From: Fiona Ebner <f.ebner@proxmox.com>
Date: Fri, 9 Feb 2024 13:08:19 +0000 (+0100)
Subject: ui: user edit: protect user's TFA settings again
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=51834957902a592337c35af8cf3211675d2481ae;p=pve-manager.git

ui: user edit: protect user's TFA settings again

Same rationale as in 5b25580d ("Protect the user's tfa key setting."):
it should not be possible to change the value when it's not an actual
secret but a reference to what TFA method is used or, in case of 'x',
whether TFA is used.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---

diff --git a/www/manager6/dc/UserEdit.js b/www/manager6/dc/UserEdit.js
index b637cd53..ad52edf0 100644
--- a/www/manager6/dc/UserEdit.js
+++ b/www/manager6/dc/UserEdit.js
@@ -162,7 +162,10 @@ Ext.define('PVE.dc.UserEdit', {
 		    var data = response.result.data;
 		    me.setValues(data);
 		    if (data.keys) {
-			if (data.keys === 'x!oath' || data.keys === 'x!u2f') {
+			if (data.keys === 'x' ||
+			    data.keys === 'x!oath' ||
+			    data.keys === 'x!u2f' ||
+			    data.keys === 'x!yubico') {
 			    me.down('[name="keys"]').setDisabled(1);
 			}
 		    }