Merge pull request pterodactyl#768 from Pterodactyl/feature/auth-controller-cleanup

Push updates to login page, mostly UI enhancements.

Author: DaneEveritt

CHANGELOG.md

@@ -19,6 +19,8 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 ### Changed
 * Moved Docker image setting to be on the startup management page for a server rather than the details page. This value changes based on the Nest and Egg that are selected.
 * Two-Factor authentication tokens are now 32 bytes in length, and are stored encrypted at rest in the database.
+* Login page UI has been improved to be more sleek and welcoming to users.
+* Changed 2FA login process to be more secure. Previously authentication checking happened on the 2FA post page, now it happens prior and is passed along to the 2FA page to avoid storing any credentials.
 
 ### Added
 * Socketio error messages due to permissions are now rendered correctly in the UI rather than causing a silent failure.

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -1,56 +1,31 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
 
 namespace Pterodactyl\Http\Controllers\Auth;
 
 use Illuminate\Http\Request;
+use Illuminate\Http\RedirectResponse;
 use Illuminate\Support\Facades\Password;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Events\Auth\FailedPasswordReset;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 
 class ForgotPasswordController extends Controller
 {
-    /*
-    |--------------------------------------------------------------------------
-    | Password Reset Controller
-    |--------------------------------------------------------------------------
-    |
-    | This controller is responsible for handling password reset emails and
-    | includes a trait which assists in sending these notifications from
-    | your application to your users. Feel free to explore this trait.
-    |
-    */
-
     use SendsPasswordResetEmails;
 
-    /**
-     * Create a new controller instance.
-     */
-    public function __construct()
-    {
-        $this->middleware('guest');
-    }
-
     /**
      * Get the response for a failed password reset link.
      *
      * @param  \Illuminate\Http\Request
      * @param string $response
      * @return \Illuminate\Http\RedirectResponse
      */
-    protected function sendResetLinkFailedResponse(Request $request, $response)
+    protected function sendResetLinkFailedResponse(Request $request, $response): RedirectResponse
     {
         // As noted in #358 we will return success even if it failed
         // to avoid pointing out that an account does or does not
         // exist on the system.
-        event(new FailedPasswordReset($request->ip(), $request->only('email')));
+        event(new FailedPasswordReset($request->ip(), $request->input('email')));
 
         return $this->sendResetLinkResponse(Password::RESET_LINK_SENT);
     }