38:54 -05:00
Dane Everitt 4f61637284
More model updates to more places than I anticipated.
This probably broke a lot of things.
2017-02-09 17:43:54 -05:00
Dane Everitt 02458c909d
Improves server model and cleans up model code calls. 2017-02-05 19:19:46 -05:00
Dane Everitt 323f1d943f
Completed model updates for Services 2017-02-05 17:58:17 -05:00
Dane Everitt 09d23deed6
New models for node and location admin pages. 2017-02-03 16:50:28 -05:00
Dane Everitt 96d3aa767f
Model updates for Database Management in ACP 2017-02-03 15:19:14 -05:00
Dane Everitt 9c2d34d6e6
Mo' StyleCI fixes... 🦀 2017-02-02 19:48:15 -05:00
Dane Everitt 533e2bcafb
Fix database column references in ACP 2017-02-02 19:46:46 -05:00
Dane Everitt 3baa21a6eb
StyleCI fixes. 2017-02-02 19:43:55 -05:00
Dane Everitt 3114b7e52a
Complete implementation of new Server model. 2017-02-02 19:41:38 -05:00
Jakob 19567ee311 Merge branch 'develop' into fix/trusted-proxies 2017-02-03 00:38:58 +01:00
Dane Everitt d4bcf0be59
Initial implementation of improved sever model and logic 2017-02-02 18:21:36 -05:00
Dane Everitt 7f51e5df62
API tweaks to return more relevant information on server listing 2017-02-02 16:24:08 -05:00
Dane Everitt 32c21baab0
Return packs associated with a service when viewing it on the API. 2017-02-02 16:01:18 -05:00
Dane Everitt a93adce303
Only allow up to 30 seconds of overlap on comparing the 2FA tokens. 2017-02-01 23:02:54 -05:00
Dane Everitt 4abdee0efb
Better 2FA implementation on logins 2017-02-01 22:58:48 -05:00
Jakob Schrettenbrunner 24650b67be Merge branch 'develop' into fix/trusted-proxies
sorry
2017-02-01 20:35:10 +01:00
Jakob Schrettenbrunner 8ab4faad8a remove TRUSTED_PROXIES from .env.example
make style ci happy
2017-02-01 20:31:24 +01:00
Jakob Schrettenbrunner ee26a7e8dd add fideloper/proxy to support reverse proxies and load balancers 2017-02-01 20:10:28 +01:00
Dane Everitt e5ed1c7f6a One day eslint will have a PHP counterpart that works in Atom... 🤔 2017-01-31 20:04:34 -05:00
Dane Everitt 4b0197f2be
Implement basic security policy on daemon remote routes 2017-01-27 16:34:46 -05:00
Dane Everitt 9087feec4f
Remove build settings from packs. 2017-01-27 16:21:25 -05:00
Dane Everitt e6d3e75024
Add new daemon routes for pack handling 2017-01-25 18:25:34 -05:00
Dane Everitt bf7b58470a
Update copyright headers 2017-01-24 17:57:08 -05:00
Dane Everitt b9512dccb8 Apply fixes from StyleCI (#269) 2017-01-23 17:11:25 -05:00
Dane Everitt 06232b84c2 Merge pull request #268 from hammerdawn/ThemeFixes
Repair the admin side add user functionality.
2017-01-23 17:10:32 -05:00
Emmet Young 9c87e03c0c Repair the admin side add user functionality. 2017-01-23 13:24:14 +11:00
Dane Everitt 5f1bfcf980
Much cleaner code for updating user details front-end 2017-01-22 16:16:43 -05:00
Dane Everitt 9e54dabe5b
Display if subusers are using 2FA 2017-01-22 16:16:26 -05:00
Dane Everitt 355697dbb5 Apply fixes from StyleCI (#260) 2017-01-21 15:56:32 -05:00
Dane Everitt 0e23f87724
Add task management views 2017-01-21 15:40:46 -05:00
Dane Everitt db7b741b28
Show server status in sidebar properly on subuser views 2017-01-21 13:49:14 -05:00
Dane Everitt 3d2278ba3e
Add subuser list and new subuser views
Holy 🐄 translations are annoying to implement for these views.
2017-01-20 23:39:37 -05:00
Dane Everitt 994588c82d
Set the old theme on admin center until new theme is done 2017-01-20 17:19:42 -05:00
Dane Everitt 91178d78a4
Add support for creating files via file manager 2017-01-20 17:10:14 -05:00
Dane Everitt 83c776fc82
Fix up most of the file manager 2017-01-19 16:58:57 -05:00
Dane Everitt 88378ce983
Add allocations tab
Strips some core allocation features for now, will be added back with
more features once the theme is done.
2017-01-18 20:45:10 -05:00
Dane Everitt f6600f447f
Add Startup Params view
Translations might be the end of us.
2017-01-17 19:30:27 -05:00
Dane Everitt e2eff27a56 Apply fixes from StyleCI 2017-01-17 23:21:33 +00:00
Dane Everitt 515e543c7f
Add SFTP and Database management pages to new theme. 2017-01-15 20:28:54 -05:00
Dane Everitt c7f3bb5112
New theme assigned to server console page. 2017-01-15 18:52:22 -05:00
Dane Everitt 2fc852c6a4
Push 'Account' and 'Security' pages as well as 'My Servers' 2017-01-15 14:09:57 -05:00
Dane Everitt 457ed28b0b
Initial change of theme.
Only themed pages currently are login and reset password pages.
2017-01-14 21:32:33 -05:00
Dane Everitt a5aa089d66 Apply fixes from StyleCI 2017-01-12 20:48:12 +00:00
Dane Everitt e91362eee6
Update user controller 2017-01-12 15:40:24 -05:00
Dane Everitt 6bd9663f59
Merge branch 'develop' into feature/service-changes 2017-01-12 13:15:37 -05:00
Jakob Schrettenbrunner 9f2ca17ea4 replace manual json headers with laravel response()->json()
better Carbon dependency
rename admin.nodes.configuration-token route
style fixes
2017-01-08 15:21:02 +01:00
Jakob Schrettenbrunner f70b33d69c one more styleci fix. don’t be that picky! 🙈 2017-01-07 18:40:55 +01:00
Jakob Schrettenbrunner a661f71974 fix styleci issues 2017-01-07 18:39:41 +01:00
Jakob Schrettenbrunner a1568e5acb add button to generate token to node configuration tab
add info message after node creation about token generation
2017-01-07 18:27:19 +01:00
Jakob Schrettenbrunner e1e159b7de add ability to generate a token to retrieve the config for a specific node 2017-01-07 18:10:11 +01:00
Dane Everitt d9de884de3 Apply fixes from StyleCI 2017-01-03 22:46:30 +00:00
Dane Everitt c1bf757623
Fix service option name being set wrongly after adding a new variable. closes #208 2017-01-03 17:44:48 -05:00
Dane Everitt aa6e733ba5
Switch filemanager and EULA check to use pure Javascript methods
Removes the need for the javascript to be parsed by Blade template
engine by using a defined javascript variable with the values that are
necessary for checking everything and passing the correct values.

