Skynet/misc_pterodactyl-panel
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disallow creating more than 5 account API keys; closes #2123

Browse source 
Additional fixes for https://github.com/pterodactyl/panel/security/advisories/GHSA-pjmh-7xfm-r4x9
This commit is contained in:
Dane Everitt 2020-07-26 11:26:20 -07:00
parent 7deed07cd1
commit 78514f9eb4
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
app/Http/Controllers/Base/AccountKeyController.php
View file

@ -82,10 +82,13 @@ class AccountKeyController extends Controller
*/
public function store(StoreAccountKeyRequest $request)
{
if ($this->repository->findCountWhere(['user_id' => $request->user()->id]) >= 5) {
throw new DisplayException(
'Cannot assign more than 5 API keys to an account.'
);
$count = $this->repository->findCountWhere([
['user_id', '=', $request->user()->id],
['key_type', '=', ApiKey::TYPE_ACCOUNT],
]);
if ($count >= 5) {
throw new DisplayException('Cannot assign more than 5 API keys to an account.');
}
$this->keyService->setKeyType(ApiKey::TYPE_ACCOUNT)->handle([