[pve-devel] [PATCH access-control] store the tfa type in user.cfg

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Apr 11 11:31:58 CEST 2019


This allows some improvements to the user experience on the
web ui.

Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
 PVE/AccessControl.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index bec962f..de353b1 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -1434,7 +1434,7 @@ sub user_set_tfa {
 	$tfa->{data} = $data;
 	cfs_write_file('priv/tfa.cfg', $tfa_cfg);
 
-	$user->{keys} = 'x';
+	$user->{keys} = "x!$type";
     } else {
 	delete $tfa_cfg->{users}->{$userid};
 	cfs_write_file('priv/tfa.cfg', $tfa_cfg);
@@ -1463,7 +1463,8 @@ sub user_get_tfa {
     $realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_tfa)
 	if $realm_tfa;
 
-    if ($keys ne 'x') {
+    # new style config starts with an 'x' and optionally contains a !<type> suffix
+    if ($keys != /^x(?:!.*)?$/) {
 	# old style config, find the type via the realm
 	return if !$realm_tfa;
 	return ($realm_tfa->{type}, {
-- 
2.11.0





More information about the pve-devel mailing list