Fix security vulnerability when authenticating a two-factor authentication token for a user
See associated security advisory for technical details on the content of this security fix. GHSA ID: GHSA-5vfx-8w6m-h3v4
This commit is contained in:
Dane Everitt
parent
5fdb0a5909
commit
4a84c36009
3 changed files with 85 additions and 109 deletions
|
|
@ -7,7 +7,7 @@ use Pterodactyl\Models\User;
|
|||
use Illuminate\Auth\AuthManager;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Auth\Events\Failed;
|
||||
use Illuminate\Contracts\Config\Repository;
|
||||
use Illuminate\Container\Container;
|
||||
use Pterodactyl\Exceptions\DisplayException;
|
||||
use Pterodactyl\Http\Controllers\Controller;
|
||||
use Illuminate\Contracts\Auth\Authenticatable;
|
||||
|
|
@ -17,6 +17,8 @@ abstract class AbstractLoginController extends Controller
|
|||
{
|
||||
use AuthenticatesUsers;
|
||||
|
||||
protected AuthManager $auth;
|
||||
|
||||
/**
|
||||
* Lockout time for failed login requests.
|
||||
*
|
||||
|
|
@ -38,26 +40,14 @@ abstract class AbstractLoginController extends Controller
|
|||
*/
|
||||
protected $redirectTo = '/';
|
||||
|
||||
/**
|
||||
* @var \Illuminate\Auth\AuthManager
|
||||
*/
|
||||
protected $auth;
|
||||
|
||||
/**
|
||||
* @var \Illuminate\Contracts\Config\Repository
|
||||
*/
|
||||
protected $config;
|
||||
|
||||
/**
|
||||
* LoginController constructor.
|
||||
*/
|
||||
public function __construct(AuthManager $auth, Repository $config)
|
||||
public function __construct()
|
||||
{
|
||||
$this->lockoutTime = $config->get('auth.lockout.time');
|
||||
$this->maxLoginAttempts = $config->get('auth.lockout.attempts');
|
||||
|
||||
$this->auth = $auth;
|
||||
$this->config = $config;
|
||||
$this->lockoutTime = config('auth.lockout.time');
|
||||
$this->maxLoginAttempts = config('auth.lockout.attempts');
|
||||
$this->auth = Container::getInstance()->make(AuthManager::class);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -84,12 +74,14 @@ abstract class AbstractLoginController extends Controller
|
|||
*/
|
||||
protected function sendLoginResponse(User $user, Request $request): JsonResponse
|
||||
{
|
||||
$request->session()->remove('auth_confirmation_token');
|
||||
$request->session()->regenerate();
|
||||
|
||||
$this->clearLoginAttempts($request);
|
||||
|
||||
$this->auth->guard()->login($user, true);
|
||||
|
||||
return JsonResponse::create([
|
||||
return new JsonResponse([
|
||||
'data' => [
|
||||
'complete' => true,
|
||||
'intended' => $this->redirectPath(),
|
||||
|
|
@ -101,7 +93,8 @@ abstract class AbstractLoginController extends Controller
|
|||
/**
|
||||
* Determine if the user is logging in using an email or username,.
|
||||
*
|
||||
* @param string $input
|
||||
* @param string|null $input
|
||||
* @return string
|
||||
*/
|
||||
protected function getField(string $input = null): string
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue