Ensure a created_at value is set on recovery tokens; closes #3163

This commit is contained in:
Dane Everitt 2021-03-21 10:43:01 -07:00
parent 983a337fd4
commit 8c7d785c9e
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
4 changed files with 17 additions and 3 deletions

View File

@ -6,4 +6,11 @@ use Pterodactyl\Exceptions\DisplayException;
class TwoFactorAuthenticationTokenInvalid extends DisplayException
{
/**
* TwoFactorAuthenticationTokenInvalid constructor.
*/
public function __construct()
{
parent::__construct('The provided two-factor authentication token was not valid.');
}
}

View File

@ -72,12 +72,11 @@ class TwoFactorController extends ClientApiController
*
* @return \Illuminate\Http\JsonResponse
*
* @throws \Throwable
* @throws \Illuminate\Validation\ValidationException
* @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
* @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
* @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid
*/
public function store(Request $request)

View File

@ -74,7 +74,7 @@ class ToggleTwoFactorService
$isValidToken = $this->google2FA->verifyKey($secret, $token, config()->get('pterodactyl.auth.2fa.window'));
if (!$isValidToken) {
throw new TwoFactorAuthenticationTokenInvalid('The token provided is not valid.');
throw new TwoFactorAuthenticationTokenInvalid();
}
return $this->connection->transaction(function () use ($user, $toggleState) {
@ -94,6 +94,9 @@ class ToggleTwoFactorService
$inserts[] = [
'user_id' => $user->id,
'token' => password_hash($token, PASSWORD_DEFAULT),
// insert() won't actually set the time on the models, so make sure we do this
// manually here.
'created_at' => Carbon::now(),
];
$tokens[] = $token;

View File

@ -101,6 +101,11 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
$tokens = RecoveryToken::query()->where('user_id', $user->id)->get();
$this->assertCount(10, $tokens);
$this->assertStringStartsWith('$2y$10$', $tokens[0]->token);
// Ensure the recovery tokens that were created include a "created_at" timestamp
// value on them.
//
// @see https://github.com/pterodactyl/panel/issues/3163
$this->assertNotNull($tokens[0]->created_at);
$tokens = $tokens->pluck('token')->toArray();