update read_user_tfa_type call

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 8893d03caf11440942d555b5646160801d9e2bf2..3d4d4e08d02775a36b5bb66299065647e66ffb9a 100644 (file)
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -485,6 +485,12 @@ __PACKAGE__->register_method ({
        additionalProperties => 0,
        properties => {
            userid => get_standard_option('userid-completed'),
        additionalProperties => 0,
        properties => {
            userid => get_standard_option('userid-completed'),

+           multiple => {
+               type => 'boolean',
+               description => 'Request all entries as an array.',
+               optional => 1,
+               default => 0,
+           },

        },
     },
     returns => {
        },
     },
     returns => {


@@ -499,9 +505,23 @@ __PACKAGE__->register_method ({
            user => {
                type => 'string',
                enum => [qw(oath u2f)],
            user => {
                type => 'string',
                enum => [qw(oath u2f)],

-               description => "The type of TFA the user has set, if any.",
+               description =>
+                   "The type of TFA the user has set, if any."
+                   . " Only set if 'multiple' was not passed.",

                optional => 1,
            },
                optional => 1,
            },

+           types => {
+               type => 'array',
+               description =>
+                   "Array of the user configured TFA types, if any."
+                   . " Only available if 'multiple' was not passed.",
+               optional => 1,
+               items => {
+                   type => 'string',
+                   enum => [qw(totp u2f yubico webauthn recovedry)],
+                   description => 'A TFA type.',
+               },
+           },

        },
        type => "object"
     },
        },
        type => "object"
     },


@@ -514,15 +534,24 @@ __PACKAGE__->register_method ({
        my $realm_cfg = $domain_cfg->{ids}->{$realm};
        die "auth domain '$realm' does not exist\n" if !$realm_cfg;
 
        my $realm_cfg = $domain_cfg->{ids}->{$realm};
        die "auth domain '$realm' does not exist\n" if !$realm_cfg;
 

+       my $res = {};

        my $realm_tfa = {};
        $realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_cfg->{tfa}) if $realm_cfg->{tfa};
        my $realm_tfa = {};
        $realm_tfa = PVE::Auth::Plugin::parse_tfa_config($realm_cfg->{tfa}) if $realm_cfg->{tfa};

+       $res->{realm} = $realm_tfa->{type} if $realm_tfa->{type};

 
        my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
 
        my $tfa_cfg = cfs_read_file('priv/tfa.cfg');

-       my $tfa = $tfa_cfg->{users}->{$username};
-
-       my $res = {};
-       $res->{realm} = $realm_tfa->{type} if $realm_tfa->{type};
-       $res->{user} = $tfa->{type} if $tfa->{type};
+       if ($param->{multiple}) {
+           my $tfa = $tfa_cfg->get_user($username);
+           my $user = [];
+           foreach my $type (keys %$tfa) {
+               next if !scalar($tfa->{$type}->@*);
+               push @$user, $type;
+           }
+           $res->{user} = $user;
+       } else {
+           my $tfa = $tfa_cfg->{users}->{$username};
+           $res->{user} = $tfa->{type} if $tfa->{type};
+       }

        return $res;
     }});
 
        return $res;
     }});