api: return "invalid" as CSRF token for partial tickets

So that old clients don't `unwrap` a `None` value. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-08 12:57:14 +01:00 · 2021-01-08 12:57:14 +01:00 · ad0ed40a59
commit ad0ed40a59
parent 63fd8e58b2
1 changed files with 4 additions and 1 deletions
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@ -163,7 +163,9 @@ fn authenticate_2nd(
            },
            CSRFPreventionToken: {
                type: String,
-                description: "Cross Site Request Forgery Prevention Token.",
+                description:
+                    "Cross Site Request Forgery Prevention Token. \
+                     For partial tickets this is the string \"invalid\".",
            },
        },
    },
@ -207,6 +209,7 @@ fn create_ticket(
            Ok(json!({
                "username": username,
                "ticket": ticket,
+                "CSRFPreventionToken": "invalid",
            }))
        }
        Err(err) => {