Add command to disable 2FA for a user account.
This commit is contained in:
parent
34f1152d0f
commit
4de326ad02
4 changed files with 191 additions and 0 deletions
80
app/Console/Commands/User/DisableTwoFactorCommand.php
Normal file
80
app/Console/Commands/User/DisableTwoFactorCommand.php
Normal file
|
@ -0,0 +1,80 @@
|
|||
<?php
|
||||
/*
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
namespace Pterodactyl\Console\Commands\User;
|
||||
|
||||
use Illuminate\Console\Command;
|
||||
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
||||
|
||||
class DisableTwoFactorCommand extends Command
|
||||
{
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
protected $description = 'Disable two-factor authentication for a specific user in the Panel.';
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
|
||||
*/
|
||||
protected $repository;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
protected $signature = 'p:user:disable2fa {--email= : The email of the user to disable 2-Factor for.}';
|
||||
|
||||
/**
|
||||
* DisableTwoFactorCommand constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
|
||||
*/
|
||||
public function __construct(UserRepositoryInterface $repository)
|
||||
{
|
||||
parent::__construct();
|
||||
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle command execution process.
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function handle()
|
||||
{
|
||||
if ($this->input->isInteractive()) {
|
||||
$this->output->warning(trans('command/messages.user.2fa_help_text'));
|
||||
}
|
||||
|
||||
$email = $this->option('email') ?? $this->ask(trans('command/messages.user.ask_email'));
|
||||
$user = $this->repository->withColumns(['id', 'email'])->findFirstWhere([['email', '=', $email]]);
|
||||
|
||||
$this->repository->withoutFresh()->update($user->id, [
|
||||
'use_totp' => false,
|
||||
'totp_secret' => null,
|
||||
]);
|
||||
$this->info(trans('command/messages.user.2fa_disabled', ['email' => $user->email]));
|
||||
}
|
||||
}
|
|
@ -7,6 +7,7 @@ use Pterodactyl\Console\Commands\User\MakeUserCommand;
|
|||
use Pterodactyl\Console\Commands\User\DeleteUserCommand;
|
||||
use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
|
||||
use Pterodactyl\Console\Commands\Location\MakeLocationCommand;
|
||||
use Pterodactyl\Console\Commands\User\DisableTwoFactorCommand;
|
||||
use Pterodactyl\Console\Commands\Location\DeleteLocationCommand;
|
||||
|
||||
class Kernel extends ConsoleKernel
|
||||
|
@ -19,6 +20,7 @@ class Kernel extends ConsoleKernel
|
|||
protected $commands = [
|
||||
DeleteLocationCommand::class,
|
||||
DeleteUserCommand::class,
|
||||
DisableTwoFactorCommand::class,
|
||||
MakeLocationCommand::class,
|
||||
MakeUserCommand::class,
|
||||
// \Pterodactyl\Console\Commands\MakeUser::class,
|
||||
|
|
|
@ -45,5 +45,10 @@ return [
|
|||
'ask_password' => 'Password',
|
||||
'ask_password_tip' => 'If you would like to create an account with a random password emailed to the user, re-run this command (CTRL+C) and pass the `--no-password` flag.',
|
||||
'ask_password_help' => 'Passwords must be at least 8 characters in length and contain at least one capital letter and number.',
|
||||
'2fa_help_text' => [
|
||||
'This command will disable 2-factor authentication for a user\'s account if it is enabled. This should only be used as an account recovery command if the user is locked out of their account.',
|
||||
'If this is not what you wanted to do, press CTRL+C to exit this process.',
|
||||
],
|
||||
'2fa_disabled' => '2-Factor authentication has been disabled for :email.',
|
||||
],
|
||||
];
|
||||
|
|
104
tests/Unit/Commands/User/DisableTwoFactorCommandTest.php
Normal file
104
tests/Unit/Commands/User/DisableTwoFactorCommandTest.php
Normal file
|
@ -0,0 +1,104 @@
|
|||
<?php
|
||||
/*
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
namespace Tests\Unit\Commands\User;
|
||||
|
||||
use Mockery as m;
|
||||
use Tests\TestCase;
|
||||
use Pterodactyl\Models\User;
|
||||
use Symfony\Component\Console\Tester\CommandTester;
|
||||
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
||||
use Pterodactyl\Console\Commands\User\DisableTwoFactorCommand;
|
||||
|
||||
class DisableTwoFactorCommandTest extends TestCase
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Console\Commands\User\DisableTwoFactorCommand
|
||||
*/
|
||||
protected $command;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
|
||||
*/
|
||||
protected $repository;
|
||||
|
||||
public function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
$this->repository = m::mock(UserRepositoryInterface::class);
|
||||
|
||||
$this->command = new DisableTwoFactorCommand($this->repository);
|
||||
$this->command->setLaravel($this->app);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test 2-factor auth is disabled when no option is passed.
|
||||
*/
|
||||
public function testTwoFactorIsDisabledWhenNoOptionIsPassed()
|
||||
{
|
||||
$user = factory(User::class)->make();
|
||||
|
||||
$this->repository->shouldReceive('withColumns')->with(['id', 'email'])->once()->andReturnSelf()
|
||||
->shouldReceive('findFirstWhere')->with([['email', '=', $user->email]])->once()->andReturn($user);
|
||||
$this->repository->shouldReceive('withoutFresh')->withNoArgs()->once()->andReturnSelf()
|
||||
->shouldReceive('update')->with($user->id, [
|
||||
'use_totp' => false,
|
||||
'totp_secret' => null,
|
||||
])->once()->andReturnNull();
|
||||
|
||||
$response = new CommandTester($this->command);
|
||||
$response->setInputs([$user->email]);
|
||||
$response->execute([]);
|
||||
|
||||
$display = $response->getDisplay();
|
||||
$this->assertNotEmpty($display);
|
||||
$this->assertContains(trans('command/messages.user.2fa_disabled', ['email' => $user->email]), $display);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test 2-factor auth is disabled when user is passed in option.
|
||||
*/
|
||||
public function testTwoFactorIsDisabledWhenOptionIsPassed()
|
||||
{
|
||||
$user = factory(User::class)->make();
|
||||
|
||||
$this->repository->shouldReceive('withColumns')->with(['id', 'email'])->once()->andReturnSelf()
|
||||
->shouldReceive('findFirstWhere')->with([['email', '=', $user->email]])->once()->andReturn($user);
|
||||
$this->repository->shouldReceive('withoutFresh')->withNoArgs()->once()->andReturnSelf()
|
||||
->shouldReceive('update')->with($user->id, [
|
||||
'use_totp' => false,
|
||||
'totp_secret' => null,
|
||||
])->once()->andReturnNull();
|
||||
|
||||
$response = new CommandTester($this->command);
|
||||
$response->execute([
|
||||
'--email' => $user->email,
|
||||
]);
|
||||
|
||||
$display = $response->getDisplay();
|
||||
$this->assertNotEmpty($display);
|
||||
$this->assertContains(trans('command/messages.user.2fa_disabled', ['email' => $user->email]), $display);
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue