bump version to 7.1-8

[pve-access-control.git] / src / PVE / AccessControl.pm

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 168fc26b36acc2c775582cf350e6488a64840329..13065764ec20a8edcc4678f5feede3ecd7daebf8 100644 (file)
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -781,9 +781,9 @@ sub authenticate_2nd_new : prototype($$$$) {
        }
 
        my $realm_type = $realm_tfa && $realm_tfa->{type};
-       $realm_type = 'totp' if $realm_type eq 'oath'; # we used to call it that
        # verify realm type unless using recovery keys:
        if (defined($realm_type)) {
+           $realm_type = 'totp' if $realm_type eq 'oath'; # we used to call it that
            if ($realm_type eq 'yubico') {
                # Yubico auth will not be supported in rust for now...
                if (!defined($tfa_challenge)) {
@@ -895,17 +895,23 @@ sub configure_u2f_and_wa : prototype($) {
 
     my $dc = cfs_read_file('datacenter.cfg');
     if (my $u2f = $dc->{u2f}) {
-       $tfa_cfg->set_u2f_config({
-           origin => $u2f->{origin} // $get_origin->(),
-           appid => $u2f->{appid},
-       });
+       eval {
+           $tfa_cfg->set_u2f_config({
+               origin => $u2f->{origin} // $get_origin->(),
+               appid => $u2f->{appid},
+           });
+       };
+       warn "u2f unavailable, configuration error: $@\n" if $@;
     }
     if (my $wa = $dc->{webauthn}) {
-       $tfa_cfg->set_webauthn_config({
-           origin => $wa->{origin} // $get_origin->(),
-           rp => $wa->{rp},
-           id => $wa->{id},
-       });
+       eval {
+           $tfa_cfg->set_webauthn_config({
+               origin => $wa->{origin} // $get_origin->(),
+               rp => $wa->{rp},
+               id => $wa->{id},
+           });
+       };
+       warn "webauthn unavailable, configuration error: $@\n" if $@;
     }
 }