From ba6cc98fcbfa64cf5e6d06f22bb2ace9fcb52c70 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Mon, 27 Sep 2021 15:32:38 +0200
Subject: [PATCH] api: delete user: disable first to avoid surprise on error

Write out a config with the user disabled so that it cannot be used
even if deletion fails, why ever that is

Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/PVE/API2/User.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 3eb4038..06cc680 100644
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -436,6 +436,11 @@ __PACKAGE__->register_method ({
 	PVE::AccessControl::lock_user_config(sub {
 	    my $usercfg = cfs_read_file("user.cfg");
 
+	    # NOTE: disable the user first (transaction like), so if (e.g.) we fail in the middle of
+	    # TFA deletion the user will be still disabled and not just without TFA protection.
+	    $usercfg->{users}->{$userid}->{enable} = 0;
+	    cfs_write_file("user.cfg", $usercfg);
+
 	    my $domain_cfg = cfs_read_file('domains.cfg');
 	    if (my $cfg = $domain_cfg->{ids}->{$realm}) {
 		my $plugin = PVE::Auth::Plugin->lookup($cfg->{type});
-- 
2.39.2