From 1f7fe093aec64526afa901d09bce201896af319a Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 10 Oct 2020 17:15:30 -0700 Subject: [PATCH] Correctly validate description for API keys to match model expectations; closes #2457 --- .../Api/Client/Account/StoreApiKeyRequest.php | 7 +++++-- tests/Integration/Api/Client/ApiKeyControllerTest.php | 11 +++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/app/Http/Requests/Api/Client/Account/StoreApiKeyRequest.php b/app/Http/Requests/Api/Client/Account/StoreApiKeyRequest.php index a82db1ec..1a263286 100644 --- a/app/Http/Requests/Api/Client/Account/StoreApiKeyRequest.php +++ b/app/Http/Requests/Api/Client/Account/StoreApiKeyRequest.php @@ -2,6 +2,7 @@ namespace Pterodactyl\Http\Requests\Api\Client\Account; +use Pterodactyl\Models\ApiKey; use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest; class StoreApiKeyRequest extends ClientApiRequest @@ -11,9 +12,11 @@ class StoreApiKeyRequest extends ClientApiRequest */ public function rules(): array { + $rules = ApiKey::getRules(); + return [ - 'description' => 'required|string|min:4', - 'allowed_ips' => 'array', + 'description' => $rules['memo'], + 'allowed_ips' => $rules['allowed_ips'], 'allowed_ips.*' => 'ip', ]; } diff --git a/tests/Integration/Api/Client/ApiKeyControllerTest.php b/tests/Integration/Api/Client/ApiKeyControllerTest.php index 83356239..f4c19f4f 100644 --- a/tests/Integration/Api/Client/ApiKeyControllerTest.php +++ b/tests/Integration/Api/Client/ApiKeyControllerTest.php @@ -121,6 +121,8 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase /** * Test that a bad request results in a validation error being returned by the API. + * + * @see https://github.com/pterodactyl/panel/issues/2457 */ public function testValidationErrorIsReturnedForBadRequests() { @@ -135,6 +137,15 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase $response->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY); $response->assertJsonPath('errors.0.meta.rule', 'required'); $response->assertJsonPath('errors.0.detail', 'The description field is required.'); + + $response = $this->actingAs($user)->postJson('/api/client/account/api-keys', [ + 'description' => str_repeat('a', 501), + 'allowed_ips' => ['127.0.0.1'], + ]); + + $response->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY); + $response->assertJsonPath('errors.0.meta.rule', 'max'); + $response->assertJsonPath('errors.0.detail', 'The description may not be greater than 500 characters.'); } /**