Store keys in standard format; query with fingerprint not public key

DaneEveritt · DaneEveritt · commit a9364061c160 · 2022-05-15T16:41:15.000-04:00
diff --git a/app/Http/Controllers/Api/Client/SSHKeyController.php b/app/Http/Controllers/Api/Client/SSHKeyController.php
@@ -27,7 +27,7 @@ public function store(StoreSSHKeyRequest $request): array
     {
         $model = $request->user()->sshKeys()->create([
             'name' => $request->input('name'),
-            'public_key' => $request->input('public_key'),
+            'public_key' => $request->getPublicKey(),
             'fingerprint' => $request->getKeyFingerprint(),
         ]);
 
diff --git a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
@@ -7,7 +7,9 @@
 use Pterodactyl\Models\Server;
 use Illuminate\Http\JsonResponse;
 use Pterodactyl\Models\Permission;
+use phpseclib3\Crypt\PublicKeyLoader;
 use Pterodactyl\Http\Controllers\Controller;
+use phpseclib3\Exception\NoKeyLoadedException;
 use Illuminate\Foundation\Auth\ThrottlesLogins;
 use Pterodactyl\Exceptions\Http\HttpForbiddenException;
 use Pterodactyl\Services\Servers\GetUserPermissionsService;
@@ -52,7 +54,14 @@ public function __invoke(SftpAuthenticationFormRequest $request): JsonResponse
                 $this->reject($request);
             }
         } else {
-            if (!$user->sshKeys()->where('public_key', trim($request->input('password')))->exists()) {
+            $key = null;
+            try {
+                $key = PublicKeyLoader::loadPublicKey(trim($request->input('password')));
+            } catch (NoKeyLoadedException $exception) {
+                // do nothing
+            }
+
+            if (!$key || !$user->sshKeys()->where('fingerprint', $key->getFingerprint('sha256'))->exists()) {
                 $this->reject($request, false);
             }
         }
@@ -61,7 +70,6 @@ public function __invoke(SftpAuthenticationFormRequest $request): JsonResponse
 
         return new JsonResponse([
             'server' => $server->uuid,
-            'public_keys' => $user->sshKeys->map(fn ($value) => $value->public_key)->toArray(),
             'permissions' => $permissions ?? ['*'],
         ]);
     }
diff --git a/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php b/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
@@ -57,6 +57,14 @@ public function withValidator(Validator $validator): void
         });
     }
 
+    /**
+     * Returns the public key but formatted in a consistent manner.
+     */
+    public function getPublicKey(): string
+    {
+        return $this->key->toString('PKCS8');
+    }
+
     /**
      * Returns the SHA256 fingerprint of the key provided.
      */

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ public function store(StoreSSHKeyRequest $request): array`
`27`	`27`	`{`
`28`	`28`	`$model = $request->user()->sshKeys()->create([`
`29`	`29`	`'name' => $request->input('name'),`
`30`		`- 'public_key' => $request->input('public_key'),`
	`30`	`+ 'public_key' => $request->getPublicKey(),`
`31`	`31`	`'fingerprint' => $request->getKeyFingerprint(),`
`32`	`32`	`]);`
`33`	`33`