Merge branch 'develop' into fix/trusted-proxies

Author: schrej

.gitignore

@@ -1,12 +1,4 @@
 /vendor
 *.DS_Store*
 .env
-.vagrant/*
-
-composer.lock
-
-Homestead.yaml
-Vagrantfile
-Vagrantfile
-
-node_modules
+node_modules

CHANGELOG.md

@@ -10,16 +10,17 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * Users can now have a username as well as client name assigned to their account.
 * Ability to create a node through the CLI using `pterodactyl:node` as well as locations via `pterodactyl:location`.
 * New theme (AdminLTE) for front-end with tweaks to backend files to work properly with it.
+* Add support for PhraseApp's in-context editor
 
 ### Fixed
 * Bug causing error logs to be spammed if someone timed out on an ajax based page.
 * Fixes edge case where specific server names could cause daemon errors due to an invalid SFTP username being created by the panel.
+* Fixes sessions being removed on browser close, and set sessions to idle for up to 3 hours before being marked as expired.
 
 ### Changed
 * Admin API and base routes for user management now define the fields that should be passed to repositories rather than passing all fields.
 * User model now defines mass assignment fields using `$fillable` rather than `$guarded`.
-
-### Deprecated
+* 2FA checkpoint on login is now its own page, and not an AJAX based call. Improves security on that front.
 
 ## v0.5.6 (Bodacious Boreopterus)
 ### Added

app/Console/Commands/UpdateEmailSettings.php

@@ -155,6 +155,9 @@ public function handle()
 
         file_put_contents($file, $envContents);
         $bar->finish();
+
+        $this->line('Updating evironment configuration cache file.');
+        $this->call('config:cache');
         echo "\n";
     }
 }

app/Console/Commands/UpdateEnvironment.php

@@ -150,6 +150,9 @@ public function handle()
 
         file_put_contents($file, $envContents);
         $bar->finish();
+
+        $this->line('Updating evironment configuration cache file.');
+        $this->call('config:cache');
         echo "\n";
     }
 }

app/Extensions/PhraseAppTranslator.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Pterodactyl\Extensions;
+
+use Illuminate\Translation\Translator as LaravelTranslator;
+
+class PhraseAppTranslator extends LaravelTranslator
+{
+    /**
+     * Get the translation for the given key.
+     *
+     * @param  string  $key
+     * @param  array   $replace
+     * @param  string|null  $locale
+     * @param  bool  $fallback
+     * @return string|array|null
+     */
+    public function get($key, array $replace = [], $locale = null, $fallback = true)
+    {
+        $key = substr($key, strpos($key, '.') + 1);
+
+        return "{{__phrase_${key}__}}";
+    }
+}

app/Http/Controllers/API/ServerController.php

@@ -117,7 +117,10 @@ public function view(Request $request, $id)
             }
 
             // Requested Daemon Stats
-            $server = $query->first();
+            $server = $query->with(
+                'allocations',
+                'pack'
+            )->first();
             if ($request->input('daemon') === 'true') {
                 $node = Models\Node::findOrFail($server->node);
                 $client = Models\Node::guzzleRequest($node->id);

app/Http/Controllers/API/ServiceController.php

@@ -55,6 +55,7 @@ public function view(Request $request, $id)
             'options' => Models\ServiceOptions::select('id', 'name', 'description', 'tag', 'docker_image')
                 ->where('parent_service', $service->id)
                 ->with('variables')
+                ->with('packs')
                 ->get(),
         ];
     }

app/Http/Controllers/Auth/LoginController.php

@@ -27,6 +27,7 @@
 
 use Auth;
 use Alert;
+use Cache;
 use Illuminate\Http\Request;
 use Pterodactyl\Models\User;
 use PragmaRX\Google2FA\Google2FA;
@@ -110,33 +111,62 @@ public function login(Request $request)
         }
 
         // Verify TOTP Token was Valid
-        if (Auth::user()->use_totp === 1) {
-            $G2FA = new Google2FA();
-            if (is_null($request->input('totp_token')) || ! $G2FA->verifyKey(Auth::user()->totp_secret, $request->input('totp_token'))) {
-                if (! $lockedOut) {
-                    $this->incrementLoginAttempts($request);
-                }
+        if (Auth::user()->use_totp) {
+            $verifyKey = str_random(64);
+            Cache::put($verifyKey, Auth::user()->id, 5);
 
