Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't trigger an internal error if hitting 2fa endpoint and it isn't enabled

Browse source
This commit is contained in:
Dane Everitt 2022-02-13 17:33:12 -05:00
parent d6cd0c6230
commit fac4902ccc
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/Http/Controllers/Auth/LoginCheckpointController.php
View file

@ -69,6 +69,10 @@ class LoginCheckpointController extends AbstractLoginController
return $this->sendLoginResponse($user, $request);
}
} else {
if (!$user->use_totp) {
$this->sendFailedLoginResponse($request, $user);
}
$decrypted = $this->encrypter->decrypt($user->totp_secret);
if ($this->google2FA->verifyKey($decrypted, (string) $request->input('authentication_code') ?? '', config('pterodactyl.auth.2fa.window'))) {

4
routes/auth.php
View file

@ -25,8 +25,8 @@ Route::group(['middleware' => 'guest'], function () {
Route::middleware(['throttle:authentication'])->group(function () {
// Login endpoints.
Route::post('/login', [Auth\LoginController::class, 'login'])->middleware('recaptcha');
Route::post('/login/checkpoint', [Auth\LoginCheckpointController::class, 'token'])->name('auth.login-checkpoint');
Route::post('/login/checkpoint/key', [Auth\LoginCheckpointController::class, 'key'])->name('auth.login-checkpoint-key');
Route::post('/login/checkpoint', [Auth\LoginCheckpointController::class, 'token'])->name('auth.checkpoint');
Route::post('/login/checkpoint/key', [Auth\LoginCheckpointController::class, 'key'])->name('auth.checkpoint.key');
// Forgot password route. A post to this endpoint will trigger an
// email to be sent containing a reset token.