We use cookies to ensure you get the best experience on our website
Startsida Utforska Hjälp
Registrera dig Logga in
0ct0pu5
/
ctrlpanel
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: eac672a870
Grenar Taggar
ctrlpanel
/
app
/
Http
/
Controllers
/
Auth
/
LoginCheckpointController.php

LoginCheckpointController.php 4.3 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 
  1. <?php
    2. 

  2. 

  3. namespace Pterodactyl\Http\Controllers\Auth;
    4. 

  4. 

  5. use App\Models\User;
    6. 

  6. use Carbon\CarbonImmutable;
    7. 

  7. use Carbon\CarbonInterface;
    8. 

  8. use Illuminate\Foundation\Auth\AuthenticatesUsers;
    9. 

  9. use Illuminate\Http\Request;
    10. 

  10. use Illuminate\Http\JsonResponse;
    11. 

  11. use PragmaRX\Google2FA\Google2FA;
    12. 

  12. use Illuminate\Contracts\Encryption\Encrypter;
    13. 

  13. use Illuminate\Database\Eloquent\ModelNotFoundException;
    14. 

  14. use Illuminate\Contracts\Validation\Factory as ValidationFactory;
    15. 

  15. 

  16. class LoginCheckpointController extends LoginController
    17. 

  17. {
    18. 

  18.     use AuthenticatesUsers;
    19. 

  19. 

  20.     private const TOKEN_EXPIRED_MESSAGE = 'The authentication token provided has expired, please refresh the page and try again.';
    21. 

  21. 

  22.     /**
    23. 

  23.      * LoginCheckpointController constructor.
    24. 

  24.      */
    25. 

  25.     public function __construct(
    26. 

  26.         private Encrypter $encrypter,
    27. 

  27.         private Google2FA $google2FA,
    28. 

  28.         private ValidationFactory $validation
    29. 

  29.     ) {
    30. 

  30.         parent::__construct();
    31. 

  31.     }
    32. 

  32. 

  33.     /**
    34. 

  34.      * Handle a login where the user is required to provide a TOTP authentication
    35. 

  35.      * token. Once a user has reached this stage it is assumed that they have already
    36. 

  36.      * provided a valid username and password.
    37. 

  37.      *
    38. 

  38.      * @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
    39. 

  39.      * @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
    40. 

  40.      * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
    41. 

  41.      * @throws \Exception
    42. 

  42.      * @throws \Illuminate\Validation\ValidationException
    43. 

  43.      */
    44. 

  44.     public function __invoke(Request $request): JsonResponse
    45. 

  45.     {
    46. 

  46.         if ($this->hasTooManyLoginAttempts($request)) {
    47. 

  47.             $this->sendLockoutResponse($request);
    48. 

  48.         }
    49. 

  49. 

  50.         $details = $request->session()->get('auth_confirmation_token');
    51. 

  51.         if (!$this->hasValidSessionData($details)) {
    52. 

  52.             $this->sendFailedLoginResponse($request); // token expired
    53. 

  53.         }
    54. 

  54. 

  55.         if (!hash_equals($request->input('confirmation_token') ?? '', $details['token_value'])) {
    56. 

  56.             $this->sendFailedLoginResponse($request); // token invalid
    57. 

  57.         }
    58. 

  58. 

  59.         try {
    60. 

  60.             /** @var User $user */
    61. 

  61.             $user = User::query()->findOrFail($details['user_id']);
    62. 

  62.         } catch (ModelNotFoundException) {
    63. 

  63.             $this->sendFailedLoginResponse($request); // user not found
    64. 

  64.         }
    65. 

  65. 

  66.         // Recovery tokens go through a slightly different pathway for usage.
    67. 

  67.         if (!is_null($recoveryToken = $request->input('recovery_token'))) {
    68. 

  68.             if ($this->isValidRecoveryToken($user, $recoveryToken)) {
    69. 

  69.                 // If the recovery token is valid, send the login response
    70. 

  70.                 return $this->sendLoginResponse($request);
    71. 

  71.             }
    72. 

  72.         } else {
    73. 

  73.             $decrypted = $this->encrypter->decrypt($user->totp_secret);
    74. 

  74. 

  75.             if ($this->google2FA->verifyKey($decrypted, (string) $request->input('authentication_code') ?? '', config('pterodactyl.auth.2fa.window'))) {
    76. 

  76. 

  77.                 return $this->sendLoginResponse($request);
    78. 

  78.             }
    79. 

  79.         }
    80. 

  80. 

  81.         $this->sendFailedLoginResponse($request); // recovery token invalid
    82. 

  82.     }
    83. 

  83. 

  84.     /**
    85. 

  85.      * Determines if a given recovery token is valid for the user account. If we find a matching token
    86. 

  86.      * it will be deleted from the database.
    87. 

  87.      *
    88. 

  88.      * @throws \Exception
    89. 

  89.      */
    90. 

  90.     protected function isValidRecoveryToken(User $user, string $value): bool
    91. 

  91.     {
    92. 

  92.         foreach ($user->recoveryTokens as $token) {
    93. 

  93.             if (password_verify($value, $token->token)) {
    94. 

  94.                 $token->delete();
    95. 

  95. 

  96.                 return true;
    97. 

  97.             }
    98. 

  98.         }
    99. 

  99. 

  100.         return false;
    101. 

  101.     }
    102. 

  102. 

  103.     /**
    104. 

  104.      * Determines if the data provided from the session is valid or not. This
    105. 

  105.      * will return false if the data is invalid, or if more time has passed than
    106. 

  106.      * was configured when the session was written.
    107. 

  107.      */
    108. 

  108.     protected function hasValidSessionData(array $data): bool
    109. 

  109.     {
    110. 

  110.         $validator = $this->validation->make($data, [
    111. 

  111.             'user_id' => 'required|integer|min:1',
    112. 

  112.             'token_value' => 'required|string',
    113. 

  113.             'expires_at' => 'required',
    114. 

  114.         ]);
    115. 

  115. 

  116.         if ($validator->fails()) {
    117. 

  117.             return false;
    118. 

  118.         }
    119. 

  119. 

  120.         if (!$data['expires_at'] instanceof CarbonInterface) {
    121. 

  121.             return false;
    122. 

  122.         }
    123. 

  123. 

  124.         if ($data['expires_at']->isBefore(CarbonImmutable::now())) {
    125. 

  125.             return false;
    126. 

  126.         }
    127. 

  127. 

  128.         return true;
    129. 

  129.     }
    130. 

  130. }
    131.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5