Limit to 5 API keys at a time.
Ref advisory #GHSA-pjmh-7xfm-r4x9
This commit is contained in:
parent
8eba1da532
commit
468d426ebd
2 changed files with 9 additions and 0 deletions
|
@ -5,6 +5,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
|
|||
|
||||
## v0.7.17 (Derelict Dermodactylus)
|
||||
### Fixed
|
||||
* Limited accounts to 5 API keys at a time.
|
||||
* Fixes database passwords not being generated with the proper requirements for some MySQL setups.
|
||||
* Hostnames that are not FQDNs/IP addresses can now be used for connecting to a MySQL host.
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ use Illuminate\Http\Request;
|
|||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Prologue\Alerts\AlertsMessageBag;
|
||||
use Pterodactyl\Exceptions\DisplayException;
|
||||
use Pterodactyl\Http\Controllers\Controller;
|
||||
use Pterodactyl\Services\Api\KeyCreationService;
|
||||
use Pterodactyl\Http\Requests\Base\StoreAccountKeyRequest;
|
||||
|
@ -76,10 +77,17 @@ class AccountKeyController extends Controller
|
|||
* @param \Pterodactyl\Http\Requests\Base\StoreAccountKeyRequest $request
|
||||
* @return \Illuminate\Http\RedirectResponse
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
*/
|
||||
public function store(StoreAccountKeyRequest $request)
|
||||
{
|
||||
if ($this->repository->findCountWhere(['user_id' => $request->user()->id]) >= 5) {
|
||||
throw new DisplayException(
|
||||
'Cannot assign more than 5 API keys to an account.'
|
||||
);
|
||||
}
|
||||
|
||||
$this->keyService->setKeyType(ApiKey::TYPE_ACCOUNT)->handle([
|
||||
'user_id' => $request->user()->id,
|
||||
'allowed_ips' => $request->input('allowed_ips'),
|
||||
|
|
Loading…
Reference in a new issue