80 lines
2.5 KiB
PHP
80 lines
2.5 KiB
PHP
<?php
|
|
|
|
namespace Pterodactyl\Services\Users;
|
|
|
|
use Carbon\Carbon;
|
|
use Pterodactyl\Models\User;
|
|
use PragmaRX\Google2FA\Google2FA;
|
|
use Illuminate\Contracts\Encryption\Encrypter;
|
|
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
|
use Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid;
|
|
|
|
class ToggleTwoFactorService
|
|
{
|
|
/**
|
|
* @var \Illuminate\Contracts\Encryption\Encrypter
|
|
*/
|
|
private $encrypter;
|
|
|
|
/**
|
|
* @var \PragmaRX\Google2FA\Google2FA
|
|
*/
|
|
private $google2FA;
|
|
|
|
/**
|
|
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
|
|
*/
|
|
private $repository;
|
|
|
|
/**
|
|
* ToggleTwoFactorService constructor.
|
|
*
|
|
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
|
|
* @param \PragmaRX\Google2FA\Google2FA $google2FA
|
|
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
|
|
*/
|
|
public function __construct(
|
|
Encrypter $encrypter,
|
|
Google2FA $google2FA,
|
|
UserRepositoryInterface $repository
|
|
) {
|
|
$this->encrypter = $encrypter;
|
|
$this->google2FA = $google2FA;
|
|
$this->repository = $repository;
|
|
}
|
|
|
|
/**
|
|
* Toggle 2FA on an account only if the token provided is valid.
|
|
*
|
|
* @param \Pterodactyl\Models\User $user
|
|
* @param string $token
|
|
* @param bool|null $toggleState
|
|
* @return bool
|
|
*
|
|
* @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
|
|
* @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
|
|
* @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
|
|
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
|
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
|
* @throws \Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid
|
|
*/
|
|
public function handle(User $user, string $token, bool $toggleState = null): bool
|
|
{
|
|
$secret = $this->encrypter->decrypt($user->totp_secret);
|
|
|
|
$isValidToken = $this->google2FA->verifyKey($secret, $token, config()->get('pterodactyl.auth.2fa.window'));
|
|
|
|
if (! $isValidToken) {
|
|
throw new TwoFactorAuthenticationTokenInvalid(
|
|
'The token provided is not valid.'
|
|
);
|
|
}
|
|
|
|
$this->repository->withoutFreshModel()->update($user->id, [
|
|
'totp_authenticated_at' => Carbon::now(),
|
|
'use_totp' => (is_null($toggleState) ? ! $user->use_totp : $toggleState),
|
|
]);
|
|
|
|
return true;
|
|
}
|
|
}
|