dvkei/Pterodactyl-Panel
1
0
Fork 0
forked from Alex/Pterodactyl-Panel
Code Issues Pull Requests Projects Releases Wiki Activity

Obliterate JWT from codebase

Browse Source
This commit is contained in:
Dane Everitt 2018-07-14 22:48:09 -07:00
parent 6336e5191f
commit 550c622d3b
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
8 changed files with 3 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/Auth/AbstractLoginController.php
View File

@ -13,13 +13,12 @@ use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Encryption\Encrypter;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Pterodactyl\Traits\Helpers\ProvidesJWTServices;
use Illuminate\Contracts\Cache\Repository as CacheRepository;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
abstract class AbstractLoginController extends Controller
{
use AuthenticatesUsers, ProvidesJWTServices;
use AuthenticatesUsers;
/**
* @var \Illuminate\Auth\AuthManager

3
app/Http/Middleware/Api/AuthenticateKey.php
View File

@ -9,7 +9,6 @@ use Pterodactyl\Models\User;
use Pterodactyl\Models\ApiKey;
use Illuminate\Auth\AuthManager;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Traits\Helpers\ProvidesJWTServices;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
@ -17,8 +16,6 @@ use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class AuthenticateKey
{
use ProvidesJWTServices;
/**
* @var \Illuminate\Auth\AuthManager
*/

36
app/Traits/Helpers/ProvidesJWTServices.php
View File

@ -1,36 +0,0 @@
<?php
namespace Pterodactyl\Traits\Helpers;
use Lcobucci\JWT\Signer;
use Illuminate\Support\Str;
trait ProvidesJWTServices
{
/**
* Get the signing key to use when creating JWTs.
*
* @return string
*/
public function getJWTSigningKey(): string
{
$key = config()->get('jwt.key', '');
if (Str::startsWith($key, 'base64:')) {
$key = base64_decode(substr($key, 7));
}
return $key;
}
/**
* Provide the signing algo to use for JWT.
*
* @return \Lcobucci\JWT\Signer
*/
public function getJWTSigner(): Signer
{
$class = config()->get('jwt.signer');
return new $class;
}
}

1
composer.json
View File

@ -26,7 +26,6 @@
"laracasts/utilities": "^3.0",
"laravel/framework": "5.6.*",
"laravel/tinker": "^1.0",
"lcobucci/jwt": "^3.2",
"lord/laroute": "^2.4",
"matriphe/iso-639": "^1.2",
"nesbot/carbon": "^1.22",

62
composer.lock generated
View File

@ -1,10 +1,10 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "069ebb3ec35c8b309b129189106ad45a",
"content-hash": "9055a451d415d482a2f7287e0787bbc3",
"packages": [
{
"name": "appstract/laravel-blade-directives",
@ -1569,64 +1569,6 @@
],
"time": "2018-05-17T13:42:07+00:00"
},
{
"name": "lcobucci/jwt",
"version": "3.2.2",
"source": {
"type": "git",
"url": "https://github.com/lcobucci/jwt.git",
"reference": "0b5930be73582369e10c4d4bb7a12bac927a203c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/lcobucci/jwt/zipball/0b5930be73582369e10c4d4bb7a12bac927a203c",
"reference": "0b5930be73582369e10c4d4bb7a12bac927a203c",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"php": ">=5.5"
},
"require-dev": {
"mdanter/ecc": "~0.3.1",
"mikey179/vfsstream": "~1.5",
"phpmd/phpmd": "~2.2",
"phpunit/php-invoker": "~1.1",
"phpunit/phpunit": "~4.5",
"squizlabs/php_codesniffer": "~2.3"
},
"suggest": {
"mdanter/ecc": "Required to use Elliptic Curves based algorithms."
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.1-dev"
}
},
"autoload": {
"psr-4": {
"Lcobucci\\JWT\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Luís Otávio Cobucci Oblonczyk",
"email": "lcobucci@gmail.com",
"role": "developer"
}
],
"description": "A simple library to work with JSON Web Token and JSON Web Signature",
"keywords": [
"JWS",
"jwt"
],
"time": "2017-09-01T08:23:26+00:00"
},
{
"name": "league/flysystem",
"version": "1.0.45",

18
config/jwt.php
View File

@ -1,18 +0,0 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| JWT Signing Key
|--------------------------------------------------------------------------
|
| This key is used for the verification of JSON Web Tokens in flight and
| should be different than the application encryption key. This key should
| be kept private at all times.
|
*/
'key' => env('APP_JWT_KEY'),
'lifetime' => env('APP_JWT_LIFETIME', 1440),
'signer' => \Lcobucci\JWT\Signer\Hmac\Sha256::class,
];

1
package.json
View File

@ -27,7 +27,6 @@
"glob-all": "^3.1.0",
"html-webpack-plugin": "^3.2.0",
"jquery": "^3.3.1",
"jwt-decode": "^2.2.0",
"lodash": "^4.17.5",
"postcss": "^6.0.21",
"postcss-import": "^11.1.0",

4
yarn.lock
View File

@ -3404,10 +3404,6 @@ jsonfile@^4.0.0:
optionalDependencies:
graceful-fs "^4.1.6"
jwt-decode@^2.2.0:
version "2.2.0"
resolved "https://registry.yarnpkg.com/jwt-decode/-/jwt-decode-2.2.0.tgz#7d86bd56679f58ce6a84704a657dd392bba81a79"
keygrip@~1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/keygrip/-/keygrip-1.0.2.tgz#ad3297c557069dea8bcfe7a4fa491b75c5ddeb91"