Add command to disable 2FA for a user account.

2017-09-16 18:50:12 -05:00 · 2017-09-16 18:50:12 -05:00 · 4de326ad02
commit 4de326ad02
parent 34f1152d0f
4 changed files with 191 additions and 0 deletions
--- a/app/Console/Commands/User/DisableTwoFactorCommand.php
+++ b/app/Console/Commands/User/DisableTwoFactorCommand.php
@ -0,0 +1,80 @@
+<?php
+/*
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Pterodactyl\Console\Commands\User;
+
+use Illuminate\Console\Command;
+use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
+
+class DisableTwoFactorCommand extends Command
+{
+    /**
+     * @var string
+     */
+    protected $description = 'Disable two-factor authentication for a specific user in the Panel.';
+
+    /**
+     * @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
+     */
+    protected $repository;
+
+    /**
+     * @var string
+     */
+    protected $signature = 'p:user:disable2fa {--email= : The email of the user to disable 2-Factor for.}';
+
+    /**
+     * DisableTwoFactorCommand constructor.
+     *
+     * @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
+     */
+    public function __construct(UserRepositoryInterface $repository)
+    {
+        parent::__construct();
+
+        $this->repository = $repository;
+    }
+
+    /**
+     * Handle command execution process.
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function handle()
+    {
+        if ($this->input->isInteractive()) {
+            $this->output->warning(trans('command/messages.user.2fa_help_text'));
+        }
+
+        $email = $this->option('email') ?? $this->ask(trans('command/messages.user.ask_email'));
+        $user = $this->repository->withColumns(['id', 'email'])->findFirstWhere([['email', '=', $email]]);
+
+        $this->repository->withoutFresh()->update($user->id, [
+            'use_totp' => false,
+            'totp_secret' => null,
+        ]);
+        $this->info(trans('command/messages.user.2fa_disabled', ['email' => $user->email]));
+    }
+}
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
@ -7,6 +7,7 @@ use Pterodactyl\Console\Commands\User\MakeUserCommand;
 use Pterodactyl\Console\Commands\User\DeleteUserCommand;
 use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
 use Pterodactyl\Console\Commands\Location\MakeLocationCommand;
+use Pterodactyl\Console\Commands\User\DisableTwoFactorCommand;
 use Pterodactyl\Console\Commands\Location\DeleteLocationCommand;

 class Kernel extends ConsoleKernel
@ -19,6 +20,7 @@ class Kernel extends ConsoleKernel
    protected $commands = [
        DeleteLocationCommand::class,
        DeleteUserCommand::class,
+        DisableTwoFactorCommand::class,
        MakeLocationCommand::class,
        MakeUserCommand::class,
 //        \Pterodactyl\Console\Commands\MakeUser::class,
--- a/resources/lang/en/command/messages.php
+++ b/resources/lang/en/command/messages.php
@ -45,5 +45,10 @@ return [
        'ask_password' => 'Password',
        'ask_password_tip' => 'If you would like to create an account with a random password emailed to the user, re-run this command (CTRL+C) and pass the `--no-password` flag.',
        'ask_password_help' => 'Passwords must be at least 8 characters in length and contain at least one capital letter and number.',
+        '2fa_help_text' => [
+            'This command will disable 2-factor authentication for a user\'s account if it is enabled. This should only be used as an account recovery command if the user is locked out of their account.',
+            'If this is not what you wanted to do, press CTRL+C to exit this process.',
+        ],
+        '2fa_disabled' => '2-Factor authentication has been disabled for :email.',
    ],
 ];
--- a/tests/Unit/Commands/User/DisableTwoFactorCommandTest.php
+++ b/tests/Unit/Commands/User/DisableTwoFactorCommandTest.php
@ -0,0 +1,104 @@
+<?php
+/*
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Tests\Unit\Commands\User;
+
+use Mockery as m;
+use Tests\TestCase;
+use Pterodactyl\Models\User;
+use Symfony\Component\Console\Tester\CommandTester;
+use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
+use Pterodactyl\Console\Commands\User\DisableTwoFactorCommand;
+
+class DisableTwoFactorCommandTest extends TestCase
+{
+    /**
+     * @var \Pterodactyl\Console\Commands\User\DisableTwoFactorCommand
+     */
+    protected $command;
+
+    /**
+     * @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
+     */
+    protected $repository;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->repository = m::mock(UserRepositoryInterface::class);
+
+        $this->command = new DisableTwoFactorCommand($this->repository);
+        $this->command->setLaravel($this->app);
+    }
+
+    /**
+     * Test 2-factor auth is disabled when no option is passed.
+     */
+    public function testTwoFactorIsDisabledWhenNoOptionIsPassed()
+    {
+        $user = factory(User::class)->make();
+
+        $this->repository->shouldReceive('withColumns')->with(['id', 'email'])->once()->andReturnSelf()
+            ->shouldReceive('findFirstWhere')->with([['email', '=', $user->email]])->once()->andReturn($user);
+        $this->repository->shouldReceive('withoutFresh')->withNoArgs()->once()->andReturnSelf()
+            ->shouldReceive('update')->with($user->id, [
+                'use_totp' => false,
+                'totp_secret' => null,
+            ])->once()->andReturnNull();
+
+        $response = new CommandTester($this->command);
+        $response->setInputs([$user->email]);
+        $response->execute([]);
+
+        $display = $response->getDisplay();
+        $this->assertNotEmpty($display);
+        $this->assertContains(trans('command/messages.user.2fa_disabled', ['email' => $user->email]), $display);
+    }
+
+    /**
+     * Test 2-factor auth is disabled when user is passed in option.
+     */
+    public function testTwoFactorIsDisabledWhenOptionIsPassed()
+    {
+        $user = factory(User::class)->make();
+
+        $this->repository->shouldReceive('withColumns')->with(['id', 'email'])->once()->andReturnSelf()
+            ->shouldReceive('findFirstWhere')->with([['email', '=', $user->email]])->once()->andReturn($user);
+        $this->repository->shouldReceive('withoutFresh')->withNoArgs()->once()->andReturnSelf()
+            ->shouldReceive('update')->with($user->id, [
+                'use_totp' => false,
+                'totp_secret' => null,
+            ])->once()->andReturnNull();
+
+        $response = new CommandTester($this->command);
+        $response->execute([
+            '--email' => $user->email,
+        ]);
+
+        $display = $response->getDisplay();
+        $this->assertNotEmpty($display);
+        $this->assertContains(trans('command/messages.user.2fa_disabled', ['email' => $user->email]), $display);
+    }
+}