Use a post request to delete SSH keys, some hashes use slashes which cause 404 errors; closes #4100

2022-05-30 17:28:42 -04:00 · 2022-05-30 17:28:42 -04:00 · 03a497fb8a
commit 03a497fb8a
parent 5143faa4b1
5 changed files with 24 additions and 17 deletions
--- a/app/Http/Controllers/Api/Client/SSHKeyController.php
+++ b/app/Http/Controllers/Api/Client/SSHKeyController.php
@ -45,16 +45,22 @@ class SSHKeyController extends ClientApiController
    /**
     * Deletes an SSH key from the user's account.
     */
-    public function delete(ClientApiRequest $request, string $identifier): JsonResponse
+    public function delete(ClientApiRequest $request): JsonResponse
    {
-        $key = $request->user()->sshKeys()->where('fingerprint', $identifier)->firstOrFail();
+        $this->validate($request, ['fingerprint' => ['required', 'string']]);

-        $key->delete();
+        $key = $request->user()->sshKeys()
+            ->where('fingerprint', $request->input('fingerprint'))
+            ->first();

-        Activity::event('user:ssh-key.delete')
-            ->subject($key)
-            ->property('fingerprint', $key->fingerprint)
-            ->log();
+        if (!is_null($key)) {
+            $key->delete();
+
+            Activity::event('user:ssh-key.delete')
+                ->subject($key)
+                ->property('fingerprint', $key->fingerprint)
+                ->log();
+        }

        return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
    }
--- a/resources/scripts/api/account/ssh-keys.ts
+++ b/resources/scripts/api/account/ssh-keys.ts
@ -23,6 +23,6 @@ const createSSHKey = async (name: string, publicKey: string): Promise<SSHKey> =>
 };

 const deleteSSHKey = async (fingerprint: string): Promise<void> =>
-    await http.delete(`/api/client/account/ssh-keys/${fingerprint}`);
+    await http.post('/api/client/account/ssh-keys/remove', { fingerprint });

 export { useSSHKeys, createSSHKey, deleteSSHKey };
--- a/routes/api-client.php
+++ b/routes/api-client.php
@ -39,7 +39,7 @@ Route::prefix('/account')->middleware(AccountActivitySubject::class)->group(func
    Route::prefix('/ssh-keys')->group(function () {
        Route::get('/', [Client\SSHKeyController::class, 'index']);
        Route::post('/', [Client\SSHKeyController::class, 'store']);
-        Route::delete('/{identifier}', [Client\SSHKeyController::class, 'delete']);
+        Route::post('/remove', [Client\SSHKeyController::class, 'delete']);
    });
 });

--- a/tests/Integration/Api/Client/ClientApiIntegrationTestCase.php
+++ b/tests/Integration/Api/Client/ClientApiIntegrationTestCase.php
@ -14,7 +14,6 @@ use Pterodactyl\Models\Location;
 use Pterodactyl\Models\Schedule;
 use Illuminate\Support\Collection;
 use Pterodactyl\Models\Allocation;
-use Pterodactyl\Models\UserSSHKey;
 use Pterodactyl\Models\DatabaseHost;
 use Pterodactyl\Tests\Integration\TestResponse;
 use Pterodactyl\Tests\Integration\IntegrationTestCase;
@ -60,7 +59,6 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
     */
    protected function link($model, $append = null): string
    {
-        $link = '';
        switch (get_class($model)) {
            case Server::class:
                $link = "/api/client/servers/{$model->uuid}";
@ -77,9 +75,6 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
            case Backup::class:
                $link = "/api/client/servers/{$model->server->uuid}/backups/{$model->uuid}";
                break;
-            case UserSSHKey::class:
-                $link = "/api/client/account/ssh-keys/$model->fingerprint";
-                break;
            default:
                throw new InvalidArgumentException(sprintf('Cannot create link for Model of type %s', class_basename($model)));
        }
--- a/tests/Integration/Api/Client/SSHKeyControllerTest.php
+++ b/tests/Integration/Api/Client/SSHKeyControllerTest.php
@ -40,14 +40,20 @@ class SSHKeyControllerTest extends ClientApiIntegrationTestCase
        $key = UserSSHKey::factory()->for($user)->create();
        $key2 = UserSSHKey::factory()->for($user2)->create();

+        $endpoint = '/api/client/account/ssh-keys/remove';
+
        $this->actingAs($user);
-        $this->deleteJson($this->link($key))->assertNoContent();
+        $this->postJson($endpoint)
+            ->assertUnprocessable()
+            ->assertJsonPath('errors.0.meta', ['source_field' => 'fingerprint', 'rule' => 'required']);
+
+        $this->postJson($endpoint, ['fingerprint' => $key->fingerprint])->assertNoContent();

        $this->assertSoftDeleted($key);
        $this->assertNotSoftDeleted($key2);

-        $this->deleteJson($this->link($key))->assertNotFound();
-        $this->deleteJson($this->link($key2))->assertNotFound();
+        $this->postJson($endpoint, ['fingerprint' => $key->fingerprint])->assertNoContent();
+        $this->postJson($endpoint, ['fingerprint' => $key2->fingerprint])->assertNoContent();

        $this->assertNotSoftDeleted($key2);
    }