[pve-devel] [PATCH apiclient] check for tfa during cluster join, abort if yes
Oguz Bektas
o.bektas at proxmox.com
Thu Jun 27 18:00:48 CEST 2019
momentarily, we check for tfa in the cluster join and abort if it's
enabled, since the tfa ticket is not being handled correctly atm, which
caused a '401 No ticket' error[0][1].
todo is to ask with a prompt on gui and cli to enable totp and possible
u2f in the future
[0]: https://forum.proxmox.com/threads/failed-to-add-cluster-node-401-no-ticket.54882/
[1]: https://bugzilla.proxmox.com/show_bug.cgi?id=2227
Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
PVE/APIClient/LWP.pm | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
index 31df3c5..492f64d 100755
--- a/PVE/APIClient/LWP.pm
+++ b/PVE/APIClient/LWP.pm
@@ -129,6 +129,11 @@ sub login {
my $data = $extract_data->($res);
+ # TODO: make it possible to use tfa
+ if ($data->{ticket} =~ m/^PVE:tfa!/) {
+ die "TFA in API is not yet implemented! Try disabling TFA for the user.\n";
+ }
+
$self->update_ticket($data->{ticket});
$self->update_csrftoken($data->{CSRFPreventionToken});
--
2.11.0
More information about the pve-devel
mailing list