StarMC/Astral-nook
StarMC/Astral-nook
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Implement changes to 2FA system (#761)

Browse source
This commit is contained in:
Dane Everitt 2017-11-18 13:35:33 -05:00 committed by GitHub
parent a0c96f2c15
commit c7c2c1a45e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 360 additions and 298 deletions
Download patch file Download diff file Expand all files Collapse all files

56
app/Services/Users/ToggleTwoFactorService.php
View file

@ -1,66 +1,82 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Services\Users;
use Carbon\Carbon;
use Pterodactyl\Models\User;
use PragmaRX\Google2FA\Contracts\Google2FA;
use PragmaRX\Google2FA\Google2FA;
use Illuminate\Contracts\Config\Repository;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
use Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid;
class ToggleTwoFactorService
{
/**
* @var \PragmaRX\Google2FA\Contracts\Google2FA
* @var \Illuminate\Contracts\Config\Repository
*/
protected $google2FA;
private $config;
/**
* @var \Illuminate\Contracts\Encryption\Encrypter
*/
private $encrypter;
/**
* @var \PragmaRX\Google2FA\Google2FA
*/
private $google2FA;
/**
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
*/
protected $repository;
private $repository;
/**
* ToggleTwoFactorService constructor.
*
* @param \PragmaRX\Google2FA\Contracts\Google2FA $google2FA
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
* @param \PragmaRX\Google2FA\Google2FA $google2FA
* @param \Illuminate\Contracts\Config\Repository $config
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
*/
public function __construct(
Encrypter $encrypter,
Google2FA $google2FA,
Repository $config,
UserRepositoryInterface $repository
) {
$this->config = $config;
$this->encrypter = $encrypter;
$this->google2FA = $google2FA;
$this->repository = $repository;
}
/**
* @param int|\Pterodactyl\Models\User $user
* @param string $token
* @param null|bool $toggleState
* Toggle 2FA on an account only if the token provided is valid.
*
* @param \Pterodactyl\Models\User $user
* @param string $token
* @param bool|null $toggleState
* @return bool
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid
*/
public function handle($user, $token, $toggleState = null)
public function handle(User $user, string $token, bool $toggleState = null): bool
{
if (! $user instanceof User) {
$user = $this->repository->find($user);
}
$window = $this->config->get('pterodactyl.auth.2fa.window');
$secret = $this->encrypter->decrypt($user->totp_secret);
if (! $this->google2FA->verifyKey($user->totp_secret, $token, 2)) {
$isValidToken = $this->google2FA->verifyKey($secret, $token, $window);
if (! $isValidToken) {
throw new TwoFactorAuthenticationTokenInvalid;
}
$this->repository->withoutFresh()->update($user->id, [
'totp_authenticated_at' => Carbon::now(),
'use_totp' => (is_null($toggleState) ? ! $user->use_totp : $toggleState),
]);

45
app/Services/Users/TwoFactorSetupService.php
View file

@ -10,7 +10,8 @@
namespace Pterodactyl\Services\Users;
use Pterodactyl\Models\User;
use PragmaRX\Google2FA\Contracts\Google2FA;
use PragmaRX\Google2FA\Google2FA;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
@ -19,58 +20,62 @@ class TwoFactorSetupService
/**
* @var \Illuminate\Contracts\Config\Repository
*/
protected $config;
private $config;
/**
* @var \PragmaRX\Google2FA\Contracts\Google2FA
* @var \Illuminate\Contracts\Encryption\Encrypter
*/
protected $google2FA;
private $encrypter;
/**
* @var \PragmaRX\Google2FA\Google2FA
*/
private $google2FA;
/**
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
*/
protected $repository;
private $repository;
/**
* TwoFactorSetupService constructor.
*
* @param \Illuminate\Contracts\Config\Repository $config
* @param \PragmaRX\Google2FA\Contracts\Google2FA $google2FA
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
* @param \PragmaRX\Google2FA\Google2FA $google2FA
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
*/
public function __construct(
ConfigRepository $config,
Encrypter $encrypter,
Google2FA $google2FA,
UserRepositoryInterface $repository
) {
$this->config = $config;
$this->encrypter = $encrypter;
$this->google2FA = $google2FA;
$this->repository = $repository;
}
/**
* Generate a 2FA token and store it in the database.
* Generate a 2FA token and store it in the database before returning the
* QR code image.
*
* @param int|\Pterodactyl\Models\User $user
* @return array
* @param \Pterodactyl\Models\User $user
* @return string
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function handle($user)
public function handle(User $user): string
{
if (! $user instanceof User) {
$user = $this->repository->find($user);
}
$secret = $this->google2FA->generateSecretKey();
$secret = $this->google2FA->generateSecretKey($this->config->get('pterodactyl.auth.2fa.bytes'));
$image = $this->google2FA->getQRCodeGoogleUrl($this->config->get('app.name'), $user->email, $secret);
$this->repository->withoutFresh()->update($user->id, ['totp_secret' => $secret]);
$this->repository->withoutFresh()->update($user->id, [
'totp_secret' => $this->encrypter->encrypt($secret),
]);
return [
'qrImage' => $image,
'secret' => $secret,
];
return $image;
}
}