From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 31 May 2022 11:32:36 +0000 (+0200)
Subject: access check: include user/token id in expired exception
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=aaacf4c31124e612e38640a6b1a58da70fe960d2;p=pve-access-control.git

access check: include user/token id in expired exception

not that relevant for the user as the daemon auth log already
contains that info, but for token it can be nice.

The API response is always just a plain "401 auth failure" in any
case (expired or wrong creds)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 1a7bc49..d0dbabc 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -484,7 +484,7 @@ sub verify_token {
     my $token_info = $user->{tokens}->{$token};
 
     my $ctime = time();
-    die "token expired\n" if $token_info->{expire} && ($token_info->{expire} < $ctime);
+    die "token '$token' access expired\n" if $token_info->{expire} && ($token_info->{expire} < $ctime);
 
     die "invalid token value!\n" if !PVE::Cluster::verify_token($tokenid, $value);
 
@@ -662,7 +662,7 @@ sub check_user_enabled {
     my $expire = $usercfg->{users}->{$username}->{expire};
 
     if ($expire && $expire < $ctime) {
-	die "account expired\n" if !$noerr;
+	die "user '$username' access expired\n" if !$noerr;
 	return undef;
     }