[pve-devel] [PATCH manager 1/3] ui: user edit: protect user's TFA settings again

Fri Feb 9 14:08:19 CET 2024

Same rationale as in 5b25580d ("Protect the user's tfa key setting."):
it should not be possible to change the value when it's not an actual
secret but a reference to what TFA method is used or, in case of 'x',
whether TFA is used.

Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
 www/manager6/dc/UserEdit.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/www/manager6/dc/UserEdit.js b/www/manager6/dc/UserEdit.js
index b637cd53..ad52edf0 100644
--- a/www/manager6/dc/UserEdit.js
+++ b/www/manager6/dc/UserEdit.js
@@ -162,7 +162,10 @@ Ext.define('PVE.dc.UserEdit', {
 		    var data = response.result.data;
 		    me.setValues(data);
 		    if (data.keys) {
-			if (data.keys === 'x!oath' || data.keys === 'x!u2f') {
+			if (data.keys === 'x' ||
+			    data.keys === 'x!oath' ||
+			    data.keys === 'x!u2f' ||
+			    data.keys === 'x!yubico') {
 			    me.down('[name="keys"]').setDisabled(1);
 			}
 		    }
-- 
2.39.2



