tfa: allow deletion of entries of non-existent users

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2020-12-18 14:09:47 +01:00
parent 94bd11bae2
commit eab25e2f33

View File

@ -20,6 +20,7 @@ fn tfa_update_auth(
rpcenv: &mut dyn RpcEnvironment, rpcenv: &mut dyn RpcEnvironment,
userid: &Userid, userid: &Userid,
password: Option<String>, password: Option<String>,
must_exist: bool,
) -> Result<(), Error> { ) -> Result<(), Error> {
let authid: Authid = rpcenv.get_auth_id().unwrap().parse()?; let authid: Authid = rpcenv.get_auth_id().unwrap().parse()?;
@ -29,7 +30,7 @@ fn tfa_update_auth(
} }
// After authentication, verify that the to-be-modified user actually exists: // After authentication, verify that the to-be-modified user actually exists:
if authid.user() != userid { if must_exist && authid.user() != userid {
let (config, _digest) = crate::config::user::config()?; let (config, _digest) = crate::config::user::config()?;
if config.sections.get(userid.as_str()).is_none() { if config.sections.get(userid.as_str()).is_none() {
@ -238,7 +239,7 @@ fn delete_tfa(
password: Option<String>, password: Option<String>,
rpcenv: &mut dyn RpcEnvironment, rpcenv: &mut dyn RpcEnvironment,
) -> Result<(), Error> { ) -> Result<(), Error> {
tfa_update_auth(rpcenv, &userid, password)?; tfa_update_auth(rpcenv, &userid, password, false)?;
let _lock = crate::config::tfa::write_lock()?; let _lock = crate::config::tfa::write_lock()?;
@ -424,7 +425,7 @@ fn add_tfa_entry(
r#type: TfaType, r#type: TfaType,
rpcenv: &mut dyn RpcEnvironment, rpcenv: &mut dyn RpcEnvironment,
) -> Result<TfaUpdateInfo, Error> { ) -> Result<TfaUpdateInfo, Error> {
tfa_update_auth(rpcenv, &userid, password)?; tfa_update_auth(rpcenv, &userid, password, true)?;
let need_description = let need_description =
move || description.ok_or_else(|| format_err!("'description' is required for new entries")); move || description.ok_or_else(|| format_err!("'description' is required for new entries"));
@ -547,7 +548,7 @@ fn update_tfa_entry(
password: Option<String>, password: Option<String>,
rpcenv: &mut dyn RpcEnvironment, rpcenv: &mut dyn RpcEnvironment,
) -> Result<(), Error> { ) -> Result<(), Error> {
tfa_update_auth(rpcenv, &userid, password)?; tfa_update_auth(rpcenv, &userid, password, true)?;
let _lock = crate::config::tfa::write_lock()?; let _lock = crate::config::tfa::write_lock()?;