-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Application API - Not showing API keys created by other admins #5175
Comments
I believe this is intentional however I agree that all Application API keys should be visible to all Admins since it does pose the potential for malicious users to generate keys without other panel admins noticing. In the meantime, you can view the api_keys table to see all API Keys - this table does also include normal User API Keys. |
That was exactly my worry. We use Pterodactyl for our game servers. If we dismiss someone who had admin rights and they still have an active API key, it could be exploited for malicious purposes. |
I'll make a PR later today to adjust this behaviour for you. I'm not sure if the Pterodactyl team will merge it as, like I said, I think the current functionality is intentional. If you don't know how to build the source files, feel free to reach out to me on Discord ('wackenzie' is my tag). Happy to help. |
Current Behavior
When I create an Application API key from the Admin dashboard, other admin's can't see the keys I made (and I can't see theirs). I've also confirmed this on another server. Same issue.
Expected Behavior
I'd expect on the application api page every admin sees all API keys.
Steps to Reproduce
Create an Application API key.
Login with another user
It's not there.
Panel Version
1.11.7
Wings Version
1.11.13
Games and/or Eggs Affected
None
Docker Image
None
Error Logs
Is there an existing issue for this?
The text was updated successfully, but these errors were encountered: