Merge branch 'develop' into dane/restore-backups
This commit is contained in:
Dane Everitt
commit
663143de0b
575 changed files with 6080 additions and 6864 deletions
|
|
@ -38,10 +38,6 @@ class SftpAuthenticationController extends Controller
|
|||
|
||||
/**
|
||||
* SftpController constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
|
||||
* @param \Pterodactyl\Repositories\Eloquent\UserRepository $userRepository
|
||||
* @param \Pterodactyl\Repositories\Eloquent\ServerRepository $serverRepository
|
||||
*/
|
||||
public function __construct(
|
||||
GetUserPermissionsService $permissionsService,
|
||||
|
|
@ -57,9 +53,6 @@ class SftpAuthenticationController extends Controller
|
|||
* Authenticate a set of credentials and return the associated server details
|
||||
* for a SFTP connection on the daemon.
|
||||
*
|
||||
* @param \Pterodactyl\Http\Requests\Api\Remote\SftpAuthenticationFormRequest $request
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function __invoke(SftpAuthenticationFormRequest $request): JsonResponse
|
||||
|
|
@ -76,15 +69,13 @@ class SftpAuthenticationController extends Controller
|
|||
if ($this->hasTooManyLoginAttempts($request)) {
|
||||
$seconds = $this->limiter()->availableIn($this->throttleKey($request));
|
||||
|
||||
throw new TooManyRequestsHttpException(
|
||||
$seconds, "Too many login attempts for this account, please try again in {$seconds} seconds."
|
||||
);
|
||||
throw new TooManyRequestsHttpException($seconds, "Too many login attempts for this account, please try again in {$seconds} seconds.");
|
||||
}
|
||||
|
||||
/** @var \Pterodactyl\Models\Node $node */
|
||||
$node = $request->attributes->get('node');
|
||||
if (empty($connection['server'])) {
|
||||
throw new NotFoundHttpException;
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
/** @var \Pterodactyl\Models\User $user */
|
||||
|
|
@ -93,27 +84,23 @@ class SftpAuthenticationController extends Controller
|
|||
]);
|
||||
|
||||
$server = $this->serverRepository->getByUuid($connection['server'] ?? '');
|
||||
if (! password_verify($request->input('password'), $user->password) || $server->node_id !== $node->id) {
|
||||
if (!password_verify($request->input('password'), $user->password) || $server->node_id !== $node->id) {
|
||||
$this->incrementLoginAttempts($request);
|
||||
|
||||
throw new HttpForbiddenException(
|
||||
'Authorization credentials were not correct, please try again.'
|
||||
);
|
||||
throw new HttpForbiddenException('Authorization credentials were not correct, please try again.');
|
||||
}
|
||||
|
||||
if (! $user->root_admin && $server->owner_id !== $user->id) {
|
||||
if (!$user->root_admin && $server->owner_id !== $user->id) {
|
||||
$permissions = $this->permissionsService->handle($server, $user);
|
||||
|
||||
if (! in_array(Permission::ACTION_FILE_SFTP, $permissions)) {
|
||||
throw new HttpForbiddenException(
|
||||
'You do not have permission to access SFTP for this server.'
|
||||
);
|
||||
if (!in_array(Permission::ACTION_FILE_SFTP, $permissions)) {
|
||||
throw new HttpForbiddenException('You do not have permission to access SFTP for this server.');
|
||||
}
|
||||
}
|
||||
|
||||
// Prevent SFTP access to servers that are being transferred.
|
||||
if (! is_null($server->transfer)) {
|
||||
throw new ServerTransferringException;
|
||||
if (!is_null($server->transfer)) {
|
||||
throw new ServerTransferringException();
|
||||
}
|
||||
|
||||
// Remember, for security purposes, only reveal the existence of the server to people that
|
||||
|
|
@ -132,9 +119,6 @@ class SftpAuthenticationController extends Controller
|
|||
|
||||
/**
|
||||
* Get the throttle key for the given request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return string
|
||||
*/
|
||||
protected function throttleKey(Request $request): string
|
||||
{
|
||||
|
|
|
|||
Reference in a new issue