Fixes account creation and password reset abilities.

2017-04-28 00:07:38 -04:00 · 2017-04-28 00:07:38 -04:00 · 1c37a8fe1a
commit 1c37a8fe1a
parent 3dc286b511
4 changed files with 16 additions and 18 deletions
--- a/app/Observers/UserObserver.php
+++ b/app/Observers/UserObserver.php
@ -25,6 +25,8 @@
 namespace Pterodactyl\Observers;

 use DB;
+use Hash;
+use Carbon;
 use Pterodactyl\Events;
 use Pterodactyl\Models\User;
 use Pterodactyl\Notifications\AccountCreated;
@ -52,12 +54,20 @@ class UserObserver
    {
        event(new Events\User\Created($user));

-        $token = DB::table('password_resets')->where('email', $user->email)->orderBy('created_at', 'desc')->first();
-        $user->notify((new AccountCreated([
+        if ($user->password === 'unset') {
+            $token = hash_hmac('sha256', str_random(40), config('app.key'));
+            DB::table('password_resets')->insert([
+                'email' => $user->email,
+                'token' => Hash::make($token),
+                'created_at' => Carbon::now()->toDateTimeString(),
+            ]);
+        }
+
+        $user->notify(new AccountCreated([
            'name' => $user->name_first,
            'username' => $user->username,
-            'token' => (! is_null($token)) ? $token->token : null,
-        ])));
+            'token' => (isset($token)) ? $token : null,
+        ]));
    }

    /**
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@ -83,23 +83,12 @@ class UserRepository
                'username' => $data['username'],
                'name_first' => $data['name_first'],
                'name_last' => $data['name_last'],
-                'password' => Hash::make((empty($data['password'])) ? str_random(30) : $data['password']),
+                'password' => (empty($data['password'])) ? 'unset' : Hash::make($data['password']),
                'root_admin' => $data['root_admin'],
                'language' => Settings::get('default_language', 'en'),
            ]);
            $user->save();

-            // Setup a Password Reset to use when they set a password.
-            // Only used if no password is provided.
-            if (empty($data['password'])) {
-                $token = str_random(32);
-                DB::table('password_resets')->insert([
-                    'email' => $user->email,
-                    'token' => $token,
-                    'created_at' => Carbon::now()->toDateTimeString(),
-                ]);
-            }
-
            DB::commit();

            return $user;