[pve-devel] [PATCH v2 access-control 16/23] api: mark some paths notoken

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Nov 21 15:43:34 CET 2019


Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    requires versioned dependency on libpve-common-perl
    
    requires a versioned depends on libpve-common-perl

 PVE/API2/AccessControl.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 2e16ebf..6995325 100644
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -234,6 +234,7 @@ __PACKAGE__->register_method ({
 	user => 'world' 
     },
     protected => 1, # else we can't access shadow files
+    notoken => 1, # we don't want tokens to create tickets
     description => "Create or verify authentication ticket.",
     parameters => {
 	additionalProperties => 0,
@@ -339,6 +340,7 @@ __PACKAGE__->register_method ({
 	    ],
     },
     protected => 1, # else we can't access shadow files
+    notoken => 1, # we don't want tokens to change the regular user password
     description => "Change user password.",
     parameters => {
 	additionalProperties => 0,
@@ -470,6 +472,7 @@ __PACKAGE__->register_method ({
 	    ],
     },
     protected => 1, # else we can't access shadow files
+    notoken => 1, # we don't want tokens to change the regular user's TFA settings
     description => "Change user u2f authentication.",
     parameters => {
 	additionalProperties => 0,
@@ -594,6 +597,7 @@ __PACKAGE__->register_method({
     method => 'POST',
     permissions => { user => 'all' },
     protected => 1, # else we can't access shadow files
+    notoken => 1, # we don't want tokens to access TFA information
     description => 'Finish a u2f challenge.',
     parameters => {
 	additionalProperties => 0,
-- 
2.20.1





More information about the pve-devel mailing list