Merge branch 'release/v0.7.14' into feature/react
This commit is contained in:
commit
56640253b9
16 changed files with 178 additions and 59 deletions
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -3,6 +3,21 @@ This file is a running track of new features and fixes to each version of the pa
|
||||||
|
|
||||||
This project follows [Semantic Versioning](http://semver.org) guidelines.
|
This project follows [Semantic Versioning](http://semver.org) guidelines.
|
||||||
|
|
||||||
|
## v0.7.14 (Derelict Dermodactylus)
|
||||||
|
### Fixed
|
||||||
|
* **[SECURITY]** Fixes an XSS vulnerability when performing certain actions in the file manager.
|
||||||
|
* **[SECURITY]** Attempting to login as a user who has 2FA enabled will no longer request the 2FA token before validating
|
||||||
|
that their password is correct. This closes a user existence leak that would expose that an account exists if
|
||||||
|
it had 2FA enabled.
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
* Support for setting a node to listen on ports lower than 1024.
|
||||||
|
* QR code URLs are now generated without the use of an external library to reduce the dependency tree.
|
||||||
|
* Regenerated database passwords now respect the same settings that were used when initially created.
|
||||||
|
* Cleaned up 2FA QR code generation to use a more up-to-date library and API.
|
||||||
|
* Console charts now properly start at 0 and scale based on server configuration. No more crazy spikes that
|
||||||
|
are due to a change of one unit.
|
||||||
|
|
||||||
## v0.7.13 (Derelict Dermodactylus)
|
## v0.7.13 (Derelict Dermodactylus)
|
||||||
### Fixed
|
### Fixed
|
||||||
* Fixes a bug with the location update API endpoint throwing an error due to an unexected response value.
|
* Fixes a bug with the location update API endpoint throwing an error due to an unexected response value.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
[![Logo Image](https://cdn.pterodactyl.io/logos/Banner%20Logo%20Black@2x.png)](https://pterodactyl.io)
|
[![Logo Image](https://cdn.pterodactyl.io/logos/new/pterodactyl_logo.png)](https://pterodactyl.io)
|
||||||
|
|
||||||
[![Build status](https://img.shields.io/travis/pterodactyl/panel/develop.svg?style=flat-square)](https://travis-ci.org/pterodactyl/panel)
|
[![Build status](https://img.shields.io/travis/pterodactyl/panel/develop.svg?style=flat-square)](https://travis-ci.org/pterodactyl/panel)
|
||||||
[![StyleCI](https://styleci.io/repos/47508644/shield?branch=develop)](https://styleci.io/repos/47508644)
|
[![StyleCI](https://styleci.io/repos/47508644/shield?branch=develop)](https://styleci.io/repos/47508644)
|
||||||
|
|
|
@ -54,6 +54,71 @@ class LoginController extends AbstractLoginController
|
||||||
return $this->sendFailedLoginResponse($request, $user);
|
return $this->sendFailedLoginResponse($request, $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($user->use_totp) {
|
||||||
|
$token = str_random(64);
|
||||||
|
$this->cache->put($token, ['user_id' => $user->id, 'valid_credentials' => true], 5);
|
||||||
|
|
||||||
|
return redirect()->route('auth.totp')->with('authentication_token', $token);
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->auth->guard()->login($user, true);
|
||||||
|
|
||||||
|
return $this->sendLoginResponse($user, $request);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle a TOTP implementation page.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
* @return \Illuminate\Http\RedirectResponse|\Illuminate\View\View
|
||||||
|
*/
|
||||||
|
public function totp(Request $request)
|
||||||
|
{
|
||||||
|
$token = $request->session()->get('authentication_token');
|
||||||
|
if (is_null($token) || $this->auth->guard()->user()) {
|
||||||
|
return redirect()->route('auth.login');
|
||||||
|
}
|
||||||
|
|
||||||
|
return view('auth.totp', ['verify_key' => $token]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle a login where the user is required to provide a TOTP authentication
|
||||||
|
* token.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response
|
||||||
|
*
|
||||||
|
* @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
|
||||||
|
* @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
|
||||||
|
* @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
|
||||||
|
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||||
|
*/
|
||||||
|
public function loginUsingTotp(Request $request)
|
||||||
|
{
|
||||||
|
if (is_null($request->input('verify_token'))) {
|
||||||
|
return $this->sendFailedLoginResponse($request);
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$cache = $this->cache->pull($request->input('verify_token'), []);
|
||||||
|
$user = $this->repository->find(array_get($cache, 'user_id', 0));
|
||||||
|
} catch (RecordNotFoundException $exception) {
|
||||||
|
return $this->sendFailedLoginResponse($request);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (is_null($request->input('2fa_token'))) {
|
||||||
|
return $this->sendFailedLoginResponse($request, $user);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! $this->google2FA->verifyKey(
|
||||||
|
$this->encrypter->decrypt($user->totp_secret),
|
||||||
|
$request->input('2fa_token'),
|
||||||
|
$this->config->get('pterodactyl.auth.2fa.window')
|
||||||
|
)) {
|
||||||
|
return $this->sendFailedLoginResponse($request, $user);
|
||||||
|
}
|
||||||
|
|
||||||
// If the user is using 2FA we do not actually log them in at this step, we return
|
// If the user is using 2FA we do not actually log them in at this step, we return
|
||||||
// a one-time token to link the 2FA credentials to this account via the UI.
