proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 17:18:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update read_user_tfa_type call

Browse Source 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2021-11-09 12:26:57 +01:00 committed by Thomas Lamprecht
parent 57098eb8fb
commit f7f2e28e6d
1 changed files with 35 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/PVE/API2/User.pm
View File

@ -485,6 +485,12 @@ __PACKAGE__->register_method ({
additionalProperties => 0,
properties => {
userid => get_standard_option('userid-completed'),
multiple => {
type => 'boolean',
description => 'Request all entries as an array.',
optional => 1,
default => 0,
},
},
},
returns => {
@ -499,9 +505,23 @@ __PACKAGE__->register_method ({
user => {
type => 'string',
enum => [qw(oath u2f)],
description => "The type of TFA the user has set, if any.",
description =>
"The type of TFA the user has set, if any."
. " Only set if 'multiple' was not passed.",
optional => 1,
},
types => {
type => 'array',
description =>
"Array of the user configured TFA types, if any."
. " Only available if 'multiple' was not passed.",
optional => 1,
items => {
type => 'string',
enum => [qw(totp u2f yubico webauthn recovedry)],
description => 'A TFA type.',
},
},
},
type => "object"
},
@ -514,15 +534,24 @@ __PACKAGE__->register_method ({
my $realm_cfg = $domain_cfg->{ids}->{$realm};
die "auth domain '$realm' does not exist\n" if !$realm_cfg;
my $res = {};
my $realm_tfa = {};
$realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_cfg->{tfa}) if $realm_cfg->{tfa};
$res->{realm} = $realm_tfa->{type} if $realm_tfa->{type};
my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
my $tfa = $tfa_cfg->{users}->{$username};
my $res = {};
$res->{realm} = $realm_tfa->{type} if $realm_tfa->{type};
$res->{user} = $tfa->{type} if $tfa->{type};
if ($param->{multiple}) {
my $tfa = $tfa_cfg->get_user($username);
my $user = [];
foreach my $type (keys %$tfa) {
next if !scalar($tfa->{$type}->@*);
push @$user, $type;
}
$res->{user} = $user;
} else {
my $tfa = $tfa_cfg->{users}->{$username};
$res->{user} = $tfa->{type} if $tfa->{type};
}
return $res;
}});