Change 2FA service to generate the secret on our own and use an external QR service to display the image

2019-06-21 21:55:09 -07:00 · 2019-06-21 21:55:09 -07:00 · 092e7e79ff
commit 092e7e79ff
parent 2db7928b76
5 changed files with 44 additions and 186 deletions
--- a/app/Services/Users/TwoFactorSetupService.php
+++ b/app/Services/Users/TwoFactorSetupService.php
@ -1,22 +1,18 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */

 namespace Pterodactyl\Services\Users;

+use Exception;
+use RuntimeException;
 use Pterodactyl\Models\User;
-use PragmaRX\Google2FAQRCode\Google2FA;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
 use Illuminate\Contracts\Config\Repository as ConfigRepository;

 class TwoFactorSetupService
 {
+    const VALID_BASE32_CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+
    /**
     * @var \Illuminate\Contracts\Config\Repository
     */
@ -27,11 +23,6 @@ class TwoFactorSetupService
     */
    private $encrypter;

-    /**
-     * @var PragmaRX\Google2FAQRCode\Google2FA
-     */
-    private $google2FA;
-
    /**
     * @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
     */
@ -42,24 +33,22 @@ class TwoFactorSetupService
     *
     * @param \Illuminate\Contracts\Config\Repository                   $config
     * @param \Illuminate\Contracts\Encryption\Encrypter                $encrypter
-     * @param PragmaRX\Google2FAQRCode\Google2FA                        $google2FA
     * @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
     */
    public function __construct(
        ConfigRepository $config,
        Encrypter $encrypter,
-        Google2FA $google2FA,
        UserRepositoryInterface $repository
    ) {
        $this->config = $config;
        $this->encrypter = $encrypter;
-        $this->google2FA = $google2FA;
        $this->repository = $repository;
    }

    /**
     * Generate a 2FA token and store it in the database before returning the
-     * QR code image.
+     * QR code URL. This URL will need to be attached to a QR generating service in
+     * order to function.
     *
     * @param \Pterodactyl\Models\User $user
     * @return string
@ -69,13 +58,26 @@ class TwoFactorSetupService
     */
    public function handle(User $user): string
    {
-        $secret = $this->google2FA->generateSecretKey($this->config->get('pterodactyl.auth.2fa.bytes'));
-        $image = $this->google2FA->getQRCodeInline($this->config->get('app.name'), $user->email, $secret);
+        $secret = '';
+        try {
+            for ($i = 0; $i < $this->config->get('pterodactyl.auth.2fa.bytes', 16); $i++) {
+                $secret .= substr(self::VALID_BASE32_CHARACTERS, random_int(0, 31), 1);
+            }
+        } catch (Exception $exception) {
+            throw new RuntimeException($exception->getMessage(), 0, $exception);
+        }

        $this->repository->withoutFreshModel()->update($user->id, [
            'totp_secret' => $this->encrypter->encrypt($secret),
        ]);

-        return $image;
+        $company = $this->config->get('app.name');
+
+        return sprintf(
+            'otpauth://totp/%1$s:%2$s?secret=%3$s&issuer=%1$s',
+            rawurlencode($company),
+            rawurlencode($user->email),
+            rawurlencode($secret)
+        );
    }
 }