Change login handling to automatically redirect a user if their session will need renewal.

2018-06-16 14:05:39 -07:00 · 2018-06-16 14:05:39 -07:00 · e7faf979a1
commit e7faf979a1
parent 24bb8da43d
8 changed files with 126 additions and 23 deletions
--- a/app/Http/Controllers/Auth/AbstractLoginController.php
+++ b/app/Http/Controllers/Auth/AbstractLoginController.php
@ -155,13 +155,15 @@ abstract class AbstractLoginController extends Controller
     */
    protected function createJsonWebToken(User $user): string
    {
+        $now = Chronos::now('utc');
+
        $token = $this->builder
            ->setIssuer('Pterodactyl Panel')
            ->setAudience(config('app.url'))
            ->setId(str_random(16), true)
-            ->setIssuedAt(Chronos::now()->getTimestamp())
-            ->setNotBefore(Chronos::now()->getTimestamp())
-            ->setExpiration(Chronos::now()->addSeconds(config('session.lifetime'))->getTimestamp())
+            ->setIssuedAt($now->getTimestamp())
+            ->setNotBefore($now->getTimestamp())
+            ->setExpiration($now->addSeconds(config('jwt.lifetime'))->getTimestamp())
            ->set('user', (new AccountTransformer())->transform($user))
            ->sign($this->getJWTSigner(), $this->getJWTSigningKey())
            ->getToken();
--- a/app/Http/Middleware/Api/AuthenticateKey.php
+++ b/app/Http/Middleware/Api/AuthenticateKey.php
@ -98,13 +98,17 @@ class AuthenticateKey
        }

        // Run through the token validation and throw an exception if the token is not valid.
+        //
+        // The issued_at time is used for verification in order to allow rapid changing of session
+        // length on the Panel without having to wait on existing tokens to first expire.
+        $now = Chronos::now('utc');
        if (
-            $token->getClaim('nbf') > Chronos::now()->getTimestamp()
+            Chronos::createFromTimestampUTC($token->getClaim('nbf'))->gt($now)
            || $token->getClaim('iss') !== 'Pterodactyl Panel'
            || $token->getClaim('aud') !== config('app.url')
-            || $token->getClaim('exp') <= Chronos::now()->getTimestamp()
+            || Chronos::createFromTimestampUTC($token->getClaim('iat'))->addMinutes(config('jwt.lifetime'))->lte($now)
        ) {
-            throw new AccessDeniedHttpException;
+            throw new AccessDeniedHttpException('The authentication parameters provided are not valid for accessing this resource.');
        }

        return (new ApiKey)->forceFill([