misc_pterodactyl-panel/app/Http/Controllers/Base/SecurityController.php

<?php

namespace Pterodactyl\Http\Controllers\Base;

use Illuminate\Http\Request;
use Prologue\Alerts\AlertsMessageBag;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Services\Users\TwoFactorSetupService;
use Pterodactyl\Services\Users\ToggleTwoFactorService;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
use Pterodactyl\Contracts\Repository\SessionRepositoryInterface;
use Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid;

class SecurityController extends Controller
{
    /**
     * @var \Prologue\Alerts\AlertsMessageBag
     */
    protected $alert;

    /**
     * @var \Illuminate\Contracts\Config\Repository
     */
    protected $config;

    /**
     * @var \Pterodactyl\Contracts\Repository\SessionRepositoryInterface
     */
    protected $repository;

    /**
     * @var \Pterodactyl\Services\Users\ToggleTwoFactorService
     */
    protected $toggleTwoFactorService;

    /**
     * @var \Pterodactyl\Services\Users\TwoFactorSetupService
     */
    protected $twoFactorSetupService;

    /**
     * SecurityController constructor.
     *
     * @param \Prologue\Alerts\AlertsMessageBag                            $alert
     * @param \Illuminate\Contracts\Config\Repository                      $config
     * @param \Pterodactyl\Contracts\Repository\SessionRepositoryInterface $repository
     * @param \Pterodactyl\Services\Users\ToggleTwoFactorService           $toggleTwoFactorService
     * @param \Pterodactyl\Services\Users\TwoFactorSetupService            $twoFactorSetupService
     */
    public function __construct(
        AlertsMessageBag $alert,
        ConfigRepository $config,
        SessionRepositoryInterface $repository,
        ToggleTwoFactorService $toggleTwoFactorService,
        TwoFactorSetupService $twoFactorSetupService
    ) {
        $this->alert = $alert;
        $this->config = $config;
        $this->repository = $repository;
        $this->toggleTwoFactorService = $toggleTwoFactorService;
        $this->twoFactorSetupService = $twoFactorSetupService;
    }

    /**
     * Returns Security Management Page.
     *
     * @param \Illuminate\Http\Request $request
     * @return \Illuminate\View\View
     */
    public function index(Request $request)
    {
        if ($this->config->get('session.driver') === 'database') {
            $activeSessions = $this->repository->getUserSessions($request->user()->id);
        }

        return view('base.security', [
            'sessions' => $activeSessions ?? null,
        ]);
    }

    /**
     * Generates TOTP Secret and returns popup data for user to verify
     * that they can generate a valid response.
     *
     * @param \Illuminate\Http\Request $request
     * @return \Illuminate\Http\JsonResponse
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     */
    public function generateTotp(Request $request)
    {
        return response()->json([
            'qrImage' => $this->twoFactorSetupService->handle($request->user()),
        ]);
    }

    /**
     * Verifies that 2FA token recieved is valid and will work on the account.
     *
     * @param \Illuminate\Http\Request $request
     * @return \Illuminate\Http\Response
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     */
    public function setTotp(Request $request)
    {
        try {
            $this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '');

            return response('true');
        } catch (TwoFactorAuthenticationTokenInvalid $exception) {
            return response('false');
        }
    }

    /**
     * Disables TOTP on an account.
     *
     * @param \Illuminate\Http\Request $request
     * @return \Illuminate\Http\RedirectResponse
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     */
    public function disableTotp(Request $request)
    {
        try {
            $this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '', false);
        } catch (TwoFactorAuthenticationTokenInvalid $exception) {
            $this->alert->danger(trans('base.security.2fa_disable_error'))->flash();
        }

        return redirect()->route('account.security');
    }

    /**
     * Revokes a user session.
     *
     * @param \Illuminate\Http\Request $request
     * @param string                   $id
     * @return \Illuminate\Http\RedirectResponse
     */
    public function revoke(Request $request, string $id)
    {
        $this->repository->deleteUserSession($request->user()->id, $id);

        return redirect()->route('account.security');
    }
}
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`<?php`
Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`namespace Pterodactyl\Http\Controllers\Base;`

Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00			`use Illuminate\Http\Request;`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`use Prologue\Alerts\AlertsMessageBag;`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`use Pterodactyl\Http\Controllers\Controller;`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`use Pterodactyl\Services\Users\TwoFactorSetupService;`
Apply fixes from StyleCI (#609) 2017-08-31 02:14:20 +00:00			`use Pterodactyl\Services\Users\ToggleTwoFactorService;`
			`use Illuminate\Contracts\Config\Repository as ConfigRepository;`
			`use Pterodactyl\Contracts\Repository\SessionRepositoryInterface;`
			`use Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid;`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00
			`class SecurityController extends Controller`
			`{`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`/**`
			`* @var \Prologue\Alerts\AlertsMessageBag`
			`*/`
			`protected $alert;`

			`/**`
			`* @var \Illuminate\Contracts\Config\Repository`
			`*/`
			`protected $config;`

