Limit to 5 API keys at a time.

Ref advisory #GHSA-pjmh-7xfm-r4x9
This commit is contained in:
Dane Everitt 2020-03-15 17:05:53 -07:00
parent 8eba1da532
commit 468d426ebd
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 9 additions and 0 deletions

View file

@ -5,6 +5,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.7.17 (Derelict Dermodactylus)
### Fixed
* Limited accounts to 5 API keys at a time.
* Fixes database passwords not being generated with the proper requirements for some MySQL setups.
* Hostnames that are not FQDNs/IP addresses can now be used for connecting to a MySQL host.

View file

@ -7,6 +7,7 @@ use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Pterodactyl\Models\ApiKey;
use Prologue\Alerts\AlertsMessageBag;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Services\Api\KeyCreationService;
use Pterodactyl\Http\Requests\Base\StoreAccountKeyRequest;
@ -76,10 +77,17 @@ class AccountKeyController extends Controller
* @param \Pterodactyl\Http\Requests\Base\StoreAccountKeyRequest $request
* @return \Illuminate\Http\RedirectResponse
*
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
*/
public function store(StoreAccountKeyRequest $request)
{
if ($this->repository->findCountWhere(['user_id' => $request->user()->id]) >= 5) {
throw new DisplayException(
'Cannot assign more than 5 API keys to an account.'
);
}
$this->keyService->setKeyType(ApiKey::TYPE_ACCOUNT)->handle([
'user_id' => $request->user()->id,
'allowed_ips' => $request->input('allowed_ips'),