feat: bump account key limit to 25 (#4417)

Closes #4394
2022-10-08 14:14:03 -07:00 · 2022-10-08 14:14:03 -07:00 · e0e0689846
commit e0e0689846
parent 2e61a4db13
2 changed files with 6 additions and 9 deletions
--- a/app/Http/Controllers/Api/Client/ApiKeyController.php
+++ b/app/Http/Controllers/Api/Client/ApiKeyController.php
@ -26,14 +26,10 @@ class ApiKeyController extends ClientApiController

    /**
     * Store a new API key for a user's account.
-     *
-     * @return array
-     *
-     * @throws \Pterodactyl\Exceptions\DisplayException
     */
-    public function store(StoreApiKeyRequest $request)
+    public function store(StoreApiKeyRequest $request): array
    {
-        if ($request->user()->apiKeys->count() >= 5) {
+        if ($request->user()->apiKeys->count() >= 25) {
            throw new DisplayException('You have reached the account limit for number of API keys.');
        }

--- a/tests/Integration/Api/Client/ApiKeyControllerTest.php
+++ b/tests/Integration/Api/Client/ApiKeyControllerTest.php
@ -96,16 +96,17 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
    }

    /**
-     * Test that no more than 5 API keys can exist at any one time for an account. This prevents
+     * Test that no more than 25 API keys can exist at any one time for an account. This prevents
     * a DoS attack vector against the panel.
     *
     * @see https://github.com/pterodactyl/panel/security/advisories/GHSA-pjmh-7xfm-r4x9
+     * @see https://github.com/pterodactyl/panel/issues/4394
     */
-    public function testNoMoreThanFiveApiKeysCanBeCreatedForAnAccount()
+    public function testApiKeyLimitIsApplied()
    {
        /** @var \Pterodactyl\Models\User $user */
        $user = User::factory()->create();
-        ApiKey::factory()->times(5)->for($user)->create([
+        ApiKey::factory()->times(25)->for($user)->create([
            'key_type' => ApiKey::TYPE_ACCOUNT,
        ]);