This does make it so that if a user does not have permission to do
something they could theoretically make the option show up in the
context menu, however when they click it, it will simply return an
error by the daemon.
2017-01-03 16:47:33 -05:00
Dane Everitt 39731f99da Merge pull request #226 from hammerdawn/APICHANGE
Allow listing a user by both ID and email. Useful for checking if a u…
2017-01-02 22:00:45 -05:00
Emmet Young 3f5bf099ae Use DaneEveritt's shortened query call. 2017-01-03 13:40:35 +11:00
Dane Everitt a1dff5cda0
Push updated languages 2016-12-30 17:17:36 -05:00
Emmet Young b5d3417167 Allow listing a user by both ID and email. Useful for checking if a user exists by its email. 2016-12-29 22:56:45 +11:00
Dane Everitt a49dee2416
Add base implementation of service retrieval. 🏇
There is currently no authentication middleware on this route.
2016-12-14 18:54:43 -05:00
Dane Everitt efda0dd009 Apply fixes from StyleCI 2016-12-14 21:56:25 +00:00
Dane Everitt fc38b09e1f
Merge branch 'develop' into feature/service-changes 2016-12-14 16:53:53 -05:00
spaceemotion a85ac87ae8 Refactor to use more laravel logic and improve compatibility with older PHP versions (#206)
* Fix @param namespaces for PHPDocs in ServerPolicy

* Reduce permission check duplication in ServerPolicy

This introduces a new checkPermission method to reduce code duplication when checking for permissions.

* Simplify logic to list accessible servers for the user

We can directly use the pluck function that laravel collections provide to simplify the logic.

* Fix pagination issue when databases/servers exceed 20

Laravels strips out the currently selected tab (or any GET query for that matter) by default when using pagination. the appends() methods helps with keeping that information.

* Refactor unnecessary array_merge calls

We can just append to the array instead of constantly merging a new copy.

