+ },
+ {
+ "info" : {
+ "POST" : {
+ "description" : "Finish a u2f challenge.",
+ "method" : "POST",
+ "name" : "verify_tfa",
+ "parameters" : {
+ "additionalProperties" : 0,
+ "properties" : {
+ "response" : {
+ "description" : "The response to the current authentication challenge.",
+ "type" : "string",
+ "typetext" : "<string>"
+ }
+ }
+ },
+ "permissions" : {
+ "user" : "all"
+ },
+ "protected" : 1,
+ "returns" : {
+ "properties" : {
+ "ticket" : {
+ "type" : "string"
+ }
+ },
+ "type" : "object"
+ }
+ },
+ "PUT" : {
+ "description" : "Change user u2f authentication.",
+ "method" : "PUT",
+ "name" : "change_tfa",
+ "parameters" : {
+ "additionalProperties" : 0,
+ "properties" : {
+ "action" : {
+ "description" : "The action to perform",
+ "enum" : [
+ "delete",
+ "new",
+ "confirm"
+ ],
+ "type" : "string"
+ },
+ "config" : {
+ "description" : "A TFA configuration. This must currently be of type TOTP of not set at all.",
+ "format" : "pve-tfa-config",
+ "maxLength" : 128,
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "type=<TFATYPE> [,digits=<COUNT>] [,id=<ID>] [,key=<KEY>] [,step=<SECONDS>] [,url=<URL>]"
+ },
+ "key" : {
+ "description" : "When adding TOTP, the shared secret value.",
+ "optional" : 1,
+ "pattern" : "(?^:[A-Z2-7=]{16}|[A-Fa-f0-9]{40})",
+ "type" : "string"
+ },
+ "password" : {
+ "description" : "The current password.",
+ "maxLength" : 64,
+ "minLength" : 5,
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
+ "response" : {
+ "description" : "Either the the response to the current u2f registration challenge, or, when adding TOTP, the currently valid TOTP value.",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
+ "userid" : {
+ "description" : "User ID",
+ "format" : "pve-userid",
+ "maxLength" : 64,
+ "type" : "string",
+ "typetext" : "<string>"
+ }
+ }
+ },
+ "permissions" : {
+ "check" : [
+ "or",
+ [
+ "userid-param",
+ "self"
+ ],
+ [
+ "and",
+ [
+ "userid-param",
+ "Realm.AllocateUser"
+ ],
+ [
+ "userid-group",
+ [
+ "User.Modify"
+ ]
+ ]
+ ]
+ ],
+ "description" : "A user can change their own u2f or totp token."
+ },
+ "protected" : 1,
+ "returns" : {
+ "type" : "object"
+ }
+ }
+ },
+ "leaf" : 1,
+ "path" : "/access/tfa",
+ "text" : "tfa"