Fix JWT handling for API access when logging in

2018-05-28 14:59:48 -07:00 · 2018-05-28 14:59:48 -07:00 · a1444b047e
commit a1444b047e
parent aa61afb58f
7 changed files with 143 additions and 68 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -2,11 +2,9 @@

 namespace Pterodactyl\Http\Controllers\Auth;

-use Lcobucci\JWT\Builder;
 use Illuminate\Http\Request;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Contracts\View\View;
-use Lcobucci\JWT\Signer\Hmac\Sha256;
 use Pterodactyl\Exceptions\Repository\RecordNotFoundException;

 class LoginController extends AbstractLoginController
@ -65,26 +63,12 @@ class LoginController extends AbstractLoginController
                'request_ip' => $request->ip(),
            ], 5);

-            return response()->json(['complete' => false, 'login_token' => $token]);
+            return response()->json([
+                'complete' => false,
+                'login_token' => $token,
+            ]);
        }

-        $signer = new Sha256();
-        $token = (new Builder)->setIssuer('http://pterodactyl.local')
-            ->setAudience('http://pterodactyl.local')
-            ->setId(str_random(12), true)
-            ->setIssuedAt(time())
-            ->setNotBefore(time())
-            ->setExpiration(time() + 3600)
-            ->set('uid', $user->id)
-            ->sign($signer, env('APP_JWT_KEY'))
-            ->getToken();
-
-        $this->auth->guard()->login($user, true);
-
-        return response()->json([
-            'complete' => true,
-            'intended' => $this->redirectPath(),
-            'token' => $token->__toString(),
-        ]);
+        return $this->sendLoginResponse($user, $request);
    }
 }