google2FA = $google2FA; $this->cache = $cache; $this->repository = $repository; $this->encrypter = $encrypter; $this->recoveryTokenRepository = $recoveryTokenRepository; } /** * Handle a login where the user is required to provide a TOTP authentication * token. Once a user has reached this stage it is assumed that they have already * provided a valid username and password. * * @param \Pterodactyl\Http\Requests\Auth\LoginCheckpointRequest $request * @return \Illuminate\Http\JsonResponse|void * * @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException * @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException * @throws \Pterodactyl\Exceptions\DisplayException */ public function __invoke(LoginCheckpointRequest $request): JsonResponse { $token = $request->input('confirmation_token'); $recoveryToken = $request->input('recovery_token'); try { /** @var \Pterodactyl\Models\User $user */ $user = $this->repository->find($this->cache->get($token, 0)); } catch (RecordNotFoundException $exception) { return $this->sendFailedLoginResponse($request, null, 'The authentication token provided has expired, please refresh the page and try again.'); } // If we got a recovery token try to find one that matches for the user and then continue // through the process (and delete the token). if (! is_null($recoveryToken)) { foreach ($user->recoveryTokens as $token) { if (password_verify($recoveryToken, $token->token)) { $this->recoveryTokenRepository->delete($token->id); return $this->sendLoginResponse($user, $request); } } } else { $decrypted = $this->encrypter->decrypt($user->totp_secret); if ($this->google2FA->verifyKey($decrypted, (string) $request->input('authentication_code') ?? '', config('pterodactyl.auth.2fa.window'))) { $this->cache->delete($token); return $this->sendLoginResponse($user, $request); } } return $this->sendFailedLoginResponse($request, $user, ! empty($recoveryToken) ? 'The recovery token provided is not valid.' : null); } }