Fixes 2FA not honoring 'Remember Me' checkbox, closes #439

2024-11-22 00:52:43 +01:00 · 2017-05-22 19:09:42 -05:00 · 2017-05-22 19:09:42 -05:00 · 72c0330486
commit 72c0330486
parent 999411da29
4 changed files with 25 additions and 9 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,6 +6,11 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 ## v0.6.1 (Courageous Carniadactylus)
 ### Fixed
 * Fixes a bug preventing the use of services that have no variables attached to them.
+* Fixes 'Remember Me' checkbox being ignored when using 2FA on an account.
+
+### Changed
+* Renamed session cookies from `laravel_session` to `pterodactyl_session`.
+* Sessions are now encrypted before being stored as an additional layer of security.

 ## v0.6.0 (Courageous Carniadactylus)
 ### Fixed
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -134,7 +134,9 @@ class LoginController extends Controller
                ])),
            ], 5);

-            return redirect()->route('auth.totp')->with('authentication_token', $token);
+            return redirect()->route('auth.totp')
+                ->with('authentication_token', $token)
+                ->with('remember', $request->has('remember'));
        }

        $attempt = Auth::attempt([
@ -167,7 +169,7 @@ class LoginController extends Controller

        return view('auth.totp', [
            'verify_key' => $token,
-            'remember' => $request->has('remember'),
+            'remember' => $request->session()->get('remember'),
        ]);
    }

--- a/config/session.php
+++ b/config/session.php
@ -44,7 +44,7 @@ return [
    |
    */

-    'encrypt' => false,
+    'encrypt' => true,

    /*
    |--------------------------------------------------------------------------
@ -122,7 +122,7 @@ return [
    |
    */

-    'cookie' => 'laravel_session',
+    'cookie' => 'pterodactyl_session',

    /*
    |--------------------------------------------------------------------------
--- a/resources/themes/pterodactyl/auth/totp.blade.php
+++ b/resources/themes/pterodactyl/auth/totp.blade.php
@ -23,20 +23,29 @@
    2FA Checkpoint
@endsection

+@section('scripts')
+    @parent
+    <style>
+        input::-webkit-outer-spin-button, input::-webkit-inner-spin-button {
+            -webkit-appearance: none;
+            margin: 0;
+        }
+    </style>
+@endsection
+
@section('content')
 <div class="login-box-body">
-    <p class="login-box-msg">@lang('auth.2fa_required')</p>
    <form action="{{ route('auth.totp') }}" method="POST">
-        <div class="form-group">
-            <input type="text" name="2fa_token" class="form-control" placeholder="@lang('strings.2fa_token')">
-            <span class="fa fa-lock form-control-feedback"></span>
+        <div class="form-group has-feedback">
+            <input type="number" name="2fa_token" class="form-control input-lg text-center" placeholder="@lang('strings.2fa_token')" autofocus>
+            <span class="fa fa-shield form-control-feedback"></span>
        </div>
        <div class="row">
            <div class="col-xs-12">
                {!! csrf_field() !!}
                <input type="hidden" name="verify_token" value="{{ $verify_key }}" />
                @if($remember)
-                    <input type="hidden" name="remember" value="true" />
+                    <input type="checkbox" name="remember" checked style="display:none;"/>
                @endif
                <button type="submit" class="btn btn-primary btn-block btn-flat">@lang('strings.submit')</button>
            </div>