|
// a one-time token to link the 2FA credentials to this account via the UI.
|
||||||
if ($user->use_totp) {
|
if ($user->use_totp) {
|
||||||
|
|
|
@ -83,8 +83,8 @@ class SecurityController extends Controller
|
||||||
|
|
||||||
return JsonResponse::create([
|
return JsonResponse::create([
|
||||||
'enabled' => false,
|
'enabled' => false,
|
||||||
'qr_image' => $response->get('image'),
|
'qr_image' => $response,
|
||||||
'secret' => $response->get('secret'),
|
'secret' => '',
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,23 +1,18 @@
|
||||||
<?php
|
<?php
|
||||||
/**
|
|
||||||
* Pterodactyl - Panel
|
|
||||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
|
||||||
*
|
|
||||||
* This software is licensed under the terms of the MIT license.
|
|
||||||
* https://opensource.org/licenses/MIT
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace Pterodactyl\Services\Users;
|
namespace Pterodactyl\Services\Users;
|
||||||
|
|
||||||
|
use Exception;
|
||||||
|
use RuntimeException;
|
||||||
use Pterodactyl\Models\User;
|
use Pterodactyl\Models\User;
|
||||||
use Illuminate\Support\Collection;
|
|
||||||
use PragmaRX\Google2FAQRCode\Google2FA;
|
|
||||||
use Illuminate\Contracts\Encryption\Encrypter;
|
use Illuminate\Contracts\Encryption\Encrypter;
|
||||||
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
||||||
use Illuminate\Contracts\Config\Repository as ConfigRepository;
|
use Illuminate\Contracts\Config\Repository as ConfigRepository;
|
||||||
|
|
||||||
class TwoFactorSetupService
|
class TwoFactorSetupService
|
||||||
{
|
{
|
||||||
|
const VALID_BASE32_CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var \Illuminate\Contracts\Config\Repository
|
* @var \Illuminate\Contracts\Config\Repository
|
||||||
*/
|
*/
|
||||||
|
@ -28,11 +23,6 @@ class TwoFactorSetupService
|
||||||
*/
|
*/
|
||||||
private $encrypter;
|
private $encrypter;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var PragmaRX\Google2FAQRCode\Google2FA
|
|
||||||
*/
|
|
||||||
private $google2FA;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
|
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
|
||||||
*/
|
*/
|
||||||
|
@ -43,43 +33,51 @@ class TwoFactorSetupService
|
||||||
*
|
*
|
||||||
* @param \Illuminate\Contracts\Config\Repository $config
|
* @param \Illuminate\Contracts\Config\Repository $config
|
||||||
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
|
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
|
||||||
* @param PragmaRX\Google2FAQRCode\Google2FA $google2FA
|
|
||||||
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
|
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
|
||||||
*/
|
*/
|
||||||
public function __construct(
|
public function __construct(
|
||||||
ConfigRepository $config,
|
ConfigRepository $config,
|
||||||
Encrypter $encrypter,
|
Encrypter $encrypter,
|
||||||
Google2FA $google2FA,
|
|
||||||
UserRepositoryInterface $repository
|
UserRepositoryInterface $repository
|
||||||
) {
|
) {
|
||||||
$this->config = $config;
|
$this->config = $config;
|
||||||
$this->encrypter = $encrypter;
|
$this->encrypter = $encrypter;
|
||||||
$this->google2FA = $google2FA;
|
|
||||||
$this->repository = $repository;
|
$this->repository = $repository;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generate a 2FA token and store it in the database before returning the
|
* Generate a 2FA token and store it in the database before returning the
|
||||||
* QR code image.
