Add base logic to configure two factor on account

Author: DaneEveritt

app/Exceptions/Service/User/TwoFactorAuthenticationTokenInvalid.php

@@ -1,16 +1,9 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
 
 namespace Pterodactyl\Exceptions\Service\User;
 
-use Exception;
+use Pterodactyl\Exceptions\DisplayException;
 
-class TwoFactorAuthenticationTokenInvalid extends Exception
+class TwoFactorAuthenticationTokenInvalid extends DisplayException
 {
 }

app/Http/Controllers/Api/Client/TwoFactorController.php

@@ -0,0 +1,106 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Api\Client;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Contracts\Validation\Factory;
+use Illuminate\Validation\ValidationException;
+use Pterodactyl\Services\Users\TwoFactorSetupService;
+use Pterodactyl\Services\Users\ToggleTwoFactorService;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+
+class TwoFactorController extends ClientApiController
+{
+    /**
+     * @var \Pterodactyl\Services\Users\TwoFactorSetupService
+     */
+    private $setupService;
+
+    /**
+     * @var \Illuminate\Contracts\Validation\Factory
+     */
+    private $validation;
+
+    /**
+     * @var \Pterodactyl\Services\Users\ToggleTwoFactorService
+     */
+    private $toggleTwoFactorService;
+
+    /**
+     * TwoFactorController constructor.
+     *
+     * @param \Pterodactyl\Services\Users\ToggleTwoFactorService $toggleTwoFactorService
+     * @param \Pterodactyl\Services\Users\TwoFactorSetupService $setupService
+     * @param \Illuminate\Contracts\Validation\Factory $validation
+     */
+    public function __construct(
+        ToggleTwoFactorService $toggleTwoFactorService,
+        TwoFactorSetupService $setupService,
+        Factory $validation
+    ) {
+        parent::__construct();
+
+        $this->setupService = $setupService;
+        $this->validation = $validation;
+        $this->toggleTwoFactorService = $toggleTwoFactorService;
+    }
+
+    /**
+     * Returns two-factor token credentials that allow a user to configure
+     * it on their account. If two-factor is already enabled this endpoint
+     * will return a 400 error.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function index(Request $request)
+    {
+        if ($request->user()->totp_enabled) {
+            throw new BadRequestHttpException('Two-factor authentication is already enabled on this account.');
+        }
+
+        return JsonResponse::create([
+            'data' => [
+                'image_url_data' => $this->setupService->handle($request->user()),
+            ],
+        ]);
+    }
+
+    /**
+     * Updates a user's account to have two-factor enabled.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Illuminate\Validation\ValidationException
+     * @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
+     * @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
+     * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     * @throws \Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid
+     */
+    public function store(Request $request)
+    {
+        $validator = $this->validation->make($request->all(), [
+            'code' => 'required|string',
+        ]);
+
+        if ($validator->fails()) {
+            throw new ValidationException($validator);
+        }
+
+        $this->toggleTwoFactorService->handle($request->user(), $request->input('code'), true);
+
+        return JsonResponse::create([], Response::HTTP_NO_CONTENT);
+    }
+
+    public function delete()
+    {
+    }
+}

app/Services/Users/ToggleTwoFactorService.php

@@ -65,7 +65,9 @@ public function handle(User $user, string $token, bool $toggleState = null): boo
         $isValidToken = $this->google2FA->verifyKey($secret, $token, config()->get('pterodactyl.auth.2fa.window'));
 
         if (! $isValidToken) {
-            throw new TwoFactorAuthenticationTokenInvalid;
+            throw new TwoFactorAuthenticationTokenInvalid(
+                'The token provided is not valid.'
+            );
         }
 
         $this->repository->withoutFreshModel()->update($user->id, [

package.json

@@ -32,6 +32,7 @@
         "react-transition-group": "^4.3.0",
         "sockette": "^2.0.6",
         "styled-components": "^4.4.1",
+        "styled-components-breakpoint": "^3.0.0-preview.20",
         "use-react-router": "^1.0.7",
         "uuid": "^3.3.2",
         "xterm": "^3.14.4",

resources/scripts/api/account/enableAccountTwoFactor.ts

@@ -0,0 +1,9 @@
+import http from '@/api/http';
+
+export default (code: string): Promise<void> => {
+    return new Promise((resolve, reject) => {
+        http.post('/api/client/account/two-factor', { code })
+            .then(() => resolve())
+            .catch(reject);
+    });
+};

resources/scripts/api/account/getTwoFactorTokenUrl.ts

@@ -0,0 +1,9 @@
+import http from '@/api/http';
+
+export default (): Promise<string> => {
+    return new Promise((resolve, reject) => {
+        http.get('/api/client/account/two-factor')
+            .then(({ data }) => resolve(data.data.image_url_data))
+            .catch(reject);
+    });
+};

resources/scripts/components/App.tsx

@@ -8,6 +8,7 @@ import ServerRouter from '@/routers/ServerRouter';
 import AuthenticationRouter from '@/routers/AuthenticationRouter';
 import { Provider } from 'react-redux';
 import { SiteSettings } from '@/state/settings';
+import { DefaultTheme, ThemeProvider } from 'styled-components';
 
 interface ExtendedWindow extends Window {
     SiteConfiguration?: SiteSettings;
@@ -23,6 +24,16 @@ interface ExtendedWindow extends Window {
     };
 }
 
