From 05d859c985dc529b09effa363146d0213fbebefc Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sun, 15 Mar 2020 16:25:29 -0700
Subject: [PATCH] Ensure password used when creating a database is valid;
 closes #1852

---
 CHANGELOG.md                                  |  4 +++
 app/Helpers/Utilities.php                     | 35 +++++++++++++++++++
 .../Databases/DatabaseManagementService.php   |  5 ++-
 .../Databases/DatabasePasswordService.php     | 17 ++-------
 4 files changed, 45 insertions(+), 16 deletions(-)
 create mode 100644 app/Helpers/Utilities.php

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 33749dd55..37a638853 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
 
 This project follows [Semantic Versioning](http://semver.org) guidelines.
 
+## v0.7.17 (Derelict Dermodactylus)
+### Fixed
+* Fixes database passwords not being generated with the proper requirements for some MySQL setups.
+
 ## v0.7.16 (Derelict Dermodactylus)
 ### Fixed
 * Fixed the /api/application/servers endpoint erroring when including subusers or egg
diff --git a/app/Helpers/Utilities.php b/app/Helpers/Utilities.php
new file mode 100644
index 000000000..5de685fe9
--- /dev/null
+++ b/app/Helpers/Utilities.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Pterodactyl\Helpers;
+
+use Exception;
+use Illuminate\Support\Facades\Log;
+
+class Utilities
+{
+    /**
+     * Generates a random string and injects special characters into it, in addition to
+     * the randomness of the alpha-numeric default response.
+     *
+     * @param int $length
+     * @return string
+     */
+    public static function randomStringWithSpecialCharacters(int $length = 16): string
+    {
+        $string = str_random($length);
+        // Given a random string of characters, randomly loop through the characters and replace some
+        // with special characters to avoid issues with MySQL password requirements on some servers.
+        try {
+            for ($i = 0; $i < random_int(2, 6); $i++) {
+                $character = ['!', '@', '=', '.', '+', '^'][random_int(0, 5)];
+
+                $string = substr_replace($string, $character, random_int(0, $length - 1), 1);
+            }
+        } catch (Exception $exception) {
+            // Just log the error and hope for the best at this point.
+            Log::error($exception);
+        }
+
+        return $string;
+    }
+}
diff --git a/app/Services/Databases/DatabaseManagementService.php b/app/Services/Databases/DatabaseManagementService.php
index d7c942cba..103befa55 100644
--- a/app/Services/Databases/DatabaseManagementService.php
+++ b/app/Services/Databases/DatabaseManagementService.php
@@ -3,6 +3,7 @@
 namespace Pterodactyl\Services\Databases;
 
 use Pterodactyl\Models\Database;
+use Pterodactyl\Helpers\Utilities;
 use Illuminate\Database\DatabaseManager;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Pterodactyl\Extensions\DynamicDatabaseConnection;
@@ -69,7 +70,9 @@ class DatabaseManagementService
         $data['server_id'] = $server;
         $data['database'] = sprintf('s%d_%s', $server, $data['database']);
         $data['username'] = sprintf('u%d_%s', $server, str_random(10));
-        $data['password'] = $this->encrypter->encrypt(str_random(24));
+        $data['password'] = $this->encrypter->encrypt(
+            Utilities::randomStringWithSpecialCharacters(24)
+        );
 
         $this->database->beginTransaction();
         try {
diff --git a/app/Services/Databases/DatabasePasswordService.php b/app/Services/Databases/DatabasePasswordService.php
index ed60bad4a..ad5882c49 100644
--- a/app/Services/Databases/DatabasePasswordService.php
+++ b/app/Services/Databases/DatabasePasswordService.php
@@ -2,9 +2,8 @@
 
 namespace Pterodactyl\Services\Databases;
 
-use Exception;
 use Pterodactyl\Models\Database;
-use Illuminate\Support\Facades\Log;
+use Pterodactyl\Helpers\Utilities;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Pterodactyl\Extensions\DynamicDatabaseConnection;
@@ -62,19 +61,7 @@ class DatabasePasswordService
      */
     public function handle(Database $database): string
     {
-        $password = str_random(24);
-        // Given a random string of characters, randomly loop through the characters and replace some
-        // with special characters to avoid issues with MySQL password requirements on some servers.
-        try {
-            for ($i = 0; $i < random_int(2, 6); $i++) {
-                $character = ['!', '@', '=', '.', '+', '^'][random_int(0, 5)];
-
-                $password = substr_replace($password, $character, random_int(0, 23), 1);
-            }
-        } catch (Exception $exception) {
-            // Just log the error and hope for the best at this point.
-            Log::error($exception);
-        }
+        $password = Utilities::randomStringWithSpecialCharacters(24);
 
         $this->connection->transaction(function () use ($database, $password) {
             $this->dynamic->set('dynamic', $database->database_host_id);