mirror of
				https://github.com/pelican-dev/panel.git
				synced 2025-10-25 10:26:52 +02:00 
			
		
		
		
	
							parent
							
								
									2e61a4db13
								
							
						
					
					
						commit
						e0e0689846
					
				| @ -26,14 +26,10 @@ class ApiKeyController extends ClientApiController | |||||||
| 
 | 
 | ||||||
|     /** |     /** | ||||||
|      * Store a new API key for a user's account. |      * Store a new API key for a user's account. | ||||||
|      * |  | ||||||
|      * @return array |  | ||||||
|      * |  | ||||||
|      * @throws \Pterodactyl\Exceptions\DisplayException |  | ||||||
|      */ |      */ | ||||||
|     public function store(StoreApiKeyRequest $request) |     public function store(StoreApiKeyRequest $request): array | ||||||
|     { |     { | ||||||
|         if ($request->user()->apiKeys->count() >= 5) { |         if ($request->user()->apiKeys->count() >= 25) { | ||||||
|             throw new DisplayException('You have reached the account limit for number of API keys.'); |             throw new DisplayException('You have reached the account limit for number of API keys.'); | ||||||
|         } |         } | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -96,16 +96,17 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase | |||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /** |     /** | ||||||
|      * Test that no more than 5 API keys can exist at any one time for an account. This prevents |      * Test that no more than 25 API keys can exist at any one time for an account. This prevents | ||||||
|      * a DoS attack vector against the panel. |      * a DoS attack vector against the panel. | ||||||
|      * |      * | ||||||
|      * @see https://github.com/pterodactyl/panel/security/advisories/GHSA-pjmh-7xfm-r4x9 |      * @see https://github.com/pterodactyl/panel/security/advisories/GHSA-pjmh-7xfm-r4x9 | ||||||
|  |      * @see https://github.com/pterodactyl/panel/issues/4394 | ||||||
|      */ |      */ | ||||||
|     public function testNoMoreThanFiveApiKeysCanBeCreatedForAnAccount() |     public function testApiKeyLimitIsApplied() | ||||||
|     { |     { | ||||||
|         /** @var \Pterodactyl\Models\User $user */ |         /** @var \Pterodactyl\Models\User $user */ | ||||||
|         $user = User::factory()->create(); |         $user = User::factory()->create(); | ||||||
|         ApiKey::factory()->times(5)->for($user)->create([ |         ApiKey::factory()->times(25)->for($user)->create([ | ||||||
|             'key_type' => ApiKey::TYPE_ACCOUNT, |             'key_type' => ApiKey::TYPE_ACCOUNT, | ||||||
|         ]); |         ]); | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Dane Everitt
						Dane Everitt