banquise/pelican-panel-mirror
13
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-10-31 13:56:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'release/v0.7.9'

Browse Source
This commit is contained in:
Dane Everitt 2018-07-04 12:08:14 -07:00
commit 81f1796a6a
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
4 changed files with 98 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines. This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.7.9 (Derelict Dermodactylus)
### Fixed
* Fixes a two-factor authentication bypass present in the password reset process for an account.
## v0.7.8 (Derelict Dermodactylus) ## v0.7.8 (Derelict Dermodactylus)
### Added ### Added
* Nodes can now be put into maintenance mode to deny access to servers temporarily. * Nodes can now be put into maintenance mode to deny access to servers temporarily.

92
app/Http/Controllers/Auth/ResetPasswordController.php
View File

@ -2,8 +2,14 @@
namespace Pterodactyl\Http\Controllers\Auth; namespace Pterodactyl\Http\Controllers\Auth;
use Illuminate\Support\Str;
use Prologue\Alerts\AlertsMessageBag;
use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Auth\Events\PasswordReset;
use Illuminate\Contracts\Events\Dispatcher;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords; use Illuminate\Foundation\Auth\ResetsPasswords;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
class ResetPasswordController extends Controller class ResetPasswordController extends Controller
{ {
@ -16,6 +22,47 @@ class ResetPasswordController extends Controller
*/ */
public $redirectTo = '/'; public $redirectTo = '/';
/**
* @var bool
*/
protected $hasTwoFactor = false;
/**
* @var \Prologue\Alerts\AlertsMessageBag
*/
private $alerts;
/**
* @var \Illuminate\Contracts\Events\Dispatcher
*/
private $dispatcher;
/**
* @var \Illuminate\Contracts\Hashing\Hasher
*/
private $hasher;
/**
* @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
*/
private $userRepository;
/**
* ResetPasswordController constructor.
*
* @param \Prologue\Alerts\AlertsMessageBag $alerts
* @param \Illuminate\Contracts\Events\Dispatcher $dispatcher
* @param \Illuminate\Contracts\Hashing\Hasher $hasher
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $userRepository
*/
public function __construct(AlertsMessageBag $alerts, Dispatcher $dispatcher, Hasher $hasher, UserRepositoryInterface $userRepository)
{
$this->alerts = $alerts;
$this->dispatcher = $dispatcher;
$this->hasher = $hasher;
$this->userRepository = $userRepository;
}
/** /**
* Return the rules used when validating password reset. * Return the rules used when validating password reset.
* *
@ -29,4 +76,49 @@ class ResetPasswordController extends Controller
'password' => 'required|confirmed|min:8', 'password' => 'required|confirmed|min:8',
]; ];
} }
/**
* Reset the given user's password. If the user has two-factor authentication enabled on their
* account do not automatically log them in. In those cases, send the user back to the login
* form with a note telling them their password was changed and to log back in.
*
* @param \Illuminate\Contracts\Auth\CanResetPassword|\Pterodactyl\Models\User $user
* @param string $password
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
protected function resetPassword($user, $password)
{
$user = $this->userRepository->update($user->id, [
'password' => $this->hasher->make($password),
$user->getRememberTokenName() => Str::random(60),
]);
$this->dispatcher->dispatch(new PasswordReset($user));
// If the user is not using 2FA log them in, otherwise skip this step and force a
// fresh login where they'll be prompted to enter a token.
if (! $user->use_totp) {
$this->guard()->login($user);
}
$this->hasTwoFactor = $user->use_totp;
}
/**
* Get the response for a successful password reset.
*
* @param string $response
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
*/
protected function sendResetResponse($response)
{
if ($this->hasTwoFactor) {
$this->alerts->success('Your password was successfully updated. Please log in to continue.')->flash();
}
return redirect($this->hasTwoFactor ? route('auth.login') : $this->redirectPath())
->with('status', trans($response));
}
} }

2
config/app.php
View File

@ -9,7 +9,7 @@ return [
| change this value if you are not maintaining your own internal versions. | change this value if you are not maintaining your own internal versions.
*/ */
'version' => '0.7.8', 'version' => '0.7.9',
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------

2
resources/lang/de/strings.php
View File

@ -48,7 +48,7 @@ return [
'select_none' => 'Alles abwählen', 'select_none' => 'Alles abwählen',
'alias' => 'Alias', 'alias' => 'Alias',
'primary' => 'Primär', 'primary' => 'Primär',
'make_primary' => 'Primät machen', 'make_primary' => 'Primär machen',
'none' => 'Nichts', 'none' => 'Nichts',
'cancel' => 'Abbrechen', 'cancel' => 'Abbrechen',
'created_at' => 'Erstellt am', 'created_at' => 'Erstellt am',