StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'release/v0.7.14' into feature/react

Browse source
This commit is contained in:
Dane Everitt 2019-06-22 12:28:44 -07:00
commit 56640253b9
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
16 changed files with 178 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

65
app/Http/Controllers/Auth/LoginController.php
View file

@ -54,6 +54,71 @@ class LoginController extends AbstractLoginController
return $this->sendFailedLoginResponse($request, $user);
}
if ($user->use_totp) {
$token = str_random(64);
$this->cache->put($token, ['user_id' => $user->id, 'valid_credentials' => true], 5);
return redirect()->route('auth.totp')->with('authentication_token', $token);
}
$this->auth->guard()->login($user, true);
return $this->sendLoginResponse($user, $request);
}
/**
* Handle a TOTP implementation page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\View\View
*/
public function totp(Request $request)
{
$token = $request->session()->get('authentication_token');
if (is_null($token) || $this->auth->guard()->user()) {
return redirect()->route('auth.login');
}
return view('auth.totp', ['verify_key' => $token]);
}
/**
* Handle a login where the user is required to provide a TOTP authentication
* token.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response
*
* @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
* @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
* @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
* @throws \Pterodactyl\Exceptions\DisplayException
*/
public function loginUsingTotp(Request $request)
{
if (is_null($request->input('verify_token'))) {
return $this->sendFailedLoginResponse($request);
}
try {
$cache = $this->cache->pull($request->input('verify_token'), []);
$user = $this->repository->find(array_get($cache, 'user_id', 0));
} catch (RecordNotFoundException $exception) {
return $this->sendFailedLoginResponse($request);
}
if (is_null($request->input('2fa_token'))) {
return $this->sendFailedLoginResponse($request, $user);
}
if (! $this->google2FA->verifyKey(
$this->encrypter->decrypt($user->totp_secret),
$request->input('2fa_token'),
$this->config->get('pterodactyl.auth.2fa.window')
)) {
return $this->sendFailedLoginResponse($request, $user);
}
// If the user is using 2FA we do not actually log them in at this step, we return
// a one-time token to link the 2FA credentials to this account via the UI.
if ($user->use_totp) {

4
app/Http/Controllers/Base/SecurityController.php
View file

@ -83,8 +83,8 @@ class SecurityController extends Controller
return JsonResponse::create([
'enabled' => false,
'qr_image' => $response->get('image'),
'secret' => $response->get('secret'),
'qr_image' => $response,
'secret' => '',
]);
}

50
app/Services/Users/TwoFactorSetupService.php
View file

@ -1,23 +1,18 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Services\Users;
use Exception;
use RuntimeException;
use Pterodactyl\Models\User;
use Illuminate\Support\Collection;
use PragmaRX\Google2FAQRCode\Google2FA;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
class TwoFactorSetupService
{
const VALID_BASE32_CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
/**
* @var \Illuminate\Contracts\Config\Repository
*/
@ -28,11 +23,6 @@ class TwoFactorSetupService
*/
private $encrypter;
/**
* @var PragmaRX\Google2FAQRCode\Google2FA
*/
private $google2FA;
/**
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
*/
@ -43,43 +33,51 @@ class TwoFactorSetupService
*
* @param \Illuminate\Contracts\Config\Repository $config
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
* @param PragmaRX\Google2FAQRCode\Google2FA $google2FA
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
*/
public function __construct(
ConfigRepository $config,
Encrypter $encrypter,
Google2FA $google2FA,
UserRepositoryInterface $repository
) {
$this->config = $config;
$this->encrypter = $encrypter;
$this->google2FA = $google2FA;
$this->repository = $repository;
}
/**
* Generate a 2FA token and store it in the database before returning the
* QR code image.
* QR code URL. This URL will need to be attached to a QR generating service in
* order to function.
*
* @param \Pterodactyl\Models\User $user
* @return \Illuminate\Support\Collection
* @return string
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function handle(User $user): Collection
public function handle(User $user): string
{
$secret = $this->google2FA->generateSecretKey($this->config->get('pterodactyl.auth.2fa.bytes'));
$image = $this->google2FA->getQRCodeInline($this->config->get('app.name'), $user->email, $secret);
$secret = '';
try {
for ($i = 0; $i < $this->config->get('pterodactyl.auth.2fa.bytes', 16); $i++) {
$secret .= substr(self::VALID_BASE32_CHARACTERS, random_int(0, 31), 1);
}
} catch (Exception $exception) {
throw new RuntimeException($exception->getMessage(), 0, $exception);
}
$this->repository->withoutFreshModel()->update($user->id, [
'totp_secret' => $this->encrypter->encrypt($secret),
]);
return new Collection([
'image' => $image,
'secret' => $secret,
]);
$company = $this->config->get('app.name');
return sprintf(
'otpauth://totp/%1$s:%2$s?secret=%3$s&issuer=%1$s',
rawurlencode($company),
rawurlencode($user->email),
rawurlencode($secret)
);
}
}