8feb87de7c
Merge branch 'develop' into feature/react-admin
2021-01-23 14:39:23 -07:00
c449ca5155
Use more standardized phpcs
2021-01-23 12:33:34 -08:00
a043071e3c
Update to Laravel 8
...
Co-authored-by: Matthew Penner <me@matthewp.io >
2021-01-23 12:12:54 -08:00
4dab137b51
auth: fix call to renamed method
2021-01-14 10:36:05 -07:00
c370e08f65
[security] add login throttling to the 2FA verification endpoint
2020-10-17 14:46:10 -07:00
7b75e7a648
Support using recovery tokens during the login process to bypass 2fa; closes #479
2020-07-02 23:01:02 -07:00
9eb31a16d9
Fix 2FA handling; closes #1962
2020-04-25 13:01:16 -07:00
7543ef085d
Format files
2019-09-05 21:32:57 -07:00
bd8b708c32
[L6] Update cache methods to use defined times and not ints
2019-09-04 20:24:46 -07:00
212773d63c
Finish authentication flow for 2FA
2019-06-22 13:33:11 -07:00
56640253b9
Merge branch 'release/v0.7.14' into feature/react
2019-06-22 12:28:44 -07:00
2db7928b76
Don't expose existence of account when an incorrect password is provided and the user has 2FA enabled
2019-06-21 21:39:24 -07:00
19ef901768
Show success message to the user
2019-06-11 23:19:43 -07:00
136e4b5b7b
Fix some issues
2018-12-30 12:45:57 -08:00
21ffa08d66
Merge branch 'develop' into feature/vuejs
2018-12-16 14:20:35 -08:00
adcf0c9fee
Fixed Failed event
...
Thank you very much Laravel for not pointing out the changes to be made when upgrading from 5.6 to 5.7
2018-11-28 23:24:43 +03:00
2d7e889bcc
Fixed StyleCI
2018-11-26 03:28:14 +03:00
0b4b1a3443
Initial update
2018-11-26 03:25:18 +03:00
550c622d3b
Obliterate JWT from codebase
2018-07-14 22:48:09 -07:00
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
5010c0c756
Merge branch 'feature/vuejs' into feature/vuejs-account
2018-07-04 18:12:57 -07:00
af9af78938
Merge branch 'develop' into feature/vuejs
2018-07-04 18:09:07 -07:00
8f5bd214a4
[Security] Address 2FA bypass in password reset functionality
...
Thanks to Trixter#0001 on Discord for this security report.
There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.
This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.
Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
2018-07-04 11:41:56 -07:00
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal.
2018-06-16 14:05:39 -07:00
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
e948d81d8a
Base attempt at using vuex to handle logins
2018-06-05 23:00:01 -07:00
a1444b047e
Fix JWT handling for API access when logging in
2018-05-28 14:59:48 -07:00
ad69193ac0
Add JWT to login forms
2018-05-28 12:48:42 -07:00
4fad244073
Show correct auth error.
2018-04-08 16:16:04 -05:00
b6e94d9a1e
Code cleanup
2018-04-08 16:00:52 -05:00
6d970a4cc3
Finalize login page!
2018-04-08 15:46:32 -05:00
d63624f607
Working login form with password reset functionality.
2018-04-08 15:18:13 -05:00
c3e462ab2f
Cleanup login/reset functionality, address security issue with 2FA pathways
2018-04-07 16:17:51 -05:00
4f3c668420
Refactor auth controllers to be cleaner and easier to maintain
2018-04-07 12:35:15 -05:00
324b989a29
Get a working rough copy of the login page
2018-04-01 17:46:16 -05:00
b9d67459b2
Update to Laravel 5.5 ( #814 )
2017-12-17 13:07:38 -06:00
6f52f4a614
Push updates to login page, mostly UI enhancements.
2017-11-18 15:09:58 -06:00
c7c2c1a45e
Implement changes to 2FA system ( #761 )
2017-11-18 13:35:33 -05:00
e56f4cdd33
Update license headers on files.
2017-09-25 21:43:01 -05:00
3ee5803416
Massive PHPCS linting
2017-08-21 22:10:48 -05:00
72c0330486
Fixes 2FA not honoring 'Remember Me' checkbox, closes #439
2017-05-22 19:09:42 -05:00
aa6060846d
Actually show errors on password reset page.
2017-04-27 23:44:26 -04:00
77b1a258d9
Weekly fix of my StyleCI violations...
2017-04-24 16:56:38 -04:00
f1024ad1a8
Improved login controller func. for 2FA, throws Failed event correctly now
2017-04-14 14:33:15 -04:00
451dd7ebc8
Apply fixes from StyleCI ( #364 )
2017-03-31 20:48:35 -04:00
e613e44749
fix #363
2017-04-01 01:58:05 +02:00
1f0e95790a
🔒 Don't disclose if account exists when resetting passwords, closes #358
2017-03-30 17:44:20 -04:00
0312c974f5
Update doc blocks for all app/
2017-03-19 19:36:50 -04:00
4fc832838b
use ‚required|string‘ to validate usernames
2017-02-16 20:45:36 +01:00
0b2c5279a8
allow to use the username for login as well
...
add translation strings
2017-02-16 20:40:21 +01:00
Matthew Penner
Dane Everitt
Oreo Oreoniv
Jakob Schrettenbrunner