[pve-devel] [PATCH perl-rs v2 4/5] fix #4234: openid: adjust openid verification function for userinfo option
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jan 29 13:24:38 CET 2025
> Thomas Skinner <thomas at atskinner.net> hat am 29.01.2025 04:35 CET geschrieben:
>
>
> On Fri, Jan 24, 2025 at 3:17 AM Fabian Grünbichler
> <f.gruenbichler at proxmox.com> wrote:
> >
> > On December 16, 2024 5:14 am, Thomas Skinner wrote:
> > > Signed-off-by: Thomas Skinner <thomas at atskinner.net>
> > > ---
> > > pve-rs/src/openid/mod.rs | 9 +++++++--
> > > 1 file changed, 7 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/pve-rs/src/openid/mod.rs b/pve-rs/src/openid/mod.rs
> > > index 1fa7572..cd573ee 100644
> > > --- a/pve-rs/src/openid/mod.rs
> > > +++ b/pve-rs/src/openid/mod.rs
> > > @@ -50,13 +50,18 @@ mod export {
> > > }
> > >
> > > #[export(raw_return)]
> > > - pub fn verify_authorization_code(
> > > + pub fn verify_authorization_code_userinfo(
> >
> > we could either add a new wrapper like in proxmox-openid, keeping the
> > old one around (until PVE 9.0)
> >
> > > #[try_from_ref] this: &OpenId,
> > > code: &str,
> > > private_auth_state: PrivateAuthState,
> > > + disable_userinfo: bool,
> >
> > or make this an Option<bool> and not rename the fn so existing callers
> > are not broken
>
> Is this a backwards compatible fix? This would seem more preferable to
> me and provide a reasonable default. If not, I can definitely keep the
> old one around to provide backwards compat.
AFAIK it should work, perl undef / parameter not being set (old pve-access-control) should be translated to None via perlmod (and then unwrapped to false ;)), and the parameter being set (new pve-access-control) should be translated to Some(..).
More information about the pve-devel
mailing list