Working login form with password reset functionality.

Author: DaneEveritt

app/Http/Controllers/Auth/AbstractLoginController.php

@@ -107,7 +107,7 @@ protected function sendFailedLoginResponse(Request $request, Authenticatable $us
         ]);
 
         if ($request->route()->named('auth.checkpoint')) {
-            throw new DisplayException(trans('auth.checkpoint_failed'));
+            throw new DisplayException(trans('auth.two_factor.checkpoint_failed'));
         }
 
         throw new DisplayException(trans('auth.failed'));

app/Http/Controllers/Auth/LoginCheckpointController.php

@@ -18,7 +18,7 @@ class LoginCheckpointController extends AbstractLoginController
      *
      * @throws \Pterodactyl\Exceptions\DisplayException
      */
-    public function index(LoginCheckpointRequest $request): JsonResponse
+    public function __invoke(LoginCheckpointRequest $request): JsonResponse
     {
         try {
             $cache = $this->cache->pull($request->input('confirmation_token'), []);

app/Http/Controllers/Auth/LoginController.php

@@ -22,6 +22,8 @@ public function login(Request $request): JsonResponse
         $username = $request->input('user');
         $useColumn = $this->getField($username);
 
+        sleep(1);
+
         if ($this->hasTooManyLoginAttempts($request)) {
             $this->fireLockoutEvent($request);
             $this->sendLockoutResponse($request);

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -2,8 +2,12 @@
 
 namespace Pterodactyl\Http\Controllers\Auth;
 
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Password;
+use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\ResetsPasswords;
+use Pterodactyl\Http\Requests\Auth\ResetPasswordRequest;
 
 class ResetPasswordController extends Controller
 {
@@ -17,16 +21,44 @@ class ResetPasswordController extends Controller
     public $redirectTo = '/';
 
     /**
-     * Return the rules used when validating password reset.
+     * Reset the given user's password.
      *
-     * @return array
+     * @param \Pterodactyl\Http\Requests\Auth\ResetPasswordRequest $request
+     * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Pterodactyl\Exceptions\DisplayException
+     */
+    public function __invoke(ResetPasswordRequest $request): JsonResponse
+    {
+        // Here we will attempt to reset the user's password. If it is successful we
+        // will update the password on an actual user model and persist it to the
+        // database. Otherwise we will parse the error and return the response.
+        $response = $this->broker()->reset(
+            $this->credentials($request), function ($user, $password) {
+                $this->resetPassword($user, $password);
+            }
+        );
+
+        // If the password was successfully reset, we will redirect the user back to
+        // the application's home authenticated view. If there is an error we can
+        // redirect them back to where they came from with their error message.
+        if ($response === Password::PASSWORD_RESET) {
+            return $this->sendResetResponse();
+        }
+
+        throw new DisplayException(trans($response));
+    }
+
+    /**
+     * Send a successful password reset response back to the callee.
+     *
+     * @return \Illuminate\Http\JsonResponse
      */
-    protected function rules(): array
+    protected function sendResetResponse(): JsonResponse
     {
-        return [
-            'token' => 'required',
-            'email' => 'required|email',
-            'password' => 'required|confirmed|min:8',
-        ];
+        return response()->json([
+            'success' => true,
+            'redirect_to' => $this->redirectTo,
+        ]);
     }
 }

app/Http/Requests/Auth/ResetPasswordRequest.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Auth;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class ResetPasswordRequest extends FormRequest
+{
+    /**
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * @return array
+     */
+    public function rules(): array
+    {
+        return [
+            'token' => 'required|string',
+            'email' => 'required|email',
+            'password' => 'required|string|confirmed|min:8',
+        ];
+    }
+}

gulpfile.js

@@ -23,6 +23,7 @@ const paths = {
     },
     scripts: {
         src: './resources/assets/pterodactyl/scripts/**/*.{js,vue}',
+        watch: ['./resources/assets/pterodactyl/scripts/**/*.{js,vue}', './resources/lang/locales.js'],
         dest: './public/assets/scripts',
     },
 };
@@ -68,7 +69,7 @@ function watch() {
         return del(['./public/assets/css/**/*.css']);
     }, styles));
 
-    gulp.watch(paths.scripts.src, gulp.series(function cleanScripts() {
+    gulp.watch(paths.scripts.watch, gulp.series(function cleanScripts() {
         return del(['./public/assets/scripts/**/*.js']);
     }, scripts));
 }

resources/assets/pterodactyl/scripts/app.js

@@ -11,6 +11,7 @@ import Locales from './../../../../resources/lang/locales';
 
