Get a working rough copy of the login page

This commit is contained in:
Dane Everitt 2018-04-01 17:46:16 -05:00
parent 94710934b9
commit 324b989a29
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
13 changed files with 265 additions and 68 deletions

View file

@ -4,9 +4,10 @@ namespace Pterodactyl\Http\Controllers\Auth;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Auth\AuthManager; use Illuminate\Auth\AuthManager;
use Illuminate\Http\JsonResponse;
use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
use Illuminate\Auth\Events\Failed; use Illuminate\Auth\Events\Failed;
use Illuminate\Http\RedirectResponse; use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Encryption\Encrypter; use Illuminate\Contracts\Encryption\Encrypter;
@ -106,11 +107,12 @@ class LoginController extends Controller
* Handle a login request to the application. * Handle a login request to the application.
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response * @return \Illuminate\Http\JsonResponse
* *
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Illuminate\Validation\ValidationException * @throws \Illuminate\Validation\ValidationException
*/ */
public function login(Request $request) public function login(Request $request): JsonResponse
{ {
$username = $request->input(self::USER_INPUT_FIELD); $username = $request->input(self::USER_INPUT_FIELD);
$useColumn = $this->getField($username); $useColumn = $this->getField($username);
@ -128,37 +130,28 @@ class LoginController extends Controller
$validCredentials = password_verify($request->input('password'), $user->password); $validCredentials = password_verify($request->input('password'), $user->password);
if ($user->use_totp) { if ($user->use_totp) {
$token = str_random(64); $token = str_random(128);
$this->cache->put($token, ['user_id' => $user->id, 'valid_credentials' => $validCredentials], 5); $this->cache->put($token, [
'user_id' => $user->id,
'valid_credentials' => $validCredentials,
'request_ip' => $request->ip(),
], 5);
return redirect()->route('auth.totp')->with('authentication_token', $token); return response()->json([
'complete' => false,
'token' => $token,
]);
} }
if ($validCredentials) { if ($validCredentials) {
$this->auth->guard()->login($user, true); $this->auth->guard()->login($user, true);
return $this->sendLoginResponse($request); return response()->json(['complete' => true]);
} }
return $this->sendFailedLoginResponse($request, $user); return $this->sendFailedLoginResponse($request, $user);
} }
/**
* Handle a TOTP implementation page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\View\View
*/
public function totp(Request $request)
{
$token = $request->session()->get('authentication_token');
if (is_null($token) || $this->auth->guard()->user()) {
return redirect()->route('auth.login');
}
return view('auth.totp', ['verify_key' => $token]);
}
/** /**
* Handle a login where the user is required to provide a TOTP authentication * Handle a login where the user is required to provide a TOTP authentication
* token. In order to add additional layers of security, users are not * token. In order to add additional layers of security, users are not
@ -167,27 +160,29 @@ class LoginController extends Controller
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response
*
* @throws \Pterodactyl\Exceptions\DisplayException
*/ */
public function loginUsingTotp(Request $request) public function loginCheckpoint(Request $request)
{ {
if (is_null($request->input('verify_token'))) { if (is_null($request->input('confirmation_token')) || is_null($request->input('authentication_code'))) {
return $this->sendFailedLoginResponse($request); return $this->sendFailedLoginResponse($request);
} }
try { try {
$cache = $this->cache->pull($request->input('verify_token'), []); $cache = $this->cache->pull($request->input('confirmation_token'), []);
$user = $this->repository->find(array_get($cache, 'user_id', 0)); $user = $this->repository->find(array_get($cache, 'user_id', 0));
} catch (RecordNotFoundException $exception) { } catch (RecordNotFoundException $exception) {
return $this->sendFailedLoginResponse($request); return $this->sendFailedLoginResponse($request);
} }
if (is_null($request->input('2fa_token')) || ! array_get($cache, 'valid_credentials')) { if (! array_get($cache, 'valid_credentials') || array_get($cache, 'request_ip') !== $request->ip()) {
return $this->sendFailedLoginResponse($request, $user); return $this->sendFailedLoginResponse($request, $user);
} }
if (! $this->google2FA->verifyKey( if (! $this->google2FA->verifyKey(
$this->encrypter->decrypt($user->totp_secret), $this->encrypter->decrypt($user->totp_secret),
$request->input('2fa_token'), $request->input('authentication_code'),
$this->config->get('pterodactyl.auth.2fa.window') $this->config->get('pterodactyl.auth.2fa.window')
)) { )) {
return $this->sendFailedLoginResponse($request, $user); return $this->sendFailedLoginResponse($request, $user);
@ -203,24 +198,35 @@ class LoginController extends Controller
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @param \Illuminate\Contracts\Auth\Authenticatable|null $user * @param \Illuminate\Contracts\Auth\Authenticatable|null $user
* @return \Illuminate\Http\RedirectResponse *
* @throws \Pterodactyl\Exceptions\DisplayException
*/ */
protected function sendFailedLoginResponse(Request $request, Authenticatable $user = null): RedirectResponse protected function sendFailedLoginResponse(Request $request, Authenticatable $user = null)
{ {
$this->incrementLoginAttempts($request); $this->incrementLoginAttempts($request);
$this->fireFailedLoginEvent($user, [ $this->fireFailedLoginEvent($user, [
$this->getField($request->input(self::USER_INPUT_FIELD)) => $request->input(self::USER_INPUT_FIELD), $this->getField($request->input(self::USER_INPUT_FIELD)) => $request->input(self::USER_INPUT_FIELD),
]); ]);
$errors = [self::USER_INPUT_FIELD => trans('auth.failed')]; throw new DisplayException(trans('auth.failed'));
}
if ($request->expectsJson()) { /**
return response()->json($errors, 422); * Send the response after the user was authenticated.
} *
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function sendLoginResponse(Request $request)
{
$request->session()->regenerate();
return redirect()->route('auth.login') $this->clearLoginAttempts($request);
->withInput($request->only(self::USER_INPUT_FIELD))
->withErrors($errors); return $this->authenticated($request, $this->guard()->user())
?: response()->json([
'intended' => $this->redirectPath(),
]);
} }
/** /**

