From: Dominik Csapak <d.csapak@proxmox.com>
Date: Tue, 19 Oct 2021 11:52:42 +0000 (+0200)
Subject: fix user deletion when realm does not enforce TFA
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=4aa4f0b3d75de6a2ca6404eab57671258ab390a7

fix user deletion when realm does not enforce TFA

here the existance of the user is only interesting if we want to set
data, not if we delete it.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index fcb16bd..347c2a8 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1628,7 +1628,7 @@ sub user_set_tfa {
 	    die "realm '$realm' does not allow removing the 2nd factor\n" if defined($user);
 	}
     } else {
-	die "user '$userid' not found\n" if !defined($user);
+	die "user '$userid' not found\n" if !defined($user) && defined($data);
 	# Without a realm-enforced TFA setting the user can add a u2f or totp entry by themselves.
 	# The 'yubico' type requires yubico server settings, which have to be configured on the
 	# realm, so this is not supported here: