From 9c6d6b8d2aebb281ce49a4961133bdb754df8a26 Mon Sep 17 00:00:00 2001
From: Shannon Sterz <s.sterz@proxmox.com>
Date: Tue, 4 Mar 2025 15:42:36 +0100
Subject: [PATCH] login: add optional field for ticket_info and make password
 optional

tickets created through the new HttpOnly ticket endpoint won't return
a ticket in the password field. so this field will be left empty.
hence make it optional.

the endpoint does return a ticket_info parameter, though, that
includes the information when a ticket needs to be refreshed. so add
a new optional field for that too.

Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
 proxmox-login/src/api.rs | 9 ++++++++-
 proxmox-login/src/lib.rs | 4 ++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/proxmox-login/src/api.rs b/proxmox-login/src/api.rs
index aa8575fe..b7107312 100644
--- a/proxmox-login/src/api.rs
+++ b/proxmox-login/src/api.rs
@@ -21,7 +21,8 @@ pub struct CreateTicket {
     pub otp: Option<String>,
 
     /// The secret password. This can also be a valid ticket.
-    pub password: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub password: Option<String>,
 
     /// Verify ticket, and check if user have access 'privs' on 'path'
     #[serde(default, skip_serializing_if = "Option::is_none")]
@@ -61,6 +62,12 @@ pub struct CreateTicketResponse {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub ticket: Option<String>,
 
+    /// A purely informational ticket that can be used to gather information about when the actual
+    /// ticket needs to be refreshed.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    #[serde(rename = "ticket-info")]
+    pub ticket_info: Option<String>,
+
     /// The full userid with the `@realm` part.
     pub username: String,
 }
diff --git a/proxmox-login/src/lib.rs b/proxmox-login/src/lib.rs
index 5842d62a..d7798b62 100644
--- a/proxmox-login/src/lib.rs
+++ b/proxmox-login/src/lib.rs
@@ -129,7 +129,7 @@ impl Login {
         let request = api::CreateTicket {
             new_format: self.pve_compat.then_some(true),
             username: self.userid.clone(),
-            password: self.password.clone(),
+            password: Some(self.password.clone()),
             ..Default::default()
         };
 
@@ -279,7 +279,7 @@ impl SecondFactorChallenge {
         let request = api::CreateTicket {
             new_format: self.pve_compat.then_some(true),
             username: self.userid.clone(),
-            password: data.to_string(),
+            password: Some(data.to_string()),
             tfa_challenge: Some(self.ticket.clone()),
             ..Default::default()
         };