Merge branch 'develop' into develop

Author: DaneEveritt

CHANGELOG.md

@@ -11,6 +11,13 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * `[beta.1]` — Fixes missing check in environment setup that would leave the Hashids salt empty.
 * `[beta.1]` — Fixes bug preventing loading of allocations when trying to create a new server.
 * `[beta.1]` — Fixes bug causing inability to create new servers on the Panel.
+* `[beta.1]` — Fixes bug causing inability to delete an allocation due to misconfigured JS.
+* `[beta.1]` — Fixes bug causing inability to set the IP alias for an allocation to an empty value.
+* `[beta.1]` — Fixes bug that caused startup changes to not propigate to the server correctly on the first save.
+
+### Changed
+* Moved Docker image setting to be on the startup management page for a server rather than the details page. This value changes based on the Nest and Egg that are selected.
+* Two-Factor authentication tokens are now 32 bytes in length, and are stored encrypted at rest in the database.
 
 ## v0.7.0-beta.1 (Derelict Dermodactylus)
 ### Added

app/Console/Commands/Maintenance/CleanServiceBackupFilesCommand.php

@@ -15,6 +15,8 @@
 
 class CleanServiceBackupFilesCommand extends Command
 {
+    const BACKUP_THRESHOLD_MINUTES = 5;
+
     /**
      * @var \Carbon\Carbon
      */
@@ -58,7 +60,7 @@ public function handle()
 
         collect($files)->each(function ($file) {
             $lastModified = $this->carbon->timestamp($this->disk->lastModified($file));
-            if ($lastModified->diffInMinutes($this->carbon->now()) > 5) {
+            if ($lastModified->diffInMinutes($this->carbon->now()) > self::BACKUP_THRESHOLD_MINUTES) {
                 $this->disk->delete($file);
                 $this->info(trans('command/messages.maintenance.deleting_service_backup', ['file' => $file]));
             }

app/Contracts/Repository/ServerRepositoryInterface.php

@@ -95,14 +95,15 @@ public function getDataForCreation(Server $server, bool $refresh = false): Serve
     public function getWithDatabases($id);
 
     /**
-     * Return data about the daemon service in a consumable format.
+     * Get data for use when updating a server on the Daemon. Returns an array of
+     * the egg and pack UUID which are used for build and rebuild. Only loads relations
+     * if they are missing, or refresh is set to true.
      *
-     * @param int $id
+     * @param \Pterodactyl\Models\Server $server
+     * @param bool                       $refresh
      * @return array
-     *
-     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
-    public function getDaemonServiceData($id);
+    public function getDaemonServiceData(Server $server, bool $refresh = false): array;
 
     /**
      * Return an array of server IDs that a given user can access based on owner and subuser permissions.

app/Http/Controllers/Admin/ServersController.php

@@ -410,25 +410,6 @@ public function setDetails(Request $request, Server $server)
         return redirect()->route('admin.servers.view.details', $server->id);
     }
 
-    /**
-     * Set the new docker container for a server.
-     *
-     * @param \Illuminate\Http\Request   $request
-     * @param \Pterodactyl\Models\Server $server
-     * @return \Illuminate\Http\RedirectResponse
-     *
-     * @throws \Pterodactyl\Exceptions\DisplayException
-     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
-     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
-     */
-    public function setContainer(Request $request, Server $server)
-    {
-        $this->detailsModificationService->setDockerImage($server, $request->input('docker_image'));
-        $this->alert->success(trans('admin/server.alerts.docker_image_updated'))->flash();
-
-        return redirect()->route('admin.servers.view.details', $server->id);
-    }
-
     /**
      * Toggles the install status for a server.
      *

app/Http/Controllers/Auth/LoginController.php

@@ -202,7 +202,7 @@ public function totpCheckpoint(Request $request)
             return $this->sendFailedLoginResponse($request);
         }
 
