improve parse_user_config, parse_shadow_config

[pve-access-control.git] / PVE / API2 / User.pm

diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm
index d09ec402023d0526e707892e6aee11aaef55dc95..6208ad5bdfa94e65e374937d926ef1eae34ef37f 100644 (file)
--- a/PVE/API2/User.pm
+++ b/PVE/API2/User.pm
@@ -21,7 +21,7 @@ my $extract_user_data = sub {
 
     my $res = {};
 
-    foreach my $prop (qw(enable expire firstname lastname email comment)) {
+    foreach my $prop (qw(enable expire firstname lastname email comment keys)) {
        $res->{$prop} = $data->{$prop} if defined($data->{$prop});
     }
 
@@ -124,6 +124,11 @@ __PACKAGE__->register_method ({
            lastname => { type => 'string', optional => 1 },
            email => { type => 'string', optional => 1, format => 'email-opt' },
            comment => { type => 'string', optional => 1 },
+           keys => {
+               description => "Keys for two factor auth (yubico).",
+               type => 'string', 
+               optional => 1,
+           },
            expire => { 
                description => "Account expiration date (seconds since epoch). '0' means no expiration date.",
                type => 'integer', 
@@ -173,6 +178,7 @@ __PACKAGE__->register_method ({
                $usercfg->{users}->{$username}->{lastname} = $param->{lastname} if $param->{lastname};
                $usercfg->{users}->{$username}->{email} = $param->{email} if $param->{email};
                $usercfg->{users}->{$username}->{comment} = $param->{comment} if $param->{comment};
+               $usercfg->{users}->{$username}->{keys} = $param->{keys} if $param->{keys};
 
                cfs_write_file("user.cfg", $usercfg);
            }, "create user failed");
@@ -203,6 +209,7 @@ __PACKAGE__->register_method ({
            lastname => { type => 'string', optional => 1 },
            email => { type => 'string', optional => 1 },
            comment => { type => 'string', optional => 1 },    
+           keys => { type => 'string', optional => 1 },    
            groups => { type => 'array' },
        }
     },
@@ -247,6 +254,11 @@ __PACKAGE__->register_method ({
            lastname => { type => 'string', optional => 1 },
            email => { type => 'string', optional => 1, format => 'email-opt' },
            comment => { type => 'string', optional => 1 },
+           keys => {
+               description => "Keys for two factor auth (yubico).",
+               type => 'string', 
+               optional => 1,
+           },
            expire => { 
                description => "Account expiration date (seconds since epoch). '0' means no expiration date.",
                type => 'integer', 
@@ -290,6 +302,7 @@ __PACKAGE__->register_method ({
                $usercfg->{users}->{$username}->{lastname} = $param->{lastname} if defined($param->{lastname});
                $usercfg->{users}->{$username}->{email} = $param->{email} if defined($param->{email});
                $usercfg->{users}->{$username}->{comment} = $param->{comment} if defined($param->{comment});
+               $usercfg->{users}->{$username}->{keys} = $param->{keys} if defined($param->{keys});
 
                cfs_write_file("user.cfg", $usercfg);
            }, "update user failed");
@@ -330,9 +343,13 @@ __PACKAGE__->register_method ({
 
                my $usercfg = cfs_read_file("user.cfg");
 
-               delete ($usercfg->{users}->{$userid});
+               my $domain_cfg = cfs_read_file('domains.cfg');
+               if (my $cfg = $domain_cfg->{ids}->{$realm}) {
+                   my $plugin = PVE::Auth::Plugin->lookup($cfg->{type});
+                   $plugin->delete_user($cfg, $realm, $ruid);
+               }
 
-               PVE::AccessControl::delete_shadow_password($ruid) if $realm eq 'pve';
+               delete $usercfg->{users}->{$userid};
 
                PVE::AccessControl::delete_user_group($userid, $usercfg);
                PVE::AccessControl::delete_user_acl($userid, $usercfg);