StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Ensure password used when creating a database is valid; closes #1852

Browse source
This commit is contained in:
Dane Everitt 2020-03-15 16:25:29 -07:00
parent 1ebe376fed
commit 05d859c985
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 45 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/Services/Databases/DatabaseManagementService.php
View file

@ -3,6 +3,7 @@
namespace Pterodactyl\Services\Databases;
use Pterodactyl\Models\Database;
use Pterodactyl\Helpers\Utilities;
use Illuminate\Database\DatabaseManager;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Extensions\DynamicDatabaseConnection;
@ -69,7 +70,9 @@ class DatabaseManagementService
$data['server_id'] = $server;
$data['database'] = sprintf('s%d_%s', $server, $data['database']);
$data['username'] = sprintf('u%d_%s', $server, str_random(10));
$data['password'] = $this->encrypter->encrypt(str_random(24));
$data['password'] = $this->encrypter->encrypt(
Utilities::randomStringWithSpecialCharacters(24)
);
$this->database->beginTransaction();
try {

17
app/Services/Databases/DatabasePasswordService.php
View file

@ -2,9 +2,8 @@
namespace Pterodactyl\Services\Databases;
use Exception;
use Pterodactyl\Models\Database;
use Illuminate\Support\Facades\Log;
use Pterodactyl\Helpers\Utilities;
use Illuminate\Database\ConnectionInterface;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Extensions\DynamicDatabaseConnection;
@ -62,19 +61,7 @@ class DatabasePasswordService
*/
public function handle(Database $database): string
{
$password = str_random(24);
// Given a random string of characters, randomly loop through the characters and replace some
// with special characters to avoid issues with MySQL password requirements on some servers.
try {
for ($i = 0; $i < random_int(2, 6); $i++) {
$character = ['!', '@', '=', '.', '+', '^'][random_int(0, 5)];
$password = substr_replace($password, $character, random_int(0, 23), 1);
}
} catch (Exception $exception) {
// Just log the error and hope for the best at this point.
Log::error($exception);
}
$password = Utilities::randomStringWithSpecialCharacters(24);
$this->connection->transaction(function () use ($database, $password) {
$this->dynamic->set('dynamic', $database->database_host_id);