misc_pterodactyl-panel/app/Http/Routes/AuthRoutes.php

<?php

namespace Pterodactyl\Http\Routes;

use Illuminate\Routing\Router;
use Request;
use Pterodactyl\Models\User as User;

class AuthRoutes {

    public function map(Router $router) {
        $router->group([
            'prefix' => 'auth',
            'middleware' => [
                'guest',
                'csrf'
            ]
        ], function () use ($router) {

            // Display Login Page
            $router->get('login', [
                'as' => 'auth.login',
                'uses' => 'Auth\AuthController@getLogin'
            ]);

            // Handle Login
            $router->post('login', [
                'uses' => 'Auth\AuthController@postLogin'
            ]);

            // Determine if we need to ask for a TOTP Token
            $router->post('login/totp', [
                'uses' => 'Auth\AuthController@checkTotp'
            ]);

            // Show Password Reset Form
            $router->get('password', [
                'as' => 'auth.password',
                'uses' => 'Auth\PasswordController@getEmail'
            ]);

            // Handle Password Reset
            $router->post('password', [
                'uses' => 'Auth\PasswordController@postEmail'
            ]);

            // Show Verification Checkpoint
            $router->get('password/reset/{token}', [
                'as' => 'auth.reset',
                'uses' => 'Auth\PasswordController@getReset'
            ]);

            // Handle Verification
            $router->post('password/reset', [
                'uses' => 'Auth\PasswordController@postReset'
            ]);

        });

        // Not included above because we don't want the guest middleware
        $router->get('auth/logout', [
            'as' => 'auth.logout',
            'middleware' => 'auth',
            'uses' => 'Auth\AuthController@getLogout'
        ]);

    }

}
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`<?php`

			`namespace Pterodactyl\Http\Routes;`

			`use Illuminate\Routing\Router;`
Implement Two-factor authentication 2015-12-11 01:40:59 +00:00			`use Request;`
			`use Pterodactyl\Models\User as User;`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00
			`class AuthRoutes {`

			`public function map(Router $router) {`
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`$router->group([`
			`'prefix' => 'auth',`
			`'middleware' => [`
Update routes to use CSRF protection 2016-01-13 02:50:43 +00:00			`'guest',`
			`'csrf'`
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`]`
			`], function () use ($router) {`
Improved TOTp handling in login. Cleaned up the code a bit, also checks TOTP before attemping to verify user. This addresses the potential for an attacker to try at a password and/or confirm that the password is correct unless they have a valid TOTP code for the request. A failed TOTP response will trigger a throttle count on the login as well. 2015-12-11 02:58:17 +00:00
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`// Display Login Page`
			`$router->get('login', [`
			`'as' => 'auth.login',`
			`'uses' => 'Auth\AuthController@getLogin'`
			`]);`
Improved TOTp handling in login. Cleaned up the code a bit, also checks TOTP before attemping to verify user. This addresses the potential for an attacker to try at a password and/or confirm that the password is correct unless they have a valid TOTP code for the request. A failed TOTP response will trigger a throttle count on the login as well. 2015-12-11 02:58:17 +00:00
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`// Handle Login`
			`$router->post('login', [`
			`'uses' => 'Auth\AuthController@postLogin'`
			`]);`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`// Determine if we need to ask for a TOTP Token`
			`$router->post('login/totp', [`
			`'uses' => 'Auth\AuthController@checkTotp'`
			`]);`

			`// Show Password Reset Form`
			`$router->get('password', [`
Completed subuser system 2016-01-19 00:57:10 +00:00			`'as' => 'auth.password',`
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`'uses' => 'Auth\PasswordController@getEmail'`
			`]);`

			`// Handle Password Reset`
			`$router->post('password', [`
			`'uses' => 'Auth\PasswordController@postEmail'`
Fix password reset system 2016-01-17 02:57:10 +00:00			`]);`
Migrate ability to reset passwords 2015-12-09 00:28:49 +00:00
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`// Show Verification Checkpoint`
Fix password reset system 2016-01-17 02:57:10 +00:00			`$router->get('password/reset/{token}', [`
Completed subuser system 2016-01-19 00:57:10 +00:00			`'as' => 'auth.reset',`
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`'uses' => 'Auth\PasswordController@getReset'`
			`]);`

			`// Handle Verification`
Fix password reset system 2016-01-17 02:57:10 +00:00			`$router->post('password/reset', [`
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`'uses' => 'Auth\PasswordController@postReset'`
			`]);`
Improved TOTp handling in login. Cleaned up the code a bit, also checks TOTP before attemping to verify user. This addresses the potential for an attacker to try at a password and/or confirm that the password is correct unless they have a valid TOTP code for the request. A failed TOTP response will trigger a throttle count on the login as well. 2015-12-11 02:58:17 +00:00
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`});`
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00
			`// Not included above because we don't want the guest middleware`
Fix logout 2016-01-17 02:45:35 +00:00			`$router->get('auth/logout', [`
Clean up routes and middleware checking 2016-01-04 21:09:39 +00:00			`'as' => 'auth.logout',`
			`'middleware' => 'auth',`
			`'uses' => 'Auth\AuthController@getLogout'`
			`]);`

Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`}`

Improved TOTp handling in login. Cleaned up the code a bit, also checks TOTP before attemping to verify user. This addresses the potential for an attacker to try at a password and/or confirm that the password is correct unless they have a valid TOTP code for the request. A failed TOTP response will trigger a throttle count on the login as well. 2015-12-11 02:58:17 +00:00			`}`