tfa: remove tfa user when a user is deleted

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2020-12-11 14:34:47 +01:00
parent 4bda51688b
commit f22dfb5ece
2 changed files with 26 additions and 0 deletions

View File

@ -437,6 +437,7 @@ pub fn update_user(
/// Remove a user from the configuration file. /// Remove a user from the configuration file.
pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> { pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> {
let _tfa_lock = crate::config::tfa::write_lock()?;
let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?; let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?;
let (mut config, expected_digest) = user::config()?; let (mut config, expected_digest) = user::config()?;
@ -453,6 +454,19 @@ pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error>
user::save_config(&config)?; user::save_config(&config)?;
match crate::config::tfa::read().and_then(|mut cfg| {
let _: bool = cfg.remove_user(&userid);
crate::config::tfa::write(&cfg)
}) {
Ok(()) => (),
Err(err) => {
eprintln!(
"error updating TFA config after deleting user {:?}: {}",
userid, err
);
}
}
Ok(()) Ok(())
} }

View File

@ -247,6 +247,18 @@ impl TfaConfig {
None => bail!("no 2nd factor available for user '{}'", userid), None => bail!("no 2nd factor available for user '{}'", userid),
} }
} }
/// Remove non-existent users.
pub fn cleanup_users(&mut self, config: &proxmox::api::section_config::SectionConfigData) {
use crate::config::user::User;
self.users
.retain(|user, _| config.lookup::<User>("user", user.as_str()).is_ok());
}
/// Remove a user. Returns `true` if the user actually existed.
pub fn remove_user(&mut self, user: &Userid) -> bool {
self.users.remove(user).is_some()
}
} }
#[api] #[api]