Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix links sent to users when accounts are created

Browse source 
closes #1093
This commit is contained in:
Dane Everitt 2018-06-30 18:47:31 -07:00
parent 304d947536
commit d2bc791d74
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
6 changed files with 20 additions and 136 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -13,6 +13,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
* Logo now links to the correct location on all pages. * Logo now links to the correct location on all pages.
* Permissions checking to determine if a user can see the task management page now works correctly. * Permissions checking to determine if a user can see the task management page now works correctly.
* Fixed `pterodactyl.environment_variables` to be used correctly for global environment variables. The wrong config variable name was being using previously. * Fixed `pterodactyl.environment_variables` to be used correctly for global environment variables. The wrong config variable name was being using previously.
* Fixes tokens being sent to users when their account is created to actually work. Implements Laravel's internal token creation mechanisms rather than trying to do it custom.
### Changed ### Changed
* Attempting to upload a folder via the web file manager will now display a warning telling the user to use SFTP. * Attempting to upload a folder via the web file manager will now display a warning telling the user to use SFTP.

4
app/Notifications/AccountCreated.php
View file

@ -23,7 +23,7 @@ class AccountCreated extends Notification implements ShouldQueue
/** /**
* The user model for the created user. * The user model for the created user.
* *
* @var object * @var \Pterodactyl\Models\User
*/ */
public $user; public $user;
@ -65,7 +65,7 @@ class AccountCreated extends Notification implements ShouldQueue
->line('Email: ' . $this->user->email); ->line('Email: ' . $this->user->email);
if (! is_null($this->token)) { if (! is_null($this->token)) {
return $message->action('Setup Your Account', url('/auth/password/reset/' . $this->token . '?email=' . $this->user->email)); return $message->action('Setup Your Account', url('/auth/password/reset/' . $this->token . '?email=' . urlencode($this->user->email)));
} }
return $message; return $message;

59
app/Services/Helpers/TemporaryPasswordService.php
View file

@ -1,59 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Services\Helpers;
use Ramsey\Uuid\Uuid;
use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Database\ConnectionInterface;
class TemporaryPasswordService
{
const HMAC_ALGO = 'sha256';
/**
* @var \Illuminate\Database\ConnectionInterface
*/
protected $connection;
/**
* @var \Illuminate\Contracts\Hashing\Hasher
*/
protected $hasher;
/**
* TemporaryPasswordService constructor.
*
* @param \Illuminate\Database\ConnectionInterface $connection
* @param \Illuminate\Contracts\Hashing\Hasher $hasher
*/
public function __construct(ConnectionInterface $connection, Hasher $hasher)
{
$this->connection = $connection;
$this->hasher = $hasher;
}
/**
* Store a password reset token for a specific email address.
*
* @param string $email
* @return string
*/
public function handle($email)
{
$token = hash_hmac(self::HMAC_ALGO, Uuid::uuid4()->toString(), config('app.key'));
$this->connection->table('password_resets')->insert([
'email' => $email,
'token' => $this->hasher->make($token),
]);
return $token;
}
}

18
app/Services/Users/UserCreationService.php
View file

@ -5,8 +5,8 @@ namespace Pterodactyl\Services\Users;
use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Uuid;
use Illuminate\Contracts\Hashing\Hasher; use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Database\ConnectionInterface; use Illuminate\Database\ConnectionInterface;
use Illuminate\Contracts\Auth\PasswordBroker;
use Pterodactyl\Notifications\AccountCreated; use Pterodactyl\Notifications\AccountCreated;
use Pterodactyl\Services\Helpers\TemporaryPasswordService;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface; use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
class UserCreationService class UserCreationService
@ -22,9 +22,9 @@ class UserCreationService
private $hasher; private $hasher;
/** /**
* @var \Pterodactyl\Services\Helpers\TemporaryPasswordService * @var \Illuminate\Contracts\Auth\PasswordBroker
*/ */
private $passwordService; private $passwordBroker;
/** /**
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface * @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
@ -36,18 +36,18 @@ class UserCreationService
* *
* @param \Illuminate\Database\ConnectionInterface $connection * @param \Illuminate\Database\ConnectionInterface $connection
* @param \Illuminate\Contracts\Hashing\Hasher $hasher * @param \Illuminate\Contracts\Hashing\Hasher $hasher
* @param \Pterodactyl\Services\Helpers\TemporaryPasswordService $passwordService * @param \Illuminate\Contracts\Auth\PasswordBroker $passwordBroker
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository * @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
*/ */
public function __construct( public function __construct(
ConnectionInterface $connection, ConnectionInterface $connection,
Hasher $hasher, Hasher $hasher,
TemporaryPasswordService $passwordService, PasswordBroker $passwordBroker,
UserRepositoryInterface $repository UserRepositoryInterface $repository
) { ) {
$this->connection = $connection; $this->connection = $connection;
$this->hasher = $hasher; $this->hasher = $hasher;
$this->passwordService = $passwordService; $this->passwordBroker = $passwordBroker;
$this->repository = $repository; $this->repository = $repository;
} }
@ -68,8 +68,8 @@ class UserCreationService
$this->connection->beginTransaction(); $this->connection->beginTransaction();
if (! isset($data['password']) || empty($data['password'])) { if (! isset($data['password']) || empty($data['password'])) {
$generateResetToken = true;
$data['password'] = $this->hasher->make(str_random(30)); $data['password'] = $this->hasher->make(str_random(30));
$token = $this->passwordService->handle($data['email']);
} }
/** @var \Pterodactyl\Models\User $user */ /** @var \Pterodactyl\Models\User $user */
@ -77,6 +77,10 @@ class UserCreationService
'uuid' => Uuid::uuid4()->toString(), 'uuid' => Uuid::uuid4()->toString(),
]), true, true); ]), true, true);
if (isset($generateResetToken)) {
$token = $this->passwordBroker->createToken($user);
}
$this->connection->commit(); $this->connection->commit();
$user->notify(new AccountCreated($user, $token ?? null)); $user->notify(new AccountCreated($user, $token ?? null));

