Fix links sent to users when accounts are created

DaneEveritt · DaneEveritt · commit d2bc791d748e · 2018-06-30T18:47:31.000-07:00
closes pterodactyl#1093
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * Logo now links to the correct location on all pages.
 * Permissions checking to determine if a user can see the task management page now works correctly.
 * Fixed `pterodactyl.environment_variables` to be used correctly for global environment variables. The wrong config variable name was being using previously.
+* Fixes tokens being sent to users when their account is created to actually work. Implements Laravel's internal token creation mechanisms rather than trying to do it custom.
 
 ### Changed
 * Attempting to upload a folder via the web file manager will now display a warning telling the user to use SFTP.
diff --git a/app/Notifications/AccountCreated.php b/app/Notifications/AccountCreated.php
@@ -23,7 +23,7 @@ class AccountCreated extends Notification implements ShouldQueue
     /**
      * The user model for the created user.
      *
-     * @var object
+     * @var \Pterodactyl\Models\User
      */
     public $user;
 
@@ -65,7 +65,7 @@ public function toMail($notifiable)
             ->line('Email: ' . $this->user->email);
 
         if (! is_null($this->token)) {
-            return $message->action('Setup Your Account', url('/auth/password/reset/' . $this->token . '?email=' . $this->user->email));
+            return $message->action('Setup Your Account', url('/auth/password/reset/' . $this->token . '?email=' . urlencode($this->user->email)));
         }
 
         return $message;
diff --git a/app/Services/Helpers/TemporaryPasswordService.php b/app/Services/Helpers/TemporaryPasswordService.php
diff --git a/app/Services/Users/UserCreationService.php b/app/Services/Users/UserCreationService.php
@@ -5,8 +5,8 @@
 use Ramsey\Uuid\Uuid;
 use Illuminate\Contracts\Hashing\Hasher;
 use Illuminate\Database\ConnectionInterface;
+use Illuminate\Contracts\Auth\PasswordBroker;
 use Pterodactyl\Notifications\AccountCreated;
-use Pterodactyl\Services\Helpers\TemporaryPasswordService;
 use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
 
 class UserCreationService
@@ -22,9 +22,9 @@ class UserCreationService
     private $hasher;
 
     /**
-     * @var \Pterodactyl\Services\Helpers\TemporaryPasswordService
+     * @var \Illuminate\Contracts\Auth\PasswordBroker
      */
-    private $passwordService;
+    private $passwordBroker;
 
     /**
      * @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
@@ -36,18 +36,18 @@ class UserCreationService
      *
      * @param \Illuminate\Database\ConnectionInterface                  $connection
      * @param \Illuminate\Contracts\Hashing\Hasher                      $hasher
-     * @param \Pterodactyl\Services\Helpers\TemporaryPasswordService    $passwordService
+     * @param \Illuminate\Contracts\Auth\PasswordBroker                 $passwordBroker
      * @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
      */
     public function __construct(
         ConnectionInterface $connection,
         Hasher $hasher,
-        TemporaryPasswordService $passwordService,
+        PasswordBroker $passwordBroker,
         UserRepositoryInterface $repository
     ) {
         $this->connection = $connection;
         $this->hasher = $hasher;
-        $this->passwordService = $passwordService;
+        $this->passwordBroker = $passwordBroker;
         $this->repository = $repository;
     }
 
@@ -68,15 +68,19 @@ public function handle(array $data)
 
         $this->connection->beginTransaction();
         if (! isset($data['password']) || empty($data['password'])) {
+            $generateResetToken = true;
             $data['password'] = $this->hasher->make(str_random(30));
-            $token = $this->passwordService->handle($data['email']);
         }
 
         /** @var \Pterodactyl\Models\User $user */
         $user = $this->repository->create(array_merge($data, [
             'uuid' => Uuid::uuid4()->toString(),
         ]), true, true);
 
+        if (isset($generateResetToken)) {
+            $token = $this->passwordBroker->createToken($user);
+        }
+
         $this->connection->commit();
         $user->notify(new AccountCreated($user, $token ?? null));
 
diff --git a/tests/Unit/Services/Helpers/TemporaryPasswordServiceTest.php b/tests/Unit/Services/Helpers/TemporaryPasswordServiceTest.php
diff --git a/tests/Unit/Services/Users/UserCreationServiceTest.php b/tests/Unit/Services/Users/UserCreationServiceTest.php
@@ -9,9 +9,9 @@
 use Illuminate\Contracts\Hashing\Hasher;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Support\Facades\Notification;
+use Illuminate\Contracts\Auth\PasswordBroker;
 use Pterodactyl\Notifications\AccountCreated;
 use Pterodactyl\Services\Users\UserCreationService;
-use Pterodactyl\Services\Helpers\TemporaryPasswordService;
 use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
 
 class UserCreationServiceTest extends TestCase
@@ -29,9 +29,9 @@ class UserCreationServiceTest extends TestCase
     private $hasher;
 
     /**
-     * @var \Pterodactyl\Services\Helpers\TemporaryPasswordService|\Mockery\Mock
+     * @var \Illuminate\Contracts\Auth\PasswordBroker|\Mockery\Mock
      */
-    private $passwordService;
+    private $passwordBroker;
 
     /**
      * @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface|\Mockery\Mock
@@ -48,7 +48,7 @@ public function setUp()
         Notification::fake();
         $this->connection = m::mock(ConnectionInterface::class);
         $this->hasher = m::mock(Hasher::class);
-        $this->passwordService = m::mock(TemporaryPasswordService::class);
+        $this->passwordBroker = m::mock(PasswordBroker::class);
         $this->repository = m::mock(UserRepositoryInterface::class);
     }
 
@@ -121,7 +121,7 @@ public function testUserIsCreatedWhenNoPasswordIsProvided()
         $this->hasher->shouldNotReceive('make');
         $this->connection->shouldReceive('beginTransaction')->withNoArgs()->once()->andReturnNull();
         $this->hasher->shouldReceive('make')->once()->andReturn('created-enc-password');
-        $this->passwordService->shouldReceive('handle')->with($user->email)->once()->andReturn('random-token');
+        $this->passwordBroker->shouldReceive('createToken')->with($user)->once()->andReturn('random-token');
 
         $this->repository->shouldReceive('create')->with([
             'password' => 'created-enc-password',
@@ -152,6 +152,6 @@ public function testUserIsCreatedWhenNoPasswordIsProvided()
      */
     private function getService(): UserCreationService
     {
-        return new UserCreationService($this->connection, $this->hasher, $this->passwordService, $this->repository);
+        return new UserCreationService($this->connection, $this->hasher, $this->passwordBroker, $this->repository);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ class AccountCreated extends Notification implements ShouldQueue`
`23`	`23`	`/**`
`24`	`24`	`* The user model for the created user.`
`25`	`25`	`*`
`26`		`- * @var object`
	`26`	`+ * @var \Pterodactyl\Models\User`
`27`	`27`	`*/`
`28`	`28`	`public $user;`
`29`	`29`
`@@ -65,7 +65,7 @@ public function toMail($notifiable)`
`65`	`65`	`->line('Email: ' . $this->user->email);`
`66`	`66`
`67`	`67`	`if (! is_null($this->token)) {`
`68`		`- return $message->action('Setup Your Account', url('/auth/password/reset/' . $this->token . '?email=' . $this->user->email));`
	`68`	`+ return $message->action('Setup Your Account', url('/auth/password/reset/' . $this->token . '?email=' . urlencode($this->user->email)));`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`return $message;`