misc_pterodactyl-panel/app/Http/Routes/AuthRoutes.php
Dane Everitt 288ee1a258 Improved TOTp handling in login.
Cleaned up the code a bit, also checks TOTP before attemping to verify
user.

This addresses the potential for an attacker to try at a password
and/or confirm that the password is correct unless they have a valid
TOTP code for the request. A failed TOTP response will trigger a
throttle count on the login as well.
2015-12-10 21:58:17 -05:00

31 lines
1.2 KiB
PHP

<?php
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
use Request;
use Pterodactyl\Models\User as User;
class AuthRoutes {
public function map(Router $router) {
$router->group(['prefix' => 'auth'], function () use ($router) {
$router->get('login', [ 'as' => 'auth.login', 'uses' => 'Auth\AuthController@getLogin' ]);
$router->post('login', [ 'uses' => 'Auth\AuthController@postLogin' ]);
$router->post('login/totp', [ 'uses' => 'Auth\AuthController@checkTotp' ]);
$router->get('password', [ 'as' => 'auth.password', 'uses' => 'Auth\PasswordController@getEmail' ]);
$router->post('password', [ 'as' => 'auth.password.submit', 'uses' => 'Auth\PasswordController@postEmail' ], function () {
return redirect('auth/password')->with('sent', true);
});
$router->post('password/verify', [ 'uses' => 'Auth\PasswordController@postReset' ]);
$router->get('password/verify/{token}', [ 'as' => 'auth.verify', 'uses' => 'Auth\PasswordController@getReset' ]);
$router->get('logout', [ 'as' => 'auth.logout', 'uses' => 'Auth\AuthController@getLogout' ]);
});
}
}