tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

api: improve error messages for restricted endpoints

Browse Source 
the old variant attempted to parse a tokenid as userid and returned the
cryptic parsing error to the client, which is rather confusing.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler
2020-12-30 12:21:13 +01:00
committed by Dietmar Maurer
parent 81764111fe
commit 13f5863561
2 changed files with 27 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/api2/access.rs
View File

@ -206,14 +206,18 @@ fn change_password(
password: String,
rpcenv: &mut dyn RpcEnvironment,
) -> Result<Value, Error> {
let current_user: Userid = rpcenv
let current_auth: Authid = rpcenv
.get_auth_id()
.ok_or_else(|| format_err!("unknown user"))?
.ok_or_else(|| format_err!("no authid available"))?
.parse()?;
let current_auth = Authid::from(current_user.clone());
let mut allowed = userid == current_user;
if current_auth.is_token() {
bail!("API tokens cannot access this API endpoint");
}
let current_user = current_auth.user();
let mut allowed = userid == *current_user;
if current_user == "root@pam" { allowed = true; }