View file

@ -38,6 +38,7 @@
"vue-template-compiler": "^2.5.16", "vue-template-compiler": "^2.5.16",
"vueify-insert-css": "^1.0.0", "vueify-insert-css": "^1.0.0",
"vuex": "^3.0.1", "vuex": "^3.0.1",
"vuex-flash": "^1.0.0",
"vuex-i18n": "^1.10.5", "vuex-i18n": "^1.10.5",
"webpack": "^4.4.1", "webpack": "^4.4.1",
"webpack-stream": "^4.0.3", "webpack-stream": "^4.0.3",

View file

@ -1,6 +1,8 @@
import Vue from 'vue'; import Vue from 'vue';
import Vuex from 'vuex'; import Vuex from 'vuex';
import vuexI18n from 'vuex-i18n'; import vuexI18n from 'vuex-i18n';
import VuexFlash from 'vuex-flash';
import { createFlashStore } from 'vuex-flash';
import VueRouter from 'vue-router'; import VueRouter from 'vue-router';
// Helpers // Helpers
@ -15,7 +17,11 @@ window.Ziggy = Ziggy;
Vue.use(Vuex); Vue.use(Vuex);
const store = new Vuex.Store(); const store = new Vuex.Store({
plugins: [
createFlashStore(),
],
});
const route = require('./../../../../vendor/tightenco/ziggy/src/js/route').default; const route = require('./../../../../vendor/tightenco/ziggy/src/js/route').default;
Vue.config.productionTip = false; Vue.config.productionTip = false;
@ -26,6 +32,10 @@ Vue.mixin({
}); });
Vue.use(VueRouter); Vue.use(VueRouter);
Vue.use(VuexFlash, {
mixin: true,
template: require('./components/errors/Flash.template')
});
Vue.use(vuexI18n.plugin, store); Vue.use(vuexI18n.plugin, store);
Vue.i18n.add('en', Locales.en); Vue.i18n.add('en', Locales.en);
@ -34,9 +44,20 @@ Vue.i18n.set('en');
const router = new VueRouter({ const router = new VueRouter({
routes: [ routes: [
{ {
path: '/:action?', name: 'login',
path: '/',
component: Login, component: Login,
} },
{
name: 'forgot-password',
path: '/forgot-password',
component: Login,
},
{
name: 'checkpoint',
path: '/checkpoint',
component: Login,
},
] ]
}); });

