proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 17:18:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tfa: realm required TFA should lock out users without TFA

Browse Source 
This changed with the previous TFA changes.

In the long term, the plan is to let the user get into the
half-logged-in state and open the TFA configuration window
on the UI to allow them to finish their TFA setup, but for
now we restore the previous behavior.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2019-04-18 10:24:48 +02:00 committed by Thomas Lamprecht
parent 0a956b943a
commit 6063b65b9b
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
PVE/AccessControl.pm
View File

@ -1453,7 +1453,6 @@ sub user_get_tfa {
or die "user '$username' not found\n";
my $keys = $user->{keys};
return if !$keys;
my $domain_cfg = cfs_read_file('domains.cfg');
my $realm_cfg = $domain_cfg->{ids}->{$realm};
@ -1463,6 +1462,11 @@ sub user_get_tfa {
$realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_tfa)
if $realm_tfa;
if (!$keys) {
return if !$realm_tfa;
die "missing required 2nd keys\n";
}
# new style config starts with an 'x' and optionally contains a !<type> suffix
if ($keys !~ /^x(?:!.*)?$/) {
# old style config, find the type via the realm