panel

mirror of https://github.com/pelican-dev/panel.git synced 2026-02-25 19:09:58 +03:00

Author	SHA1	Message	Date
DaneEveritt	287fd60891	Log activity when modifying account details	2022-05-29 18:48:35 -04:00
DaneEveritt	0999ad7ff0	Add activity logging for authentication events	2022-05-28 17:03:58 -04:00
DaneEveritt	3ae70efc14	Use existing method to handle the login	2022-05-22 17:26:32 -04:00
DaneEveritt	4d3362b24f	Perform a bit of code cleanup	2022-05-22 17:23:48 -04:00
DaneEveritt	34ffaebd3e	Run cs-fix, ensure we only install dependency versions supporting 7.4+	2022-05-04 19:01:29 -04:00
Dane Everitt	4a84c36009	Fix security vulnerability when authenticating a two-factor authentication token for a user See associated security advisory for technical details on the content of this security fix. GHSA ID: GHSA-5vfx-8w6m-h3v4	2021-09-21 21:30:08 -07:00
Dane Everitt	5515871b2f	Turns out I hate that huge space formatting, disable that mess	2021-01-27 20:52:11 -08:00
Dane Everitt	c449ca5155	Use more standardized phpcs	2021-01-23 12:33:34 -08:00
Dane Everitt	a043071e3c	Update to Laravel 8 Co-authored-by: Matthew Penner <me@matthewp.io>	2021-01-23 12:12:54 -08:00
Dane Everitt	c370e08f65	[security] add login throttling to the 2FA verification endpoint	2020-10-17 14:46:10 -07:00
Dane Everitt	7b75e7a648	Support using recovery tokens during the login process to bypass 2fa; closes #479	2020-07-02 23:01:02 -07:00
Dane Everitt	9eb31a16d9	Fix 2FA handling; closes #1962	2020-04-25 13:01:16 -07:00
Dane Everitt	7543ef085d	Format files	2019-09-05 21:32:57 -07:00
Dane Everitt	bd8b708c32	[L6] Update cache methods to use defined times and not ints	2019-09-04 20:24:46 -07:00
Dane Everitt	212773d63c	Finish authentication flow for 2FA	2019-06-22 13:33:11 -07:00
Dane Everitt	56640253b9	Merge branch 'release/v0.7.14' into feature/react	2019-06-22 12:28:44 -07:00
Dane Everitt	2db7928b76	Don't expose existence of account when an incorrect password is provided and the user has 2FA enabled	2019-06-21 21:39:24 -07:00
Dane Everitt	19ef901768	Show success message to the user	2019-06-11 23:19:43 -07:00
Dane Everitt	136e4b5b7b	Fix some issues	2018-12-30 12:45:57 -08:00
Dane Everitt	21ffa08d66	Merge branch 'develop' into feature/vuejs	2018-12-16 14:20:35 -08:00
Oreo Oreoniv	adcf0c9fee	Fixed Failed event Thank you very much Laravel for not pointing out the changes to be made when upgrading from 5.6 to 5.7	2018-11-28 23:24:43 +03:00
zKoz210	2d7e889bcc	Fixed StyleCI	2018-11-26 03:28:14 +03:00
zKoz210	0b4b1a3443	Initial update	2018-11-26 03:25:18 +03:00
Dane Everitt	550c622d3b	Obliterate JWT from codebase	2018-07-14 22:48:09 -07:00
Dane Everitt	6336e5191f	Strip out JWT usage and use cookies to track the currently logged in user	2018-07-14 22:42:58 -07:00
Dane Everitt	5010c0c756	Merge branch 'feature/vuejs' into feature/vuejs-account	2018-07-04 18:12:57 -07:00
Dane Everitt	af9af78938	Merge branch 'develop' into feature/vuejs	2018-07-04 18:09:07 -07:00
Dane Everitt	8f5bd214a4	[Security] Address 2FA bypass in password reset functionality Thanks to Trixter#0001 on Discord for this security report. There was a two-factor authentication bypass present in all previous versions of Pterodactyl that would allow a user to login without providing a token by going through the password reset process. A person would still have to have access to the targeted account's email, but if they did manage to get a password reset link they would be able to reset the account password and then proceede to login without a token being required. This logic has since been changed to check if 2FA is enabled on an account, and if so they will NOT be logged in when their password is changed. This will force them to continue through the normal login pathway where a token will be needed. Overall the impact of this issue is minor, but I am still addressing it and disclosing the mechanism behind it.	2018-07-04 11:41:56 -07:00
Dane Everitt	e7faf979a1	Change login handling to automatically redirect a user if their session will need renewal.	2018-06-16 14:05:39 -07:00
Dane Everitt	03c83c084a	Revert use of cookies, go back to using a JWT	2018-06-06 22:49:44 -07:00
Dane Everitt	e948d81d8a	Base attempt at using vuex to handle logins	2018-06-05 23:00:01 -07:00
Dane Everitt	a1444b047e	Fix JWT handling for API access when logging in	2018-05-28 14:59:48 -07:00
Dane Everitt	ad69193ac0	Add JWT to login forms	2018-05-28 12:48:42 -07:00
Dane Everitt	4fad244073	Show correct auth error.	2018-04-08 16:16:04 -05:00
Dane Everitt	b6e94d9a1e	Code cleanup	2018-04-08 16:00:52 -05:00
Dane Everitt	6d970a4cc3	Finalize login page!	2018-04-08 15:46:32 -05:00
Dane Everitt	d63624f607	Working login form with password reset functionality.	2018-04-08 15:18:13 -05:00
Dane Everitt	c3e462ab2f	Cleanup login/reset functionality, address security issue with 2FA pathways	2018-04-07 16:17:51 -05:00
Dane Everitt	4f3c668420	Refactor auth controllers to be cleaner and easier to maintain	2018-04-07 12:35:15 -05:00
Dane Everitt	324b989a29	Get a working rough copy of the login page	2018-04-01 17:46:16 -05:00
Dane Everitt	b9d67459b2	Update to Laravel 5.5 (#814 )	2017-12-17 13:07:38 -06:00
Dane Everitt	6f52f4a614	Push updates to login page, mostly UI enhancements.	2017-11-18 15:09:58 -06:00
Dane Everitt	c7c2c1a45e	Implement changes to 2FA system (#761 )	2017-11-18 13:35:33 -05:00
Dane Everitt	e56f4cdd33	Update license headers on files.	2017-09-25 21:43:01 -05:00
Dane Everitt	3ee5803416	Massive PHPCS linting	2017-08-21 22:10:48 -05:00
Dane Everitt	72c0330486	Fixes 2FA not honoring 'Remember Me' checkbox, closes #439	2017-05-22 19:09:42 -05:00
Dane Everitt	aa6060846d	Actually show errors on password reset page.	2017-04-27 23:44:26 -04:00
Dane Everitt	77b1a258d9	Weekly fix of my StyleCI violations...	2017-04-24 16:56:38 -04:00
Dane Everitt	f1024ad1a8	Improved login controller func. for 2FA, throws Failed event correctly now	2017-04-14 14:33:15 -04:00
Dane Everitt	451dd7ebc8	Apply fixes from StyleCI (#364 )	2017-03-31 20:48:35 -04:00

1 2

76 Commits