Store keys in standard format; query with fingerprint not public key

2022-05-15 16:41:15 -04:00 · 2022-05-15 16:41:15 -04:00 · a9364061c1
commit a9364061c1
parent b563f13d09
3 changed files with 19 additions and 3 deletions
--- a/app/Http/Controllers/Api/Client/SSHKeyController.php
+++ b/app/Http/Controllers/Api/Client/SSHKeyController.php
@ -27,7 +27,7 @@ class SSHKeyController extends ClientApiController
    {
        $model = $request->user()->sshKeys()->create([
            'name' => $request->input('name'),
-            'public_key' => $request->input('public_key'),
+            'public_key' => $request->getPublicKey(),
            'fingerprint' => $request->getKeyFingerprint(),
        ]);

--- a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
+++ b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
@ -7,7 +7,9 @@ use Illuminate\Http\Request;
 use Pterodactyl\Models\Server;
 use Illuminate\Http\JsonResponse;
 use Pterodactyl\Models\Permission;
+use phpseclib3\Crypt\PublicKeyLoader;
 use Pterodactyl\Http\Controllers\Controller;
+use phpseclib3\Exception\NoKeyLoadedException;
 use Illuminate\Foundation\Auth\ThrottlesLogins;
 use Pterodactyl\Exceptions\Http\HttpForbiddenException;
 use Pterodactyl\Services\Servers\GetUserPermissionsService;
@ -52,7 +54,14 @@ class SftpAuthenticationController extends Controller
                $this->reject($request);
            }
        } else {
-            if (!$user->sshKeys()->where('public_key', trim($request->input('password')))->exists()) {
+            $key = null;
+            try {
+                $key = PublicKeyLoader::loadPublicKey(trim($request->input('password')));
+            } catch (NoKeyLoadedException $exception) {
+                // do nothing
+            }
+
+            if (!$key || !$user->sshKeys()->where('fingerprint', $key->getFingerprint('sha256'))->exists()) {
                $this->reject($request, false);
            }
        }
@ -61,7 +70,6 @@ class SftpAuthenticationController extends Controller

        return new JsonResponse([
            'server' => $server->uuid,
-            'public_keys' => $user->sshKeys->map(fn ($value) => $value->public_key)->toArray(),
            'permissions' => $permissions ?? ['*'],
        ]);
    }
--- a/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
+++ b/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
@ -57,6 +57,14 @@ class StoreSSHKeyRequest extends ClientApiRequest
        });
    }

+    /**
+     * Returns the public key but formatted in a consistent manner.
+     */
+    public function getPublicKey(): string
+    {
+        return $this->key->toString('PKCS8');
+    }
+
    /**
     * Returns the SHA256 fingerprint of the key provided.
     */