[pve-devel] applied: [PATCH apiclient] check for tfa during cluster join, abort if yes
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Jun 27 22:06:19 CEST 2019
On 6/27/19 6:00 PM, Oguz Bektas wrote:
> momentarily, we check for tfa in the cluster join and abort if it's
> enabled, since the tfa ticket is not being handled correctly atm, which
> caused a '401 No ticket' error[0][1].
>
> todo is to ask with a prompt on gui and cli to enable totp and possible
> u2f in the future
>
> [0]: https://forum.proxmox.com/threads/failed-to-add-cluster-node-401-no-ticket.54882/
> [1]: https://bugzilla.proxmox.com/show_bug.cgi?id=2227
>
> Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
> ---
> PVE/APIClient/LWP.pm | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
> index 31df3c5..492f64d 100755
> --- a/PVE/APIClient/LWP.pm
> +++ b/PVE/APIClient/LWP.pm
> @@ -129,6 +129,11 @@ sub login {
>
> my $data = $extract_data->($res);
>
> + # TODO: make it possible to use tfa
> + if ($data->{ticket} =~ m/^PVE:tfa!/) {
> + die "TFA in API is not yet implemented! Try disabling TFA for the user.\n";
> + }
> +
> $self->update_ticket($data->{ticket});
> $self->update_csrftoken($data->{CSRFPreventionToken});
>
>
applied, but followed-up with using raise to ensure we throw a PVE::APIClient::Exception
instead of die and printing the username here. Much thanks!
More information about the pve-devel
mailing list