feat: bump account key limit to 25 (#4417)

Closes #4394
This commit is contained in:
Dane Everitt 2022-10-08 14:14:03 -07:00 committed by GitHub
parent 2e61a4db13
commit e0e0689846
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 9 deletions

View File

@ -26,14 +26,10 @@ class ApiKeyController extends ClientApiController
/** /**
* Store a new API key for a user's account. * Store a new API key for a user's account.
*
* @return array
*
* @throws \Pterodactyl\Exceptions\DisplayException
*/ */
public function store(StoreApiKeyRequest $request) public function store(StoreApiKeyRequest $request): array
{ {
if ($request->user()->apiKeys->count() >= 5) { if ($request->user()->apiKeys->count() >= 25) {
throw new DisplayException('You have reached the account limit for number of API keys.'); throw new DisplayException('You have reached the account limit for number of API keys.');
} }

View File

@ -96,16 +96,17 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
} }
/** /**
* Test that no more than 5 API keys can exist at any one time for an account. This prevents * Test that no more than 25 API keys can exist at any one time for an account. This prevents
* a DoS attack vector against the panel. * a DoS attack vector against the panel.
* *
* @see https://github.com/pterodactyl/panel/security/advisories/GHSA-pjmh-7xfm-r4x9 * @see https://github.com/pterodactyl/panel/security/advisories/GHSA-pjmh-7xfm-r4x9
* @see https://github.com/pterodactyl/panel/issues/4394
*/ */
public function testNoMoreThanFiveApiKeysCanBeCreatedForAnAccount() public function testApiKeyLimitIsApplied()
{ {
/** @var \Pterodactyl\Models\User $user */ /** @var \Pterodactyl\Models\User $user */
$user = User::factory()->create(); $user = User::factory()->create();
ApiKey::factory()->times(5)->for($user)->create([ ApiKey::factory()->times(25)->for($user)->create([
'key_type' => ApiKey::TYPE_ACCOUNT, 'key_type' => ApiKey::TYPE_ACCOUNT,
]); ]);