yanyu/v2board
1
0
Fork 0
mirror of https://github.com/v2board/v2board.git synced 2025-10-31 17:31:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

update: weak password risk

Browse Source
This commit is contained in:
tokumeikoi
2022-12-13 12:29:23 +08:00
parent 70bde7b742
commit 5976bcc65a
6 changed files with 80 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
app/Http/Controllers/Passport/AuthController.php
View File

@@ -7,6 +7,7 @@ use App\Http\Requests\Passport\AuthRegister;
use App\Http\Requests\Passport\AuthForget;
use App\Http\Requests\Passport\AuthLogin;
use App\Jobs\SendEmailJob;
use App\Services\AuthService;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cache;
use App\Models\Plan;
@@ -16,6 +17,7 @@ use App\Utils\Helper;
use App\Utils\Dict;
use App\Utils\CacheKey;
use ReCaptcha\ReCaptcha;
use Firebase\JWT\JWT;
class AuthController extends Controller
{
@@ -165,11 +167,6 @@ class AuthController extends Controller
Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
}
$data = [
'token' => $user->token,
'auth_data' => base64_encode("{$user->email}:{$user->password}")
];
$user->last_login_at = time();
$user->save();
@@ -180,8 +177,11 @@ class AuthController extends Controller
(int)config('v2board.register_limit_expire', 60) * 60
);
}
$authService = new AuthService($user);
return response()->json([
'data' => $data
'data' => $authService->generateAuthData('register')
]);
}
@@ -207,14 +207,9 @@ class AuthController extends Controller
abort(500, __('Your account has been suspended'));
}
$data = [
'token' => $user->token,
'auth_data' => base64_encode("{$user->email}:{$user->password}")
];
if ($user->is_admin) $data['is_admin'] = true;
$authService = new AuthService($user);
return response([
'data' => $data
'data' => $authService->generateAuthData('login')
]);
}
@@ -243,49 +238,25 @@ class AuthController extends Controller
if ($user->banned) {
abort(500, __('Your account has been suspended'));
}
$data = [
'token' => $user->token,
'auth_data' => base64_encode("{$user->email}:{$user->password}")
];
Cache::forget($key);
$authService = new AuthService($user);
return response([
'data' => $data
'data' => $authService->generateAuthData('token')
]);
}
}
public function getTempToken(Request $request)
{
$user = User::where('token', $request->input('token'))->first();
if (!$user) {
abort(500, __('Token error'));
}
$code = Helper::guid();
$key = CacheKey::get('TEMP_TOKEN', $code);
Cache::put($key, $user->id, 60);
return response([
'data' => $code
]);
}
public function getQuickLoginUrl(Request $request)
{
$authorization = $request->input('auth_data') ?? $request->header('authorization');
if (!$authorization) abort(403, '未登录或登陆已过期');
$authData = explode(':', base64_decode($authorization));
if (!isset($authData[0]) || !isset($authData[1])) abort(403, __('Token error'));
$user = User::where('email', $authData[0])
->where('password', $authData[1])
->first();
if (!$user) {
abort(500, __('Token error'));
}
$user = AuthService::decryptAuthData($authorization);
if (!$user) abort(403, '未登录或登陆已过期');
$code = Helper::guid();
$key = CacheKey::get('TEMP_TOKEN', $code);
Cache::put($key, $user->id, 60);
Cache::put($key, $user['id'], 60);
$redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
if (config('v2board.app_url')) {
$url = config('v2board.app_url') . $redirect;