Add ServerTransferringException, use is_null

2020-12-17 10:34:26 -07:00 · 2020-12-17 10:34:26 -07:00 · fd848985ee
commit fd848985ee
parent 5668a780e2
9 changed files with 36 additions and 14 deletions
--- a/app/Http/Controllers/Api/Client/Servers/WebsocketController.php
+++ b/app/Http/Controllers/Api/Client/Servers/WebsocketController.php
@ -61,7 +61,7 @@ class WebsocketController extends ClientApiController
        $permissions = $this->permissionsService->handle($server, $user);

        $node = null;
-        if ($server->transfer !== null) {
+        if (! is_null($server->transfer)) {
            // Check if the user has permissions to receive transfer logs.
            if (! in_array('admin.websocket.transfer', $permissions)) {
                throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to view transfer logs');
--- a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
+++ b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
@ -12,6 +12,7 @@ use Pterodactyl\Exceptions\Http\HttpForbiddenException;
 use Pterodactyl\Repositories\Eloquent\ServerRepository;
 use Pterodactyl\Services\Servers\GetUserPermissionsService;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Pterodactyl\Exceptions\Http\Server\ServerTransferringException;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Pterodactyl\Http\Requests\Api\Remote\SftpAuthenticationFormRequest;
 use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
@ -110,9 +111,14 @@ class SftpAuthenticationController extends Controller
            }
        }

-        // Remeber, for security purposes, only reveal the existence of the server to people that
+        // Prevent SFTP access to servers that are being transferred.
+        if (! is_null($server->transfer)) {
+            throw new ServerTransferringException();
+        }
+
+        // Remember, for security purposes, only reveal the existence of the server to people that
        // have provided valid credentials, and have permissions to know about it.
-        if ($server->installed !== 1 || $server->suspended || $server->transfer !== null) {
+        if ($server->installed !== 1 || $server->suspended) {
            throw new BadRequestHttpException(
                'Server is not installed or is currently suspended.'
            );
@ -132,7 +138,7 @@ class SftpAuthenticationController extends Controller
     * @param \Illuminate\Http\Request $request
     * @return string
     */
-    protected function throttleKey(Request $request)
+    protected function throttleKey(Request $request): string
    {
        $username = explode('.', strrev($request->input('username', '')));