[pdm-devel] [PATCH proxmox v4 13/21] login: add `TicketResult::HttpOnly` member
Shannon Sterz
s.sterz at proxmox.com
Tue Mar 4 13:04:58 CET 2025
this allows client to be aware that the ticket they manage is
informational only and that the real ticket should have been set via
a HttpOnly cookie.
Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
proxmox-login/src/lib.rs | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/proxmox-login/src/lib.rs b/proxmox-login/src/lib.rs
index 52282052..e97ece7b 100644
--- a/proxmox-login/src/lib.rs
+++ b/proxmox-login/src/lib.rs
@@ -200,9 +200,22 @@ impl Login {
));
}
+ // `ticket_info` is set when the server sets the ticket via an HttpOnly cookie. this also
+ // means we do not have access to the cookie itself which happens for example in a browser.
+ // assume that the cookie is handled properly by the context (browser) and don't worry
+ // about handling it ourselves.
+ if let Some(ref ticket) = response.ticket_info {
+ let ticket = ticket.parse()?;
+ return Ok(TicketResult::HttpOnly(
+ self.authentication_for(ticket, response)?,
+ ));
+ }
+
+ // old authentication flow where we needed to handle the ticket ourselves even in the
+ // browser etc.
let ticket: TicketResponse = match response.ticket {
- Some(ticket) => ticket.parse()?,
- None => return Err("missing ticket".into()),
+ Some(ref ticket) => ticket.parse()?,
+ None => return Err("no ticket information in response".into()),
};
Ok(match ticket {
@@ -250,6 +263,9 @@ pub enum TicketResult {
/// The response returned a Two-Factor-Authentication challenge.
TfaRequired(SecondFactorChallenge),
+
+ /// The response returned a valid ticket as an HttpOnly cookie.
+ HttpOnly(Authentication),
}
/// A ticket call can returned a TFA challenge. The user should inspect the
--
2.39.5
More information about the pdm-devel
mailing list