Fixes account creation and password reset abilities.

2024-11-22 17:12:30 +01:00 · 2017-04-28 00:07:38 -04:00 · 2017-04-28 00:07:38 -04:00 · 1c37a8fe1a
commit 1c37a8fe1a
parent 3dc286b511
4 changed files with 16 additions and 18 deletions
--- a/app/Observers/UserObserver.php
+++ b/app/Observers/UserObserver.php
@ -25,6 +25,8 @@
 namespace Pterodactyl\Observers;

 use DB;
+use Hash;
+use Carbon;
 use Pterodactyl\Events;
 use Pterodactyl\Models\User;
 use Pterodactyl\Notifications\AccountCreated;
@ -52,12 +54,20 @@ class UserObserver
    {
        event(new Events\User\Created($user));

-        $token = DB::table('password_resets')->where('email', $user->email)->orderBy('created_at', 'desc')->first();
-        $user->notify((new AccountCreated([
+        if ($user->password === 'unset') {
+            $token = hash_hmac('sha256', str_random(40), config('app.key'));
+            DB::table('password_resets')->insert([
+                'email' => $user->email,
+                'token' => Hash::make($token),
+                'created_at' => Carbon::now()->toDateTimeString(),
+            ]);
+        }
+
+        $user->notify(new AccountCreated([
            'name' => $user->name_first,
            'username' => $user->username,
-            'token' => (! is_null($token)) ? $token->token : null,
-        ])));
+            'token' => (isset($token)) ? $token : null,
+        ]));
    }

    /**
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@ -83,23 +83,12 @@ class UserRepository
                'username' => $data['username'],
                'name_first' => $data['name_first'],
                'name_last' => $data['name_last'],
-                'password' => Hash::make((empty($data['password'])) ? str_random(30) : $data['password']),
+                'password' => (empty($data['password'])) ? 'unset' : Hash::make($data['password']),
                'root_admin' => $data['root_admin'],
                'language' => Settings::get('default_language', 'en'),
            ]);
            $user->save();

-            // Setup a Password Reset to use when they set a password.
-            // Only used if no password is provided.
-            if (empty($data['password'])) {
-                $token = str_random(32);
-                DB::table('password_resets')->insert([
-                    'email' => $user->email,
-                    'token' => $token,
-                    'created_at' => Carbon::now()->toDateTimeString(),
-                ]);
-            }
-
            DB::commit();

            return $user;
--- a/config/auth.php
+++ b/config/auth.php
@ -93,7 +93,6 @@ return [
    'passwords' => [
        'users' => [
            'provider' => 'users',
-            'email' => 'emails.password',
            'table' => 'password_resets',
            'expire' => 60,
        ],
--- a/resources/themes/pterodactyl/auth/passwords/reset.blade.php
+++ b/resources/themes/pterodactyl/auth/passwords/reset.blade.php
@ -76,7 +76,7 @@
            <div class="col-xs-12">
                {!! csrf_field() !!}
                <input type="hidden" name="token" value="{{ $token }}">
-                <button type="submit" class="btn btn-primary btn-block btn-flat">@lang('auth.reset_password')</button>
+                <button type="submit" class="btn btn-primary btn-block btn-flat g-recaptcha" @if(config('recaptcha.enabled')) data-sitekey="{{ config('recaptcha.website_key') }}" data-callback='onSubmit' @endif>@lang('auth.reset_password')</button>
            </div>
        </div>
    </form>