diff --git a/app/Http/Controllers/Api/Client/ApiKeyController.php b/app/Http/Controllers/Api/Client/ApiKeyController.php index e2b648124..c6b6f7092 100644 --- a/app/Http/Controllers/Api/Client/ApiKeyController.php +++ b/app/Http/Controllers/Api/Client/ApiKeyController.php @@ -26,14 +26,10 @@ class ApiKeyController extends ClientApiController /** * Store a new API key for a user's account. - * - * @return array - * - * @throws \Pterodactyl\Exceptions\DisplayException */ - public function store(StoreApiKeyRequest $request) + public function store(StoreApiKeyRequest $request): array { - if ($request->user()->apiKeys->count() >= 5) { + if ($request->user()->apiKeys->count() >= 25) { throw new DisplayException('You have reached the account limit for number of API keys.'); } diff --git a/tests/Integration/Api/Client/ApiKeyControllerTest.php b/tests/Integration/Api/Client/ApiKeyControllerTest.php index 70485e974..78e662cec 100644 --- a/tests/Integration/Api/Client/ApiKeyControllerTest.php +++ b/tests/Integration/Api/Client/ApiKeyControllerTest.php @@ -96,16 +96,17 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase } /** - * Test that no more than 5 API keys can exist at any one time for an account. This prevents + * Test that no more than 25 API keys can exist at any one time for an account. This prevents * a DoS attack vector against the panel. * * @see https://github.com/pterodactyl/panel/security/advisories/GHSA-pjmh-7xfm-r4x9 + * @see https://github.com/pterodactyl/panel/issues/4394 */ - public function testNoMoreThanFiveApiKeysCanBeCreatedForAnAccount() + public function testApiKeyLimitIsApplied() { /** @var \Pterodactyl\Models\User $user */ $user = User::factory()->create(); - ApiKey::factory()->times(5)->for($user)->create([ + ApiKey::factory()->times(25)->for($user)->create([ 'key_type' => ApiKey::TYPE_ACCOUNT, ]);