[pve-devel] [PATCH access-control 3/3] authenticate_user: don't give empty $tfa_challenge to authenticate_2nd_new

Dominik Csapak d.csapak at proxmox.com
Thu Oct 20 15:14:12 CEST 2022


just above, we check & return if $tfa_challenge is set, so there is no
way that it would be set here. To make it clearer that it must be undef
here, just omit it in the call.

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
 src/PVE/AccessControl.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index d83dee2..ca36db9 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -746,7 +746,7 @@ sub authenticate_user : prototype($$$$;$) {
 
     if ($new_format) {
 	# This is the first factor with an optional immediate 2nd factor for TOTP:
-	my $tfa_challenge = authenticate_2nd_new($username, $realm, $otp, $tfa_challenge);
+	my $tfa_challenge = authenticate_2nd_new($username, $realm, $otp);
 	return wantarray ? ($username, $tfa_challenge) : $username;
     } else {
 	return authenticate_2nd_old($username, $realm, $otp);
-- 
2.30.2






More information about the pve-devel mailing list