View file

@ -3,7 +3,7 @@
<form class="bg-white shadow-lg rounded-lg pt-10 px-8 pb-6 mb-4 animate fadein" method="post"> <form class="bg-white shadow-lg rounded-lg pt-10 px-8 pb-6 mb-4 animate fadein" method="post">
<div class="flex flex-wrap -mx-3 mb-6"> <div class="flex flex-wrap -mx-3 mb-6">
<div class="input-open"> <div class="input-open">
<input class="input" id="grid-email" type="email" aria-labelledby="grid-email" required <input class="input" id="grid-email" type="email" aria-labelledby="grid-email" ref="email" required
v-bind:value="email" v-bind:value="email"
v-on:input="updateEmail($event)" v-on:input="updateEmail($event)"
/> />
@ -27,7 +27,7 @@
</template> </template>
<script> <script>
import Csrf from "../shared/CSRF"; import Csrf from "../forms/CSRF";
export default { export default {
components: {Csrf}, components: {Csrf},
@ -35,6 +35,9 @@
props: { props: {
email: {type: String, required: true}, email: {type: String, required: true},
}, },
mounted: function () {
this.$refs.email.focus();
},
data: function () { data: function () {
return { return {
X_CSRF_TOKEN: window.X_CSRF_TOKEN, X_CSRF_TOKEN: window.X_CSRF_TOKEN,

View file

@ -1,14 +1,17 @@
<template> <template>
<div> <div>
<login-form <login-form
v-if="this.$route.path === '/'" v-if="this.$route.name === 'login'"
v-bind:email="email" v-bind:user="user"
v-on:update-email="onEmailUpdate" v-on:update-email="onUpdateEmail"
/> />
<forgot-password <forgot-password
v-if="this.$route.path === '/forgot-password'" v-if="this.$route.name === 'forgot-password'"
v-bind:email="email" v-bind:email="user.email"
v-on:update-email="onEmailUpdate" v-on:update-email="onUpdateEmail"
/>
<two-factor-form
v-if="this.$route.name === 'checkpoint'"
/> />
</div> </div>
</template> </template>
@ -16,22 +19,26 @@
<script> <script>
import LoginForm from "./LoginForm"; import LoginForm from "./LoginForm";
import ForgotPassword from "./ForgotPassword"; import ForgotPassword from "./ForgotPassword";
import TwoFactorForm from "./TwoFactorForm";
export default { export default {
name: 'login', name: 'login',
data: function () { data: function () {
return { return {
email: '', user: {
email: ''
},
}; };
}, },
methods: { methods: {
onEmailUpdate: function (value) { onUpdateEmail: function (value) {
this.$data.email = value; this.$data.user.email = value;
}, },
}, },
components: { components: {
TwoFactorForm,
ForgotPassword, ForgotPassword,
LoginForm LoginForm,
}, },
} }
</script> </script>

