$tfa_challenge = undef;
} else {
$tfa_challenge = $tfa_cfg->authentication_challenge($username);
+
+ die "missing required 2nd keys\n"
+ if $realm_tfa && !defined($tfa_challenge);
+
if (defined($tfa_response)) {
if (defined($tfa_challenge)) {
$tfa_done = 1;
add_old_keys_to_realm_tfa($username, $tfa_cfg, $realm_tfa, $keys);
}
- if ($realm_tfa) {
- # FIXME: pve-rs should provide a cheaper check for this
- my $entries = $tfa_cfg->api_list_user_tfa($username);
- die "missing required 2nd keys\n"
- if scalar(@$entries) == 0;
- }
-
return ($tfa_cfg, $realm_tfa);
}