-        if (! $G2FA->verifyKey($user->totp_secret, $request->input('2fa_token'), 2)) {
+        if (! $G2FA->verifyKey(Crypt::decrypt($user->totp_secret), $request->input('2fa_token'), 2)) {
             event(new \Illuminate\Auth\Events\Failed($user, $credentials));
 
             return $this->sendFailedLoginResponse($request);

app/Http/Controllers/Base/SecurityController.php

@@ -27,7 +27,6 @@
 
 use Illuminate\Http\Request;
 use Prologue\Alerts\AlertsMessageBag;
-use Illuminate\Contracts\Session\Session;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Services\Users\TwoFactorSetupService;
 use Pterodactyl\Services\Users\ToggleTwoFactorService;
@@ -52,11 +51,6 @@ class SecurityController extends Controller
      */
     protected $repository;
 
-    /**
-     * @var \Illuminate\Contracts\Session\Session
-     */
-    protected $session;
-
     /**
      * @var \Pterodactyl\Services\Users\ToggleTwoFactorService
      */
@@ -72,23 +66,20 @@ class SecurityController extends Controller
      *
      * @param \Prologue\Alerts\AlertsMessageBag                            $alert
      * @param \Illuminate\Contracts\Config\Repository                      $config
-     * @param \Illuminate\Contracts\Session\Session                        $session
      * @param \Pterodactyl\Contracts\Repository\SessionRepositoryInterface $repository
      * @param \Pterodactyl\Services\Users\ToggleTwoFactorService           $toggleTwoFactorService
      * @param \Pterodactyl\Services\Users\TwoFactorSetupService            $twoFactorSetupService
      */
     public function __construct(
         AlertsMessageBag $alert,
         ConfigRepository $config,
-        Session $session,
         SessionRepositoryInterface $repository,
         ToggleTwoFactorService $toggleTwoFactorService,
         TwoFactorSetupService $twoFactorSetupService
     ) {
         $this->alert = $alert;
         $this->config = $config;
         $this->repository = $repository;
-        $this->session = $session;
         $this->toggleTwoFactorService = $toggleTwoFactorService;
         $this->twoFactorSetupService = $twoFactorSetupService;
     }
@@ -122,7 +113,9 @@ public function index(Request $request)
      */
     public function generateTotp(Request $request)
     {
-        return response()->json($this->twoFactorSetupService->handle($request->user()));
+        return response()->json([
+            'qrImage' => $this->twoFactorSetupService->handle($request->user()),
+        ]);
     }
 
     /**

app/Http/Requests/Admin/Node/AllocationAliasFormRequest.php

@@ -19,7 +19,7 @@ class AllocationAliasFormRequest extends AdminFormRequest
     public function rules()
     {
         return [
-            'alias' => 'required|nullable|string',
+            'alias' => 'present|nullable|string',
             'allocation_id' => 'required|numeric|exists:allocations,id',
         ];
     }

app/Models/Allocation.php

@@ -60,7 +60,7 @@ class Allocation extends Model implements CleansAttributes, ValidableContract
         'node_id' => 'exists:nodes,id',
         'ip' => 'ip',
         'port' => 'numeric|between:1024,65553',
-        'alias' => 'string',
+        'ip_alias' => 'nullable|string',
         'server_id' => 'nullable|exists:servers,id',
     ];
 

app/Models/User.php

@@ -63,6 +63,7 @@ class User extends Model implements
         'language',
         'use_totp',
         'totp_secret',
+        'totp_authenticated_at',
         'gravatar',
         'root_admin',
     ];
@@ -78,6 +79,11 @@ class User extends Model implements
         'gravatar' => 'boolean',
     ];
 
+    /**
+     * @var array
+     */
+    protected $dates = [self::CREATED_AT, self::UPDATED_AT, 'totp_authenticated_at'];
+
     /**
      * The attributes excluded from the model's JSON form.
      *

app/Policies/APIKeyPolicy.php

@@ -13,7 +13,6 @@
 use Carbon;
 use Pterodactyl\Models\User;
 use Pterodactyl\Models\APIKey as Key;
-use Pterodactyl\Models\APIPermission as Permission;
 
 class APIKeyPolicy
 {