Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c82f273d85 
							
						 
					 
					
						
						
							
							Fix remaining broken tests  
						
						
						
						
					 
					
						2018-07-04 19:38:23 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6c20ea9881 
							
						 
					 
					
						
						
							
							Add tests for changed controllers  
						
						
						
						
					 
					
						2018-07-04 19:20:33 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5010c0c756 
							
						 
					 
					
						
						
							
							Merge branch 'feature/vuejs' into feature/vuejs-account  
						
						
						
						
					 
					
						2018-07-04 18:12:57 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							af9af78938 
							
						 
					 
					
						
						
							
							Merge branch 'develop' into feature/vuejs  
						
						
						
						
					 
					
						2018-07-04 18:09:07 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8f5bd214a4 
							
						 
					 
					
						
						
							
							[Security] Address 2FA bypass in password reset functionality  
						
						... 
						
						
						
						Thanks to Trixter#0001 on Discord for this security report.
There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required.
This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed.
Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it. 
						
						
					 
					
						2018-07-04 11:41:56 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							603b8a3094 
							
						 
					 
					
						
						
							
							Merge branch 'feature/vuejs' into feature/vuejs-account  
						
						
						
						
					 
					
						2018-07-02 21:01:04 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							48cb01f438 
							
						 
					 
					
						
						
							
							Merge branch 'develop' into feature/vuejs  
						
						
						
						
					 
					
						2018-07-02 21:00:42 -07:00 
						 
				 
			
				
					
						
							
							
								Stan 
							
						 
					 
					
						
						
						
						
							
						
						
							1ffb5acfad 
							
						 
					 
					
						
						
							
							Send an email when a server is marked as installed ( #1213 )  
						
						... 
						
						
						
						Co-authored-by: @stanjg 
						
						
					 
					
						2018-07-01 14:34:40 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d2bc791d74 
							
						 
					 
					
						
						
							
							Fix links sent to users when accounts are created  
						
						... 
						
						
						
						closes  #1093  
					
						2018-06-30 18:47:31 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							304d947536 
							
						 
					 
					
						
						
							
							Allow creating subuser with no permissions  
						
						
						
						
					 
					
						2018-06-30 18:25:46 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							96699b192e 
							
						 
					 
					
						
						
							
							Don't verify SSL signatures in dev  
						
						... 
						
						
						
						[skip ci] 
						
						
					 
					
						2018-06-30 18:24:35 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							974318ffb4 
							
						 
					 
					
						
						
							
							Logout other sessions when password is changed  
						
						... 
						
						
						
						closes  #1222  
					
						2018-06-30 17:50:58 -07:00 
						 
				 
			
				
					
						
							
							
								Sergzy 
							
						 
					 
					
						
						
						
						
							
						
						
							bad9ae58e8 
							
						 
					 
					
						
						
							
							Fix environment_variables name ( #1212 )  
						
						
						
						
					 
					
						2018-06-30 13:25:40 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7711b697ad 
							
						 
					 
					
						
						
							
							Finalize two-factor handling on account.  
						
						
						
						
					 
					
						2018-06-20 23:05:35 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							0cc895f2d5 
							
						 
					 
					
						
						
							
							Finalize email/password changing in UI  
						
						
						
						
					 
					
						2018-06-17 16:53:24 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							fce394f6bd 
							
						 
					 
					
						
						
							
							Change email handling and logout function  
						
						
						
						
					 
					
						2018-06-16 14:30:20 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e7faf979a1 
							
						 
					 
					
						
						
							
							Change login handling to automatically redirect a user if their session will need renewal.  
						
						
						
						
					 
					
						2018-06-16 14:05:39 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							24bb8da43d 
							
						 
					 
					
						
						
							
							Fix CSS issue with login page due to input classes  
						
						
						
						
					 
					
						2018-06-16 12:43:32 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b8b9acd0e6 
							
						 
					 
					
						
						
							
							Get the base email update working through the API.  
						
						... 
						
						
						
						Still going to need to determine the best course of action to update the token on the client side. 
						
						
					 
					
						2018-06-11 22:56:57 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							03c83c084a 
							
						 
					 
					
						
						
							
							Revert use of cookies, go back to using a JWT  
						
						
						
						
					 
					
						2018-06-06 22:49:44 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							4ffe6c96ad 
							
						 
					 
					
						
						
							
							Fix support for hot reloading without requiring anything special in the app  
						
						
						
						
					 
					
						2018-06-06 21:44:52 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5bcabbde35 
							
						 
					 
					
						
						
							
							Get dashboard in a more working state  
						
						
						
						
					 
					
						2018-06-05 23:42:34 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e948d81d8a 
							
						 
					 
					
						
						
							
							Base attempt at using vuex to handle logins  
						
						
						
						
					 
					
						2018-06-05 23:00:01 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							80b0816718 
							
						 
					 
					
						
						
							
							Better support for CSS and JS  
						
						
						
						
					 
					
						2018-06-03 19:35:50 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							02b29a66ea 
							
						 
					 
					
						
						
							
							Use client API to get resource use for a server  
						
						
						
						
					 
					
						2018-06-02 19:08:53 -07:00 
						 
				 
			
				
					
						
							
							
								Jacob Gee-Clarke 
							
						 
					 
					
						
						
						
						
							
						
						
							d73e5a2274 
							
						 
					 
					
						
						
							
							Fixed my fix to fix the 500 error on /api/application/nodes when not specifying a daemon_base ( #1182 )  
						
						
						
						
					 
					
						2018-06-02 14:34:01 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
						
						
							
						
						
							969b16a563 
							
						 
					 
					
						
						
							
							Apply fixes from StyleCI  
						
						... 
						
