StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Cleanup login/reset functionality, address security issue with 2FA pathways

Browse source
This commit is contained in:
Dane Everitt 2018-04-07 16:17:51 -05:00
parent eade81f89b
commit c3e462ab2f
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
11 changed files with 158 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/Http/Controllers/Auth/LoginCheckpointController.php
View file

@ -10,9 +10,8 @@ class LoginCheckpointController extends AbstractLoginController
{
/**
* Handle a login where the user is required to provide a TOTP authentication
* token. In order to add additional layers of security, users are not
* informed of an incorrect password until this stage, forcing them to
* provide a token on each login attempt.
* token. Once a user has reached this stage it is assumed that they have already
* provided a valid username and password.
*
* @param \Pterodactyl\Http\Requests\Auth\LoginCheckpointRequest $request
* @return \Illuminate\Http\JsonResponse
@ -28,7 +27,7 @@ class LoginCheckpointController extends AbstractLoginController
return $this->sendFailedLoginResponse($request);
}
if (! array_get($cache, 'valid_credentials') || array_get($cache, 'request_ip') !== $request->ip()) {
if (array_get($cache, 'request_ip') !== $request->ip()) {
return $this->sendFailedLoginResponse($request, $user);
}
@ -40,7 +39,7 @@ class LoginCheckpointController extends AbstractLoginController
return $this->sendFailedLoginResponse($request, $user);
}
$this->authManager->guard()->login($user, true);
$this->auth->guard()->login($user, true);
return $this->sendLoginResponse($request);
}