Add support for viewing SFTP password in panel

DaneEveritt · DaneEveritt · commit 1ca07e665eda · 2016-09-02T19:26:48.000-04:00
requested in pterodactyl#74 closes pterodactyl#74
diff --git a/app/Policies/ServerPolicy.php b/app/Policies/ServerPolicy.php
@@ -434,6 +434,22 @@ public function resetSftp(User $user, Server $server)
         return $user->permissions()->server($server)->permission('reset-sftp')->exists();
     }
 
+    /**
+     * Check if user has permission to view the SFTP password for a server.
+     *
+     * @param  Pterodactyl\Models\User   $user
+     * @param  Pterodactyl\Models\Server $server
+     * @return boolean
+     */
+    public function viewSftpPassword(User $user, Server $server)
+    {
+        if ($this->isOwner($user, $server)) {
+            return true;
+        }
+
+        return $user->permissions()->server($server)->permission('view-sftp-password')->exists();
+    }
+
     /**
      * Check if user has permission to view databases for a server.
      *
diff --git a/app/Repositories/ServerRepository.php b/app/Repositories/ServerRepository.php
@@ -23,6 +23,7 @@
  */
 namespace Pterodactyl\Repositories;
 
+use Crypt;
 use DB;
 use Debugbar;
 use Validator;
@@ -804,7 +805,12 @@ public function updateSFTPPassword($id, $password)
             throw new DisplayValidationException(json_encode($validator->errors()));
         }
 
+        DB::beginTransaction();
+        $server->sftp_password = Crypt::encrypt($password);
+
         try {
+            $server->save();
+
             $client = Models\Node::guzzleRequest($server->node);
             $client->request('POST', '/server/password', [
                 'headers' => [
@@ -815,10 +821,14 @@ public function updateSFTPPassword($id, $password)
                     'password' => $password,
                 ],
             ]);
+
+            DB::commit();
             return true;
         } catch (\GuzzleHttp\Exception\TransferException $ex) {
+            DB::rollBack();
             throw new DisplayException('There was an error while attmping to contact the remote service to change the password.', $ex);
         } catch (\Exception $ex) {
+            DB::rollBack();
             throw $ex;
         }
 
diff --git a/app/Repositories/SubuserRepository.php b/app/Repositories/SubuserRepository.php
@@ -93,6 +93,7 @@ class SubuserRepository
         'edit-startup' => null,
         'view-sftp' => null,
         'reset-sftp' => 's:set-password',
+        'view-sftp-password' => null,
 
         // Databases
         'view-databases' => null,
diff --git a/database/migrations/2016_09_02_190647_add_sftp_password_storage.php b/database/migrations/2016_09_02_190647_add_sftp_password_storage.php
@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddSftpPasswordStorage extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('servers', function (Blueprint $table) {
+            $table->text('sftp_password')->after('username')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('servers', function (Blueprint $table) {
+            $table->dropColumn('sftp_password');
+        });
+    }
+}
diff --git a/resources/views/server/settings.blade.php b/resources/views/server/settings.blade.php
@@ -51,29 +51,34 @@
                                 </div>
                             </div>
                         </div>
-                        @can('reset-sftp', $server)
-                            <form action="{{ route('server.settings.sftp', $server->uuidShort) }}" method="POST">
-                                <div class="row">
-                                    <div class="col-md-12">
-                                        <div id="gen_pass" class=" alert alert-success" style="display:none;margin-bottom: 10px;"></div>
-                                    </div>
-                                    <div class="form-group col-md-6">
+                            <div class="row">
+                                <div class="col-md-12">
+                                    <div id="gen_pass" class=" alert alert-success" style="display:none;margin-bottom: 10px;"></div>
+                                </div>
+                                <div class="form-group col-md-6">
+                                @can('reset-sftp', $server)
+                                    <form action="{{ route('server.settings.sftp', $server->uuidShort) }}" method="POST">
                                         <label class="control-label">New SFTP Password:</label>
-                                        <div>
-                                            <input type="password" name="sftp_pass" class="form-control" />
-                                            <p class="text-muted"><small>Passwords must meet the following requirements: at least one uppercase character, one lowercase character, one digit, and be at least 8 characters in length. <a href="#" data-action="generate-password">Click here</a> to generate one to use.</small></p>
-                                        </div>
-                                    </div>
-                                    <div class="form-group col-md-6">
-                                        <label class="control-label">&nbsp;</label>
-                                        <div>
-                                            {!! csrf_field() !!}
-                                            <input type="submit" class="btn btn-sm btn-primary" value="Update Password" />
+                                        <div class="input-group">
+                                            <input type="password" class="form-control" name="sftp_pass" />
+                                            <span class="input-group-btn">
+                                                {!! csrf_field() !!}
+                                                <input type="submit" class="btn btn-primary btn-sm" value="Reset" />
+                                            </span>
                                         </div>
+                                        <p class="text-muted"><small>Passwords must meet the following requirements: at least one uppercase character, one lowercase character, one digit, and be at least 8 characters in length. <a href="#" data-action="generate-password">Click here</a> to generate one to use.</small></p>
+                                    </form>
+                                @endcan
+                                </div>
+                                <div class="form-group col-md-6">
+                                @can('view-sftp-password', $server)
+                                    <label class="control-label">Current Password:</label>
+                                    <div>
+                                        <input type="text" readonly="readonly" class="form-control" value="@if(!is_null($server->sftp_password)){{ Crypt::decrypt($server->sftp_password) }} @endif" />
                                     </div>
+                                @endcan
                                 </div>
-                            </form>
-                        @endcan
+                            </div>
                     </div>
                 </div>
             </div>
diff --git a/resources/views/server/users/new.blade.php b/resources/views/server/users/new.blade.php
@@ -200,6 +200,12 @@
                         <p class="text-muted"><small>Allows user to view the server's SFTP information (not the password).</small><p>
                     </label>
                 </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($oldInput['view-sftp-password']))checked="checked"@endif value="view-sftp-password"> <strong>View SFTP Password</strong>
+                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to view the SFTP password for the server.</small><p>
+                    </label>
+                </div>
                 <div class="checkbox highlight">
                     <label class="checkbox-custom highlight" data-initialize="checkbox">
                         <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($oldInput['reset-sftp']))checked="checked"@endif value="reset-sftp"> <strong>Reset SFTP Password</strong>
diff --git a/resources/views/server/users/view.blade.php b/resources/views/server/users/view.blade.php
@@ -189,6 +189,12 @@
                         <p class="text-muted"><small>Allows user to view the server's SFTP information (not the password).</small><p>
                     </label>
                 </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['view-sftp-password']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-sftp-password"> <strong>View SFTP Password</strong>
+                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to view the SFTP password for the server.</small><p>
+                    </label>
+                </div>
                 <div class="checkbox highlight">
                     <label class="checkbox-custom highlight" data-initialize="checkbox">
                         <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['reset-sftp']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="reset-sftp"> <strong>Reset SFTP Password</strong>
