[pdm-devel] [PATCH proxmox v4 13/21] login: add `TicketResult::HttpOnly` member

Shannon Sterz s.sterz at proxmox.com
Tue Mar 4 13:04:58 CET 2025


this allows client to be aware that the ticket they manage is
informational only and that the real ticket should have been set via
a HttpOnly cookie.

Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
 proxmox-login/src/lib.rs | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/proxmox-login/src/lib.rs b/proxmox-login/src/lib.rs
index 52282052..e97ece7b 100644
--- a/proxmox-login/src/lib.rs
+++ b/proxmox-login/src/lib.rs
@@ -200,9 +200,22 @@ impl Login {
             ));
         }
 
+        // `ticket_info` is set when the server sets the ticket via an HttpOnly cookie. this also
+        // means we do not have access to the cookie itself which happens for example in a browser.
+        // assume that the cookie is handled properly by the context (browser) and don't worry
+        // about handling it ourselves.
+        if let Some(ref ticket) = response.ticket_info {
+            let ticket = ticket.parse()?;
+            return Ok(TicketResult::HttpOnly(
+                self.authentication_for(ticket, response)?,
+            ));
+        }
+
+        // old authentication flow where we needed to handle the ticket ourselves even in the
+        // browser etc.
         let ticket: TicketResponse = match response.ticket {
-            Some(ticket) => ticket.parse()?,
-            None => return Err("missing ticket".into()),
+            Some(ref ticket) => ticket.parse()?,
+            None => return Err("no ticket information in response".into()),
         };
 
         Ok(match ticket {
@@ -250,6 +263,9 @@ pub enum TicketResult {
 
     /// The response returned a Two-Factor-Authentication challenge.
     TfaRequired(SecondFactorChallenge),
+
+    /// The response returned a valid ticket as an HttpOnly cookie.
+    HttpOnly(Authentication),
 }
 
 /// A ticket call can returned a TFA challenge. The user should inspect the
-- 
2.39.5





More information about the pdm-devel mailing list