[pve-devel] [PATCH pve-access-control] api2: ticket: don't require TFA if the only one is disabled
Hannes Laimer
h.laimer at proxmox.com
Mon Apr 11 09:09:09 CEST 2022
If TFA was added and disabled afterwards it was not possible to login
again.
Signed-off-by: Hannes Laimer <h.laimer at proxmox.com>
---
This was reported on the forum.
src/PVE/API2/AccessControl.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/AccessControl.pm b/src/PVE/API2/AccessControl.pm
index 5d78c6f..8a272b4 100644
--- a/src/PVE/API2/AccessControl.pm
+++ b/src/PVE/API2/AccessControl.pm
@@ -172,12 +172,12 @@ my sub create_ticket_do : prototype($$$$$$) {
my $ticket_data = $username;
my $aad;
if ($new_format) {
- if (defined($tfa_info)) {
+ if (defined($tfa_info) && $tfa_info ne '{}') {
$extra{NeedTFA} = 1;
$ticket_data = "!tfa!$tfa_info";
$aad = $username;
}
- } elsif (defined($tfa_info)) {
+ } elsif (defined($tfa_info) && $tfa_info ne '{}') {
$extra{NeedTFA} = 1;
if ($tfa_info->{type} eq 'u2f') {
my $u2finfo = $tfa_info->{data};
--
2.30.2
More information about the pve-devel
mailing list