StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[security] ensure session is only for that request when authenticating user API key

Browse source 
https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv
This commit is contained in:
Dane Everitt 2022-01-19 21:09:17 -05:00
parent 21f74a835c
commit dfa329ddf2
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Middleware/Api/AuthenticateKey.php
View file

@ -70,7 +70,7 @@ class AuthenticateKey
} else {
$model = $this->authenticateApiKey($request->bearerToken(), $keyType);
$this->auth->guard()->loginUsingId($model->user_id);
$this->auth->guard()->onceUsingId($model->user_id);
}
$request->attributes->set('api_key', $model);