misc_pterodactyl-panel/app/Http/Controllers/Base/SecurityController.php

<?php

namespace Pterodactyl\Http\Controllers\Base;

use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;
use Prologue\Alerts\AlertsMessageBag;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Services\Users\TwoFactorSetupService;
use Pterodactyl\Services\Users\ToggleTwoFactorService;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
use Pterodactyl\Contracts\Repository\SessionRepositoryInterface;
use Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid;

class SecurityController extends Controller
{
    /**
     * @var \Prologue\Alerts\AlertsMessageBag
     */
    protected $alert;

    /**
     * @var \Illuminate\Contracts\Config\Repository
     */
    protected $config;

    /**
     * @var \Pterodactyl\Contracts\Repository\SessionRepositoryInterface
     */
    protected $repository;

    /**
     * @var \Pterodactyl\Services\Users\ToggleTwoFactorService
     */
    protected $toggleTwoFactorService;

    /**
     * @var \Pterodactyl\Services\Users\TwoFactorSetupService
     */
    protected $twoFactorSetupService;

    /**
     * SecurityController constructor.
     *
     * @param \Prologue\Alerts\AlertsMessageBag $alert
     * @param \Illuminate\Contracts\Config\Repository $config
     * @param \Pterodactyl\Contracts\Repository\SessionRepositoryInterface $repository
     * @param \Pterodactyl\Services\Users\ToggleTwoFactorService $toggleTwoFactorService
     * @param \Pterodactyl\Services\Users\TwoFactorSetupService $twoFactorSetupService
     */
    public function __construct(
        AlertsMessageBag $alert,
        ConfigRepository $config,
        SessionRepositoryInterface $repository,
        ToggleTwoFactorService $toggleTwoFactorService,
        TwoFactorSetupService $twoFactorSetupService
    ) {
        $this->alert = $alert;
        $this->config = $config;
        $this->repository = $repository;
        $this->toggleTwoFactorService = $toggleTwoFactorService;
        $this->twoFactorSetupService = $twoFactorSetupService;
    }

    /**
     * Return information about the user's two-factor authentication status. If not enabled setup their
     * secret and return information to allow the user to proceede with setup.
     *
     * @param \Illuminate\Http\Request $request
     * @return \Illuminate\Http\JsonResponse
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     */
    public function index(Request $request): JsonResponse
    {
        if ($request->user()->use_totp) {
            return JsonResponse::create([
                'enabled' => true,
            ]);
        }

        $response = $this->twoFactorSetupService->handle($request->user());

        return JsonResponse::create([
            'enabled' => false,
            'qr_image' => $response,
            'secret' => '',
        ]);
    }

    /**
     * Verifies that 2FA token received is valid and will work on the account.
     *
     * @param \Illuminate\Http\Request $request
     * @return \Illuminate\Http\JsonResponse
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     */
    public function store(Request $request): JsonResponse
    {
        try {
            $this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '');
        } catch (TwoFactorAuthenticationTokenInvalid $exception) {
            $error = true;
        }

        return JsonResponse::create([
            'success' => ! isset($error),
        ]);
    }

    /**
     * Disables TOTP on an account.
     *
     * @param \Illuminate\Http\Request $request
     * @return \Illuminate\Http\JsonResponse
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     */
    public function delete(Request $request): JsonResponse
    {
        try {
            $this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '', false);
        } catch (TwoFactorAuthenticationTokenInvalid $exception) {
            $error = true;
        }

        return JsonResponse::create([
            'success' => ! isset($error),
        ]);
    }
}
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`<?php`
Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`namespace Pterodactyl\Http\Controllers\Base;`

Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00			`use Illuminate\Http\Request;`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`use Illuminate\Http\JsonResponse;`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`use Prologue\Alerts\AlertsMessageBag;`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`use Pterodactyl\Http\Controllers\Controller;`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`use Pterodactyl\Services\Users\TwoFactorSetupService;`
Apply fixes from StyleCI (#609) 2017-08-31 02:14:20 +00:00			`use Pterodactyl\Services\Users\ToggleTwoFactorService;`
			`use Illuminate\Contracts\Config\Repository as ConfigRepository;`
			`use Pterodactyl\Contracts\Repository\SessionRepositoryInterface;`
			`use Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid;`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00
			`class SecurityController extends Controller`
			`{`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`/**`
			`* @var \Prologue\Alerts\AlertsMessageBag`
			`*/`
			`protected $alert;`

			`/**`
			`* @var \Illuminate\Contracts\Config\Repository`
			`*/`
			`protected $config;`

