When removing TFA from a user via the command line, the change was not reflected in the GUI or in the output of `pveum user list`. Both continued to show that TFA was enabled for the user. Fixed the issue by updating the user configuration file.
Signed-off-by: Shan Shaji <s.sh...@proxmox.com> --- changes since v1: - unconditionaly set `$update_user_config` to `true` when deleting the TFA entry using userid. - Fixed incomplete user config lock to avoid race conditions. History: - v1: https://lore.proxmox.com/pve-devel/DBOGTW5GCZZE.3V2FS3RAXC4FR@noor/T/#t src/PVE/CLI/pveum.pm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/PVE/CLI/pveum.pm b/src/PVE/CLI/pveum.pm index 0645a6d..81c3a70 100755 --- a/src/PVE/CLI/pveum.pm +++ b/src/PVE/CLI/pveum.pm @@ -141,13 +141,25 @@ __PACKAGE__->register_method({ my $userid = extract_param($param, "userid"); my $tfa_id = extract_param($param, "id"); + my $update_user_config; PVE::AccessControl::lock_tfa_config(sub { my $tfa_cfg = cfs_read_file('priv/tfa.cfg'); if (defined($tfa_id)) { - $tfa_cfg->api_delete_tfa($userid, $tfa_id); + my $has_entries_left = $tfa_cfg->api_delete_tfa($userid, $tfa_id); + $update_user_config = !$has_entries_left; } else { $tfa_cfg->remove_user($userid); + $update_user_config = 1; + } + + if ($update_user_config) { + PVE::AccessControl::lock_user_config(sub { + my $user_cfg = cfs_read_file('user.cfg'); + my $user = $user_cfg->{users}->{$userid}; + $user->{keys} = undef; + cfs_write_file('user.cfg', $user_cfg); + }); } cfs_write_file('priv/tfa.cfg', $tfa_cfg); }); -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
