mirror of
https://github.com/pterodactyl/panel.git
synced 2024-11-25 02:22:36 +01:00
Fix authentication handler
Check email & password before token to handle case where email is invalid.
This commit is contained in:
parent
9c9d33c127
commit
5955b1453c
@ -115,13 +115,31 @@ class AuthController extends Controller
|
||||
return $this->sendLockoutResponse($request);
|
||||
}
|
||||
|
||||
// Is the email & password valid?
|
||||
if (!Auth::attempt([
|
||||
'email' => $request->input('email'),
|
||||
'password' => $request->input('password')
|
||||
], $request->has('remember'))) {
|
||||
|
||||
if ($throttled) {
|
||||
$this->incrementLoginAttempts($request);
|
||||
}
|
||||
|
||||
return redirect()->route('auth.login')->withInput($request->only('email', 'remember'))->withErrors([
|
||||
'email' => $this->getFailedLoginMessage(),
|
||||
]);
|
||||
|
||||
}
|
||||
|
||||
$G2FA = new Google2FA();
|
||||
$user = User::select('use_totp', 'totp_secret')->where('email', $request->input($this->loginUsername()))->first();
|
||||
$user = User::select('use_totp', 'totp_secret')->where('email', $request->input('email'))->first();
|
||||
|
||||
// Verify TOTP Token was Valid
|
||||
if($user->use_totp === 1) {
|
||||
if(!$G2FA->verifyKey($user->totp_secret, $request->input('totp_token'))) {
|
||||
|
||||
Auth::logout();
|
||||
|
||||
if ($throttled) {
|
||||
$this->incrementLoginAttempts($request);
|
||||
}
|
||||
@ -132,23 +150,8 @@ class AuthController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
// Attempt to Login
|
||||
if (Auth::attempt([
|
||||
'email' => $request->input('email'),
|
||||
'password' => $request->input('password')
|
||||
], $request->has('remember'))) {
|
||||
return $this->handleUserWasAuthenticated($request, $throttled);
|
||||
}
|
||||
return $this->handleUserWasAuthenticated($request, $throttled);
|
||||
|
||||
if ($throttled) {
|
||||
$this->incrementLoginAttempts($request);
|
||||
}
|
||||
|
||||
return redirect()->route('auth.login')
|
||||
->withInput($request->only('email', 'remember'))
|
||||
->withErrors([
|
||||
'email' => $this->getFailedLoginMessage(),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user