* Fix accessing “API Access” on some versions of PHP

The “new” word is reserved and should not be used as a method name.

http://stackoverflow.com/questions/9575590/why-am-i-getting-an-unexpected-t-new-error-in-php

* Fix revoking API keys on older versions of php (5.6)

“string” was not a valid function argument type yet, so revoking keys results in an error on older installations.

* Fix issues with API due to methods named “list”

“list” is yet another reserved keyword in PHP and messes up older installations of PHP (5.6).
This renames all methods named “list” to “lists”. The API route names are left untouched (e.g. still called “api.admin.users.list”).

* Refactor and shorten some API logic

Used laravel collection methods where applicable to directly transform the values instead of converting back and forth.
This also removes some dead variables that were never used as well as getting rid of a n+1 problem in the Service API (loading service variables afterwards, not during the model creation).

* Return model save status in repositories where applicable

* Fix typo in ServicePolicy#powerStart

* Apply StyleCI corrections
2016-12-12 14:30:57 -05:00
Dane Everitt c1fb0a665f Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00
Emmet Young f687fab9a2 API: ability to search for an allocation based on the assigned server id (#194) 2016-12-04 22:17:35 -05:00
Dane Everitt 9ae716ee42
show container ID for server in panel
Also shows the UID of the user to ease permissions setting

closes #160
2016-12-02 19:35:08 -05:00
Dane Everitt 2ac734d595
Update node config sent over API 2016-12-02 19:12:29 -05:00
Dane Everitt 3cd0a8337f
Add ability to filter user list 2016-12-02 18:41:52 -05:00
Dane Everitt ed5b7559ec
Fixes potential for generated password to not meet own validation requirements 2016-12-01 19:16:40 -05:00
Jakob 03c6f986d2 fix api /servers/{id}/build
remove unrelated error thrown every time
2016-11-30 12:26:23 +01:00
Dane Everitt 75de060a55
Fix pack selector 2016-11-27 14:57:23 -05:00
Dane Everitt c4a4b84bd3
Add service pack reference to server and send to daemon 2016-11-27 14:50:10 -05:00
Dane Everitt 238f08f222
Add pack selection to view 2016-11-27 14:30:44 -05:00
Dane Everitt 9eb14614c2
Merge branch 'develop' into feature/service-changes 2016-11-27 14:01:13 -05:00
Dane Everitt 946512bac9
search for owner:<email> correctly. 2016-11-26 20:18:46 -05:00
Dane Everitt 723b608e0c
Implement node deletion properly, fixes #173 2016-11-26 16:29:13 -05:00
Dane Everitt 0e89ecb427
Handle node:<param> properly when doing server searches
Uses the node name rather than the node’s ID by default.
2016-11-26 16:19:25 -05:00
Dane Everitt 5600f3201c
Add support for deleting service packs. 2016-11-18 17:31:57 -05:00
Dane Everitt d4729427aa
Support for uploading templates for installing packs 2016-11-16 17:22:22 -05:00
Dane Everitt e09659a88f
support for pack editing 2016-11-16 16:09:28 -05:00
Dane Everitt 09c2dcc1b6
Support for viewing and exporting packs 2016-11-15 23:12:47 -05:00
Dane Everitt a1bc6fa2d3
Push changes that support creations of service packs and basic listing 2016-11-15 20:20:32 -05:00
Dane Everitt cfd5e0e854
Implement base service file modification through panel 2016-11-09 17:58:14 -05:00
Dane Everitt 659c33f0e8
Fixes a bug that allows a user to bypass 2FA authentication requirements
This bug was reported to us by a user (@Ferry#1704) on Discord on
Monday, November 7th, 2016.

It was disclosed that it was possible to bypass the 2FA checkpoint by
clicking outside of the modal which would prompt the modal to close,
but not submit the form. The user could then press the login button
which would trigger an error. Due to this error being triggered the
authentication attempt was not cancelled. On the next page load the
application recognized the user as logged in and continued on to the
panel.

At no time was it possible to login without using the correct email
address and password.

As a result of this bug we have re-factored the Authentication code for
logins to address the persistent session. Previously accounts were
manually logged back out on 2FA failure. However, as this bug
demonstrated, causing a fatal error in the code would prevent the
logout code from firing, thus preserving their session state.

This commit modifies the code to use a non-persistent login to handle
2FA checking. In order for the session to be saved the application must
complete all portions of the login without any errors, at which point
the user is persistently authenticated using Auth::login().

This resolves the ability to cause an exception and bypass 2FA
verification.
2016-11-07 15:55:57 -05:00
Dane Everitt 48994c1354
Fix the other user bug... 2016-11-04 21:50:47 -04:00