MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-05-01 20:33:45 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,926 Commits 30 Branches 99 Tags
df140184e69bb89fdb8a4bccac7aa3dc0cf3766b
Commit Graph

1377 Commits

Author SHA1 Message Date
ayan4m1 df9f0be839 styleci tweaks 2018-10-13 21:30:47 -04:00
ayan4m1 670efa3544 styleci tweaks 2018-10-13 21:30:47 -04:00
ayan4m1 ace58dd1df allow test of mail system no matter the type 2018-10-13 21:30:47 -04:00
ayan4m1 1b03ae2efe remove Log::debug() call 2018-10-13 21:30:47 -04:00
ayan4m1 fd3e5fc73e add SMTP mail tester 2018-10-13 21:30:47 -04:00
Dane Everitt b6205463db Merge branch 'develop' into feature/vuejs 2018-09-23 13:14:46 -07:00
Dane Everitt 29237fd1ef Merge pull request #1330 from ayan4m1/feature/exception-logging 
Simple query exception logging
 2018-09-18 21:44:29 -07:00
Andrew DeLisa 262ef78fae Allow deletion of multiple allocations at once (#1322) 2018-09-18 21:43:18 -07:00
ayan4m1 9f6875ed61 log query exception message during settings boot 2018-09-16 13:20:57 -04:00
Dane Everitt 5ca13839cf Merge branch 'develop' into feature/vue-serverview 2018-09-05 21:34:59 -07:00
Dane Everitt f9542c98e2 Fix tests broken by bad namespaces 2018-09-03 15:59:30 -07:00
Dane Everitt fd49e524c8 Update middleware code 2018-09-03 15:17:53 -07:00
Dane Everitt 4d62e4c7b9 Merge branch 'develop' into pr/1128 2018-09-03 15:10:23 -07:00
Dane Everitt c6112b4234 Fix tests 2018-09-03 14:59:00 -07:00
Dane Everitt 3bb9bf04e5 Pass the updated model through for updating node config, rather than old model, ref #1237 2018-09-03 14:54:50 -07:00
Dane Everitt 7ed9c7cb93 Correctly store changes to upload size limit, closes #1237 2018-09-03 14:53:58 -07:00
Dane Everitt 5bd3f59455 Fix schedules running twice, closes #1288 2018-09-03 14:32:33 -07:00
Dane Everitt 413a22a3d5 Changes to job running to clean up code 2018-09-03 14:04:25 -07:00
Dane Everitt bcb3f5d5fa Fix handling of times 2018-08-31 21:12:10 -07:00
Dane Everitt 178b8f8ce6 More logical time handling 2018-08-31 21:00:13 -07:00
Dane Everitt e5636405f3 Drop carbon, use chronos 2018-08-31 20:52:15 -07:00
Dane Everitt f3efe546da Fix broken namespace for autoloader 2018-08-31 20:34:57 -07:00
Dane Everitt e906ada528 Better handling when deleting a database 2018-08-26 14:01:00 -07:00
Dane Everitt 0999ec93c3 More logic for deleting databases 2018-08-25 15:07:42 -07:00
Dane Everitt 9be2aa4ca9 Push beginning of DB deletion stuff 2018-08-25 14:43:21 -07:00
Dane Everitt c28e9c1ab7 Add ability to create new database through the UI 2018-08-22 22:29:20 -07:00
Dane Everitt 17796fb1c4 Add basic database listing for server 2018-08-21 21:47:01 -07:00
Dane Everitt e9f8751c4c More filemanager work, directory browsing working 2018-08-13 22:58:58 -07:00
Dane Everitt 92a9146b61 Improve filemanager, get first level folders listing 2018-08-06 23:14:13 -07:00
Dane Everitt 8db9d9bbee Very rough go at connecting to socket and rendering console data for server 2018-07-20 23:45:07 -07:00
Dane Everitt f2d2725ca0 Merge branch 'feature/vuejs' into feature/vue-serverview 2018-07-15 16:50:11 -07:00
Dane Everitt be2c76c24a Add tests for password changing 2018-07-15 11:44:18 -07:00
Dane Everitt 8bbe6bc279 Add test, fix behavior of model creation 2018-07-14 22:58:33 -07:00
Dane Everitt 550c622d3b Obliterate JWT from codebase 2018-07-14 22:48:09 -07:00
Dane Everitt 6336e5191f Strip out JWT usage and use cookies to track the currently logged in user 2018-07-14 22:42:58 -07:00
Dane Everitt a7fae86e58 Treat unauthenticated exceptions the same as everything else 2018-07-14 22:42:38 -07:00
Dane Everitt eafc4408eb Fix broken unit tests 2018-07-14 21:49:49 -07:00
Dane Everitt c82f273d85 Fix remaining broken tests 2018-07-04 19:38:23 -07:00
Dane Everitt 6c20ea9881 Add tests for changed controllers 2018-07-04 19:20:33 -07:00
Dane Everitt 5010c0c756 Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-04 18:12:57 -07:00
Dane Everitt af9af78938 Merge branch 'develop' into feature/vuejs 2018-07-04 18:09:07 -07:00
Dane Everitt 8f5bd214a4 [Security] Address 2FA bypass in password reset functionality 
Thanks to Trixter#0001 on Discord for this security report.

There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.

This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.

Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.
 2018-07-04 11:41:56 -07:00
Dane Everitt 603b8a3094 Merge branch 'feature/vuejs' into feature/vuejs-account 2018-07-02 21:01:04 -07:00
Dane Everitt 48cb01f438 Merge branch 'develop' into feature/vuejs 2018-07-02 21:00:42 -07:00
Stan 1ffb5acfad Send an email when a server is marked as installed (#1213) 
Co-authored-by: @stanjg
 2018-07-01 14:34:40 -07:00
Dane Everitt d2bc791d74 Fix links sent to users when accounts are created 
closes #1093
 2018-06-30 18:47:31 -07:00
Dane Everitt 304d947536 Allow creating subuser with no permissions 2018-06-30 18:25:46 -07:00
Dane Everitt 96699b192e Don't verify SSL signatures in dev 
[skip ci]
 2018-06-30 18:24:35 -07:00
Dane Everitt 974318ffb4 Logout other sessions when password is changed 
closes #1222
 2018-06-30 17:50:58 -07:00
Sergzy bad9ae58e8 Fix environment_variables name (#1212) 2018-06-30 13:25:40 -07:00