|
* QR code URL. This URL will need to be attached to a QR generating service in
|
||||||
|
* order to function.
|
||||||
*
|
*
|
||||||
* @param \Pterodactyl\Models\User $user
|
* @param \Pterodactyl\Models\User $user
|
||||||
* @return \Illuminate\Support\Collection
|
* @return string
|
||||||
*
|
*
|
||||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||||
*/
|
*/
|
||||||
public function handle(User $user): Collection
|
public function handle(User $user): string
|
||||||
{
|
{
|
||||||
$secret = $this->google2FA->generateSecretKey($this->config->get('pterodactyl.auth.2fa.bytes'));
|
$secret = '';
|
||||||
$image = $this->google2FA->getQRCodeInline($this->config->get('app.name'), $user->email, $secret);
|
try {
|
||||||
|
for ($i = 0; $i < $this->config->get('pterodactyl.auth.2fa.bytes', 16); $i++) {
|
||||||
|
$secret .= substr(self::VALID_BASE32_CHARACTERS, random_int(0, 31), 1);
|
||||||
|
}
|
||||||
|
} catch (Exception $exception) {
|
||||||
|
throw new RuntimeException($exception->getMessage(), 0, $exception);
|
||||||
|
}
|
||||||
|
|
||||||
$this->repository->withoutFreshModel()->update($user->id, [
|
$this->repository->withoutFreshModel()->update($user->id, [
|
||||||
'totp_secret' => $this->encrypter->encrypt($secret),
|
'totp_secret' => $this->encrypter->encrypt($secret),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
return new Collection([
|
$company = $this->config->get('app.name');
|
||||||
'image' => $image,
|
|
||||||
'secret' => $secret,
|
return sprintf(
|
||||||
]);
|
'otpauth://totp/%1$s:%2$s?secret=%3$s&issuer=%1$s',
|
||||||
|
rawurlencode($company),
|
||||||
|
rawurlencode($user->email),
|
||||||
|
rawurlencode($secret)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,6 @@
|
||||||
"matriphe/iso-639": "^1.2",
|
"matriphe/iso-639": "^1.2",
|
||||||
"nesbot/carbon": "^1.22",
|
"nesbot/carbon": "^1.22",
|
||||||
"pragmarx/google2fa": "^5.0",
|
"pragmarx/google2fa": "^5.0",
|
||||||
"pragmarx/google2fa-qrcode": "^1.0.3",
|
|
||||||
"predis/predis": "^1.1",
|
"predis/predis": "^1.1",
|
||||||
"prologue/alerts": "^0.4",
|
"prologue/alerts": "^0.4",
|
||||||
"ramsey/uuid": "^3.7",
|
"ramsey/uuid": "^3.7",
|
||||||
|
|
|
@ -9,7 +9,7 @@ return [
|
||||||
| change this value if you are not maintaining your own internal versions.
