Support special characters in database password, closes #1508

2019-08-03 14:42:32 -07:00 · 2019-08-03 14:42:32 -07:00 · eb81e1ed20
commit eb81e1ed20
parent e7e41d8ee8
6 changed files with 49 additions and 52 deletions
--- a/app/Http/Controllers/Admin/ServersController.php
+++ b/app/Http/Controllers/Admin/ServersController.php
@ -589,8 +589,7 @@ class ServersController extends Controller
     * @param int                      $server
     * @return \Illuminate\Http\RedirectResponse
     *
-     * @throws \Exception
-     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Throwable
     */
    public function resetDatabasePassword(Request $request, $server)
    {
@ -599,7 +598,7 @@ class ServersController extends Controller
            ['id', '=', $request->input('database')],
        ]);

-        $this->databasePasswordService->handle($database, str_random(24));
+        $this->databasePasswordService->handle($database);

        return response('', 204);
    }
--- a/app/Http/Controllers/Api/Application/Servers/DatabaseController.php
+++ b/app/Http/Controllers/Api/Application/Servers/DatabaseController.php
@ -87,12 +87,11 @@ class DatabaseController extends ApplicationApiController
     * @param \Pterodactyl\Http\Requests\Api\Application\Servers\Databases\ServerDatabaseWriteRequest $request
     * @return \Illuminate\Http\Response
     *
-     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
-     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     * @throws \Throwable
     */
    public function resetPassword(ServerDatabaseWriteRequest $request): Response
    {
-        $this->databasePasswordService->handle($request->getModel(Database::class), str_random(24));
+        $this->databasePasswordService->handle($request->getModel(Database::class));

        return response('', 204);
    }
--- a/app/Http/Controllers/Server/DatabaseController.php
+++ b/app/Http/Controllers/Server/DatabaseController.php
@ -135,15 +135,13 @@ class DatabaseController extends Controller
     * @return \Illuminate\Http\JsonResponse
     *
     * @throws \Illuminate\Auth\Access\AuthorizationException
-     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
-     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     * @throws \Throwable
     */
    public function update(Request $request): JsonResponse
    {
        $this->authorize('reset-db-password', $request->attributes->get('server'));

-        $password = str_random(24);
-        $this->passwordService->handle($request->attributes->get('database'), $password);
+        $password = $this->passwordService->handle($request->attributes->get('database'));

        return response()->json(['password' => $password]);
    }
--- a/app/Services/Databases/DatabasePasswordService.php
+++ b/app/Services/Databases/DatabasePasswordService.php
@ -2,7 +2,9 @@

 namespace Pterodactyl\Services\Databases;

+use Exception;
 use Pterodactyl\Models\Database;
+use Illuminate\Support\Facades\Log;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Pterodactyl\Extensions\DynamicDatabaseConnection;
@ -54,33 +56,39 @@ class DatabasePasswordService
     * Updates a password for a given database.
     *
     * @param \Pterodactyl\Models\Database|int $database
-     * @param string                           $password
-     * @return bool
+     * @return string
     *
-     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
-     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     * @throws \Throwable
     */
-    public function handle($database, string $password): bool
+    public function handle(Database $database): string
    {
-        if (! $database instanceof Database) {
-            $database = $this->repository->find($database);
+        $password = str_random(24);
+        // Given a random string of characters, randomly loop through the characters and replace some
+        // with special characters to avoid issues with MySQL password requirements on some servers.
+        try {
+            for ($i = 0; $i < random_int(2, 6); $i++) {
+                $character = ['!', '@', '=', '.', '+', '^'][random_int(0, 5)];
+
+                $password = substr_replace($password, $character, random_int(0, 23), 1);
+            }
+        } catch (Exception $exception) {
+            // Just log the error and hope for the best at this point.
+            Log::error($exception);
        }

-        $this->dynamic->set('dynamic', $database->database_host_id);
-        $this->connection->beginTransaction();
+        $this->connection->transaction(function () use ($database, $password) {
+            $this->dynamic->set('dynamic', $database->database_host_id);

-        $updated = $this->repository->withoutFreshModel()->update($database->id, [
-            'password' => $this->encrypter->encrypt($password),
-        ]);
+            $this->repository->withoutFreshModel()->update($database->id, [
+                'password' => $this->encrypter->encrypt($password),
+            ]);

-        $this->repository->dropUser($database->username, $database->remote);
-        $this->repository->createUser($database->username, $database->remote, $password);
-        $this->repository->assignUserToDatabase($database->database, $database->username, $database->remote);
-        $this->repository->flush();
+            $this->repository->dropUser($database->username, $database->remote);
+            $this->repository->createUser($database->username, $database->remote, $password);
+            $this->repository->assignUserToDatabase($database->database, $database->username, $database->remote);
+            $this->repository->flush();
+        });

-        unset($password);
-        $this->connection->commit();
-
-        return $updated;
+        return $password;
    }
 }