fix user deletion when realm does not enforce TFA

[pve-access-control.git] / src / PVE / AccessControl.pm

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index fcb16bd2dbeceeab5268aa8c9cf7c931d7779ac7..347c2a8071b3d8d0b31b7679220a5c856b7c7055 100644 (file)
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1628,7 +1628,7 @@ sub user_set_tfa {
            die "realm '$realm' does not allow removing the 2nd factor\n" if defined($user);
        }
     } else {
-       die "user '$userid' not found\n" if !defined($user);
+       die "user '$userid' not found\n" if !defined($user) && defined($data);
        # Without a realm-enforced TFA setting the user can add a u2f or totp entry by themselves.
        # The 'yubico' type requires yubico server settings, which have to be configured on the
        # realm, so this is not supported here: