api: delete user: disable first to avoid surprise on error

Write out a config with the user disabled so that it cannot be used
even if deletion fails, why ever that is

Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 3eb4038f77f2e10a2cbb8d4864d2c4c0e80907a4..06cc6804fd9a9f13b5af7d08856fc6958526e02b 100644 (file)
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -436,6 +436,11 @@ __PACKAGE__->register_method ({
        PVE::AccessControl::lock_user_config(sub {
            my $usercfg = cfs_read_file("user.cfg");
 
        PVE::AccessControl::lock_user_config(sub {
            my $usercfg = cfs_read_file("user.cfg");
 

+           # NOTE: disable the user first (transaction like), so if (e.g.) we fail in the middle of
+           # TFA deletion the user will be still disabled and not just without TFA protection.
+           $usercfg->{users}->{$userid}->{enable} = 0;
+           cfs_write_file("user.cfg", $usercfg);
+

            my $domain_cfg = cfs_read_file('domains.cfg');
            if (my $cfg = $domain_cfg->{ids}->{$realm}) {
                my $plugin = PVE::Auth::Plugin->lookup($cfg->{type});
            my $domain_cfg = cfs_read_file('domains.cfg');
            if (my $cfg = $domain_cfg->{ids}->{$realm}) {
                my $plugin = PVE::Auth::Plugin->lookup($cfg->{type});