mirror of
https://git.proxmox.com/git/pve-manager
synced 2025-08-03 15:01:02 +00:00
check if user is enabled after verifying a ticket
when a user is disabled, we do not touch any ACLs, and already issued tickets are still valid (until their expiration time) check directly after the verification of the ticket if the user is still enabled, so that any api call fails for that user Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
parent
3b82e4cf43
commit
86f64e0d8b
@ -85,6 +85,7 @@ sub auth_handler {
|
||||
die "No ticket\n" if !$ticket;
|
||||
|
||||
($username, $age, my $tfa_info) = PVE::AccessControl::verify_ticket($ticket);
|
||||
$rpcenv->check_user_enabled($username);
|
||||
|
||||
if (defined($tfa_info)) {
|
||||
if (defined(my $challenge = $tfa_info->{challenge})) {
|
||||
|
Loading…
Reference in New Issue
Block a user