Merge branch 'release/v0.7.1'

Author: DaneEveritt

CHANGELOG.md

@@ -3,6 +3,20 @@ This file is a running track of new features and fixes to each version of the pa
 
 This project follows [Semantic Versioning](http://semver.org) guidelines.
 
+## v0.7.1 (Derelict Dermodactylus)
+### Fixed
+* Fixes an exception when no token is entered on the 2-Factor enable/disable page and the form is submitted.
+* Fixes an exception when trying to perform actions aganist a User model due to a validator that could not be cast to a string correctly.
+* Allow FQDNs in database host creation UI correctly.
+* Fixes database naming scheme using `d###_` rather than `s###_` when creating server databases.
+* Fix exception thrown when attempting to update an existing database host.
+
+### Changed
+* Adjusted exception handler behavior to log more stack information for PDO exceptions while not exposing credentials.
+
+### Added
+* Very basic cache busting until asset management can be changed to make use of better systems.
+
 ## v0.7.0 (Derelict Dermodactylus)
 ### Fixed
 * `[rc.2]` — Fixes bad API behavior on `/user` routes.

app/Exceptions/Handler.php

@@ -32,6 +32,16 @@ class Handler extends ExceptionHandler
         ValidationException::class,
     ];
 
+    /**
+     * A list of exceptions that should be logged with cleaned stack
+     * traces to avoid exposing credentials or other sensitive information.
+     *
+     * @var array
+     */
+    protected $cleanStacks = [
+        PDOException::class,
+    ];
+
     /**
      * A list of the inputs that are never flashed for validation exceptions.
      *
@@ -73,7 +83,40 @@ public function report(Exception $exception)
             throw $exception;
         }
 
-        return $logger->error($exception instanceof PDOException ? $exception->getMessage() : $exception);
+        foreach ($this->cleanStacks as $class) {
+            if ($exception instanceof $class) {
+                $exception = $this->generateCleanedExceptionStack($exception);
+                break;
+            }
+        }
+
+        return $logger->error($exception);
+    }
+
+    private function generateCleanedExceptionStack(Exception $exception)
+    {
+        $cleanedStack = '';
+        foreach ($exception->getTrace() as $index => $item) {
+            $cleanedStack .= sprintf(
+                "#%d %s(%d): %s%s%s\n",
+                $index,
+                array_get($item, 'file'),
+                array_get($item, 'line'),
+                array_get($item, 'class'),
+                array_get($item, 'type'),
+                array_get($item, 'function')
+            );
+        }
+
+        $message = sprintf(
+            '%s: %s in %s:%d',
+            class_basename($exception),
+            $exception->getMessage(),
+            $exception->getFile(),
+            $exception->getLine()
+        );
+
+        return $message . "\nStack trace:\n" . trim($cleanedStack);
     }
 
     /**

app/Http/Controllers/Admin/DatabaseController.php

@@ -11,6 +11,7 @@
 
 use PDOException;
 use Illuminate\View\View;
+use Pterodactyl\Models\DatabaseHost;
 use Illuminate\Http\RedirectResponse;
 use Prologue\Alerts\AlertsMessageBag;
 use Pterodactyl\Http\Controllers\Controller;
@@ -136,22 +137,25 @@ public function create(DatabaseHostFormRequest $request): RedirectResponse
      * Handle updating database host.
      *
      * @param \Pterodactyl\Http\Requests\Admin\DatabaseHostFormRequest $request
-     * @param int                                                      $host
+     * @param \Pterodactyl\Models\DatabaseHost                         $host
      * @return \Illuminate\Http\RedirectResponse
      *
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
-    public function update(DatabaseHostFormRequest $request, int $host): RedirectResponse
+    public function update(DatabaseHostFormRequest $request, DatabaseHost $host): RedirectResponse
     {
+        $redirect = redirect()->route('admin.databases.view', $host->id);
+
         try {
-            $host = $this->updateService->handle($host, $request->normalize());
+            $this->updateService->handle($host->id, $request->normalize());
             $this->alert->success('Database host was updated successfully.')->flash();
         } catch (PDOException $ex) {
             $this->alert->danger($ex->getMessage())->flash();
+            $redirect->withInput($request->normalize());
         }
 
-        return redirect()->route('admin.databases.view', $host->id);
+        return $redirect;
     }
 
