From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 2 Apr 2019 10:21:54 +0000 (+0200)
Subject: delete TFA entries when deleting a user
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=9536c4dcd43fdd07f884e6fbfdf0a7bba0a36bb0;hp=2b4c98ab01174a00117748da09a8b51f06974d7a

delete TFA entries when deleting a user

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---

diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm
index 4c859dc..4458fc1 100644
--- a/PVE/API2/User.pm
+++ b/PVE/API2/User.pm
@@ -355,11 +355,14 @@ __PACKAGE__->register_method ({
 		    $plugin->delete_user($cfg, $realm, $ruid);
 		}
 
+		# Remove TFA data before removing the user entry as the user entry tells us whether
+		# we need ot update priv/tfa.cfg.
+		PVE::AccessControl::user_set_tfa($userid, $realm, undef, undef, $usercfg, $domain_cfg);
+
 		delete $usercfg->{users}->{$userid};
 
 		PVE::AccessControl::delete_user_group($userid, $usercfg);
 		PVE::AccessControl::delete_user_acl($userid, $usercfg);
-
 		cfs_write_file("user.cfg", $usercfg);
 	    }, "delete user failed");