Fixes account creation and password reset abilities.

Author: DaneEveritt

app/Observers/UserObserver.php

@@ -25,6 +25,8 @@
 namespace Pterodactyl\Observers;
 
 use DB;
+use Hash;
+use Carbon;
 use Pterodactyl\Events;
 use Pterodactyl\Models\User;
 use Pterodactyl\Notifications\AccountCreated;
@@ -52,12 +54,20 @@ public function created(User $user)
     {
         event(new Events\User\Created($user));
 
-        $token = DB::table('password_resets')->where('email', $user->email)->orderBy('created_at', 'desc')->first();
-        $user->notify((new AccountCreated([
+        if ($user->password === 'unset') {
+            $token = hash_hmac('sha256', str_random(40), config('app.key'));
+            DB::table('password_resets')->insert([
+                'email' => $user->email,
+                'token' => Hash::make($token),
+                'created_at' => Carbon::now()->toDateTimeString(),
+            ]);
+        }
+
+        $user->notify(new AccountCreated([
             'name' => $user->name_first,
             'username' => $user->username,
-            'token' => (! is_null($token)) ? $token->token : null,
-        ])));
+            'token' => (isset($token)) ? $token : null,
+        ]));
     }
 
     /**

app/Repositories/UserRepository.php

@@ -83,23 +83,12 @@ public function create(array $data)
                 'username' => $data['username'],
                 'name_first' => $data['name_first'],
                 'name_last' => $data['name_last'],
-                'password' => Hash::make((empty($data['password'])) ? str_random(30) : $data['password']),
+                'password' => (empty($data['password'])) ? 'unset' : Hash::make($data['password']),
                 'root_admin' => $data['root_admin'],
                 'language' => Settings::get('default_language', 'en'),
             ]);
             $user->save();
 
-            // Setup a Password Reset to use when they set a password.
-            // Only used if no password is provided.
-            if (empty($data['password'])) {
-                $token = str_random(32);
-                DB::table('password_resets')->insert([
-                    'email' => $user->email,
-                    'token' => $token,
-                    'created_at' => Carbon::now()->toDateTimeString(),
-                ]);
-            }
-
             DB::commit();
 
             return $user;

config/auth.php

@@ -93,7 +93,6 @@
     'passwords' => [
         'users' => [
             'provider' => 'users',
-            'email' => 'emails.password',
             'table' => 'password_resets',
             'expire' => 60,
         ],

resources/themes/pterodactyl/auth/passwords/reset.blade.php

@@ -76,7 +76,7 @@
             <div class="col-xs-12">
                 {!! csrf_field() !!}
                 <input type="hidden" name="token" value="{{ $token }}">
-                <button type="submit" class="btn btn-primary btn-block btn-flat">@lang('auth.reset_password')</button>
+                <button type="submit" class="btn btn-primary btn-block btn-flat g-recaptcha" @if(config('recaptcha.enabled')) data-sitekey="{{ config('recaptcha.website_key') }}" data-callback='onSubmit' @endif>@lang('auth.reset_password')</button>
             </div>
         </div>
     </form>