[pve-devel] [PATCH apiclient] fix #2227: enable totp codes to be passed in cli
Oguz Bektas
o.bektas at proxmox.com
Wed Jul 17 16:50:05 CEST 2019
this patch enables to pass totp codes during cluster join if tfa has been
enabled for root at pam (or any other user actually, but root seems to cause the
most problems).
Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
will start working on a gui patch soon.
PVE/APIClient/LWP.pm | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
index c0e30ff..33a26e0 100755
--- a/PVE/APIClient/LWP.pm
+++ b/PVE/APIClient/LWP.pm
@@ -92,6 +92,11 @@ sub update_ticket {
$agent->default_header('Cookie', $cookie);
}
+sub complete_tfa_challenge {
+ my ($self, $tfa_response) = @_;
+ return $self->post('/api2/json/access/tfa', {response => $tfa_response});
+}
+
sub login {
my ($self) = @_;
@@ -129,15 +134,17 @@ sub login {
my $res = from_json($response->decoded_content, {utf8 => 1, allow_nonref => 1});
my $data = $extract_data->($res);
-
- # TODO: make it possible to use tfa
- if ($data->{ticket} =~ m/^PVE:tfa!/) {
- raise("Two Factor Auth is not yet implemented! Try disabling TFA for the user '$username'.\n");
- }
-
$self->update_ticket($data->{ticket});
$self->update_csrftoken($data->{CSRFPreventionToken});
+ # handle totp
+ if ($data->{ticket} =~ m/^PVE:tfa!/) {
+ print "\nEnter TFA code for user $username: ";
+ my $tfa_code = <STDIN>;
+ chomp $tfa_code;
+ $data = $self->complete_tfa_challenge($tfa_code);
+ $self->update_ticket($data->{ticket});
+ }
return $data;
}
--
2.20.1
More information about the pve-devel
mailing list