]> git.proxmox.com Git - pve-access-control.git/commitdiff
projects / pve-access-control.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5ff516d)
access check: include user/token id in expired exception
authorThomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 31 May 2022 11:32:36 +0000 (13:32 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 31 May 2022 11:37:51 +0000 (13:37 +0200)
not that relevant for the user as the daemon auth log already
contains that info, but for token it can be nice.

The API response is always just a plain "401 auth failure" in any
case (expired or wrong creds)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
src/PVE/AccessControl.pm patch | blob | blame | history

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 1a7bc4978d8b7f04383511b7c9f509dcfad12d38..d0dbabc71772ecc51d91cce34271ec7866253893 100644 (file)
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -484,7 +484,7 @@ sub verify_token {
     my $token_info = $user->{tokens}->{$token};
 
     my $ctime = time();
-    die "token expired\n" if $token_info->{expire} && ($token_info->{expire} < $ctime);
+    die "token '$token' access expired\n" if $token_info->{expire} && ($token_info->{expire} < $ctime);
 
     die "invalid token value!\n" if !PVE::Cluster::verify_token($tokenid, $value);
 
@@ -662,7 +662,7 @@ sub check_user_enabled {
     my $expire = $usercfg->{users}->{$username}->{expire};
 
     if ($expire && $expire < $ctime) {
-       die "account expired\n" if !$noerr;
+       die "user '$username' access expired\n" if !$noerr;
        return undef;
     }
 
Access control framework