misc_pterodactyl-panel/app/Services/Users/TwoFactorSetupService.php

<?php

namespace Pterodactyl\Services\Users;

use Exception;
use RuntimeException;
use Pterodactyl\Models\User;
use Illuminate\Contracts\Encryption\Encrypter;
use Illuminate\Contracts\Config\Repository as ConfigRepository;

class TwoFactorSetupService
{
    public const VALID_BASE32_CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';

    /**
     * TwoFactorSetupService constructor.
     */
    public function __construct(
        private ConfigRepository $config,
        private Encrypter $encrypter
    ) {
    }

    /**
     * Generate a 2FA token and store it in the database before returning the
     * QR code URL. This URL will need to be attached to a QR generating service in
     * order to function.
     */
    public function handle(User $user): array
    {
        $secret = '';
        try {
            for ($i = 0; $i < $this->config->get('pterodactyl.auth.2fa.bytes', 16); ++$i) {
                $secret .= substr(self::VALID_BASE32_CHARACTERS, random_int(0, 31), 1);
            }
        } catch (Exception $exception) {
            throw new RuntimeException($exception->getMessage(), 0, $exception);
        }

        $user->totp_secret = $this->encrypter->encrypt($secret);
        $user->save();

        $company = urlencode(preg_replace('/\s/', '', $this->config->get('app.name')));

        return [
            'image_url_data' => sprintf(
                'otpauth://totp/%1$s:%2$s?secret=%3$s&issuer=%1$s',
                rawurlencode($company),
                rawurlencode($user->email),
                rawurlencode($secret),
            ),
            'secret' => $secret,
        ];
    }
}
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00			`<?php`

			`namespace Pterodactyl\Services\Users;`

Change 2FA service to generate the secret on our own and use an external QR service to display the image 2019-06-21 21:55:09 -07:00			`use Exception;`
			`use RuntimeException;`
Apply fixes from StyleCI (#609) 2017-08-30 21:14:20 -05:00			`use Pterodactyl\Models\User;`
Implement changes to 2FA system (#761) 2017-11-18 13:35:33 -05:00			`use Illuminate\Contracts\Encryption\Encrypter;`
Apply fixes from StyleCI (#609) 2017-08-30 21:14:20 -05:00			`use Illuminate\Contracts\Config\Repository as ConfigRepository;`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00
			`class TwoFactorSetupService`
			`{`
Use more standardized phpcs 2021-01-23 12:33:34 -08:00			`public const VALID_BASE32_CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';`
Change 2FA service to generate the secret on our own and use an external QR service to display the image 2019-06-21 21:55:09 -07:00
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00			`/**`
			`* TwoFactorSetupService constructor.`
			`*/`
			`public function __construct(`
Upgrade to Laravel 9 (#4413) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2022-10-14 10:59:20 -06:00			`private ConfigRepository $config,`
Remove repositories and replace usages 2022-10-22 03:59:36 -04:00			`private Encrypter $encrypter`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00			`) {`
			`}`

			`/**`
Implement changes to 2FA system (#761) 2017-11-18 13:35:33 -05:00			`* Generate a 2FA token and store it in the database before returning the`
Change 2FA service to generate the secret on our own and use an external QR service to display the image 2019-06-21 21:55:09 -07:00			`* QR code URL. This URL will need to be attached to a QR generating service in`
			`* order to function.`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00			`*/`
[UI] Display the 2FA token, show spinner on load (#3367) Co-authored-by: Dane Everitt <dane@daneeveritt.com> 2021-08-03 05:39:12 +02:00			`public function handle(User $user): array`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00			`{`
Change 2FA service to generate the secret on our own and use an external QR service to display the image 2019-06-21 21:55:09 -07:00			`$secret = '';`
			`try {`
Use more standardized phpcs 2021-01-23 12:33:34 -08:00			`for ($i = 0; $i < $this->config->get('pterodactyl.auth.2fa.bytes', 16); ++$i) {`
Change 2FA service to generate the secret on our own and use an external QR service to display the image 2019-06-21 21:55:09 -07:00			`$secret .= substr(self::VALID_BASE32_CHARACTERS, random_int(0, 31), 1);`
			`}`
			`} catch (Exception $exception) {`
			`throw new RuntimeException($exception->getMessage(), 0, $exception);`
			`}`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00
Remove repositories and replace usages 2022-10-22 03:59:36 -04:00			`$user->totp_secret = $this->encrypter->encrypt($secret);`
			`$user->save();`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00
urlencode company name; closes #1690 2020-07-02 21:14:53 -07:00			`$company = urlencode(preg_replace('/\s/', '', $this->config->get('app.name')));`
Change 2FA service to generate the secret on our own and use an external QR service to display the image 2019-06-21 21:55:09 -07:00
[UI] Display the 2FA token, show spinner on load (#3367) Co-authored-by: Dane Everitt <dane@daneeveritt.com> 2021-08-03 05:39:12 +02:00			`return [`
			`'image_url_data' => sprintf(`
			`'otpauth://totp/%1$s:%2$s?secret=%3$s&issuer=%1$s',`
			`rawurlencode($company),`
			`rawurlencode($user->email),`
			`rawurlencode($secret),`
			`),`
			`'secret' => $secret,`
			`];`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00			`}`
			`}`