[pve-devel] [PATCH v2 access-control 16/23] api: mark some paths notoken
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Nov 21 15:43:34 CET 2019
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
requires versioned dependency on libpve-common-perl
requires a versioned depends on libpve-common-perl
PVE/API2/AccessControl.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 2e16ebf..6995325 100644
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -234,6 +234,7 @@ __PACKAGE__->register_method ({
user => 'world'
},
protected => 1, # else we can't access shadow files
+ notoken => 1, # we don't want tokens to create tickets
description => "Create or verify authentication ticket.",
parameters => {
additionalProperties => 0,
@@ -339,6 +340,7 @@ __PACKAGE__->register_method ({
],
},
protected => 1, # else we can't access shadow files
+ notoken => 1, # we don't want tokens to change the regular user password
description => "Change user password.",
parameters => {
additionalProperties => 0,
@@ -470,6 +472,7 @@ __PACKAGE__->register_method ({
],
},
protected => 1, # else we can't access shadow files
+ notoken => 1, # we don't want tokens to change the regular user's TFA settings
description => "Change user u2f authentication.",
parameters => {
additionalProperties => 0,
@@ -594,6 +597,7 @@ __PACKAGE__->register_method({
method => 'POST',
permissions => { user => 'all' },
protected => 1, # else we can't access shadow files
+ notoken => 1, # we don't want tokens to access TFA information
description => 'Finish a u2f challenge.',
parameters => {
additionalProperties => 0,
--
2.20.1
More information about the pve-devel
mailing list