code => sub {
my ($param) = @_;
- PVE::AccessControl::lock_user_config(
- sub {
+ PVE::AccessControl::lock_user_config(sub {
+ my ($username, $ruid, $realm) = PVE::AccessControl::verify_username($param->{userid});
- my ($username, $ruid, $realm) = PVE::AccessControl::verify_username($param->{userid});
+ my $usercfg = cfs_read_file("user.cfg");
- my $usercfg = cfs_read_file("user.cfg");
+ # ensure "user exists" check works for case insensitive realms
+ $username = PVE::AccessControl::lookup_username($username, 1);
+ die "user '$username' already exists\n" if $usercfg->{users}->{$username};
- die "user '$username' already exists\n"
- if $usercfg->{users}->{$username};
+ PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password})
+ if defined($param->{password});
- PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password})
- if defined($param->{password});
+ my $enable = defined($param->{enable}) ? $param->{enable} : 1;
+ $usercfg->{users}->{$username} = { enable => $enable };
+ $usercfg->{users}->{$username}->{expire} = $param->{expire} if $param->{expire};
- my $enable = defined($param->{enable}) ? $param->{enable} : 1;
- $usercfg->{users}->{$username} = { enable => $enable };
- $usercfg->{users}->{$username}->{expire} = $param->{expire} if $param->{expire};
-
- if ($param->{groups}) {
- foreach my $group (split_list($param->{groups})) {
- if ($usercfg->{groups}->{$group}) {
- PVE::AccessControl::add_user_group($username, $usercfg, $group);
- } else {
- die "no such group '$group'\n";
- }
+ if ($param->{groups}) {
+ foreach my $group (split_list($param->{groups})) {
+ if ($usercfg->{groups}->{$group}) {
+ PVE::AccessControl::add_user_group($username, $usercfg, $group);
+ } else {
+ die "no such group '$group'\n";
}
}
+ }
- $usercfg->{users}->{$username}->{firstname} = $param->{firstname} if $param->{firstname};
- $usercfg->{users}->{$username}->{lastname} = $param->{lastname} if $param->{lastname};
- $usercfg->{users}->{$username}->{email} = $param->{email} if $param->{email};
- $usercfg->{users}->{$username}->{comment} = $param->{comment} if $param->{comment};
- $usercfg->{users}->{$username}->{keys} = $param->{keys} if $param->{keys};
+ $usercfg->{users}->{$username}->{firstname} = $param->{firstname} if $param->{firstname};
+ $usercfg->{users}->{$username}->{lastname} = $param->{lastname} if $param->{lastname};
+ $usercfg->{users}->{$username}->{email} = $param->{email} if $param->{email};
+ $usercfg->{users}->{$username}->{comment} = $param->{comment} if $param->{comment};
+ $usercfg->{users}->{$username}->{keys} = $param->{keys} if $param->{keys};
- cfs_write_file("user.cfg", $usercfg);
- }, "create user failed");
+ cfs_write_file("user.cfg", $usercfg);
+ }, "create user failed");
return undef;
}});
type => 'string',
description => 'API token value used for authentication.',
},
+ 'full-tokenid' => {
+ type => 'string',
+ format_description => '<userid>!<tokenid>',
+ description => 'The full token id.',
+ },
},
},
code => sub {
my $usercfg = cfs_read_file("user.cfg");
my $token = PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid, 1);
- my $value;
+ my ($full_tokenid, $value);
PVE::AccessControl::check_user_exist($usercfg, $userid);
raise_param_exc({ 'tokenid' => 'Token already exists.' }) if defined($token);
PVE::AccessControl::check_user_exist($usercfg, $userid);
die "Token already exists.\n" if defined(PVE::AccessControl::check_token_exist($usercfg, $userid, $tokenid, 1));
- my $full_tokenid = PVE::AccessControl::join_tokenid($userid, $tokenid);
+ $full_tokenid = PVE::AccessControl::join_tokenid($userid, $tokenid);
$value = PVE::TokenConfig::generate_token($full_tokenid);
$token = {};
PVE::AccessControl::lock_user_config($generate_and_add_token, 'generating token failed');
- return { info => $token, value => $value };
+ return {
+ info => $token,
+ value => $value,
+ 'full-tokenid' => $full_tokenid,
+ };
}});
projects / pve-access-control.git / blobdiff