From 2dabf3c3ae387b571a33b38e6960a89af495ff40 Mon Sep 17 00:00:00 2001
From: Fiona Ebner <f.ebner@proxmox.com>
Date: Thu, 8 Feb 2024 10:45:39 +0100
Subject: [PATCH] api: user: add pattern for user keys option

While nowadays, most entries should be just 'x', there can also still
be legacy entries with 'x!u2f', 'x!yubico' and base32 encoded secrets.
For example, some users might be syncing them from LDAP.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 src/PVE/API2/User.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index a2e5be0..2220d8f 100644
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -36,6 +36,7 @@ register_standard_option('user-comment', { type => 'string', optional => 1 });
 register_standard_option('user-keys', {
     description => "Keys for two factor auth (yubico).",
     type => 'string',
+    pattern => '[0-9a-zA-Z!=]{0,4096}',
     optional => 1,
 });
 register_standard_option('group-list', {