[pve-devel] [PATCH access-control 09/10] pveum: update tfa delete command
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Nov 9 12:27:04 CET 2021
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
src/PVE/CLI/pveum.pm | 40 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 39 insertions(+), 1 deletion(-)
diff --git a/src/PVE/CLI/pveum.pm b/src/PVE/CLI/pveum.pm
index 95b5705..44399b6 100755
--- a/src/PVE/CLI/pveum.pm
+++ b/src/PVE/CLI/pveum.pm
@@ -12,6 +12,7 @@ use PVE::API2::ACL;
use PVE::API2::AccessControl;
use PVE::API2::Domains;
use PVE::API2::TFA;
+use PVE::Cluster qw(cfs_read_file cfs_write_file);
use PVE::CLIFormatter;
use PVE::CLIHandler;
use PVE::JSONSchema qw(get_standard_option);
@@ -111,6 +112,43 @@ __PACKAGE__->register_method({
return PVE::API2::AccessControl->permissions($param);
}});
+__PACKAGE__->register_method({
+ name => 'delete_tfa',
+ path => 'delete_tfa',
+ method => 'PUT',
+ description => 'Delete TFA entries from a user.',
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ userid => get_standard_option('userid'),
+ id => {
+ description => "The TFA ID, if none provided, all TFA entries will be deleted.",
+ type => 'string',
+ optional => 1,
+ },
+ },
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $userid = extract_param($param, "userid");
+ my $tfa_id = extract_param($param, "id");
+
+ PVE::AccessControl::assert_new_tfa_config_available();
+
+ PVE::AccessControl::lock_tfa_config(sub {
+ my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
+ if (defined($tfa_id)) {
+ $tfa_cfg->api_delete_tfa($userid, $tfa_id);
+ } else {
+ $tfa_cfg->remove_user($userid);
+ }
+ cfs_write_file('priv/tfa.cfg', $tfa_cfg);
+ });
+ return;
+ }});
+
our $cmddef = {
user => {
add => [ 'PVE::API2::User', 'create_user', ['userid'] ],
@@ -119,7 +157,7 @@ our $cmddef = {
list => [ 'PVE::API2::User', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
permissions => [ 'PVE::API2::AccessControl', 'permissions', ['userid'], {}, $print_perm_result, $PVE::RESTHandler::standard_output_options],
tfa => {
- delete => [ 'PVE::API2::TFA', 'change_tfa', ['userid'], { action => 'delete', key => undef, config => undef, response => undef, }, ],
+ delete => [ __PACKAGE__, 'delete_tfa', ['userid'] ],
},
token => {
add => [ 'PVE::API2::User', 'generate_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ],
--
2.30.2
More information about the pve-devel
mailing list