1
1
mirror of https://github.com/pterodactyl/panel.git synced 2024-11-25 02:22:36 +01:00

Fix authentication handler

Check email & password before token to handle case where email is
invalid.
This commit is contained in:
Dane Everitt 2015-12-13 21:30:57 -05:00
parent 9c9d33c127
commit 5955b1453c

View File

@ -115,13 +115,31 @@ class AuthController extends Controller
return $this->sendLockoutResponse($request);
}
// Is the email & password valid?
if (!Auth::attempt([
'email' => $request->input('email'),
'password' => $request->input('password')
], $request->has('remember'))) {
if ($throttled) {
$this->incrementLoginAttempts($request);
}
return redirect()->route('auth.login')->withInput($request->only('email', 'remember'))->withErrors([
'email' => $this->getFailedLoginMessage(),
]);
}
$G2FA = new Google2FA();
$user = User::select('use_totp', 'totp_secret')->where('email', $request->input($this->loginUsername()))->first();
$user = User::select('use_totp', 'totp_secret')->where('email', $request->input('email'))->first();
// Verify TOTP Token was Valid
if($user->use_totp === 1) {
if(!$G2FA->verifyKey($user->totp_secret, $request->input('totp_token'))) {
Auth::logout();
if ($throttled) {
$this->incrementLoginAttempts($request);
}
@ -132,23 +150,8 @@ class AuthController extends Controller
}
}
// Attempt to Login
if (Auth::attempt([
'email' => $request->input('email'),
'password' => $request->input('password')
], $request->has('remember'))) {
return $this->handleUserWasAuthenticated($request, $throttled);
}
return $this->handleUserWasAuthenticated($request, $throttled);
if ($throttled) {
$this->incrementLoginAttempts($request);
}
return redirect()->route('auth.login')
->withInput($request->only('email', 'remember'))
->withErrors([
'email' => $this->getFailedLoginMessage(),
]);
}
/**