From e7436aab2b9fb33fe1865389b54c52927cee8bed Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Fri, 26 Feb 2016 00:35:23 -0500 Subject: [PATCH] Add active session management --- app/Http/Controllers/Base/IndexController.php | 19 ++++++-- app/Http/Routes/BaseRoutes.php | 10 ++-- app/Models/Session.php | 48 +++++++++++++++++++ .../{totp.blade.php => security.blade.php} | 45 +++++++++++++++-- resources/views/layouts/master.blade.php | 4 +- 5 files changed, 113 insertions(+), 13 deletions(-) create mode 100644 app/Models/Session.php rename resources/views/base/{totp.blade.php => security.blade.php} (80%) diff --git a/app/Http/Controllers/Base/IndexController.php b/app/Http/Controllers/Base/IndexController.php index abf76a43f..d6e1513fd 100644 --- a/app/Http/Controllers/Base/IndexController.php +++ b/app/Http/Controllers/Base/IndexController.php @@ -29,7 +29,7 @@ use Hash; use Google2FA; use Alert; -use Pterodactyl\Models\Server; +use Pterodactyl\Models; use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Http\Controllers\Controller; @@ -55,7 +55,7 @@ class IndexController extends Controller public function getIndex(Request $request) { return view('base.index', [ - 'servers' => Server::getUserServers(10), + 'servers' => Models\Server::getUserServers(10), ]); } @@ -72,14 +72,16 @@ class IndexController extends Controller } /** - * Returns TOTP Management Page. + * Returns Security Management Page. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Contracts\View\View */ - public function getAccountTotp(Request $request) + public function getAccountSecurity(Request $request) { - return view('base.totp'); + return view('base.security', [ + 'sessions' => Models\Session::where('user_id', Auth::user()->id)->get() + ]); } /** @@ -227,4 +229,11 @@ class IndexController extends Controller } + public function getRevokeSession(Request $request, $id) + { + $session = Models\Session::where('id', $id)->where('user_id', Auth::user()->id)->firstOrFail(); + $session->delete(); + return redirect()->route('account.security'); + } + } diff --git a/app/Http/Routes/BaseRoutes.php b/app/Http/Routes/BaseRoutes.php index c21244622..26e488ac2 100644 --- a/app/Http/Routes/BaseRoutes.php +++ b/app/Http/Routes/BaseRoutes.php @@ -71,15 +71,19 @@ class BaseRoutes { // TOTP Routes $router->group([ - 'prefix' => 'account/totp', + 'prefix' => 'account/security', 'middleware' => [ 'auth', 'csrf' ] ], function () use ($router) { $router->get('/', [ - 'as' => 'account.totp', - 'uses' => 'Base\IndexController@getAccountTotp' + 'as' => 'account.security', + 'uses' => 'Base\IndexController@getAccountSecurity' + ]); + $router->get('/revoke/{id}', [ + 'as' => 'account.security.revoke', + 'uses' => 'Base\IndexController@getRevokeSession' ]); $router->put('/', [ 'uses' => 'Base\IndexController@putAccountTotp' diff --git a/app/Models/Session.php b/app/Models/Session.php new file mode 100644 index 000000000..2b17bf6ce --- /dev/null +++ b/app/Models/Session.php @@ -0,0 +1,48 @@ + + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +namespace Pterodactyl\Models; + +use Illuminate\Database\Eloquent\Model; + +class Session extends Model +{ + + /** + * The table associated with the model. + * + * @var string + */ + protected $table = 'sessions'; + + /** + * Cast values to correct type. + * + * @var array + */ + protected $casts = [ + 'id' => 'string', + 'user_id' => 'integer', + ]; + +} diff --git a/resources/views/base/totp.blade.php b/resources/views/base/security.blade.php similarity index 80% rename from resources/views/base/totp.blade.php rename to resources/views/base/security.blade.php index 7f9d2848b..8c2046bb3 100644 --- a/resources/views/base/totp.blade.php +++ b/resources/views/base/security.blade.php @@ -19,7 +19,7 @@ {{-- SOFTWARE. --}} @extends('layouts.master') -@section('title', 'Account TOTP Settings') +@section('title', 'Account Security') @section('sidebar-server') @endsection @@ -34,7 +34,46 @@ @endforeach @endforeach -

{{ trans('base.account.totp_header') }} @if (Auth::user()->use_totp === 1){{ trans('strings.enabled') }}@else{{ trans('strings.disabled') }}@endif


+

Active Sessions


+ + + + + + + + + + + + + @foreach($sessions as $session) + + payload)) ?> + + + + + + + + @endforeach + +
Session IDIP AddressUser AgentLast LocationLast Activity
{{ substr($session->id, 0, 8) }}{{ $session->ip_address }}{{ $session->user_agent }} + @if(isset($prev['_previous']['url'])) + {{ str_replace(env('APP_URL'), '', $prev['_previous']['url']) }} + @else + unknwon + @endif + + @if((time() - $session->last_activity < 10)) + just now + @else + {{ date('D, M j \a\t H:i:s', $session->last_activity) }} + @endif +
+ +

{{ trans('base.account.totp_header') }} @if (Auth::user()->use_totp === 1){{ trans('strings.enabled') }}@else{{ trans('strings.disabled') }}@endif


@if (Auth::user()->use_totp === 1)
{{ trans('base.account.totp_disable') }}
@@ -112,7 +151,7 @@