|
| change this value if you are not maintaining your own internal versions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
'version' => 'canary',
|
'version' => '0.7.14',
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
|
||||||
return [
|
return [
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
@ -255,6 +255,31 @@ $(document).ready(function () {
|
||||||
|
|
||||||
TimeLabels.push($.format.date(new Date(), 'HH:mm:ss'));
|
TimeLabels.push($.format.date(new Date(), 'HH:mm:ss'));
|
||||||
|
|
||||||
|
|
||||||
|
// memory.cmax is the maximum given by the container
|
||||||
|
// memory.amax is given by the json config
|
||||||
|
// use the maximum of both
|
||||||
|
// with no limit memory.cmax will always be higher
|
||||||
|
// but with limit memory.amax is sometimes still smaller than memory.total
|
||||||
|
MemoryChart.config.options.scales.yAxes[0].ticks.max = Math.max(proc.data.memory.cmax, proc.data.memory.amax) / (1000 * 1000);
|
||||||
|
|
||||||
|
if (Pterodactyl.server.cpu > 0) {
|
||||||
|
// if there is a cpu limit defined use 100% as maximum
|
||||||
|
CPUChart.config.options.scales.yAxes[0].ticks.max = 100;
|
||||||
|
} else {
|
||||||
|
// if there is no cpu limit defined use linux percentage
|
||||||
|
// and find maximum in all values
|
||||||
|
var maxCpu = 1;
|
||||||
|
for(var i = 0; i < CPUData.length; i++) {
|
||||||
|
maxCpu = Math.max(maxCpu, parseFloat(CPUData[i]))
|
||||||
|
}
|
||||||
|
|
||||||
|
maxCpu = Math.ceil(maxCpu / 100) * 100;
|
||||||
|
CPUChart.config.options.scales.yAxes[0].ticks.max = maxCpu;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
CPUChart.update();
|
CPUChart.update();
|
||||||
MemoryChart.update();
|
MemoryChart.update();
|
||||||
});
|
});
|
||||||
|
@ -301,6 +326,13 @@ $(document).ready(function () {
|
||||||
},
|
},
|
||||||
animation: {
|
animation: {
|
||||||
duration: 1,
|
duration: 1,
|
||||||
|
},
|
||||||
|
scales: {
|
||||||
|
yAxes: [{
|
||||||
|
ticks: {
|
||||||
|
beginAtZero: true
|
||||||
|
}
|
||||||
|
}]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
@ -346,6 +378,13 @@ $(document).ready(function () {
|
||||||
},
|
},
|
||||||
animation: {
|
animation: {
|
||||||
duration: 1,
|
duration: 1,
|
||||||
|
},
|
||||||
|
scales: {
|
||||||
|
yAxes: [{
|
||||||
|
ticks: {
|
||||||
|
beginAtZero: true
|
||||||
|
}
|
||||||
|
}]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -29,6 +29,10 @@ class ActionsClass {
|
||||||
this.element = undefined;
|
this.element = undefined;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sanitizedString(value) {
|
||||||
|
return $('<div>').text(value).html();
|
||||||
|
}
|
||||||
|
|
||||||
folder(path) {
|
folder(path) {
|
||||||
let inputValue
|
let inputValue
|
||||||
if (path) {
|
if (path) {
|
||||||
|
@ -296,7 +300,7 @@ class ActionsClass {
|
||||||
swal({
|
swal({
|
||||||
type: 'warning',
|
type: 'warning',
|
||||||
title: '',
|
title: '',
|
||||||
text: 'Are you sure you want to delete <code>' + delName + '</code>?',
|
text: 'Are you sure you want to delete <code>' + this.sanitizedString(delName) + '</code>?',
|
||||||
html: true,
|
html: true,
|
||||||
showCancelButton: true,
|
showCancelButton: true,
|
||||||
showConfirmButton: true,
|
showConfirmButton: true,
|
||||||
|
@ -394,7 +398,7 @@ class ActionsClass {
|
||||||
let formattedItems = "";
|
let formattedItems = "";
|
||||||
let i = 0;
|
let i = 0;
|
||||||
$.each(selectedItems, function(key, value) {
|
$.each(selectedItems, function(key, value) {
|
||||||
formattedItems += ("<code>" + value + "</code>, ");
|
formattedItems += ("<code>" + this.sanitizedString(value) + "</code>, ");
|
||||||
i++;
|
i++;
|
||||||
return i < 5;
|
return i < 5;
|
||||||
});
|
});
|
||||||
|
@ -407,7 +411,7 @@ class ActionsClass {
