Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reject requests for public key auth when the user has no keys

Browse source
This commit is contained in:
DaneEveritt 2022-05-15 15:47:06 -04:00
parent 12927a3202
commit e856daee19
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
View file

@ -43,6 +43,12 @@ abstract class SftpAuthenticationController extends Controller
if (!password_verify($request->input('password'), $user->password)) { if (!password_verify($request->input('password'), $user->password)) {
$this->reject($request); $this->reject($request);
} }
} else {
// Start blocking requests when the user has no public keys in the first place —
// don't let the user spam this endpoint.
if ($user->sshKeys->isEmpty()) {
$this->reject($request);
}
} }
$this->validateSftpAccess($user, $server); $this->validateSftpAccess($user, $server);