<?php /** * Pterodactyl - Panel * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ namespace Pterodactyl\Models; use Hash; use Google2FA; use Illuminate\Auth\Authenticatable; use Illuminate\Database\Eloquent\Model; use Illuminate\Notifications\Notifiable; use Pterodactyl\Exceptions\DisplayException; use Nicolaslopezj\Searchable\SearchableTrait; use Illuminate\Auth\Passwords\CanResetPassword; use Illuminate\Foundation\Auth\Access\Authorizable; use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract; use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract; use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract; use Pterodactyl\Notifications\SendPasswordReset as ResetPasswordNotification; class User extends Model implements AuthenticatableContract, AuthorizableContract, CanResetPasswordContract { use Authenticatable, Authorizable, CanResetPassword, Notifiable, SearchableTrait; /** * The rules for user passwords. * * @var string */ const PASSWORD_RULES = 'regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})'; /** * The regex rules for usernames. * * @var string */ const USERNAME_RULES = 'regex:/^([\w\d\.\-]{1,255})$/'; /** * The table associated with the model. * * @var string */ protected $table = 'users'; /** * A list of mass-assignable variables. * * @var array */ protected $fillable = ['username', 'email', 'name_first', 'name_last', 'password', 'language', 'use_totp', 'totp_secret', 'gravatar', 'root_admin']; /** * Cast values to correct type. * * @var array */ protected $casts = [ 'root_admin' => 'integer', 'use_totp' => 'integer', 'gravatar' => 'integer', ]; /** * The attributes excluded from the model's JSON form. * * @var array */ protected $hidden = ['password', 'remember_token', 'totp_secret']; protected $searchable = [ 'columns' => [ 'email' => 10, 'username' => 9, 'name_first' => 6, 'name_last' => 6, 'uuid' => 1, ], ]; /** * Enables or disables TOTP on an account if the token is valid. * * @param int $token The token that we want to verify. * @return bool */ public function toggleTotp($token) { if (! Google2FA::verifyKey($this->totp_secret, $token, 1)) { return false; } $this->use_totp = ! $this->use_totp; $this->save(); return true; } /** * Set a user password to a new value assuming it meets the following requirements: * - 8 or more characters in length * - at least one uppercase character * - at least one lowercase character * - at least one number. * * @param string $password The raw password to set the account password to. * @param string $regex The regex to use when validating the password. Defaults to '((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})'. * @return void */ public function setPassword($password, $regex = '((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})') { if (! preg_match($regex, $password)) { throw new DisplayException('The password passed did not meet the minimum password requirements.'); } $this->password = Hash::make($password); $this->save(); } /** * Send the password reset notification. * * @param string $token * @return void */ public function sendPasswordResetNotification($token) { $this->notify(new ResetPasswordNotification($token)); } /** * Return true or false depending on wether the user is root admin or not. * * @return bool the user is root admin */ public function isRootAdmin() { return $this->root_admin === 1; } /** * Returns the user's daemon secret for a given server. * @param Server $server \Pterodactyl\Models\Server * @return null|string */ public function daemonToken(Server $server) { if ($this->id === $server->owner_id || $this->isRootAdmin()) { return $server->daemonSecret; } $subuser = Subuser::where('server_id', $server->id)->where('user_id', $this->id)->first(); if (is_null($subuser)) { return null; } return $subuser->daemonSecret; } /** * Returns an array of all servers a user is able to access. * Note: does not account for user admin status. * * @return array */ public function serverAccessArray() { $union = Subuser::select('server_id')->where('user_id', $this->id); return Server::select('id')->where('owner_id', $this->id)->union($union)->pluck('id')->all(); } /** * Returns an array of all servers a user is able to access. * Note: does not account for user admin status. * * @return Collection */ public function serverAccessCollection($paginate = null, $load = ['service', 'node', 'allocation']) { $query = Server::with($load); if (! $this->isRootAdmin()) { $query->whereIn('id', $this->serverAccessArray()); } return (is_numeric($paginate)) ? $query->paginate($paginate) : $query->get(); } /** * Returns all permissions that a user has. * * @return \Illuminate\Database\Eloquent\Relations\HasManyThrough */ public function permissions() { return $this->hasManyThrough(Permission::class, Subuser::class); } /** * Returns all servers that a user owns. * * @return \Illuminate\Database\Eloquent\Relations\HasMany */ public function servers() { return $this->hasMany(Server::class, 'owner_id'); } }