View file

@ -1,10 +1,25 @@
<template> <template>
<div> <div>
<form class="bg-white shadow-lg rounded-lg pt-10 px-8 pb-6 mb-4 animate fadein" :action="route('auth.login')" method="post"> <flash-message variant="danger" />
<flash-message variant="success" />
<flash-message variant="warning" />
<flash-message variant="info" />
<div class="py-4" v-if="errors && errors.length === 1">
<div class="p-2 bg-red-dark border-red-darker border items-center text-red-lightest leading-normal rounded flex lg:inline-flex w-full text-sm"
role="alert">
<span class="flex rounded-full bg-red uppercase px-2 py-1 text-xs font-bold mr-3 leading-none">Error</span>
<span class="mr-2 text-left flex-auto">{{ errors[0] }}</span>
</div>
</div>
<form class="bg-white shadow-lg rounded-lg pt-10 px-8 pb-6 mb-4 animate fadein" method="post"
v-on:submit.prevent="handleLogin"
>
<div class="flex flex-wrap -mx-3 mb-6"> <div class="flex flex-wrap -mx-3 mb-6">
<div class="input-open"> <div class="input-open">
<input class="input" id="grid-username" type="text" name="user" aria-labelledby="grid-username" required <input class="input" id="grid-username" type="text" name="user" aria-labelledby="grid-username"
v-bind:value="email" ref="email"
required
v-bind:value="user.email"
v-on:input="updateEmail($event)" v-on:input="updateEmail($event)"
/> />
<label for="grid-username">{{ $t('strings.user_identifier') }}</label> <label for="grid-username">{{ $t('strings.user_identifier') }}</label>
@ -12,18 +27,21 @@
</div> </div>
<div class="flex flex-wrap -mx-3 mb-6"> <div class="flex flex-wrap -mx-3 mb-6">
<div class="input-open"> <div class="input-open">
<input class="input" id="grid-password" type="password" name="password" aria-labelledby="grid-password" required> <input class="input" id="grid-password" type="password" name="password"
aria-labelledby="grid-password" required
v-model="user.password"
/>
<label for="grid-password">{{ $t('strings.password') }}</label> <label for="grid-password">{{ $t('strings.password') }}</label>
</div> </div>
</div> </div>
<div> <div>
<csrf/>
<button class="btn btn-blue btn-jumbo" type="submit"> <button class="btn btn-blue btn-jumbo" type="submit">
{{ $t('auth.sign_in') }} {{ $t('auth.sign_in') }}
</button> </button>
</div> </div>
<div class="pt-6 text-center"> <div class="pt-6 text-center">
<router-link to="/forgot-password" class="text-xs text-grey tracking-wide no-underline uppercase hover:text-grey-dark"> <router-link class="text-xs text-grey tracking-wide no-underline uppercase hover:text-grey-dark"
:to="{ name: 'forgot-password' }">
{{ $t('auth.forgot_password') }} {{ $t('auth.forgot_password') }}
</router-link> </router-link>
</div> </div>
@ -32,20 +50,61 @@
</template> </template>
<script> <script>
import Csrf from "../shared/CSRF";
export default { export default {
components: {Csrf},
name: 'login-form', name: 'login-form',
props: { props: {
email: { type: String, required: true }, user: {
type: Object,
required: false,
default: function () {
return {
email: '',
password: '',
};
},
}
}, },
data: function () { data: function () {
return { return {
X_CSRF_TOKEN: window.X_CSRF_TOKEN, errors: [],
}; }
},
mounted: function () {
this.$refs.email.focus();
}, },
methods: { methods: {
// Handle a login request eminating from the form. If 2FA is required the
// user will be presented with the 2FA modal window.
handleLogin: function () {
const self = this;
axios.post(this.route('auth.login'), {
user: this.$props.user.email,
password: this.$props.user.password,
})
.then(function (response) {
if (response.data.complete) {
return window.location = '/';
}
self.$props.user.password = '';
self.$router.push({name: 'checkpoint', query: {token: response.data.token}});
})
.catch(function (err) {
self.$props.user.password = '';
if (!err.response) {
return console.error(err);
}
const response = err.response;
if (response.data && _.isObject(response.data.errors)) {
self.$data.errors.push(response.data.errors[0].detail);
}
});
},
// Update the email address associated with the login form
// so that it is populated in the parent model automatically.
updateEmail: function (event) { updateEmail: function (event) {
this.$emit('update-email', event.target.value); this.$emit('update-email', event.target.value);
} }