			`/**`
			`* @var \Pterodactyl\Contracts\Repository\SessionRepositoryInterface`
			`*/`
			`protected $repository;`

			`/**`
			`* @var \Pterodactyl\Services\Users\ToggleTwoFactorService`
			`*/`
			`protected $toggleTwoFactorService;`

			`/**`
			`* @var \Pterodactyl\Services\Users\TwoFactorSetupService`
			`*/`
			`protected $twoFactorSetupService;`

Finish up unit tests for base controllers 2017-09-02 23:56:15 +00:00			`/**`
			`* SecurityController constructor.`
			`*`
Format files 2019-09-06 04:32:57 +00:00			`* @param \Prologue\Alerts\AlertsMessageBag $alert`
			`* @param \Illuminate\Contracts\Config\Repository $config`
Finish up unit tests for base controllers 2017-09-02 23:56:15 +00:00			`* @param \Pterodactyl\Contracts\Repository\SessionRepositoryInterface $repository`
Format files 2019-09-06 04:32:57 +00:00			`* @param \Pterodactyl\Services\Users\ToggleTwoFactorService $toggleTwoFactorService`
			`* @param \Pterodactyl\Services\Users\TwoFactorSetupService $twoFactorSetupService`
Finish up unit tests for base controllers 2017-09-02 23:56:15 +00:00			`*/`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`public function __construct(`
			`AlertsMessageBag $alert,`
			`ConfigRepository $config,`
			`SessionRepositoryInterface $repository,`
			`ToggleTwoFactorService $toggleTwoFactorService,`
			`TwoFactorSetupService $twoFactorSetupService`
			`) {`
			`$this->alert = $alert;`
			`$this->config = $config;`
			`$this->repository = $repository;`
			`$this->toggleTwoFactorService = $toggleTwoFactorService;`
			`$this->twoFactorSetupService = $twoFactorSetupService;`
			`}`

Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`/**`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`* Return information about the user's two-factor authentication status. If not enabled setup their`
			`* secret and return information to allow the user to proceede with setup.`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Illuminate\Http\Request $request`
Update doc blocks for all app/ 2017-03-19 23:36:50 +00:00			`* @return \Illuminate\Http\JsonResponse`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`* @throws \Pterodactyl\Exceptions\Model\DataValidationException`
			`* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*/`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`public function index(Request $request): JsonResponse`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`{`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`if ($request->user()->use_totp) {`
			`return JsonResponse::create([`
			`'enabled' => true,`
			`]);`
			`}`

			`$response = $this->twoFactorSetupService->handle($request->user());`

			`return JsonResponse::create([`
			`'enabled' => false,`
Merge branch 'release/v0.7.14' into feature/react 2019-06-22 19:28:44 +00:00			`'qr_image' => $response,`
			`'secret' => '',`
Implement changes to 2FA system (#761) 2017-11-18 18:35:33 +00:00			`]);`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`

			`/**`
Fix app/ spelling errors 2018-05-13 14:50:56 +00:00			`* Verifies that 2FA token received is valid and will work on the account.`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Illuminate\Http\Request $request`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`* @return \Illuminate\Http\JsonResponse`
Finish up unit tests for base controllers 2017-09-02 23:56:15 +00:00			`*`
			`* @throws \Pterodactyl\Exceptions\Model\DataValidationException`
			`* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*/`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`public function store(Request $request): JsonResponse`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`{`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`try {`
Fix exception when no 2FA token is entered when enabling or disabling 2018-02-18 19:15:10 +00:00			`$this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '');`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`} catch (TwoFactorAuthenticationTokenInvalid $exception) {`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`$error = true;`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00
			`return JsonResponse::create([`
			`'success' => ! isset($error),`
			`]);`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`

			`/**`
			`* Disables TOTP on an account.`
			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Illuminate\Http\Request $request`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`* @return \Illuminate\Http\JsonResponse`
Finish up unit tests for base controllers 2017-09-02 23:56:15 +00:00			`*`
			`* @throws \Pterodactyl\Exceptions\Model\DataValidationException`
			`* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`*/`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`public function delete(Request $request): JsonResponse`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`{`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`try {`
Fix exception when no 2FA token is entered when enabling or disabling 2018-02-18 19:15:10 +00:00			`$this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '', false);`
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-31 02:11:14 +00:00			`} catch (TwoFactorAuthenticationTokenInvalid $exception) {`
Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`$error = true;`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`

Finalize two-factor handling on account. 2018-06-21 06:05:35 +00:00			`return JsonResponse::create([`
			`'success' => ! isset($error),`
			`]);`
Split account things into own controllers. 2016-10-14 21:15:36 +00:00			`}`
			`}`