						
						
						[ci skip] [skip ci] 
						
						
					 
					
						2018-06-02 21:32:26 +00:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6c598f9100 
							
						 
					 
					
						
						
							
							Merge branch 'feature/vuejs' into feature/vuejs-serverlist  
						
						
						
						
					 
					
						2018-05-31 22:59:39 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5f70502f20 
							
						 
					 
					
						
						
							
							Merge branch 'develop' into feature/vuejs  
						
						
						
						
					 
					
						2018-05-31 22:59:16 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							fd8d7c3571 
							
						 
					 
					
						
						
							
							Merge pull request  #1130  from stanjg/feature/stats-page  
						
						... 
						
						
						
						Added a statistics page to monitor the panel usage 
						
						
					 
					
						2018-05-31 22:56:58 -07:00 
						 
				 
			
				
					
						
							
							
								stanjg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							ccf3e3511f 
							
						 
					 
					
						
						
							
							Renamed middleware, and fixed the test  
						
						
						
						
					 
					
						2018-05-31 16:40:18 +02:00 
						 
				 
			
				
					
						
							
							
								stanjg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							013dde75ae 
							
						 
					 
					
						
						
							
							Renamed the field and made some improvements  
						
						
						
						
					 
					
						2018-05-31 16:34:35 +02:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							a1444b047e 
							
						 
					 
					
						
						
							
							Fix JWT handling for API access when logging in  
						
						
						
						
					 
					
						2018-05-28 14:59:48 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							aa61afb58f 
							
						 
					 
					
						
						
							
							Add proper server models  
						
						
						
						
					 
					
						2018-05-28 14:11:23 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6e5c365018 
							
						 
					 
					
						
						
							
							Use the client API to load servers on the listing page  
						
						
						
						
					 
					
						2018-05-28 13:23:40 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							ad69193ac0 
							
						 
					 
					
						
						
							
							Add JWT to login forms  
						
						
						
						
					 
					
						2018-05-28 12:48:42 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6f2fcabf22 
							
						 
					 
					
						
						
							
							Add very basic server search and dynamic rendering functionality  
						
						
						
						
					 
					
						2018-05-26 23:17:02 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9d8830a2d7 
							
						 
					 
					
						
						
							
							Get initial mockup of new server list up  
						
						
						
						
					 
					
						2018-05-26 17:20:36 -07:00 
						 
				 
			
				
					
						
							
							
								stanjg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							60e1ffa564 
							
						 
					 
					
						
						
							
							Added a test for the controller and cleaned up the controller  
						
						
						
						
					 
					
						2018-05-27 00:16:13 +02:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f09eb8eec9 
							
						 
					 
					
						
						
							
							Double encoding happens by default now  
						
						
						
						
					 
					
						2018-05-26 12:22:02 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							cf90f56777 
							
						 
					 
					
						
						
							
							Merge branch 'develop' into feature/vuejs-auth  
						
						
						
						
					 
					
						2018-05-26 12:17:14 -07:00 
						 
				 
			
				
					
						
							
							
								stanjg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7a81c61ad8 
							
						 
					 
					
						
						
							
							Wording changes and fix of major fail last commit  
						
						
						
						
					 
					
						2018-05-26 21:02:47 +02:00 
						 
				 
			
				
					
						
							
							
								stanjg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							86e7085396 
							
						 
					 
					
						
						
							
							Cleaned up the controller and prepared for tests  
						
						
						
						
					 
					
						2018-05-26 20:58:49 +02:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e648e50d90 
							
						 
					 
					
						
						
							
							Write some example tests for @stanjg  
						
						
						
						
					 
					
						2018-05-26 11:00:28 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e3bbd85f3f 
							
						 
					 
					
						
						
							
							Merge branch 'develop' into pr/1129  
						
						
						
						
					 
					
						2018-05-26 10:34:29 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							0e1b4661ce 
							
						 
					 
					
						
						
							
							Don't allow access to manage page if server failed installing  
						
						
						
						
					 
					
						2018-05-23 22:23:26 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6967b9ba12 
							
						 
					 
					
						
						
							
							Fix exception thrown due to lack of pre-validation on the model.  
						
						... 
						
						
						
						closes  #1158  
					
						2018-05-20 17:11:52 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							fae5acf99f 
							
						 
					 
					
						
						
							
							Fix bug when loading server owner dropdown  
						
						... 
						
						
						
						closes  #1137  
					
						2018-05-20 17:00:50 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b4e510fbe3 
							
						 
					 
					
						
						
							
							Fixes before release  
						
						
						
						
					 
					
						2018-05-20 16:49:54 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7e2e5fd7c1 
							
						 
					 
					
						
						
							
							Merge branch 'develop' into feature/upgrade-laravel-to-5.6  
						
						
						
						
					 
					
						2018-05-20 16:30:42 -07:00