Add controllers and packages for security keys

app/Http/Controllers/Auth/LoginController.php

@@ -9,15 +9,19 @@ use Pterodactyl\Models\User;
 use Illuminate\Http\JsonResponse;
 use Pterodactyl\Facades\Activity;
 use Illuminate\Contracts\View\View;
-use Illuminate\Contracts\View\Factory as ViewFactory;
+use Pterodactyl\Models\SecurityKey;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
+use Pterodactyl\Repositories\SecurityKeys\WebauthnServerRepository;
 
 class LoginController extends AbstractLoginController
 {
+    private const METHOD_TOTP = 'totp';
+    private const METHOD_WEBAUTHN = 'webauthn';
+
     /**
      * LoginController constructor.
      */
-    public function __construct(private ViewFactory $view)
+    public function __construct(protected WebauthnServerRepository $webauthnServerRepository)
     {
         parent::__construct();
     }
@@ -29,7 +33,7 @@ class LoginController extends AbstractLoginController
      */
     public function index(): View
     {
-        return $this->view->make('templates/auth.core');
+        return view('templates/auth.core');
     }
 
     /**
@@ -37,6 +41,7 @@ class LoginController extends AbstractLoginController
      *
      * @throws \Pterodactyl\Exceptions\DisplayException
      * @throws \Illuminate\Validation\ValidationException
+     * @throws \Webauthn\Exception\InvalidDataException
      */
     public function login(Request $request): JsonResponse
     {
@@ -62,7 +67,9 @@ class LoginController extends AbstractLoginController
             $this->sendFailedLoginResponse($request, $user);
         }
 
-        if (!$user->use_totp) {
+        // Return early if the user does not have 2FA enabled, otherwise we will require them
+        // to complete a secondary challenge before they can log in.
+        if (!$user->has2FAEnabled()) {
             return $this->sendLoginResponse($user, $request);
         }
 
@@ -74,11 +81,23 @@ class LoginController extends AbstractLoginController
             'expires_at' => CarbonImmutable::now()->addMinutes(5),
         ]);
 
-        return new JsonResponse([
-            'data' => [
-                'complete' => false,
-                'confirmation_token' => $token,
-            ],
-        ]);
+        $response = [
+            'complete' => false,
+            'methods' => array_values(array_filter([
+                $user->use_totp ? self::METHOD_TOTP : null,
+                $user->securityKeys->isNotEmpty() ? self::METHOD_WEBAUTHN : null,
+            ])),
+            'confirm_token' => $token,
+        ];
+
+        if ($user->securityKeys->isNotEmpty()) {
+            $key = $this->webauthnServerRepository->generatePublicKeyCredentialRequestOptions($user);
+
+            $request->session()->put(SecurityKey::PK_SESSION_NAME, $key);
+
+            $request['webauthn'] = ['public_key' => $key];
+        }
+
+        return new JsonResponse($response);
     }
 }