[pve-devel] [PATCH apiclient] fix #2227: enable totp codes to be passed in cli
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Jul 17 17:50:12 CEST 2019
On 7/17/19 5:25 PM, Oguz Bektas wrote:
> On Wed, Jul 17, 2019 at 05:03:38PM +0200, Thomas Lamprecht wrote:
>> On 7/17/19 4:50 PM, Oguz Bektas wrote:
>>> ---
>>>
>>> will start working on a gui patch soon.
>>
>> does it work over gui like this? I mean maybe I'm missing something but
>> wouldn't that need us to detect the "Enter TFA code for user .." in a
>> task log and then open a input field?
> it doesn't work atm. i've added the raise as you suggested in my v2,
> which i'll be sending in a few minutes.
>>
>> Another, quite different, way could be to let the do the initial API
>> connection handle TFA there and pass the ticket then to the backend which
>> can use it directly?
> it seemed easier to do it this way now, since we already have
> /access/tfa which handles almost everything tfa-related.
You also have /acess/tfa if doing this in the frontend?? I mean we already
do _everything_ there (even can do u2f) so if, it should be easier to do..?
>>> @@ -129,15 +134,17 @@ sub login {
>>> my $res = from_json($response->decoded_content, {utf8 => 1, allow_nonref => 1});
>>>
>>> my $data = $extract_data->($res);
>>> -
>>> - # TODO: make it possible to use tfa
>>> - if ($data->{ticket} =~ m/^PVE:tfa!/) {
>>
>> we still need this for /^PVE:u2f!/
>
> according to wolfgang, handling u2f will require us to package
> libu2f-client (like we did with libu2f-server).
Yes I know that.. What I mean is that we did not checked before for u2f,
which was a bug, and we should now, i.e., keep the above but replacing tfa
with u2f.
>
> so for the moment i think i'll just add another warning for the u2f
> case.
s/warning/raise/ or? As that'd be what I've meant :)
>
>>
>> (missed even before...)
>>
More information about the pve-devel
mailing list