Store keys in standard format; query with fingerprint not public key

This commit is contained in:
DaneEveritt 2022-05-15 16:41:15 -04:00
parent b563f13d09
commit a9364061c1
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
3 changed files with 19 additions and 3 deletions

View file

@ -27,7 +27,7 @@ class SSHKeyController extends ClientApiController
{ {
$model = $request->user()->sshKeys()->create([ $model = $request->user()->sshKeys()->create([
'name' => $request->input('name'), 'name' => $request->input('name'),
'public_key' => $request->input('public_key'), 'public_key' => $request->getPublicKey(),
'fingerprint' => $request->getKeyFingerprint(), 'fingerprint' => $request->getKeyFingerprint(),
]); ]);

View file

@ -7,7 +7,9 @@ use Illuminate\Http\Request;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Pterodactyl\Models\Permission; use Pterodactyl\Models\Permission;
use phpseclib3\Crypt\PublicKeyLoader;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
use phpseclib3\Exception\NoKeyLoadedException;
use Illuminate\Foundation\Auth\ThrottlesLogins; use Illuminate\Foundation\Auth\ThrottlesLogins;
use Pterodactyl\Exceptions\Http\HttpForbiddenException; use Pterodactyl\Exceptions\Http\HttpForbiddenException;
use Pterodactyl\Services\Servers\GetUserPermissionsService; use Pterodactyl\Services\Servers\GetUserPermissionsService;
@ -52,7 +54,14 @@ class SftpAuthenticationController extends Controller
$this->reject($request); $this->reject($request);
} }
} else { } else {
if (!$user->sshKeys()->where('public_key', trim($request->input('password')))->exists()) { $key = null;
try {
$key = PublicKeyLoader::loadPublicKey(trim($request->input('password')));
} catch (NoKeyLoadedException $exception) {
// do nothing
}
if (!$key || !$user->sshKeys()->where('fingerprint', $key->getFingerprint('sha256'))->exists()) {
$this->reject($request, false); $this->reject($request, false);
} }
} }
@ -61,7 +70,6 @@ class SftpAuthenticationController extends Controller
return new JsonResponse([ return new JsonResponse([
'server' => $server->uuid, 'server' => $server->uuid,
'public_keys' => $user->sshKeys->map(fn ($value) => $value->public_key)->toArray(),
'permissions' => $permissions ?? ['*'], 'permissions' => $permissions ?? ['*'],
]); ]);
} }

View file

@ -57,6 +57,14 @@ class StoreSSHKeyRequest extends ClientApiRequest
}); });
} }
/**
* Returns the public key but formatted in a consistent manner.
*/
public function getPublicKey(): string
{
return $this->key->toString('PKCS8');
}
/** /**
* Returns the SHA256 fingerprint of the key provided. * Returns the SHA256 fingerprint of the key provided.
*/ */