google2FA = $google2FA; $this->cache = $cache; $this->repository = $repository; $this->encrypter = $encrypter; } /** * Handle a login where the user is required to provide a TOTP authentication * token. Once a user has reached this stage it is assumed that they have already * provided a valid username and password. * * @param \Pterodactyl\Http\Requests\Auth\LoginCheckpointRequest $request * @return \Illuminate\Http\JsonResponse|void * * @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException * @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException * @throws \Pterodactyl\Exceptions\DisplayException */ public function __invoke(LoginCheckpointRequest $request): JsonResponse { $token = $request->input('confirmation_token'); try { $user = $this->repository->find($this->cache->get($token, 0)); } catch (RecordNotFoundException $exception) { return $this->sendFailedLoginResponse($request); } $decrypted = $this->encrypter->decrypt($user->totp_secret); if ($this->google2FA->verifyKey($decrypted, (string) $request->input('authentication_code') ?? '', config('pterodactyl.auth.2fa.window'))) { $this->cache->delete($token); return $this->sendLoginResponse($user, $request); } return $this->sendFailedLoginResponse($request, $user); } }