 // Base Vuejs Templates
 import Login from './components/auth/Login';
+import ResetPassword from './components/auth/ResetPassword';
 
 // Used for the route() helper.
 window.Ziggy = Ziggy;
@@ -58,6 +59,17 @@ const router = new VueRouter({
             path: '/checkpoint',
             component: Login,
         },
+        {
+            name: 'reset-password',
+            path: '/reset-password/:token',
+            component: ResetPassword,
+            props: function (route) {
+                return {
+                    token: route.params.token,
+                    email: route.query.email || '',
+                }
+            },
+        }
     ]
 });
 

resources/assets/pterodactyl/scripts/components/auth/ForgotPassword.vue

@@ -13,19 +13,20 @@
             <div class="flex flex-wrap -mx-3 mb-6">
                 <div class="input-open">
                     <input class="input" id="grid-email" type="email" aria-labelledby="grid-email" ref="email" required
+                           v-bind:class="{ 'has-content': email.length > 0 }"
                            v-bind:readonly="showSpinner"
                            v-bind:value="email"
                            v-on:input="updateEmail($event)"
                     />
                     <label for="grid-email">{{ $t('strings.email') }}</label>
-                    <p class="text-grey-darker text-xs">{{ $t('auth.reset_help_text') }}</p>
+                    <p class="text-grey-darker text-xs">{{ $t('auth.forgot_password.label_help') }}</p>
                 </div>
             </div>
             <div>
                 <button class="btn btn-blue btn-jumbo" type="submit" v-bind:disabled="submitDisabled">
                     <span class="spinner white" v-bind:class="{ hidden: ! showSpinner }">&nbsp;</span>
                     <span v-bind:class="{ hidden: showSpinner }">
-                        {{ $t('auth.recover_account') }}
+                        {{ $t('auth.forgot_password.button') }}
                     </span>
                 </button>
             </div>
@@ -67,7 +68,7 @@
                 this.$data.showSpinner = true;
                 this.$data.errors = [];
 
-                window.axios.post(this.route('auth.forgot-password.send-link'), {
+                window.axios.post(this.route('auth.forgot-password'), {
                     email: this.$props.email,
                 })
                     .then(function (response) {

resources/assets/pterodactyl/scripts/components/auth/Login.vue

@@ -10,9 +10,7 @@
                 v-bind:email="user.email"
                 v-on:update-email="onUpdateEmail"
         />
-        <two-factor-form
-            v-if="this.$route.name === 'checkpoint'"
-        />
+        <two-factor-form v-if="this.$route.name === 'checkpoint'" />
     </div>
 </template>
 

resources/assets/pterodactyl/scripts/components/auth/LoginForm.vue

@@ -2,11 +2,11 @@
     <div>
         <flash-message variant="danger" />
         <flash-message variant="success" />
-        <div class="pb-4" v-if="errors && errors.length === 1">
+        <div class="pb-4" v-for="error in errors">
             <div class="p-2 bg-red-dark border-red-darker border items-center text-red-lightest leading-normal rounded flex lg:inline-flex w-full text-sm"
                  role="alert">
                 <span class="flex rounded-full bg-red uppercase px-2 py-1 text-xs font-bold mr-3 leading-none">Error</span>
-                <span class="mr-2 text-left flex-auto">{{ errors[0] }}</span>
+                <span class="mr-2 text-left flex-auto">{{ error }}</span>
             </div>
         </div>
         <form class="bg-white shadow-lg rounded-lg pt-10 px-8 pb-6 mb-4 animate fadein" method="post"
@@ -16,6 +16,7 @@
                 <div class="input-open">
                     <input class="input" id="grid-username" type="text" name="user" aria-labelledby="grid-username" required
                            ref="email"
+                           v-bind:readonly="showSpinner"
                            v-bind:value="user.email"
                            v-on:input="updateEmail($event)"
                     />
@@ -26,6 +27,7 @@
                 <div class="input-open">
                     <input class="input" id="grid-password" type="password" name="password"
                            ref="password"
+                           v-bind:readonly="showSpinner"
                            aria-labelledby="grid-password" required
                            v-model="user.password"
                     />
@@ -43,7 +45,7 @@
             <div class="pt-6 text-center">
                 <router-link class="text-xs text-grey tracking-wide no-underline uppercase hover:text-grey-dark"
                              :to="{ name: 'forgot-password' }">
-                    {{ $t('auth.forgot_password') }}
+                    {{ $t('auth.forgot_password.label') }}
                 </router-link>
             </div>
         </form>