From f22dfb5ecee3bcd592c00205c2cc4d00150a44d5 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Fri, 11 Dec 2020 14:34:47 +0100 Subject: [PATCH] tfa: remove tfa user when a user is deleted Signed-off-by: Wolfgang Bumiller --- src/api2/access/user.rs | 14 ++++++++++++++ src/config/tfa.rs | 12 ++++++++++++ 2 files changed, 26 insertions(+) diff --git a/src/api2/access/user.rs b/src/api2/access/user.rs index 9ac9bbfa..484919bf 100644 --- a/src/api2/access/user.rs +++ b/src/api2/access/user.rs @@ -437,6 +437,7 @@ pub fn update_user( /// Remove a user from the configuration file. pub fn delete_user(userid: Userid, digest: Option) -> Result<(), Error> { + let _tfa_lock = crate::config::tfa::write_lock()?; let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?; let (mut config, expected_digest) = user::config()?; @@ -453,6 +454,19 @@ pub fn delete_user(userid: Userid, digest: Option) -> Result<(), Error> user::save_config(&config)?; + match crate::config::tfa::read().and_then(|mut cfg| { + let _: bool = cfg.remove_user(&userid); + crate::config::tfa::write(&cfg) + }) { + Ok(()) => (), + Err(err) => { + eprintln!( + "error updating TFA config after deleting user {:?}: {}", + userid, err + ); + } + } + Ok(()) } diff --git a/src/config/tfa.rs b/src/config/tfa.rs index 0abd4b0e..5d258fed 100644 --- a/src/config/tfa.rs +++ b/src/config/tfa.rs @@ -247,6 +247,18 @@ impl TfaConfig { None => bail!("no 2nd factor available for user '{}'", userid), } } + + /// Remove non-existent users. + pub fn cleanup_users(&mut self, config: &proxmox::api::section_config::SectionConfigData) { + use crate::config::user::User; + self.users + .retain(|user, _| config.lookup::("user", user.as_str()).is_ok()); + } + + /// Remove a user. Returns `true` if the user actually existed. + pub fn remove_user(&mut self, user: &Userid) -> bool { + self.users.remove(user).is_some() + } } #[api]