Ensure password used when creating a database is valid; closes #1852

This commit is contained in:
Dane Everitt 2020-03-15 16:25:29 -07:00
parent 1ebe376fed
commit 05d859c985
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
4 changed files with 45 additions and 16 deletions

View File

@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines. This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.7.17 (Derelict Dermodactylus)
### Fixed
* Fixes database passwords not being generated with the proper requirements for some MySQL setups.
## v0.7.16 (Derelict Dermodactylus) ## v0.7.16 (Derelict Dermodactylus)
### Fixed ### Fixed
* Fixed the /api/application/servers endpoint erroring when including subusers or egg * Fixed the /api/application/servers endpoint erroring when including subusers or egg

35
app/Helpers/Utilities.php Normal file
View File

@ -0,0 +1,35 @@
<?php
namespace Pterodactyl\Helpers;
use Exception;
use Illuminate\Support\Facades\Log;
class Utilities
{
/**
* Generates a random string and injects special characters into it, in addition to
* the randomness of the alpha-numeric default response.
*
* @param int $length
* @return string
*/
public static function randomStringWithSpecialCharacters(int $length = 16): string
{
$string = str_random($length);
// Given a random string of characters, randomly loop through the characters and replace some
// with special characters to avoid issues with MySQL password requirements on some servers.
try {
for ($i = 0; $i < random_int(2, 6); $i++) {
$character = ['!', '@', '=', '.', '+', '^'][random_int(0, 5)];
$string = substr_replace($string, $character, random_int(0, $length - 1), 1);
}
} catch (Exception $exception) {
// Just log the error and hope for the best at this point.
Log::error($exception);
}
return $string;
}
}

View File

@ -3,6 +3,7 @@
namespace Pterodactyl\Services\Databases; namespace Pterodactyl\Services\Databases;
use Pterodactyl\Models\Database; use Pterodactyl\Models\Database;
use Pterodactyl\Helpers\Utilities;
use Illuminate\Database\DatabaseManager; use Illuminate\Database\DatabaseManager;
use Illuminate\Contracts\Encryption\Encrypter; use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Extensions\DynamicDatabaseConnection; use Pterodactyl\Extensions\DynamicDatabaseConnection;
@ -69,7 +70,9 @@ class DatabaseManagementService
$data['server_id'] = $server; $data['server_id'] = $server;
$data['database'] = sprintf('s%d_%s', $server, $data['database']); $data['database'] = sprintf('s%d_%s', $server, $data['database']);
$data['username'] = sprintf('u%d_%s', $server, str_random(10)); $data['username'] = sprintf('u%d_%s', $server, str_random(10));
$data['password'] = $this->encrypter->encrypt(str_random(24)); $data['password'] = $this->encrypter->encrypt(
Utilities::randomStringWithSpecialCharacters(24)
);
$this->database->beginTransaction(); $this->database->beginTransaction();
try { try {

View File

@ -2,9 +2,8 @@
namespace Pterodactyl\Services\Databases; namespace Pterodactyl\Services\Databases;
use Exception;
use Pterodactyl\Models\Database; use Pterodactyl\Models\Database;
use Illuminate\Support\Facades\Log; use Pterodactyl\Helpers\Utilities;
use Illuminate\Database\ConnectionInterface; use Illuminate\Database\ConnectionInterface;
use Illuminate\Contracts\Encryption\Encrypter; use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Extensions\DynamicDatabaseConnection; use Pterodactyl\Extensions\DynamicDatabaseConnection;
@ -62,19 +61,7 @@ class DatabasePasswordService
*/ */
public function handle(Database $database): string public function handle(Database $database): string
{ {
$password = str_random(24); $password = Utilities::randomStringWithSpecialCharacters(24);
// Given a random string of characters, randomly loop through the characters and replace some
// with special characters to avoid issues with MySQL password requirements on some servers.
try {
for ($i = 0; $i < random_int(2, 6); $i++) {
$character = ['!', '@', '=', '.', '+', '^'][random_int(0, 5)];
$password = substr_replace($password, $character, random_int(0, 23), 1);
}
} catch (Exception $exception) {
// Just log the error and hope for the best at this point.
Log::error($exception);
}
$this->connection->transaction(function () use ($database, $password) { $this->connection->transaction(function () use ($database, $password) {
$this->dynamic->set('dynamic', $database->database_host_id); $this->dynamic->set('dynamic', $database->database_host_id);