+const theme: DefaultTheme = {
+    breakpoints: {
+        xs: 0,
+        sm: 576,
+        md: 768,
+        lg: 992,
+        xl: 1200,
+    },
+};
+
 const App = () => {
     const { PterodactylUser, SiteConfiguration } = (window as ExtendedWindow);
     if (PterodactylUser && !store.getState().user.data) {
@@ -43,21 +54,23 @@ const App = () => {
     }
 
     return (
-        <StoreProvider store={store}>
-            <Provider store={store}>
-                <Router basename={'/'}>
-                    <div className={'mx-auto w-auto'}>
-                        <BrowserRouter basename={'/'}>
-                            <Switch>
-                                <Route path="/server/:id" component={ServerRouter}/>
-                                <Route path="/auth" component={AuthenticationRouter}/>
-                                <Route path="/" component={DashboardRouter}/>
-                            </Switch>
-                        </BrowserRouter>
-                    </div>
-                </Router>
-            </Provider>
-        </StoreProvider>
+        <ThemeProvider theme={theme}>
+            <StoreProvider store={store}>
+                <Provider store={store}>
+                    <Router basename={'/'}>
+                        <div className={'mx-auto w-auto'}>
+                            <BrowserRouter basename={'/'}>
+                                <Switch>
+                                    <Route path="/server/:id" component={ServerRouter}/>
+                                    <Route path="/auth" component={AuthenticationRouter}/>
+                                    <Route path="/" component={DashboardRouter}/>
+                                </Switch>
+                            </BrowserRouter>
+                        </div>
+                    </Router>
+                </Provider>
+            </StoreProvider>
+        </ThemeProvider>
     );
 };
 

resources/scripts/components/dashboard/AccountOverviewContainer.tsx

@@ -2,16 +2,38 @@ import * as React from 'react';
 import ContentBox from '@/components/elements/ContentBox';
 import UpdatePasswordForm from '@/components/dashboard/forms/UpdatePasswordForm';
 import UpdateEmailAddressForm from '@/components/dashboard/forms/UpdateEmailAddressForm';
+import ConfigureTwoFactorForm from '@/components/dashboard/forms/ConfigureTwoFactorForm';
+import styled from 'styled-components';
+import { breakpoint } from 'styled-components-breakpoint';
+
+const Container = styled.div`
+    ${tw`flex flex-wrap my-10`};
+
+    & > div {
+        ${tw`w-full`};
+
+        ${breakpoint('md')`
+            width: calc(50% - 1rem);
+        `}
+
+        ${breakpoint('xl')`
+            ${tw`w-auto flex-1`};
+        `}
+    }
+`;
 
 export default () => {
     return (
-        <div className={'flex my-10'}>
-            <ContentBox className={'flex-1 mr-4'} title={'Update Password'} showFlashes={'account:password'}>
+        <Container>
+            <ContentBox title={'Update Password'} showFlashes={'account:password'}>
                 <UpdatePasswordForm/>
             </ContentBox>
-            <ContentBox className={'flex-1 ml-4'} title={'Update Email Address'} showFlashes={'account:email'}>
+            <ContentBox className={'mt-8 md:mt-0 md:ml-8'} title={'Update Email Address'} showFlashes={'account:email'}>
                 <UpdateEmailAddressForm/>
             </ContentBox>
-        </div>
+            <ContentBox className={'xl:ml-8 mt-8 xl:mt-0'} title={'Configure Two Factor'}>
+                <ConfigureTwoFactorForm/>
+            </ContentBox>
+        </Container>
     );
 };

resources/scripts/components/dashboard/forms/ConfigureTwoFactorForm.tsx

@@ -0,0 +1,38 @@
+import React, { useState } from 'react';
+import { useStoreState } from 'easy-peasy';
+import { ApplicationStore } from '@/state';
+import SetupTwoFactorModal from '@/components/dashboard/forms/SetupTwoFactorModal';
+
+export default () => {
+    const user = useStoreState((state: ApplicationStore) => state.user.data!);
+    const [visible, setVisible] = useState(false);
+
+    return user.useTotp ?
+        <div>
+            <p className={'text-sm'}>
+                Two-factor authentication is currently enabled on your account.
+            </p>
+            <div className={'mt-6'}>
+                <button className={'btn btn-red btn-secondary btn-sm'}>
+                    Disable
+                </button>
+            </div>
+        </div>
+        :
+        <div>
+            <SetupTwoFactorModal visible={visible} onDismissed={() => setVisible(false)}/>
+            <p className={'text-sm'}>
+                You do not currently have two-factor authentication enabled on your account. Click
+                the button below to begin configuring it.
+            </p>
+            <div className={'mt-6'}>
+                <button
+                    onClick={() => setVisible(true)}
+                    className={'btn btn-green btn-secondary btn-sm'}
+                >
+                    Begin Setup
+                </button>
+            </div>
+        </div>
+    ;
+};