update tfa cleanup when deleting users

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 3d4d4e08d02775a36b5bb66299065647e66ffb9a..244264e88e4136d52bbc27eb36e47b411eae6624 100644 (file)
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -453,7 +453,7 @@ __PACKAGE__->register_method ({
 
            my $partial_deletion = '';
            eval {
-               PVE::AccessControl::user_set_tfa($userid, $realm, undef, undef, $usercfg, $domain_cfg);
+               PVE::AccessControl::user_remove_tfa($userid);
                $partial_deletion = ' - but deleted related TFA';
 
                PVE::AccessControl::delete_user_group($userid, $usercfg);

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index cd46507ba2fe0dbc9fbcb70b4855ff8ed5341376..0b0084787ca7a2f4f77f215fa231628398dcecec 100644 (file)
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1740,6 +1740,16 @@ sub assert_new_tfa_config_available() {
     # FIXME: Assert cluster-wide new-tfa-config support!
 }
 
+sub user_remove_tfa : prototype($) {
+    my ($userid) = @_;
+
+    assert_new_tfa_config_available();
+
+    my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
+    $tfa_cfg->remove_user($userid);
+    cfs_write_file('priv/tfa.cfg', $tfa_cfg);
+}
+
 sub user_get_tfa : prototype($$$) {
     my ($username, $realm, $new_format) = @_;