MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-05-03 05:06:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,361 Commits 30 Branches 99 Tags
9a21584c42e2dcd11f2ba3476bab01493fc6810e
Commit Graph

3361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lance Pioch 0667b61abf Combine and consolidate 2018-07-08 11:19:40 -04:00
Asherslab a93a73ef4d Moved files 2018-07-08 11:19:35 -04:00
Asherslab 737bae300c Some Additions 2018-07-08 11:19:30 -04:00
Asherslab 42e3eecf80 Add docker files 2018-07-08 11:19:24 -04:00
Dane Everitt c82f273d85 Fix remaining broken tests 2018-07-04 19:38:23 -07:00
Dane Everitt 6c20ea9881 Add tests for changed controllers 2018-07-04 19:20:33 -07:00
Dane Everitt ec8e434375 Set the 2fa image to always have a consistent height, less jarring transition 2018-07-04 19:00:20 -07:00
Dane Everitt 5010c0c756 Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-04 18:12:57 -07:00
Dane Everitt 6419b1cf81 Handle password reset logic change for 2fa 2018-07-04 18:11:43 -07:00
Dane Everitt af9af78938 Merge branch 'develop' into feature/vuejs 2018-07-04 18:09:07 -07:00
Dane Everitt 81f1796a6a Merge branch 'release/v0.7.9' 2018-07-04 12:08:14 -07:00
Dane Everitt 8341cdbc88 Bump for release v0.7.9 2018-07-04 11:44:21 -07:00
Dane Everitt d9948f2876 Update changelog 2018-07-04 11:42:57 -07:00
Dane Everitt 8f5bd214a4 [Security] Address 2FA bypass in password reset functionality 
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
 2018-07-04 11:41:56 -07:00
Dane Everitt b342d4dc6b Change v:serve to match the new vagrant setup 2018-07-03 23:11:22 -07:00
Dane Everitt 603b8a3094 Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-02 21:01:04 -07:00
Dane Everitt 48cb01f438 Merge branch 'develop' into feature/vuejs 2018-07-02 21:00:42 -07:00
Dane Everitt 28442cead3 Merge branch 'release/v0.7.8' 2018-07-02 21:00:16 -07:00
Jan 422e5dd99f Update strings.php (#1227) 
Fixed typo.
 2018-07-02 15:04:16 -07:00
Dane Everitt 0a828e0f8d Bump for release v0.7.8 v0.7.8-fixed 2018-07-01 15:02:56 -07:00
Dane Everitt 8915c3ec28 Update dependencies 2018-07-01 14:50:11 -07:00
Lance Pioch b5022766df Do not keep processing the file/folder paths if the user has cancelled the operation and fix #1124 (#1177) 2018-07-01 14:42:01 -07:00
Stan 1ffb5acfad Send an email when a server is marked as installed (#1213) 
Co-authored-by: @stanjg
 2018-07-01 14:34:40 -07:00
Dane Everitt c42605e495 Merge branch 'develop' of https://github.com/Pterodactyl/Panel into develop 2018-07-01 13:50:56 -07:00
Dane Everitt eeb4d88cbd Disable codecov failing PRs 2018-07-01 13:50:55 -07:00
Isaac A b6d18b0a36 Add support for authentication via Unix socket (#1206) 
Co-authored-by: @tenten8401
 2018-07-01 13:47:00 -07:00
Dane Everitt 1df3efdfb0 Fix eggs (#1224) 2018-06-30 18:52:32 -07:00
Dane Everitt d2bc791d74 Fix links sent to users when accounts are created 
closes #1093
 2018-06-30 18:47:31 -07:00
Dane Everitt 304d947536 Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt 96699b192e Don't verify SSL signatures in dev 
[skip ci]
 2018-06-30 18:24:35 -07:00
Dane Everitt 59730dcbc9 Speed up tests, allow coverage to fail since thats a slow process 2018-06-30 18:01:23 -07:00
Dane Everitt 5a97f54013 Try concurrent build process for travis 2018-06-30 17:55:41 -07:00
Dane Everitt 974318ffb4 Logout other sessions when password is changed 
closes #1222
 2018-06-30 17:50:58 -07:00
Matthew Penner 1da05a2ee2 Fix typo (#1210) 2018-06-30 13:25:51 -07:00
Sergzy bad9ae58e8 Fix environment_variables name (#1212) 2018-06-30 13:25:40 -07:00
Stan ad9ed5ea00 Fixed the permission (#1217) 2018-06-30 13:23:48 -07:00
Dane Everitt 7711b697ad Finalize two-factor handling on account. 2018-06-20 23:05:35 -07:00
Dane Everitt 0cc895f2d5 Finalize email/password changing in UI 2018-06-17 16:53:24 -07:00
Dane Everitt 81da55d46b Actually fix the endless redirect loop when the application needs a fresh JWT. 2018-06-17 15:06:34 -07:00
Dane Everitt 5c3d3f6ce9 Better support for mobile devices on login and account pages 2018-06-16 18:04:48 -07:00
Dane Everitt 941c585c73 Fix animations being nuked on production compilation 2018-06-16 17:13:03 -07:00
Dane Everitt 074a929315 Fix icon size in production compiled assets 2018-06-16 17:05:06 -07:00
Dane Everitt 7d509e8ae5 Remove the glow on inputs in Safari/Chrome 2018-06-16 17:00:35 -07:00
Dane Everitt 462e59e330 Make modals look sane on phones 2018-06-16 16:50:18 -07:00
Dane Everitt ac7cefb83f Make the account page mobile friendly 2018-06-16 16:43:52 -07:00
Dane Everitt 4e4a183f48 Put the modal more at the top, looks funky in middle 2018-06-16 16:27:53 -07:00
Dane Everitt d6959ea3dd Add a basic modal template to be used 2018-06-16 16:25:26 -07:00
Dane Everitt 84fecb7a92 Import only the needed things from lodash 2018-06-16 15:05:36 -07:00
Dane Everitt fce394f6bd Change email handling and logout function 2018-06-16 14:30:20 -07:00
Dane Everitt ca0c35bf82 Avoid getting stuck in an endless redirect loop... 2018-06-16 14:27:23 -07:00