proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 22:29:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

access check: include user/token id in expired exception

Browse Source 
not that relevant for the user as the daemon auth log already
contains that info, but for token it can be nice.

The API response is always just a plain "401 auth failure" in any
case (expired or wrong creds)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2022-05-31 13:32:36 +02:00
parent 5ff516de53
commit aaacf4c311
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/PVE/AccessControl.pm
View File

@ -484,7 +484,7 @@ sub verify_token {
my $token_info = $user->{tokens}->{$token}; my $token_info = $user->{tokens}->{$token};
my $ctime = time(); my $ctime = time();
die "token expired\n" if $token_info->{expire} && ($token_info->{expire} < $ctime); die "token '$token' access expired\n" if $token_info->{expire} && ($token_info->{expire} < $ctime);
die "invalid token value!\n" if !PVE::Cluster::verify_token($tokenid, $value); die "invalid token value!\n" if !PVE::Cluster::verify_token($tokenid, $value);
@ -662,7 +662,7 @@ sub check_user_enabled {
my $expire = $usercfg->{users}->{$username}->{expire}; my $expire = $usercfg->{users}->{$username}->{expire};
if ($expire && $expire < $ctime) { if ($expire && $expire < $ctime) {
die "account expired\n" if !$noerr; die "user '$username' access expired\n" if !$noerr;
return undef; return undef;
} }