|
||||||
swal({
|
swal({
|
||||||
type: 'warning',
|
type: 'warning',
|
||||||
title: '',
|
title: '',
|
||||||
text: 'Are you sure you want to delete the following files: ' + formattedItems + '?',
|
text: 'Are you sure you want to delete the following files: ' + this.sanitizedString(formattedItems) + '?',
|
||||||
html: true,
|
html: true,
|
||||||
showCancelButton: true,
|
showCancelButton: true,
|
||||||
showConfirmButton: true,
|
showConfirmButton: true,
|
||||||
|
@ -536,7 +540,7 @@ class ActionsClass {
|
||||||
type: 'error',
|
type: 'error',
|
||||||
title: 'Whoops!',
|
title: 'Whoops!',
|
||||||
html: true,
|
html: true,
|
||||||
text: error
|
text: this.sanitizedString(error)
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -62,7 +62,7 @@ class ContextMenuClass {
|
||||||
|
|
||||||
if (Pterodactyl.permissions.createFiles) {
|
if (Pterodactyl.permissions.createFiles) {
|
||||||
buildMenu += '<li class="divider"></li> \
|
buildMenu += '<li class="divider"></li> \
|
||||||
<li data-action="file"><a href="/server/'+ Pterodactyl.server.uuidShort +'/files/add/?dir=' + newFilePath + '" class="text-muted"><i class="fa fa-fw fa-plus"></i> New File</a></li> \
|
<li data-action="file"><a href="/server/'+ Pterodactyl.server.uuidShort +'/files/add/?dir=' + $('<div>').text(newFilePath).html() + '" class="text-muted"><i class="fa fa-fw fa-plus"></i> New File</a></li> \
|
||||||
<li data-action="folder"><a tabindex="-1" href="#"><i class="fa fa-fw fa-folder"></i> New Folder</a></li>';
|
<li data-action="folder"><a tabindex="-1" href="#"><i class="fa fa-fw fa-folder"></i> New Folder</a></li>';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,7 @@
|
||||||
{!! Theme::js('vendor/lodash/lodash.js') !!}
|
{!! Theme::js('vendor/lodash/lodash.js') !!}
|
||||||
{!! Theme::js('vendor/siofu/client.min.js') !!}
|
{!! Theme::js('vendor/siofu/client.min.js') !!}
|
||||||
@if(App::environment('production'))
|
@if(App::environment('production'))
|
||||||
{!! Theme::js('js/frontend/files/filemanager.min.js?updated-cancel-buttons') !!}
|
{!! Theme::js('js/frontend/files/filemanager.min.js?hash=cd7ec731dc633e23ec36144929a237d18c07d2f0') !!}
|
||||||
@else
|
@else
|
||||||
{!! Theme::js('js/frontend/files/src/index.js') !!}
|
{!! Theme::js('js/frontend/files/src/index.js') !!}
|
||||||
{!! Theme::js('js/frontend/files/src/contextmenu.js') !!}
|
{!! Theme::js('js/frontend/files/src/contextmenu.js') !!}
|
||||||
|
|
|
@ -71,6 +71,7 @@ class SecurityControllerTest extends ControllerTestCase
|
||||||
$this->assertIsJsonResponse($response);
|
$this->assertIsJsonResponse($response);
|
||||||
$this->assertResponseCodeEquals(Response::HTTP_OK, $response);
|
$this->assertResponseCodeEquals(Response::HTTP_OK, $response);
|
||||||
$this->assertResponseJsonEquals(['enabled' => false, 'qr_image' => 'test-image', 'secret' => 'secret-code'], $response);
|
$this->assertResponseJsonEquals(['enabled' => false, 'qr_image' => 'test-image', 'secret' => 'secret-code'], $response);
|
||||||
|
$this->assertResponseJsonEquals(['qrImage' => 'https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=qrCodeImage'], $response);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -5,8 +5,6 @@ namespace Tests\Unit\Services\Users;
|
||||||
use Mockery as m;
|
use Mockery as m;
|
||||||
use Tests\TestCase;
|
use Tests\TestCase;
|
||||||
use Pterodactyl\Models\User;
|
use Pterodactyl\Models\User;
|
||||||
use Illuminate\Support\Collection;
|
|
||||||
use PragmaRX\Google2FAQRCode\Google2FA;
|
|
||||||
use Illuminate\Contracts\Config\Repository;
|
use Illuminate\Contracts\Config\Repository;
|
||||||
use Illuminate\Contracts\Encryption\Encrypter;
|
use Illuminate\Contracts\Encryption\Encrypter;
|
||||||
use Pterodactyl\Services\Users\TwoFactorSetupService;