			`/**`
			`* @var \Pterodactyl\Contracts\Repository\SessionRepositoryInterface`
			`*/`
			`protected $repository;`

			`/**`
			`* @var \Pterodactyl\Services\Users\ToggleTwoFactorService`
			`*/`
			`protected $toggleTwoFactorService;`

			`/**`
			`* @var \Pterodactyl\Services\Users\TwoFactorSetupService`
			`*/`
			`protected $twoFactorSetupService;`

Finish up unit tests for base controllers 2017-09-02 23:56:15 +00:00			`/**`
			`* SecurityController constructor.`
			`*`
			`* @param \Prologue\Alerts\AlertsMessageBag $alert`
			`* @param \Illuminate\Contracts\Config\Repository $config`
			`* @param \Pterodactyl\Contracts\Repository\SessionRepositoryInterface $repository`
			`* @param \Pterodactyl\Services\Users\ToggleTwoFactorService $toggleTwoFactorService`
			`* @param \Pterodactyl\Services\Users\TwoFactorSetupService $twoFactorSetupService`
			`*/`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`public function __construct(`
			`AlertsMessageBag $alert,`
			`ConfigRepository $config,`
			`SessionRepositoryInterface $repository,`
			`ToggleTwoFactorService $toggleTwoFactorService,`
			`TwoFactorSetupService $twoFactorSetupService`
			`) {`
			`$this->alert = $alert;`
			`$this->config = $config;`
			`$this->repository = $repository;`
			`$this->toggleTwoFactorService = $toggleTwoFactorService;`
			`$this->twoFactorSetupService = $twoFactorSetupService;`
			`}`

Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`/**`
			`* Returns Security Management Page.`
			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Illuminate\Http\Request $request`
Update doc blocks for all app/ 2017-03-19 23:36:50 +00:00			`* @return \Illuminate\View\View`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*/`
			`public function index(Request $request)`
			`{`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`if ($this->config->get('session.driver') === 'database') {`
			`$activeSessions = $this->repository->getUserSessions($request->user()->id);`
			`}`

Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`return view('base.security', [`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`'sessions' => $activeSessions ?? null,`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`]);`
			`}`

			`/**`
			`* Generates TOTP Secret and returns popup data for user to verify`
			`* that they can generate a valid response.`
			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Illuminate\Http\Request $request`
Update doc blocks for all app/ 2017-03-19 23:36:50 +00:00			`* @return \Illuminate\Http\JsonResponse`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`*`
			`* @throws \Pterodactyl\Exceptions\Model\DataValidationException`
			`* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*/`
			`public function generateTotp(Request $request)`
			`{`
Implement changes to 2FA system (#761) 2017-11-18 18:35:33 +00:00			`return response()->json([`
			`'qrImage' => $this->twoFactorSetupService->handle($request->user()),`
			`]);`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`

			`/**`
			`* Verifies that 2FA token recieved is valid and will work on the account.`
			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Illuminate\Http\Request $request`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`* @return \Illuminate\Http\Response`
Finish up unit tests for base controllers 2017-09-02 23:56:15 +00:00			`*`
			`* @throws \Pterodactyl\Exceptions\Model\DataValidationException`
			`* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*/`
			`public function setTotp(Request $request)`
			`{`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`try {`
Fix exception when no 2FA token is entered when enabling or disabling 2018-02-18 19:15:10 +00:00			`$this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '');`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00
			`return response('true');`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`} catch (TwoFactorAuthenticationTokenInvalid $exception) {`
			`return response('false');`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`
			`}`

			`/**`
			`* Disables TOTP on an account.`
			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Illuminate\Http\Request $request`
Update doc blocks for all app/ 2017-03-19 23:36:50 +00:00			`* @return \Illuminate\Http\RedirectResponse`
Finish up unit tests for base controllers 2017-09-02 23:56:15 +00:00			`*`
			`* @throws \Pterodactyl\Exceptions\Model\DataValidationException`
			`* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*/`
			`public function disableTotp(Request $request)`
			`{`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`try {`
Fix exception when no 2FA token is entered when enabling or disabling 2018-02-18 19:15:10 +00:00			`$this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '', false);`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`} catch (TwoFactorAuthenticationTokenInvalid $exception) {`
			`$this->alert->danger(trans('base.security.2fa_disable_error'))->flash();`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`

Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00			`return redirect()->route('account.security');`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`

Update doc blocks for all app/ 2017-03-19 23:36:50 +00:00			`/**`
			`* Revokes a user session.`
			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Illuminate\Http\Request $request`
Pass strings for deletion of user sessions, closes #906 2018-02-03 18:18:18 +00:00			`* @param string $id`
Update doc blocks for all app/ 2017-03-19 23:36:50 +00:00			`* @return \Illuminate\Http\RedirectResponse`
			`*/`
Pass strings for deletion of user sessions, closes #906 2018-02-03 18:18:18 +00:00			`public function revoke(Request $request, string $id)`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`{`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`$this->repository->deleteUserSession($request->user()->id, $id);`
Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`return redirect()->route('account.security');`
			`}`
			`}`