tfa: allow deletion of entries of non-existent users

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/api2/access/tfa.rs b/src/api2/access/tfa.rs
index ba4bb960564433058804d766786df6905c81368f..cee4f5e47e6a81d319319d1782f653b587b716f1 100644 (file)
--- a/src/api2/access/tfa.rs
+++ b/src/api2/access/tfa.rs
@@ -20,6 +20,7 @@ fn tfa_update_auth(
     rpcenv: &mut dyn RpcEnvironment,
     userid: &Userid,
     password: Option<String>,
+    must_exist: bool,
 ) -> Result<(), Error> {
     let authid: Authid = rpcenv.get_auth_id().unwrap().parse()?;
 
@@ -29,7 +30,7 @@ fn tfa_update_auth(
     }
 
     // After authentication, verify that the to-be-modified user actually exists:
-    if authid.user() != userid {
+    if must_exist && authid.user() != userid {
         let (config, _digest) = crate::config::user::config()?;
 
         if config.sections.get(userid.as_str()).is_none() {
@@ -238,7 +239,7 @@ fn delete_tfa(
     password: Option<String>,
     rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<(), Error> {
-    tfa_update_auth(rpcenv, &userid, password)?;
+    tfa_update_auth(rpcenv, &userid, password, false)?;
 
     let _lock = crate::config::tfa::write_lock()?;
 
@@ -424,7 +425,7 @@ fn add_tfa_entry(
     r#type: TfaType,
     rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<TfaUpdateInfo, Error> {
-    tfa_update_auth(rpcenv, &userid, password)?;
+    tfa_update_auth(rpcenv, &userid, password, true)?;
 
     let need_description =
         move || description.ok_or_else(|| format_err!("'description' is required for new entries"));
@@ -547,7 +548,7 @@ fn update_tfa_entry(
     password: Option<String>,
     rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<(), Error> {
-    tfa_update_auth(rpcenv, &userid, password)?;
+    tfa_update_auth(rpcenv, &userid, password, true)?;
 
     let _lock = crate::config::tfa::write_lock()?;