api: drop old verify_tfa api call

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/PVE/API2/TFA.pm b/src/PVE/API2/TFA.pm
index bee4dee7deba40b2dd825debe3189e42acfd3f94..a4ea6dd08272e2efa9805e5efef8940c977897ef 100644 (file)
--- a/src/PVE/API2/TFA.pm
+++ b/src/PVE/API2/TFA.pm
@@ -152,83 +152,6 @@ my sub set_user_tfa_enabled : prototype($$$) {
     }, "enabling TFA for the user failed");
 }
 
-### OLD API
-
-__PACKAGE__->register_method({
-    name => 'verify_tfa',
-    path => '',
-    method => 'POST',
-    permissions => { user => 'all' },
-    protected => 1, # else we can't access shadow files
-    allowtoken => 0, # we don't want tokens to access TFA information
-    description => 'Finish a u2f challenge.',
-    parameters => {
-       additionalProperties => 0,
-       properties => {
-           response => {
-               type => 'string',
-               description => 'The response to the current authentication challenge.',
-           },
-       }
-    },
-    returns => {
-       type => 'object',
-       properties => {
-           ticket => { type => 'string' },
-           # cap
-       }
-    },
-    code => sub {
-       my ($param) = @_;
-
-       my $rpcenv = PVE::RPCEnvironment::get();
-       my $authuser = $rpcenv->get_user();
-       my ($username, undef, $realm) = PVE::AccessControl::verify_username($authuser);
-
-       my ($tfa_type, $tfa_data) = PVE::AccessControl::user_get_tfa($username, $realm, 0);
-       if (!defined($tfa_type)) {
-           raise('no u2f data available');
-       }
-       if ($tfa_type eq 'incompatible') {
-           raise('tfa entries incompatible with old login api');
-       }
-
-       eval {
-           if ($tfa_type eq 'u2f') {
-               my $challenge = $rpcenv->get_u2f_challenge()
-                  or raise('no active challenge');
-
-               my $keyHandle = $tfa_data->{keyHandle};
-               my $publicKey = $tfa_data->{publicKey};
-               raise("incomplete u2f setup")
-                   if !defined($keyHandle) || !defined($publicKey);
-
-               my $u2f = PVE::API2::AccessControl::get_u2f_instance($rpcenv, $publicKey, $keyHandle);
-               $u2f->set_challenge($challenge);
-
-               my ($counter, $present) = $u2f->auth_verify($param->{response});
-               # Do we want to do anything with these?
-           } else {
-               # sanity check before handing off to the verification code:
-               my $keys = $tfa_data->{keys} or die "missing tfa keys\n";
-               my $config = $tfa_data->{config} or die "bad tfa entry\n";
-               PVE::AccessControl::verify_one_time_pw($tfa_type, $authuser, $keys, $config, $param->{response});
-           }
-       };
-       if (my $err = $@) {
-           my $clientip = $rpcenv->get_client_ip() || '';
-           syslog('err', "authentication verification failure; rhost=$clientip user=$authuser msg=$err");
-           die PVE::Exception->new("authentication failure\n", code => 401);
-       }
-
-       return {
-           ticket => PVE::AccessControl::assemble_ticket($authuser),
-           cap => $rpcenv->compute_api_permission($authuser),
-       }
-    }});
-
-### END OLD API
-
 __PACKAGE__->register_method ({
     name => 'list_user_tfa',
     path => '{userid}',