[pve-devel] [PATCH access-control 4/5] delete TFA entries when deleting a user

Wolfgang Bumiller w.bumiller at proxmox.com
Wed Mar 27 11:16:20 CET 2019


Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
 PVE/API2/User.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm
index 4c859dc..4458fc1 100644
--- a/PVE/API2/User.pm
+++ b/PVE/API2/User.pm
@@ -355,11 +355,14 @@ __PACKAGE__->register_method ({
 		    $plugin->delete_user($cfg, $realm, $ruid);
 		}
 
+		# Remove TFA data before removing the user entry as the user entry tells us whether
+		# we need ot update priv/tfa.cfg.
+		PVE::AccessControl::user_set_tfa($userid, $realm, undef, undef, $usercfg, $domain_cfg);
+
 		delete $usercfg->{users}->{$userid};
 
 		PVE::AccessControl::delete_user_group($userid, $usercfg);
 		PVE::AccessControl::delete_user_acl($userid, $usercfg);
-
 		cfs_write_file("user.cfg", $usercfg);
 	    }, "delete user failed");
 
-- 
2.11.0




More information about the pve-devel mailing list