webauthn: update login flow to support other 2fa methods

2021-07-17 12:48:14 -06:00 · 2021-07-17 12:48:14 -06:00 · 31c2ef5279
commit 31c2ef5279
parent 42a3e740ba
13 changed files with 255 additions and 41 deletions
--- a/app/Http/Controllers/Auth/AbstractLoginController.php
+++ b/app/Http/Controllers/Auth/AbstractLoginController.php
@ -90,11 +90,10 @@ abstract class AbstractLoginController extends Controller
        $this->auth->guard()->login($user, true);

        return new JsonResponse([
-            'data' => [
-                'complete' => true,
-                'intended' => $this->redirectPath(),
-                'user' => $user->toReactObject(),
-            ],
+            'complete' => true,
+            'methods' => [],
+            'intended' => $this->redirectPath(),
+            'user' => $user->toReactObject(),
        ]);
    }

--- a/app/Http/Controllers/Auth/LoginCheckpointController.php
+++ b/app/Http/Controllers/Auth/LoginCheckpointController.php
@ -4,7 +4,6 @@ namespace Pterodactyl\Http\Controllers\Auth;

 use Pterodactyl\Models\User;
 use Illuminate\Auth\AuthManager;
-use Illuminate\Http\JsonResponse;
 use PragmaRX\Google2FA\Google2FA;
 use Illuminate\Contracts\Config\Repository;
 use Illuminate\Contracts\Encryption\Encrypter;
@ -48,7 +47,7 @@ class LoginCheckpointController extends AbstractLoginController
     * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
     * @throws \Illuminate\Validation\ValidationException
     */
-    public function __invoke(LoginCheckpointRequest $request): JsonResponse
+    public function __invoke(LoginCheckpointRequest $request)
    {
        if ($this->hasTooManyLoginAttempts($request)) {
            $this->sendLockoutResponse($request);
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -17,11 +17,11 @@ use Pterodactyl\Exceptions\Repository\RecordNotFoundException;

 class LoginController extends AbstractLoginController
 {
-    /**
-     * @var string
-     */
    private const SESSION_PUBLICKEY_REQUEST = 'webauthn.publicKeyRequest';

+    private const METHOD_TOTP = 'totp';
+    private const METHOD_WEBAUTHN = 'webauthn';
+
    private CacheRepository $cache;
    private UserRepositoryInterface $repository;
    private ViewFactory $view;
@ -61,7 +61,7 @@ class LoginController extends AbstractLoginController
     * @throws \Pterodactyl\Exceptions\DisplayException
     * @throws \Illuminate\Validation\ValidationException
     */
-    public function login(Request $request): JsonResponse
+    public function login(Request $request)
    {
        $username = $request->input('user');
        $useColumn = $this->getField($username);
@ -99,9 +99,9 @@ class LoginController extends AbstractLoginController
            $request->session()->put(self::SESSION_PUBLICKEY_REQUEST, $publicKey);
            $request->session()->save();

-            $methods = ['webauthn'];
+            $methods = [ self::METHOD_WEBAUTHN ];
            if ($user->use_totp) {
-                $methods[] = 'totp';
+                $methods[] = self::METHOD_TOTP;
            }

            return new JsonResponse([
@ -118,7 +118,7 @@ class LoginController extends AbstractLoginController

            return new JsonResponse([
                'complete' => false,
-                'methods' => ['totp'],
+                'methods' => [ self::METHOD_TOTP ],
                'confirmation_token' => $token,
            ]);
        }