store u2f challenges in the rpc environment

[pve-manager.git] / PVE / HTTPServer.pm

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 9a02e7991a15a59d274bcff345b1356be3bfac63..ec9700103aab30ab34cef576bf2f03e28193afd8 100755 (executable)
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -80,7 +80,13 @@ sub auth_handler {
 
        die "No ticket\n" if !$ticket;
 
-       ($username, $age) = PVE::AccessControl::verify_ticket($ticket);
+       ($username, $age, my $challenge) = PVE::AccessControl::verify_ticket($ticket);
+
+       if (defined($challenge)) {
+           $rpcenv->set_u2f_challenge($challenge);
+           die "No ticket\n"
+               if ($rel_uri ne '/access/u2f' || $method ne 'POST');
+       }
 
        $rpcenv->set_user($username);