tfa: remove tfa user when a user is deleted

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-12-11 14:34:47 +01:00 · 2020-12-11 14:34:47 +01:00 · f22dfb5ece
commit f22dfb5ece
parent 4bda51688b
2 changed files with 26 additions and 0 deletions
--- a/src/api2/access/user.rs
+++ b/src/api2/access/user.rs
@ -437,6 +437,7 @@ pub fn update_user(
 /// Remove a user from the configuration file.
 pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> {
    let _tfa_lock = crate::config::tfa::write_lock()?;
    let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?;
    let (mut config, expected_digest) = user::config()?;
@ -453,6 +454,19 @@ pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error>
    user::save_config(&config)?;
    match crate::config::tfa::read().and_then(|mut cfg| {
        let _: bool = cfg.remove_user(&userid);
        crate::config::tfa::write(&cfg)
    }) {
        Ok(()) => (),
        Err(err) => {
            eprintln!(
                "error updating TFA config after deleting user {:?}: {}",
                userid, err
            );
        }
    }
    Ok(())
 }
--- a/src/config/tfa.rs
+++ b/src/config/tfa.rs
@ -247,6 +247,18 @@ impl TfaConfig {
            None => bail!("no 2nd factor available for user '{}'", userid),
        }
    }
    /// Remove non-existent users.
    pub fn cleanup_users(&mut self, config: &proxmox::api::section_config::SectionConfigData) {
        use crate::config::user::User;
        self.users
            .retain(|user, _| config.lookup::<User>("user", user.as_str()).is_ok());
    }
    /// Remove a user. Returns `true` if the user actually existed.
    pub fn remove_user(&mut self, user: &Userid) -> bool {
        self.users.remove(user).is_some()
    }
 }
 #[api]