Have the panel handle all of the authorization for both public key and password based attempts
This commit is contained in:
parent
e856daee19
commit
412ac5ef39
|
@ -28,7 +28,8 @@ abstract class SftpAuthenticationController extends Controller
|
|||
|
||||
/**
|
||||
* Authenticate a set of credentials and return the associated server details
|
||||
* for a SFTP connection on the daemon.
|
||||
* for a SFTP connection on the daemon. This supports both public key and password
|
||||
* based credentials.
|
||||
*/
|
||||
public function __invoke(SftpAuthenticationFormRequest $request): JsonResponse
|
||||
{
|
||||
|
@ -44,9 +45,7 @@ abstract class SftpAuthenticationController extends Controller
|
|||
$this->reject($request);
|
||||
}
|
||||
} else {
|
||||
// Start blocking requests when the user has no public keys in the first place —
|
||||
// don't let the user spam this endpoint.
|
||||
if ($user->sshKeys->isEmpty()) {
|
||||
if (!$user->sshKeys()->where('public_key', $request->input('password'))->exists()) {
|
||||
$this->reject($request);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Remote;
|
||||
|
||||
use Illuminate\Validation\Rule;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
class SftpAuthenticationFormRequest extends FormRequest
|
||||
|
@ -27,9 +26,7 @@ class SftpAuthenticationFormRequest extends FormRequest
|
|||
return [
|
||||
'type' => ['nullable', 'in:password,public_key'],
|
||||
'username' => ['required', 'string'],
|
||||
'password' => [
|
||||
Rule::when(fn () => $this->input('type') !== 'public_key', ['required', 'string'], ['nullable']),
|
||||
],
|
||||
'password' => ['required', 'string'],
|
||||
];
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue