[pve-devel] [PATCH access-control 02/10] update read_user_tfa_type call

Tue, 09 Nov 2021 03:28:36 -0800 

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
 src/PVE/API2/User.pm | 41 +++++++++++++++++++++++++++++++++++------
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 8893d03..3d4d4e0 100644
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -485,6 +485,12 @@ __PACKAGE__->register_method ({
        additionalProperties => 0,
        properties => {
            userid => get_standard_option('userid-completed'),
+           multiple => {
+               type => 'boolean',
+               description => 'Request all entries as an array.',
+               optional => 1,
+               default => 0,
+           },
        },
     },
     returns => {
@@ -499,9 +505,23 @@ __PACKAGE__->register_method ({
            user => {
                type => 'string',
                enum => [qw(oath u2f)],
-               description => "The type of TFA the user has set, if any.",
+               description =>
+                   "The type of TFA the user has set, if any."
+                   . " Only set if 'multiple' was not passed.",
                optional => 1,
            },
+           types => {
+               type => 'array',
+               description =>
+                   "Array of the user configured TFA types, if any."
+                   . " Only available if 'multiple' was not passed.",
+               optional => 1,
+               items => {
+                   type => 'string',
+                   enum => [qw(totp u2f yubico webauthn recovedry)],
+                   description => 'A TFA type.',
+               },
+           },
        },
        type => "object"
     },
@@ -514,15 +534,24 @@ __PACKAGE__->register_method ({
        my $realm_cfg = $domain_cfg->{ids}->{$realm};
        die "auth domain '$realm' does not exist\n" if !$realm_cfg;
 
+       my $res = {};
        my $realm_tfa = {};
        $realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_cfg->{tfa}) if 
$realm_cfg->{tfa};
+       $res->{realm} = $realm_tfa->{type} if $realm_tfa->{type};
 
        my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
-       my $tfa = $tfa_cfg->{users}->{$username};
-
-       my $res = {};
-       $res->{realm} = $realm_tfa->{type} if $realm_tfa->{type};
-       $res->{user} = $tfa->{type} if $tfa->{type};
+       if ($param->{multiple}) {
+           my $tfa = $tfa_cfg->get_user($username);
+           my $user = [];
+           foreach my $type (keys %$tfa) {
+               next if !scalar($tfa->{$type}->@*);
+               push @$user, $type;
+           }
+           $res->{user} = $user;
+       } else {
+           my $tfa = $tfa_cfg->{users}->{$username};
+           $res->{user} = $tfa->{type} if $tfa->{type};
+       }
        return $res;
     }});
 
-- 
2.30.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to