banquise/pelican-panel-mirror
3
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-05-28 08:04:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reject requests for public key auth when the user has no keys

Browse Source
This commit is contained in:
DaneEveritt 2022-05-15 15:47:06 -04:00
parent 12927a3202
commit e856daee19
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
View File

@ -43,6 +43,12 @@ abstract class SftpAuthenticationController extends Controller
if (!password_verify($request->input('password'), $user->password)) {
$this->reject($request);
}
} else {
// Start blocking requests when the user has no public keys in the first place —
// don't let the user spam this endpoint.
if ($user->sshKeys->isEmpty()) {
$this->reject($request);
}
}
$this->validateSftpAccess($user, $server);