sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure a created_at value is set on recovery tokens; closes #3163

This commit is contained in:
Dane Everitt 2021-03-21 10:43:01 -07:00
parent 983a337fd4
commit 8c7d785c9e
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
4 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Exceptions/Service/User/TwoFactorAuthenticationTokenInvalid.php
View File

@ -6,4 +6,11 @@ use Pterodactyl\Exceptions\DisplayException;
class TwoFactorAuthenticationTokenInvalid extends DisplayException class TwoFactorAuthenticationTokenInvalid extends DisplayException
{ {
/**
* TwoFactorAuthenticationTokenInvalid constructor.
*/
public function __construct()
{
parent::__construct('The provided two-factor authentication token was not valid.');
}
} }

3
app/Http/Controllers/Api/Client/TwoFactorController.php
View File

@ -72,12 +72,11 @@ class TwoFactorController extends ClientApiController
* *
* @return \Illuminate\Http\JsonResponse * @return \Illuminate\Http\JsonResponse
* *
* @throws \Throwable
* @throws \Illuminate\Validation\ValidationException * @throws \Illuminate\Validation\ValidationException
* @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException * @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
* @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException * @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
* @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid * @throws \Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid
*/ */
public function store(Request $request) public function store(Request $request)

5
app/Services/Users/ToggleTwoFactorService.php
View File

@ -74,7 +74,7 @@ class ToggleTwoFactorService
$isValidToken = $this->google2FA->verifyKey($secret, $token, config()->get('pterodactyl.auth.2fa.window')); $isValidToken = $this->google2FA->verifyKey($secret, $token, config()->get('pterodactyl.auth.2fa.window'));
if (!$isValidToken) { if (!$isValidToken) {
throw new TwoFactorAuthenticationTokenInvalid('The token provided is not valid.'); throw new TwoFactorAuthenticationTokenInvalid();
} }
return $this->connection->transaction(function () use ($user, $toggleState) { return $this->connection->transaction(function () use ($user, $toggleState) {
@ -94,6 +94,9 @@ class ToggleTwoFactorService
$inserts[] = [ $inserts[] = [
'user_id' => $user->id, 'user_id' => $user->id,
'token' => password_hash($token, PASSWORD_DEFAULT), 'token' => password_hash($token, PASSWORD_DEFAULT),
// insert() won't actually set the time on the models, so make sure we do this
// manually here.
'created_at' => Carbon::now(),
]; ];
$tokens[] = $token; $tokens[] = $token;

5
tests/Integration/Api/Client/TwoFactorControllerTest.php
View File

@ -101,6 +101,11 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
$tokens = RecoveryToken::query()->where('user_id', $user->id)->get(); $tokens = RecoveryToken::query()->where('user_id', $user->id)->get();
$this->assertCount(10, $tokens); $this->assertCount(10, $tokens);
$this->assertStringStartsWith('$2y$10$', $tokens[0]->token); $this->assertStringStartsWith('$2y$10$', $tokens[0]->token);
// Ensure the recovery tokens that were created include a "created_at" timestamp
// value on them.
//
// @see https://github.com/pterodactyl/panel/issues/3163
$this->assertNotNull($tokens[0]->created_at);
$tokens = $tokens->pluck('token')->toArray(); $tokens = $tokens->pluck('token')->toArray();