Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
pterodactyl
GitHub Repository: pterodactyl/panel
 Path: blob/1.0-develop/app/Http/Controllers/Api/Client/TwoFactorController.php
10279 views
1
<?php

2


3
namespace Pterodactyl\Http\Controllers\Api\Client;

4


5
use Carbon\Carbon;

6
use Illuminate\Http\Request;

7
use Illuminate\Http\Response;

8
use Illuminate\Http\JsonResponse;

9
use Pterodactyl\Facades\Activity;

10
use Pterodactyl\Services\Users\TwoFactorSetupService;

11
use Pterodactyl\Services\Users\ToggleTwoFactorService;

12
use Illuminate\Contracts\Validation\Factory as ValidationFactory;

13
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;

14


15
class TwoFactorController extends ClientApiController

16
{

17
    /**

18
     * TwoFactorController constructor.

19
     */

20
    public function __construct(

21
        private ToggleTwoFactorService $toggleTwoFactorService,

22
        private TwoFactorSetupService $setupService,

23
        private ValidationFactory $validation,

24
    ) {

25
        parent::__construct();

26
    }

27


28
    /**

29
     * Returns two-factor token credentials that allow a user to configure

30
     * it on their account. If two-factor is already enabled this endpoint

31
     * will return a 400 error.

32
     *

33
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException

34
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException

35
     */

36
    public function index(Request $request): JsonResponse

37
    {

38
        if ($request->user()->use_totp) {

39
            throw new BadRequestHttpException('Two-factor authentication is already enabled on this account.');

40
        }

41


42
        return new JsonResponse([

43
            'data' => $this->setupService->handle($request->user()),

44
        ]);

45
    }

46


47
    /**

48
     * Updates a user's account to have two-factor enabled.

49
     *

50
     * @throws \Throwable

51
     * @throws \Illuminate\Validation\ValidationException

52
     */

53
    public function store(Request $request): JsonResponse

54
    {

55
        $validator = $this->validation->make($request->all(), [

56
            'code' => ['required', 'string', 'size:6'],

57
            'password' => ['required', 'string'],

58
        ]);

59


60
        $data = $validator->validate();

61
        if (!password_verify($data['password'], $request->user()->password)) {

62
            throw new BadRequestHttpException('The password provided was not valid.');

63
        }

64


65
        $tokens = $this->toggleTwoFactorService->handle($request->user(), $data['code'], true);

66


67
        Activity::event('user:two-factor.create')->log();

68


69
        return new JsonResponse([

70
            'object' => 'recovery_tokens',

71
            'attributes' => [

72
                'tokens' => $tokens,

73
            ],

74
        ]);

75
    }

76


77
    /**

78
     * Disables two-factor authentication on an account if the password provided

79
     * is valid.

80
     *

81
     * @throws \Throwable

82
     */

83
    public function delete(Request $request): JsonResponse

84
    {

85
        if (!password_verify($request->input('password') ?? '', $request->user()->password)) {

86
            throw new BadRequestHttpException('The password provided was not valid.');

87
        }

88


89
        /** @var \Pterodactyl\Models\User $user */

90
        $user = $request->user();

91


92
        $user->update([

93
            'totp_authenticated_at' => Carbon::now(),

94
            'use_totp' => false,

95
        ]);

96


97
        Activity::event('user:two-factor.delete')->log();

98


99
        return new JsonResponse([], Response::HTTP_NO_CONTENT);

100
    }

101
}

102


103