Password change needs to require user login to reset some cookies

closes #1793
This commit is contained in:
Dane Everitt 2019-12-28 12:07:42 -08:00
parent 5f13531c69
commit 158958d82d
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
3 changed files with 25 additions and 8 deletions

View file

@ -4,6 +4,8 @@ namespace Pterodactyl\Http\Controllers\Api\Client;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Auth\AuthManager;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Services\Users\UserUpdateService;
use Pterodactyl\Transformers\Api\Client\AccountTransformer;
use Pterodactyl\Http\Requests\Api\Client\Account\UpdateEmailRequest;
@ -16,16 +18,23 @@ class AccountController extends ClientApiController
*/
private $updateService;
/**
* @var \Illuminate\Auth\SessionGuard
*/
private $sessionGuard;
/**
* AccountController constructor.
*
* @param \Illuminate\Auth\AuthManager $sessionGuard
* @param \Pterodactyl\Services\Users\UserUpdateService $updateService
*/
public function __construct(UserUpdateService $updateService)
public function __construct(AuthManager $sessionGuard, UserUpdateService $updateService)
{
parent::__construct();
$this->updateService = $updateService;
$this->sessionGuard = $sessionGuard;
}
/**
@ -56,18 +65,21 @@ class AccountController extends ClientApiController
}
/**
* Update the authenticated user's password.
* Update the authenticated user's password. All existing sessions will be logged
* out immediately.
*
* @param \Pterodactyl\Http\Requests\Api\Client\Account\UpdatePasswordRequest $request
* @return \Illuminate\Http\Response
* @return \Illuminate\Http\JsonResponse
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function updatePassword(UpdatePasswordRequest $request): Response
public function updatePassword(UpdatePasswordRequest $request): \Illuminate\Http\JsonResponse
{
$this->updateService->handle($request->user(), $request->validated());
return response('', Response::HTTP_CREATED);
$this->sessionGuard->logoutOtherDevices($request->input('current_password'));
return JsonResponse::create([], Response::HTTP_NO_CONTENT);
}
}

View file

@ -34,8 +34,8 @@ export default () => {
clearFlashes('account:password');
updateAccountPassword({ ...values })
.then(() => {
resetForm();
addFlash({ key: 'account:password', type: 'success', message: 'Your password has been updated.' });
// @ts-ignore
window.location = '/auth/login';
})
.catch(error => addFlash({
key: 'account:password',

View file

@ -11,7 +11,12 @@ type Props = Readonly<React.DetailedHTMLProps<React.HTMLAttributes<HTMLDivElemen
export default ({ title, borderColor, showFlashes, children, ...props }: Props) => (
<div {...props}>
{title && <h2 className={'text-neutral-300 mb-4 px-4'}>{title}</h2>}
{showFlashes && <FlashMessageRender byKey={typeof showFlashes === 'string' ? showFlashes : undefined}/>}
{showFlashes &&
<FlashMessageRender
byKey={typeof showFlashes === 'string' ? showFlashes : undefined}
className={'mb-4'}
/>
}
<div className={classNames('bg-neutral-700 p-4 rounded shadow-lg relative', borderColor, {
'border-t-4': !!borderColor,
})}>