From 202dd52e2bc51f412455849a2c229e8472b59917 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Fri, 17 Mar 2017 17:17:36 -0400 Subject: [PATCH] Fixes bug causing MySQL user accounts to be corrupted when resetting a password via the panel. closes #352 --- CHANGELOG.md | 1 + .../Controllers/Server/ServerController.php | 7 +++--- app/Models/Database.php | 2 +- app/Repositories/DatabaseRepository.php | 22 ++++++++++++++----- .../server/settings/databases.blade.php | 2 +- 5 files changed, 23 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e2a117db..358fc0e45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. * `[pre.4]` — Fixes server listing on frontend not displaying a page selector when more than 10 servers exist. * `[pre.4]` — Fixes non-admin users being unable to create personal API keys. * Fixes bug where daemon was unable to register that certain games had fully booted and were ready to play on. +* Fixes bug causing MySQL user accounts to be corrupted when resetting a password via the panel. ### Added * Ability to assign multiple allocations at once when creating a new server. diff --git a/app/Http/Controllers/Server/ServerController.php b/app/Http/Controllers/Server/ServerController.php index 751f36093..62cd3d304 100644 --- a/app/Http/Controllers/Server/ServerController.php +++ b/app/Http/Controllers/Server/ServerController.php @@ -239,15 +239,14 @@ class ServerController extends Controller { $server = Models\Server::byUuid($uuid); $this->authorize('view-databases', $server); + + $server->load('node', 'databases.host'); $server->js(); return view('server.settings.databases', [ 'server' => $server, 'node' => $server->node, - 'databases' => Models\Database::select('databases.*', 'database_servers.host as a_host', 'database_servers.port as a_port') - ->where('server_id', $server->id) - ->join('database_servers', 'database_servers.id', '=', 'databases.db_server') - ->get(), + 'databases' => $server->databases, ]); } diff --git a/app/Models/Database.php b/app/Models/Database.php index e7f543466..624b2c228 100644 --- a/app/Models/Database.php +++ b/app/Models/Database.php @@ -68,7 +68,7 @@ class Database extends Model */ public function host() { - return $this->belongsTo(DatabaseHost::class); + return $this->belongsTo(DatabaseHost::class, 'database_host_id'); } /** diff --git a/app/Repositories/DatabaseRepository.php b/app/Repositories/DatabaseRepository.php index 7e1760b63..346d33376 100644 --- a/app/Repositories/DatabaseRepository.php +++ b/app/Repositories/DatabaseRepository.php @@ -48,10 +48,10 @@ class DatabaseRepository */ public function create($id, array $data) { - $server = Server::findOrFail($server); + $server = Server::findOrFail($id); $validator = Validator::make($data, [ - 'host' => 'required|exists:database_servers,id', + 'host' => 'required|exists:database_hosts,id', 'database' => 'required|regex:/^\w{1,100}$/', 'connection' => 'required|regex:/^[0-9%.]{1,15}$/', ]); @@ -64,7 +64,7 @@ class DatabaseRepository DB::beginTransaction(); try { - $database = Models\Database::firstOrNew([ + $database = Database::firstOrNew([ 'server_id' => $server->id, 'database_host_id' => $data['host'], 'database' => sprintf('s%d_%s', $server->id, $data['database']), @@ -131,10 +131,12 @@ class DatabaseRepository * @param int $id * @param string $password * @return void + * + * @todo Fix logic behind resetting passwords. */ public function password($id, $password) { - $database = Models\Database::with('host')->findOrFail($id); + $database = Database::with('host')->findOrFail($id); DB::transaction(function () use ($database, $password) { $database->password = Crypt::encrypt($password); @@ -150,10 +152,20 @@ class DatabaseRepository 'collation' => 'utf8_unicode_ci', ]); + // We have to do the whole delete user, create user thing rather than + // SET PASSWORD ... because MariaDB and PHP statements ends up inserting + // a corrupted password. A way around this is strtoupper(sha1(sha1($password, true))) + // but no garuntees that will work correctly with every system. + DB::connection('dynamic')->statement(sprintf('DROP USER IF EXISTS `%s`@`%s`', $database->username, $database->remote)); DB::connection('dynamic')->statement(sprintf( - 'SET PASSWORD FOR `%s`@`%s` = PASSWORD(\'%s\')', + 'CREATE USER `%s`@`%s` IDENTIFIED BY \'%s\'', $database->username, $database->remote, $password )); + DB::connection('dynamic')->statement(sprintf( + 'GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX ON `%s`.* TO `%s`@`%s`', + $database->database, $database->username, $database->remote + )); + DB::connection('dynamic')->statement('FLUSH PRIVILEGES'); $database->save(); }); diff --git a/resources/themes/pterodactyl/server/settings/databases.blade.php b/resources/themes/pterodactyl/server/settings/databases.blade.php index 5e90be84f..9d103f7a4 100644 --- a/resources/themes/pterodactyl/server/settings/databases.blade.php +++ b/resources/themes/pterodactyl/server/settings/databases.blade.php @@ -56,7 +56,7 @@ {{ $database->database }} {{ $database->username }} {{ Crypt::decrypt($database->password) }} - {{ $database->a_host }}:{{ $database->a_port }} + {{ $database->host->host }}:{{ $database->host->port }} @can('reset-db-password', $server)