auth = $auth; $this->builder = $builder; $this->cache = $cache; $this->encrypter = $encrypter; $this->google2FA = $google2FA; $this->repository = $repository; $this->lockoutTime = config('auth.lockout.time'); $this->maxLoginAttempts = config('auth.lockout.attempts'); } /** * Get the failed login response instance. * * @param \Illuminate\Http\Request $request * @param \Illuminate\Contracts\Auth\Authenticatable|null $user * * @throws \Pterodactyl\Exceptions\DisplayException */ protected function sendFailedLoginResponse(Request $request, Authenticatable $user = null) { $this->incrementLoginAttempts($request); $this->fireFailedLoginEvent($user, [ $this->getField($request->input('user')) => $request->input('user'), ]); if ($request->route()->named('auth.login-checkpoint')) { throw new DisplayException(trans('auth.two_factor.checkpoint_failed')); } throw new DisplayException(trans('auth.failed')); } /** * Send the response after the user was authenticated. * * @param \Pterodactyl\Models\User $user * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\JsonResponse */ protected function sendLoginResponse(User $user, Request $request): JsonResponse { $request->session()->regenerate(); $this->clearLoginAttempts($request); $this->auth->guard()->login($user, true); return response()->json([ 'complete' => true, 'intended' => $this->redirectPath(), 'jwt' => $this->createJsonWebToken($user), ]); } /** * Create a new JWT for the request and sign it using the signing key. * * @param User $user * @return string */ protected function createJsonWebToken(User $user): string { $token = $this->builder ->setIssuer('Pterodactyl Panel') ->setAudience(config('app.url')) ->setId(str_random(16), true) ->setIssuedAt(Chronos::now()->getTimestamp()) ->setNotBefore(Chronos::now()->getTimestamp()) ->setExpiration(Chronos::now()->addSeconds(config('session.lifetime'))->getTimestamp()) ->set('user', (new AccountTransformer())->transform($user)) ->sign($this->getJWTSigner(), $this->getJWTSigningKey()) ->getToken(); return $token->__toString(); } /** * Determine if the user is logging in using an email or username,. * * @param string $input * @return string */ protected function getField(string $input = null): string { return str_contains($input, '@') ? 'email' : 'username'; } /** * Fire a failed login event. * * @param \Illuminate\Contracts\Auth\Authenticatable|null $user * @param array $credentials */ protected function fireFailedLoginEvent(Authenticatable $user = null, array $credentials = []) { event(new Failed($user, $credentials)); } }