From a9364061c1605ffa27af8b8a1ececbad25a9a9ee Mon Sep 17 00:00:00 2001
From: DaneEveritt <dane@daneeveritt.com>
Date: Sun, 15 May 2022 16:41:15 -0400
Subject: [PATCH] Store keys in standard format; query with fingerprint not
 public key

---
 app/Http/Controllers/Api/Client/SSHKeyController.php |  2 +-
 .../Api/Remote/SftpAuthenticationController.php      | 12 ++++++++++--
 .../Api/Client/Account/StoreSSHKeyRequest.php        |  8 ++++++++
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Api/Client/SSHKeyController.php b/app/Http/Controllers/Api/Client/SSHKeyController.php
index 1b3db52d3..80ea6dda7 100644
--- a/app/Http/Controllers/Api/Client/SSHKeyController.php
+++ b/app/Http/Controllers/Api/Client/SSHKeyController.php
@@ -27,7 +27,7 @@ class SSHKeyController extends ClientApiController
     {
         $model = $request->user()->sshKeys()->create([
             'name' => $request->input('name'),
-            'public_key' => $request->input('public_key'),
+            'public_key' => $request->getPublicKey(),
             'fingerprint' => $request->getKeyFingerprint(),
         ]);
 
diff --git a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
index a45540938..7d4261507 100644
--- a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
+++ b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
@@ -7,7 +7,9 @@ use Illuminate\Http\Request;
 use Pterodactyl\Models\Server;
 use Illuminate\Http\JsonResponse;
 use Pterodactyl\Models\Permission;
+use phpseclib3\Crypt\PublicKeyLoader;
 use Pterodactyl\Http\Controllers\Controller;
+use phpseclib3\Exception\NoKeyLoadedException;
 use Illuminate\Foundation\Auth\ThrottlesLogins;
 use Pterodactyl\Exceptions\Http\HttpForbiddenException;
 use Pterodactyl\Services\Servers\GetUserPermissionsService;
@@ -52,7 +54,14 @@ class SftpAuthenticationController extends Controller
                 $this->reject($request);
             }
         } else {
-            if (!$user->sshKeys()->where('public_key', trim($request->input('password')))->exists()) {
+            $key = null;
+            try {
+                $key = PublicKeyLoader::loadPublicKey(trim($request->input('password')));
+            } catch (NoKeyLoadedException $exception) {
+                // do nothing
+            }
+
+            if (!$key || !$user->sshKeys()->where('fingerprint', $key->getFingerprint('sha256'))->exists()) {
                 $this->reject($request, false);
             }
         }
@@ -61,7 +70,6 @@ class SftpAuthenticationController extends Controller
 
         return new JsonResponse([
             'server' => $server->uuid,
-            'public_keys' => $user->sshKeys->map(fn ($value) => $value->public_key)->toArray(),
             'permissions' => $permissions ?? ['*'],
         ]);
     }
diff --git a/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php b/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
index 29bf2d1ba..bddea153b 100644
--- a/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
+++ b/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
@@ -57,6 +57,14 @@ class StoreSSHKeyRequest extends ClientApiRequest
         });
     }
 
+    /**
+     * Returns the public key but formatted in a consistent manner.
+     */
+    public function getPublicKey(): string
+    {
+        return $this->key->toString('PKCS8');
+    }
+
     /**
      * Returns the SHA256 fingerprint of the key provided.
      */