View file

@ -0,0 +1,64 @@
<template>
<form class="bg-white shadow-lg rounded-lg pt-10 px-8 pb-6 mb-4 animate fadein" method="post"
v-on:submit.prevent="submitToken"
>
<div class="flex flex-wrap -mx-3 mb-6">
<div class="input-open">
<input class="input" id="grid-code" type="number" name="token" aria-labelledby="grid-username" ref="code" required
v-model="code"
/>
<label for="grid-code">{{ $t('auth.two_factor.label') }}</label>
<p class="text-grey-darker text-xs">{{ $t('auth.two_factor.label_help') }}</p>
</div>
</div>
<div>
<button class="btn btn-blue btn-jumbo" type="submit">
{{ $t('auth.sign_in') }}
</button>
</div>
<div class="pt-6 text-center">
<router-link class="text-xs text-grey tracking-wide no-underline uppercase hover:text-grey-dark"
:to="{ name: 'login' }">
Back to Login
</router-link>
</div>
</form>
</template>
<script>
export default {
name: "two-factor-form",
data: function () {
return {
code: '',
};
},
mounted: function () {
this.$refs.code.focus();
},
methods: {
submitToken: function () {
const self = this;
axios.post(this.route('auth.checkpoint'), {
confirmation_token: this.$route.query.token,
authentication_code: this.$data.code,
})
.then(function (response) {
window.location = response.data.intended;
})
.catch(function (err) {
if (!err.response) {
return console.error(err);
}
const response = err.response;
if (response.data && _.isObject(response.data.errors)) {
self.flash({message: response.data.errors[0].detail, variant: 'danger'});
self.$router.push({ name: 'login' });
}
});
}
}
}
</script>

View file

@ -0,0 +1,28 @@
module.exports = `
<div class="pb-2" v-if="show">
<transition v-if="variant === 'success'">
<div class="p-2 bg-green-dark border-green-darker border items-center text-green-lightest leading-normal rounded flex lg:inline-flex w-full text-sm" role="alert">
<span class="flex rounded-full bg-green uppercase px-2 py-1 text-xs font-bold mr-3 leading-none">Success</span>
<span class="mr-2 text-left flex-auto">{{ message }}</span>
</div>
</transition>
<transition v-if="variant === 'danger'">
<div class="p-2 bg-red-dark border-red-darker border items-center text-red-lightest leading-normal rounded flex lg:inline-flex w-full text-sm" role="alert">
<span class="flex rounded-full bg-red uppercase px-2 py-1 text-xs font-bold mr-3 leading-none">Error</span>
<span class="mr-2 text-left flex-auto">{{ message }}</span>
</div>
</transition>
<transition v-if="variant === 'info'">
<div class="p-2 bg-blue-dark border-blue-darker border items-center text-blue-lightest leading-normal rounded flex lg:inline-flex w-full text-sm" role="alert">
<span class="flex rounded-full bg-blue uppercase px-2 py-1 text-xs font-bold mr-3 leading-none">Info</span>
<span class="mr-2 text-left flex-auto">{{ message }}</span>
</div>
</transition>
<transition v-if="variant === 'warning'">
<div class="p-2 bg-yellow-dark border-yellow-darker border items-center text-yellow-lightest leading-normal rounded flex lg:inline-flex w-full text-sm" role="alert">
<span class="flex rounded-full bg-yellow uppercase px-2 py-1 text-xs font-bold mr-3 leading-none">Warning</span>
<span class="mr-2 text-left flex-auto">{{ message }}</span>
</div>
</transition>
</div>
`;

View file

@ -13,7 +13,7 @@
&:focus + label, &:valid + label { &:focus + label, &:valid + label {
@apply .text-grey-darker .px-0 .cursor-pointer; @apply .text-grey-darker .px-0 .cursor-pointer;
transform:translateY(-24px) transform:translateY(-26px)
} }
&:invalid + label { &:invalid + label {

