f2d2725ca0
Merge branch 'feature/vuejs' into feature/vue-serverview
2018-07-15 16:50:11 -07:00
be2c76c24a
Add tests for password changing
2018-07-15 11:44:18 -07:00
8bbe6bc279
Add test, fix behavior of model creation
2018-07-14 22:58:33 -07:00
550c622d3b
Obliterate JWT from codebase
2018-07-14 22:48:09 -07:00
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
a7fae86e58
Treat unauthenticated exceptions the same as everything else
2018-07-14 22:42:38 -07:00
eafc4408eb
Fix broken unit tests
2018-07-14 21:49:49 -07:00
c82f273d85
Fix remaining broken tests
2018-07-04 19:38:23 -07:00
6c20ea9881
Add tests for changed controllers
2018-07-04 19:20:33 -07:00
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account
2018-07-04 18:12:57 -07:00
af9af78938
Merge branch 'develop' into feature/vuejs
2018-07-04 18:09:07 -07:00
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
...
Thanks to Trixter#0001 on Discord for this security report.
There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.
This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.
Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
603b8a3094
Merge branch 'feature/vuejs' into feature/vuejs-account
2018-07-02 21:01:04 -07:00
48cb01f438
Merge branch 'develop' into feature/vuejs
2018-07-02 21:00:42 -07:00
1ffb5acfad
Send an email when a server is marked as installed ( #1213 )
...
Co-authored-by: @stanjg
2018-07-01 14:34:40 -07:00
d2bc791d74
Fix links sent to users when accounts are created
...
closes #1093
2018-06-30 18:47:31 -07:00
304d947536
Allow creating subuser with no permissions
2018-06-30 18:25:46 -07:00
96699b192e
Don't verify SSL signatures in dev
...
[skip ci]
2018-06-30 18:24:35 -07:00
974318ffb4
Logout other sessions when password is changed
...
closes #1222
2018-06-30 17:50:58 -07:00
bad9ae58e8
Fix environment_variables name ( #1212 )
2018-06-30 13:25:40 -07:00
7711b697ad
Finalize two-factor handling on account.
2018-06-20 23:05:35 -07:00
0cc895f2d5
Finalize email/password changing in UI
2018-06-17 16:53:24 -07:00
fce394f6bd
Change email handling and logout function
2018-06-16 14:30:20 -07:00
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal.
2018-06-16 14:05:39 -07:00
24bb8da43d
Fix CSS issue with login page due to input classes
2018-06-16 12:43:32 -07:00
b8b9acd0e6
Get the base email update working through the API.
...
Still going to need to determine the best course of action to update the token on the client side.
2018-06-11 22:56:57 -07:00
05478e3277
Merge branch 'feature/vuejs' into feature/vue-serverview
2018-06-11 21:06:12 +02:00
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
4ffe6c96ad
Fix support for hot reloading without requiring anything special in the app
2018-06-06 21:44:52 -07:00
5bcabbde35
Get dashboard in a more working state
2018-06-05 23:42:34 -07:00
e948d81d8a
Base attempt at using vuex to handle logins
2018-06-05 23:00:01 -07:00
80b0816718
Better support for CSS and JS
2018-06-03 19:35:50 -07:00
e65854c8c2
Merge branch 'feature/vuejs' into feature/vue-serverview
2018-06-02 23:28:55 -07:00
02b29a66ea
Use client API to get resource use for a server
2018-06-02 19:08:53 -07:00
d73e5a2274
Fixed my fix to fix the 500 error on /api/application/nodes when not specifying a daemon_base ( #1182 )
2018-06-02 14:34:01 -07:00
969b16a563
Apply fixes from StyleCI
...
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
e0d67ff857
Merge branch 'feature/vuejs' into feature/vue-serverview
2018-05-31 23:01:24 -07:00
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist
2018-05-31 22:59:39 -07:00
5f70502f20
Merge branch 'develop' into feature/vuejs
2018-05-31 22:59:16 -07:00
fd8d7c3571
Merge pull request #1130 from stanjg/feature/stats-page
...
Added a statistics page to monitor the panel usage
2018-05-31 22:56:58 -07:00
ccf3e3511f
Renamed middleware, and fixed the test
2018-05-31 16:40:18 +02:00
013dde75ae
Renamed the field and made some improvements
2018-05-31 16:34:35 +02:00
11d96c44d1
Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview
2018-05-29 00:04:51 +02:00
378a1859cf
Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview
2018-05-29 00:04:41 +02:00
a1444b047e
Fix JWT handling for API access when logging in
2018-05-28 14:59:48 -07:00
aa61afb58f
Add proper server models
2018-05-28 14:11:23 -07:00
6e5c365018
Use the client API to load servers on the listing page
2018-05-28 13:23:40 -07:00
ad69193ac0
Add JWT to login forms
2018-05-28 12:48:42 -07:00
89f47c6dbb
mocked server page and better navigation and overall layout
2018-05-28 00:37:03 +02:00
6f2fcabf22
Add very basic server search and dynamic rendering functionality
2018-05-26 23:17:02 -07:00
Dane Everitt
Stan
Sergzy
Jakob Schrettenbrunner
Jacob Gee-Clarke