tfa: allow deletion of entries of non-existent users
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
parent
94bd11bae2
commit
eab25e2f33
@ -20,6 +20,7 @@ fn tfa_update_auth(
|
|||||||
rpcenv: &mut dyn RpcEnvironment,
|
rpcenv: &mut dyn RpcEnvironment,
|
||||||
userid: &Userid,
|
userid: &Userid,
|
||||||
password: Option<String>,
|
password: Option<String>,
|
||||||
|
must_exist: bool,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
let authid: Authid = rpcenv.get_auth_id().unwrap().parse()?;
|
let authid: Authid = rpcenv.get_auth_id().unwrap().parse()?;
|
||||||
|
|
||||||
@ -29,7 +30,7 @@ fn tfa_update_auth(
|
|||||||
}
|
}
|
||||||
|
|
||||||
// After authentication, verify that the to-be-modified user actually exists:
|
// After authentication, verify that the to-be-modified user actually exists:
|
||||||
if authid.user() != userid {
|
if must_exist && authid.user() != userid {
|
||||||
let (config, _digest) = crate::config::user::config()?;
|
let (config, _digest) = crate::config::user::config()?;
|
||||||
|
|
||||||
if config.sections.get(userid.as_str()).is_none() {
|
if config.sections.get(userid.as_str()).is_none() {
|
||||||
@ -238,7 +239,7 @@ fn delete_tfa(
|
|||||||
password: Option<String>,
|
password: Option<String>,
|
||||||
rpcenv: &mut dyn RpcEnvironment,
|
rpcenv: &mut dyn RpcEnvironment,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
tfa_update_auth(rpcenv, &userid, password)?;
|
tfa_update_auth(rpcenv, &userid, password, false)?;
|
||||||
|
|
||||||
let _lock = crate::config::tfa::write_lock()?;
|
let _lock = crate::config::tfa::write_lock()?;
|
||||||
|
|
||||||
@ -424,7 +425,7 @@ fn add_tfa_entry(
|
|||||||
r#type: TfaType,
|
r#type: TfaType,
|
||||||
rpcenv: &mut dyn RpcEnvironment,
|
rpcenv: &mut dyn RpcEnvironment,
|
||||||
) -> Result<TfaUpdateInfo, Error> {
|
) -> Result<TfaUpdateInfo, Error> {
|
||||||
tfa_update_auth(rpcenv, &userid, password)?;
|
tfa_update_auth(rpcenv, &userid, password, true)?;
|
||||||
|
|
||||||
let need_description =
|
let need_description =
|
||||||
move || description.ok_or_else(|| format_err!("'description' is required for new entries"));
|
move || description.ok_or_else(|| format_err!("'description' is required for new entries"));
|
||||||
@ -547,7 +548,7 @@ fn update_tfa_entry(
|
|||||||
password: Option<String>,
|
password: Option<String>,
|
||||||
rpcenv: &mut dyn RpcEnvironment,
|
rpcenv: &mut dyn RpcEnvironment,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
tfa_update_auth(rpcenv, &userid, password)?;
|
tfa_update_auth(rpcenv, &userid, password, true)?;
|
||||||
|
|
||||||
let _lock = crate::config::tfa::write_lock()?;
|
let _lock = crate::config::tfa::write_lock()?;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user