[pbs-devel] [PATCH proxmox v3] login: use `ticket` if both it and `ticket_info` are provided
Christian Ebner
c.ebner at proxmox.com
Fri Oct 3 16:52:55 CEST 2025
On 10/2/25 9:57 AM, Shannon Sterz wrote:
> previously the precense of `ticket_info` was assumed to indicate the
> HTTPOnly authentication flow. the `ticket` field was ignore in that
> case, because the client has no way of validating a ticket anyway.
>
> this commit changes the behaviour to assume that the server is not
> trying to "trick us" and that the presence of a `ticket` field
> indicates that this value should be used for authentication. if the
> `ticket_info` field is also present, it will be ignored.
>
> this fixes an issue where authentication against later versions of
> proxmox-backup-server 3.4 failed. including versions up to and
> including version 3.4.6-1.
>
> Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
> ---
LGTM now! Consider:
Reviewed-by: Christian Ebner <c.ebner at proxmox.com>
Tested-by: Christian Ebner <c.ebner at proxmox.com>
More information about the pbs-devel
mailing list