api: improve error messages for restricted endpoints
the old variant attempted to parse a tokenid as userid and returned the cryptic parsing error to the client, which is rather confusing. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
81764111fe
commit
13f5863561
@ -206,14 +206,18 @@ fn change_password(
|
||||
password: String,
|
||||
rpcenv: &mut dyn RpcEnvironment,
|
||||
) -> Result<Value, Error> {
|
||||
|
||||
let current_user: Userid = rpcenv
|
||||
let current_auth: Authid = rpcenv
|
||||
.get_auth_id()
|
||||
.ok_or_else(|| format_err!("unknown user"))?
|
||||
.ok_or_else(|| format_err!("no authid available"))?
|
||||
.parse()?;
|
||||
let current_auth = Authid::from(current_user.clone());
|
||||
|
||||
let mut allowed = userid == current_user;
|
||||
if current_auth.is_token() {
|
||||
bail!("API tokens cannot access this API endpoint");
|
||||
}
|
||||
|
||||
let current_user = current_auth.user();
|
||||
|
||||
let mut allowed = userid == *current_user;
|
||||
|
||||
if current_user == "root@pam" { allowed = true; }
|
||||
|
||||
|
@ -92,11 +92,16 @@ async fn termproxy(
|
||||
rpcenv: &mut dyn RpcEnvironment,
|
||||
) -> Result<Value, Error> {
|
||||
// intentionally user only for now
|
||||
let userid: Userid = rpcenv
|
||||
let auth_id: Authid = rpcenv
|
||||
.get_auth_id()
|
||||
.ok_or_else(|| format_err!("unknown user"))?
|
||||
.ok_or_else(|| format_err!("no authid available"))?
|
||||
.parse()?;
|
||||
let auth_id = Authid::from(userid.clone());
|
||||
|
||||
if auth_id.is_token() {
|
||||
bail!("API tokens cannot access this API endpoint");
|
||||
}
|
||||
|
||||
let userid = auth_id.user();
|
||||
|
||||
if userid.realm() != "pam" {
|
||||
bail!("only pam users can use the console");
|
||||
@ -267,7 +272,16 @@ fn upgrade_to_websocket(
|
||||
) -> ApiResponseFuture {
|
||||
async move {
|
||||
// intentionally user only for now
|
||||
let userid: Userid = rpcenv.get_auth_id().unwrap().parse()?;
|
||||
let auth_id: Authid = rpcenv
|
||||
.get_auth_id()
|
||||
.ok_or_else(|| format_err!("no authid available"))?
|
||||
.parse()?;
|
||||
|
||||
if auth_id.is_token() {
|
||||
bail!("API tokens cannot access this API endpoint");
|
||||
}
|
||||
|
||||
let userid = auth_id.user();
|
||||
let ticket = tools::required_string_param(¶m, "vncticket")?;
|
||||
let port: u16 = tools::required_integer_param(¶m, "port")? as u16;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user