-                Alert::danger(trans('auth.totp_failed'))->flash();
+            return redirect()->route('auth.totp')->with('authentication_token', $verifyKey);
+        } else {
+            Auth::login(Auth::user(), $request->has('remember'));
 
-                return $this->sendFailedLoginResponse($request);
-            }
+            return $this->sendLoginResponse($request);
         }
+    }
+
+    public function totp(Request $request)
+    {
+        $verifyKey = $request->session()->get('authentication_token');
 
-        // Successfully Authenticated.
-        Auth::login(Auth::user(), $request->has('remember'));
+        if (is_null($verifyKey) || Auth::user()) {
+            return redirect()->route('auth.login');
+        }
 
-        return $this->sendLoginResponse($request);
+        return view('auth.totp', [
+            'verify_key' => $verifyKey,
+            'remember' => $request->has('remember'),
+        ]);
     }
 
-    /**
-     * Check if the provided user has TOTP enabled.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @return \Illuminate\Http\Response
-     */
-    public function checkTotp(Request $request)
+    public function totpCheckpoint(Request $request)
     {
-        return response()->json(User::select('id')->where('email', $request->input('email'))->where('use_totp', 1)->first());
+        $G2FA = new Google2FA();
+
+        if (is_null($request->input('verify_token'))) {
+            $this->incrementLoginAttempts($request);
+            Alert::danger(trans('auth.totp_failed'))->flash();
+
+            return redirect()->route('auth.login');
+        }
+
+        $user = User::where('id', Cache::pull($request->input('verify_token')))->first();
+        if (! $user) {
+            $this->incrementLoginAttempts($request);
+            Alert::danger(trans('auth.totp_failed'))->flash();
+
+            return redirect()->route('auth.login');
+        }
+
+
+        if (! is_null($request->input('2fa_token')) && $G2FA->verifyKey($user->totp_secret, $request->input('2fa_token'), 1)) {
+            Auth::login($user, $request->has('remember'));
+
+            return redirect()->intended($this->redirectPath());
+        } else {
+            $this->incrementLoginAttempts($request);
+            Alert::danger(trans('auth.2fa_failed'))->flash();
+
+            return redirect()->route('auth.login');
+        }
     }
+
 }

app/Http/Routes/AuthRoutes.php

@@ -51,9 +51,13 @@ public function map(Router $router)
                 'uses' => 'Auth\LoginController@login',
             ]);
 
-            // Determine if we need to ask for a TOTP Token
+            $router->get('login/totp', [
+                'as' => 'auth.totp',
+                'uses' => 'Auth\LoginController@totp',
+            ]);
+
             $router->post('login/totp', [
-                'uses' => 'Auth\LoginController@checkTotp',
+                'uses' => 'Auth\LoginController@totpCheckpoint',
             ]);
 
             // Show Password Reset Form

app/Models/Server.php

@@ -208,4 +208,54 @@ public static function getGuzzleHeaders($uuid)
 
         return [];
     }
+
+    /**
+     * Gets all allocations associated with this server.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     */
+    public function allocations()
+    {
+        return $this->hasMany(Allocation::class, 'assigned_to');
+    }
+
+    /**
+     * Gets information for the pack associated with this server.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\HasOne
+     */
+    public function pack()
+    {
+        return $this->hasOne(ServicePack::class, 'id', 'pack');
+    }
+
+    /**
+     * Gets information for the service associated with this server.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\HasOne
+     */
+    public function service()
+    {
+        return $this->hasOne(Service::class, 'id', 'service');
+    }
+
+    /**
+     * Gets information for the service option associated with this server.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\HasOne
+     */
+    public function option()
+    {
+        return $this->hasOne(ServiceOptions::class, 'id', 'option');
+    }
+
+    /**
+     * Gets information for the service variables associated with this server.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     */
+    public function variables()
+    {
+        return $this->hasMany(ServerVariables::class);
+    }
 }