     /**

app/Http/Controllers/Base/SecurityController.php

@@ -107,7 +107,7 @@ public function generateTotp(Request $request)
     public function setTotp(Request $request)
     {
         try {
-            $this->toggleTwoFactorService->handle($request->user(), $request->input('token'));
+            $this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '');
 
             return response('true');
         } catch (TwoFactorAuthenticationTokenInvalid $exception) {
@@ -127,7 +127,7 @@ public function setTotp(Request $request)
     public function disableTotp(Request $request)
     {
         try {
-            $this->toggleTwoFactorService->handle($request->user(), $request->input('token'), false);
+            $this->toggleTwoFactorService->handle($request->user(), $request->input('token') ?? '', false);
         } catch (TwoFactorAuthenticationTokenInvalid $exception) {
             $this->alert->danger(trans('base.security.2fa_disable_error'))->flash();
         }

app/Http/Requests/Admin/DatabaseHostFormRequest.php

@@ -1,11 +1,4 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
 
 namespace Pterodactyl\Http\Requests\Admin;
 
@@ -18,14 +11,28 @@ class DatabaseHostFormRequest extends AdminFormRequest
      */
     public function rules()
     {
-        if (! $this->filled('node_id')) {
-            $this->merge(['node_id' => null]);
-        }
-
         if ($this->method() !== 'POST') {
             return DatabaseHost::getUpdateRulesForId($this->route()->parameter('host'));
         }
 
         return DatabaseHost::getCreateRules();
     }
+
+    /**
+     * Modify submitted data before it is passed off to the validator.
+     *
+     * @return \Illuminate\Contracts\Validation\Validator
+     */
+    protected function getValidatorInstance()
+    {
+        if (! $this->filled('node_id')) {
+            $this->merge(['node_id' => null]);
+        }
+
+        $this->merge([
+            'host' => gethostbyname($this->input('host')),
+        ]);
+
+        return parent::getValidatorInstance();
+    }
 }

app/Providers/AppServiceProvider.php

@@ -8,6 +8,7 @@
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Subuser;
 use Illuminate\Support\Facades\Schema;
+use Igaster\LaravelTheme\Facades\Theme;
 use Illuminate\Support\ServiceProvider;
 use Pterodactyl\Observers\UserObserver;
 use Pterodactyl\Observers\ServerObserver;
@@ -28,6 +29,7 @@ public function boot()
 
         View::share('appVersion', $this->versionData()['version'] ?? 'undefined');
         View::share('appIsGit', $this->versionData()['is_git'] ?? false);
+        Theme::setSetting('cache-version', md5($this->versionData()['version'] ?? 'undefined'));
     }
 
     /**

app/Rules/Username.php

@@ -6,6 +6,9 @@
 
 class Username implements Rule
 {
+    /**
+     * Regex to use when validating usernames.
+     */
     public const VALIDATION_REGEX = '/^[a-z0-9]([\w\.-]+)[a-z0-9]$/';
 
     /**
@@ -33,4 +36,15 @@ public function message(): string
         return 'The :attribute must start and end with alpha-numeric characters and
                 contain only letters, numbers, dashes, underscores, and periods.';
     }
+
+    /**
+     * Convert the rule to a validation string. This is necessary to avoid
+     * issues with Eloquence which tries to use this rule as a string.
+     *
+     * @return string
+     */
+    public function __toString()
+    {
+        return 'p_username';
+    }
 }

app/Services/Databases/DatabaseManagementService.php

@@ -1,11 +1,4 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
 
 namespace Pterodactyl\Services\Databases;
 
@@ -65,13 +58,11 @@ public function __construct(
      * @return \Illuminate\Database\Eloquent\Model
      *
      * @throws \Exception
-     * @throws \Pterodactyl\Exceptions\DisplayException
-     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      */
     public function create($server, array $data)
     {
         $data['server_id'] = $server;
-        $data['database'] = sprintf('d%d_%s', $server, $data['database']);
+        $data['database'] = sprintf('s%d_%s', $server, $data['database']);
         $data['username'] = sprintf('u%d_%s', $server, str_random(10));
         $data['password'] = $this->encrypter->encrypt(str_random(16));
 

composer.json

@@ -22,7 +22,7 @@
         "fideloper/proxy": "^3.3",
         "guzzlehttp/guzzle": "^6.3",
         "hashids/hashids": "^2.0",
-        "igaster/laravel-theme": "^1.16",
+        "igaster/laravel-theme": "^2.0.6",
         "laracasts/utilities": "^3.0",
         "laravel/framework": "5.5.*",
         "laravel/tinker": "^1.0",