this api call will be used to display the right kind of tfa for the gui Signed-off-by: Dominik Csapak <d.csa...@proxmox.com> --- i send only this for now in v2, waiting for the review of the gui
changes from v1: * enums in return values * no postif variable declarations PVE/API2/User.pm | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm index 4458fc1..fb5b22a 100644 --- a/PVE/API2/User.pm +++ b/PVE/API2/User.pm @@ -369,4 +369,63 @@ __PACKAGE__->register_method ({ return undef; }}); +__PACKAGE__->register_method ({ + name => 'read_user_tfa_type', + path => '{userid}/tfa', + method => 'GET', + protected => 1, + description => "Get user TFA types (Personal and Realm).", + permissions => { + check => [ 'or', + ['userid-param', 'self'], + ['userid-group', ['User.Modify', 'Sys.Audit']], + ], + }, + parameters => { + additionalProperties => 0, + properties => { + userid => get_standard_option('userid-completed'), + }, + }, + returns => { + additionalProperties => 0, + properties => { + realm => { + type => 'string', + enum => [qw(oath yubico)], + description => "The type of TFA the users realm has set, if any.", + optional => 1, + }, + user => { + type => 'string', + enum => [qw(oath u2f)], + description => "The type of TFA the user has set, if any.", + optional => 1, + }, + }, + type => "object" + }, + code => sub { + my ($param) = @_; + + my ($username, undef, $realm) = PVE::AccessControl::verify_username($param->{userid}); + + + my $domain_cfg = cfs_read_file('domains.cfg'); + my $realm_cfg = $domain_cfg->{ids}->{$realm}; + die "auth domain '$realm' does not exist\n" if !$realm_cfg; + + my $realm_tfa = {}; + $realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_cfg->{tfa}) + if $realm_cfg->{tfa}; + + my $tfa_cfg = cfs_read_file('priv/tfa.cfg'); + my $tfa = $tfa_cfg->{users}->{$username}; + + my $res = {}; + $res->{realm} = $realm_tfa->{type} if $realm_tfa->{type}; + $res->{user} = $tfa->{type} if $tfa->{type}; + return $res; + }}); + 1; -- 2.11.0 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel