Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: Closes #1831 - Add an artisan command to create an API key from the command line #5055

Open
wants to merge 11 commits into
base: develop
Choose a base branch
from

Conversation

GreatSymphonia
Copy link

This PR add an artisan command that allows for someone to create an API key from the command line.

This allows the creation of both a (deprecated) ApiKey::TYPE_APPLICATION and a ApiKey::TYPE_ACCOUNT.

The TYPE_APPLICATION key may be needed in cases where someone would want to automate the deployment of the panel and Wings instances without using the Panel which is the case when you want to deploy the project using a tool like Ansible, thus why it was implemented even though Deprecated.

@GreatSymphonia GreatSymphonia changed the title Closes #1831 - Add an artisan command to create an API key from the command line feature: Closes #1831 - Add an artisan command to create an API key from the command line Apr 4, 2024
@Boy132
Copy link
Contributor

Boy132 commented Apr 4, 2024

You aren't actually checking the user password.

IMO the command should only be able to create application api keys.
Also I don't think application api keys are meant to be deprecated, not sure why there is a comment saying so.

@GreatSymphonia
Copy link
Author

I do understand, I am going to make the changes towards the authentication of the user.
I do agree that only application keys should be able to be created using that, I was confused with the "deprecated" statement regarding them, I will make changes regarding that too.

@GreatSymphonia
Copy link
Author

GreatSymphonia commented Apr 5, 2024

Actually, I am questionning if I should be authenticating the user here because of the fact that it's especially for the admin panel on the installation. It will most likely used right after the creation of the admin user for the Panel and would assing the token to it.

If I am loggin in the user, should I use the Pterodactyl\Http\Controllers\Auth\LoginController or should I simply validate the password in a login request? I am really trying to learn about best practices for that PR.

@Boy132
Copy link
Contributor

Boy132 commented Apr 5, 2024

Actually, I am questionning if I should be authenticating the user here because of the fact that it's especially for the admin panel on the installation. It will most likely used right after the creation of the admin user for the Panel and would assing the token to it.

Yeah, for just application api keys I don't see a reason for any auth.

@danny6167
Copy link
Member

Also I don't think application api keys are meant to be deprecated, not sure why there is a comment saying so.

Don't know if new management has decided to reverse the decision, but they were deprecated by Dane, the comment is no mistake.
https://discord.com/channels/122900397965705216/936744899787784282/1018218699909505157

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants