delete TFA entries when deleting a user

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm
index 4c859dc2e66081055a3450528a9a52729081d1e6..4458fc1edb35f0f2dfb9dd9f654810bab6007ca2 100644 (file)
--- a/PVE/API2/User.pm
+++ b/PVE/API2/User.pm
@@ -355,11 +355,14 @@ __PACKAGE__->register_method ({
                    $plugin->delete_user($cfg, $realm, $ruid);
                }
 
+               # Remove TFA data before removing the user entry as the user entry tells us whether
+               # we need ot update priv/tfa.cfg.
+               PVE::AccessControl::user_set_tfa($userid, $realm, undef, undef, $usercfg, $domain_cfg);
+
                delete $usercfg->{users}->{$userid};
 
                PVE::AccessControl::delete_user_group($userid, $usercfg);
                PVE::AccessControl::delete_user_acl($userid, $usercfg);
-
                cfs_write_file("user.cfg", $usercfg);
            }, "delete user failed");