mirror of
				https://github.com/pelican-dev/panel.git
				synced 2025-10-25 08:06:51 +02:00 
			
		
		
		
	
							parent
							
								
									2e61a4db13
								
							
						
					
					
						commit
						e0e0689846
					
				| @ -26,14 +26,10 @@ class ApiKeyController extends ClientApiController | ||||
| 
 | ||||
|     /** | ||||
|      * Store a new API key for a user's account. | ||||
|      * | ||||
|      * @return array | ||||
|      * | ||||
|      * @throws \Pterodactyl\Exceptions\DisplayException | ||||
|      */ | ||||
|     public function store(StoreApiKeyRequest $request) | ||||
|     public function store(StoreApiKeyRequest $request): array | ||||
|     { | ||||
|         if ($request->user()->apiKeys->count() >= 5) { | ||||
|         if ($request->user()->apiKeys->count() >= 25) { | ||||
|             throw new DisplayException('You have reached the account limit for number of API keys.'); | ||||
|         } | ||||
| 
 | ||||
|  | ||||
| @ -96,16 +96,17 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Test that no more than 5 API keys can exist at any one time for an account. This prevents | ||||
|      * Test that no more than 25 API keys can exist at any one time for an account. This prevents | ||||
|      * a DoS attack vector against the panel. | ||||
|      * | ||||
|      * @see https://github.com/pterodactyl/panel/security/advisories/GHSA-pjmh-7xfm-r4x9 | ||||
|      * @see https://github.com/pterodactyl/panel/issues/4394 | ||||
|      */ | ||||
|     public function testNoMoreThanFiveApiKeysCanBeCreatedForAnAccount() | ||||
|     public function testApiKeyLimitIsApplied() | ||||
|     { | ||||
|         /** @var \Pterodactyl\Models\User $user */ | ||||
|         $user = User::factory()->create(); | ||||
|         ApiKey::factory()->times(5)->for($user)->create([ | ||||
|         ApiKey::factory()->times(25)->for($user)->create([ | ||||
|             'key_type' => ApiKey::TYPE_ACCOUNT, | ||||
|         ]); | ||||
| 
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Dane Everitt
						Dane Everitt