|
use Pterodactyl\Services\Users\TwoFactorSetupService;
|
||||||
|
@ -24,11 +22,6 @@ class TwoFactorSetupServiceTest extends TestCase
|
||||||
*/
|
*/
|
||||||
private $encrypter;
|
private $encrypter;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var PragmaRX\Google2FAQRCode\Google2FA|\Mockery\Mock
|
|
||||||
*/
|
|
||||||
private $google2FA;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface|\Mockery\Mock
|
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface|\Mockery\Mock
|
||||||
*/
|
*/
|
||||||
|
@ -43,7 +36,6 @@ class TwoFactorSetupServiceTest extends TestCase
|
||||||
|
|
||||||
$this->config = m::mock(Repository::class);
|
$this->config = m::mock(Repository::class);
|
||||||
$this->encrypter = m::mock(Encrypter::class);
|
$this->encrypter = m::mock(Encrypter::class);
|
||||||
$this->google2FA = m::mock(Google2FA::class);
|
|
||||||
$this->repository = m::mock(UserRepositoryInterface::class);
|
$this->repository = m::mock(UserRepositoryInterface::class);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -54,20 +46,27 @@ class TwoFactorSetupServiceTest extends TestCase
|
||||||
{
|
{
|
||||||
$model = factory(User::class)->make();
|
$model = factory(User::class)->make();
|
||||||
|
|
||||||
config()->set('pterodactyl.auth.2fa.bytes', 32);
|
$this->config->shouldReceive('get')->with('pterodactyl.auth.2fa.bytes', 16)->andReturn(32);
|
||||||
config()->set('app.name', 'CompanyName');
|
$this->config->shouldReceive('get')->with('app.name')->andReturn('Company Name');
|
||||||
|
$this->encrypter->shouldReceive('encrypt')
|
||||||
|
->with(m::on(function ($value) {
|
||||||
|
return preg_match('/([A-Z234567]{32})/', $value) !== false;
|
||||||
|
}))
|
||||||
|
->once()
|
||||||
|
->andReturn('encryptedSecret');
|
||||||
|
|
||||||
$this->google2FA->shouldReceive('generateSecretKey')->with(32)->once()->andReturn('secretKey');
|
|
||||||
$this->config->shouldReceive('get')->with('app.name')->once()->andReturn('CompanyName');
|
|
||||||
$this->google2FA->shouldReceive('getQRCodeInline')->with('CompanyName', $model->email, 'secretKey')->once()->andReturn('http://url.com');
|
|
||||||
$this->encrypter->shouldReceive('encrypt')->with('secretKey')->once()->andReturn('encryptedSecret');
|
|
||||||
$this->repository->shouldReceive('withoutFreshModel->update')->with($model->id, ['totp_secret' => 'encryptedSecret'])->once()->andReturnNull();
|
$this->repository->shouldReceive('withoutFreshModel->update')->with($model->id, ['totp_secret' => 'encryptedSecret'])->once()->andReturnNull();
|
||||||
|
|
||||||
$response = $this->getService()->handle($model);
|
$response = $this->getService()->handle($model);
|
||||||
$this->assertNotEmpty($response);
|
$this->assertNotEmpty($response);
|
||||||
$this->assertInstanceOf(Collection::class, $response);
|
|
||||||
$this->assertSame('http://url.com', $response->get('image'));
|
$companyName = preg_quote(rawurlencode('Company Name'));
|
||||||
$this->assertSame('secretKey', $response->get('secret'));
|
$email = preg_quote(rawurlencode($model->email));
|
||||||
|
|
||||||
|
$this->assertRegExp(
|
||||||
|
'/otpauth:\/\/totp\/' . $companyName . ':' . $email . '\?secret=([A-Z234567]{32})&issuer=' . $companyName . '/',
|
||||||
|
$response
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -77,6 +76,6 @@ class TwoFactorSetupServiceTest extends TestCase
|
||||||
*/
|
*/
|
||||||
private function getService(): TwoFactorSetupService
|
private function getService(): TwoFactorSetupService
|
||||||
{
|
{
|
||||||
return new TwoFactorSetupService($this->encrypter, $this->google2FA, $this->repository);
|
return new TwoFactorSetupService($this->config, $this->encrypter, $this->repository);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue