StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Finish authentication flow for 2FA

Browse source
This commit is contained in:
Dane Everitt 2019-06-22 13:33:11 -07:00
parent 7f3ab8aadf
commit 212773d63c
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
9 changed files with 232 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

77
app/Http/Controllers/Auth/LoginCheckpointController.php
View file

@ -2,12 +2,64 @@
namespace Pterodactyl\Http\Controllers\Auth;
use Illuminate\Auth\AuthManager;
use Illuminate\Http\JsonResponse;
use PragmaRX\Google2FA\Google2FA;
use Illuminate\Contracts\Config\Repository;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Http\Requests\Auth\LoginCheckpointRequest;
use Illuminate\Contracts\Cache\Repository as CacheRepository;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
class LoginCheckpointController extends AbstractLoginController
{
/**
* @var \Illuminate\Contracts\Cache\Repository
*/
private $cache;
/**
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
*/
private $repository;
/**
* @var \PragmaRX\Google2FA\Google2FA
*/
private $google2FA;
/**
* @var \Illuminate\Contracts\Encryption\Encrypter
*/
private $encrypter;
/**
* LoginCheckpointController constructor.
*
* @param \Illuminate\Auth\AuthManager $auth
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
* @param \PragmaRX\Google2FA\Google2FA $google2FA
* @param \Illuminate\Contracts\Config\Repository $config
* @param \Illuminate\Contracts\Cache\Repository $cache
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
*/
public function __construct(
AuthManager $auth,
Encrypter $encrypter,
Google2FA $google2FA,
Repository $config,
CacheRepository $cache,
UserRepositoryInterface $repository
) {
parent::__construct($auth, $config);
$this->google2FA = $google2FA;
$this->cache = $cache;
$this->repository = $repository;
$this->encrypter = $encrypter;
}
/**
* Handle a login where the user is required to provide a TOTP authentication
* token. Once a user has reached this stage it is assumed that they have already
@ -16,29 +68,28 @@ class LoginCheckpointController extends AbstractLoginController
* @param \Pterodactyl\Http\Requests\Auth\LoginCheckpointRequest $request
* @return \Illuminate\Http\JsonResponse
*
* @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
* @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
* @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
* @throws \Pterodactyl\Exceptions\DisplayException
*/
public function __invoke(LoginCheckpointRequest $request): JsonResponse
{
try {
$cache = $this->cache->pull($request->input('confirmation_token'), []);
$user = $this->repository->find(array_get($cache, 'user_id', 0));
$user = $this->repository->find(
$this->cache->pull($request->input('confirmation_token'), 0)
);
} catch (RecordNotFoundException $exception) {
return $this->sendFailedLoginResponse($request);
}
if (array_get($cache, 'request_ip') !== $request->ip()) {
return $this->sendFailedLoginResponse($request, $user);
$decrypted = $this->encrypter->decrypt($user->totp_secret);
$window = $this->config->get('pterodactyl.auth.2fa.window');
if ($this->google2FA->verifyKey($decrypted, $request->input('authentication_code'), $window)) {
return $this->sendLoginResponse($user, $request);
}
if (! $this->google2FA->verifyKey(
$this->encrypter->decrypt($user->totp_secret),
$request->input('authentication_code'),
config('pterodactyl.auth.2fa.window')
)) {
return $this->sendFailedLoginResponse($request, $user);
}
return $this->sendLoginResponse($user, $request);
return $this->sendFailedLoginResponse($request, $user);
}
}