View file

@ -10,6 +10,12 @@ return [
'go_to_login' => 'Go to Login', 'go_to_login' => 'Go to Login',
'reset_help_text' => 'Enter your account email address to recive instructions on resetting your password.', 'reset_help_text' => 'Enter your account email address to recive instructions on resetting your password.',
'recover_account' => 'Recover Account', 'recover_account' => 'Recover Account',
'two_factor' => [
'label' => '2-Factor Token',
'label_help' => 'This account requires a second layer of authentication in order to continue. Please enter the code generated by your device to complete this login.',
],
'reset_password_text' => 'Reset your account password.', 'reset_password_text' => 'Reset your account password.',
'reset_password' => 'Reset Account Password', 'reset_password' => 'Reset Account Password',
'email_sent' => 'An email has been sent to you with further instructions for resetting your password.', 'email_sent' => 'An email has been sent to you with further instructions for resetting your password.',

View file

@ -10,12 +10,10 @@
*/ */
Route::group(['middleware' => 'guest'], function () { Route::group(['middleware' => 'guest'], function () {
Route::get('/login', 'LoginController@showLoginForm')->name('auth.login'); Route::get('/login', 'LoginController@showLoginForm')->name('auth.login');
Route::get('/login/totp', 'LoginController@totp')->name('auth.totp');
Route::get('/password', 'ForgotPasswordController@showLinkRequestForm')->name('auth.password');
Route::get('/password/reset/{token}', 'ResetPasswordController@showResetForm')->name('auth.reset'); Route::get('/password/reset/{token}', 'ResetPasswordController@showResetForm')->name('auth.reset');
Route::post('/login', 'LoginController@login')->middleware('recaptcha'); Route::post('/login', 'LoginController@login')->middleware('recaptcha');
Route::post('/login/totp', 'LoginController@loginUsingTotp'); Route::post('/login/checkpoint', 'LoginController@loginCheckpoint')->name('auth.checkpoint');
Route::post('/password', 'ForgotPasswordController@sendResetLinkEmail')->middleware('recaptcha'); Route::post('/password', 'ForgotPasswordController@sendResetLinkEmail')->middleware('recaptcha');
Route::post('/password/reset', 'ResetPasswordController@reset')->name('auth.reset.post')->middleware('recaptcha'); Route::post('/password/reset', 'ResetPasswordController@reset')->name('auth.reset.post')->middleware('recaptcha');
Route::post('/password/reset/{token}', 'ForgotPasswordController@sendResetLinkEmail')->middleware('recaptcha'); Route::post('/password/reset/{token}', 'ForgotPasswordController@sendResetLinkEmail')->middleware('recaptcha');

View file

@ -6004,6 +6004,10 @@ vueify-insert-css@^1.0.0:
version "1.0.0" version "1.0.0"
resolved "https://registry.yarnpkg.com/vueify-insert-css/-/vueify-insert-css-1.0.0.tgz#57e5d791907e8c9d87ae6de099a2174bd0a7f990" resolved "https://registry.yarnpkg.com/vueify-insert-css/-/vueify-insert-css-1.0.0.tgz#57e5d791907e8c9d87ae6de099a2174bd0a7f990"
vuex-flash@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/vuex-flash/-/vuex-flash-1.0.0.tgz#4bbeb2093d4857ddef45a6c50f10243539acee6e"
vuex-i18n@^1.10.5: vuex-i18n@^1.10.5:
version "1.10.5" version "1.10.5"
resolved "https://registry.yarnpkg.com/vuex-i18n/-/vuex-i18n-1.10.5.tgz#635ea2204e0aa3f8fd512f0fab7f6b994d3f666c" resolved "https://registry.yarnpkg.com/vuex-i18n/-/vuex-i18n-1.10.5.tgz#635ea2204e0aa3f8fd512f0fab7f6b994d3f666c"