62
tests/Unit/Services/Helpers/TemporaryPasswordServiceTest.php
View file

@ -1,62 +0,0 @@
<?php
namespace Tests\Unit\Services\Helpers;
use Mockery as m;
use Tests\TestCase;
use Tests\Traits\MocksUuids;
use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Database\ConnectionInterface;
use Pterodactyl\Services\Helpers\TemporaryPasswordService;
class TemporaryPasswordServiceTest extends TestCase
{
use MocksUuids;
/**
* @var \Illuminate\Database\ConnectionInterface|\Mockery\Mock
*/
protected $connection;
/**
* @var \Illuminate\Contracts\Hashing\Hasher|\Mockery\Mock
*/
protected $hasher;
/**
* @var \Pterodactyl\Services\Helpers\TemporaryPasswordService
*/
protected $service;
/**
* Setup tests.
*/
public function setUp()
{
parent::setUp();
$this->connection = m::mock(ConnectionInterface::class);
$this->hasher = m::mock(Hasher::class);
$this->service = new TemporaryPasswordService($this->connection, $this->hasher);
}
/**
* Test that a temporary password is stored and the token is returned.
*/
public function testTemporaryPasswordIsStored()
{
$token = hash_hmac(TemporaryPasswordService::HMAC_ALGO, $this->getKnownUuid(), config('app.key'));
$this->hasher->shouldReceive('make')->with($token)->once()->andReturn('hashed_token');
$this->connection->shouldReceive('table')->with('password_resets')->once()->andReturnSelf();
$this->connection->shouldReceive('insert')->with([
'email' => 'test@example.com',
'token' => 'hashed_token',
])->once()->andReturnNull();
$response = $this->service->handle('test@example.com');
$this->assertNotEmpty($response);
$this->assertEquals($token, $response);
}
}

12
tests/Unit/Services/Users/UserCreationServiceTest.php
View file

@ -9,9 +9,9 @@ use Tests\Traits\MocksUuids;
use Illuminate\Contracts\Hashing\Hasher; use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Database\ConnectionInterface; use Illuminate\Database\ConnectionInterface;
use Illuminate\Support\Facades\Notification; use Illuminate\Support\Facades\Notification;
use Illuminate\Contracts\Auth\PasswordBroker;
use Pterodactyl\Notifications\AccountCreated; use Pterodactyl\Notifications\AccountCreated;
use Pterodactyl\Services\Users\UserCreationService; use Pterodactyl\Services\Users\UserCreationService;
use Pterodactyl\Services\Helpers\TemporaryPasswordService;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface; use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
class UserCreationServiceTest extends TestCase class UserCreationServiceTest extends TestCase
@ -29,9 +29,9 @@ class UserCreationServiceTest extends TestCase
private $hasher; private $hasher;
/** /**
* @var \Pterodactyl\Services\Helpers\TemporaryPasswordService|\Mockery\Mock * @var \Illuminate\Contracts\Auth\PasswordBroker|\Mockery\Mock
*/ */
private $passwordService; private $passwordBroker;
/** /**
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface|\Mockery\Mock * @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface|\Mockery\Mock
@ -48,7 +48,7 @@ class UserCreationServiceTest extends TestCase
Notification::fake(); Notification::fake();
$this->connection = m::mock(ConnectionInterface::class); $this->connection = m::mock(ConnectionInterface::class);
$this->hasher = m::mock(Hasher::class); $this->hasher = m::mock(Hasher::class);
$this->passwordService = m::mock(TemporaryPasswordService::class); $this->passwordBroker = m::mock(PasswordBroker::class);
$this->repository = m::mock(UserRepositoryInterface::class); $this->repository = m::mock(UserRepositoryInterface::class);
} }
@ -121,7 +121,7 @@ class UserCreationServiceTest extends TestCase
$this->hasher->shouldNotReceive('make'); $this->hasher->shouldNotReceive('make');
$this->connection->shouldReceive('beginTransaction')->withNoArgs()->once()->andReturnNull(); $this->connection->shouldReceive('beginTransaction')->withNoArgs()->once()->andReturnNull();
$this->hasher->shouldReceive('make')->once()->andReturn('created-enc-password'); $this->hasher->shouldReceive('make')->once()->andReturn('created-enc-password');
$this->passwordService->shouldReceive('handle')->with($user->email)->once()->andReturn('random-token'); $this->passwordBroker->shouldReceive('createToken')->with($user)->once()->andReturn('random-token');
$this->repository->shouldReceive('create')->with([ $this->repository->shouldReceive('create')->with([
'password' => 'created-enc-password', 'password' => 'created-enc-password',
@ -152,6 +152,6 @@ class UserCreationServiceTest extends TestCase
*/ */
private function getService(): UserCreationService private function getService(): UserCreationService
{ {
return new UserCreationService($this->connection, $this->hasher, $this->passwordService, $this->repository); return new UserCreationService($this->connection, $this->hasher, $this->passwordBroker, $this->repository);
} }
} }