From: Philipp Hufnagl <p.hufnagl@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH access-control v1 1/1] fix #4546: api: Return user expiration date on access/ticket API call
Date: Fri, 22 Sep 2023 16:36:56 +0200 [thread overview]
Message-ID: <20230922143658.1639173-3-p.hufnagl@proxmox.com> (raw)
In-Reply-To: <20230922143658.1639173-1-p.hufnagl@proxmox.com>
Adds an additional, optional parameter to the access/tickets api call
which tells when the currently used user account will expire. If it will
not expire, the parameter will not be added.
Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
---
src/PVE/API2/AccessControl.pm | 8 ++++++++
src/PVE/AccessControl.pm | 8 ++++++++
2 files changed, 16 insertions(+)
diff --git a/src/PVE/API2/AccessControl.pm b/src/PVE/API2/AccessControl.pm
index 74b3910..e562a97 100644
--- a/src/PVE/API2/AccessControl.pm
+++ b/src/PVE/API2/AccessControl.pm
@@ -267,6 +267,11 @@ __PACKAGE__->register_method ({
ticket => { type => 'string', optional => 1},
CSRFPreventionToken => { type => 'string', optional => 1 },
clustername => { type => 'string', optional => 1 },
+ user_expires => {
+ type => 'number',
+ description => "When the user account expires.",
+ optional => 1 ,
+ },
# cap => computed api permissions, unless there's a u2f challenge
}
},
@@ -304,6 +309,9 @@ __PACKAGE__->register_method ({
die PVE::Exception->new("authentication failure\n", code => 401);
}
+ my $exp = PVE::AccessControl::lookup_user_expiration($username);
+ $res->{user_expieres} = $exp if defined($exp);
+
$res->{cap} = $rpcenv->compute_api_permission($username)
if !defined($res->{NeedTFA});
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index cc0f00b..471cc92 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1234,6 +1234,14 @@ sub lookup_username {
return $username;
}
+sub lookup_user_expiration {
+ my ($username) = @_;
+ my $usercfg = cfs_read_file('user.cfg');
+ my $exp = $usercfg->{users}->{$username}->{expire};
+ return undef if $exp == 0;
+ return $exp;
+}
+
sub normalize_path {
my $path = shift;
--
2.39.2
next prev parent reply other threads:[~2023-09-22 14:37 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-22 14:36 [pve-devel] [PATCH manager/access-control/proxmox-widget-toolkit v1 0/4] fix #4546: Show warning hint/badge if user account is expiring in next few days Philipp Hufnagl
2023-09-22 14:36 ` [pve-devel] [PATCH manager v1 1/1] fix #4546: ui: notify user if their user account expires soon Philipp Hufnagl
2023-10-06 13:16 ` Lukas Wagner
2023-10-10 10:15 ` Philipp Hufnagl
2023-09-22 14:36 ` Philipp Hufnagl [this message]
2023-10-06 13:16 ` [pve-devel] [PATCH access-control v1 1/1] fix #4546: api: Return user expiration date on access/ticket API call Lukas Wagner
2023-09-22 14:36 ` [pve-devel] [PATCH proxmox-widget-toolkit v1 1/2] fix #4546: css: Inform user administrator about user accounts expiring soon Philipp Hufnagl
2023-10-06 13:16 ` Lukas Wagner
2023-10-06 14:41 ` Stefan Sterz
2023-10-10 10:18 ` Philipp Hufnagl
2023-09-22 14:36 ` [pve-devel] [PATCH proxmox-widget-toolkit v1 2/2] fix #4546: utils: save expiring date of user account for UI Philipp Hufnagl
2023-10-06 13:16 ` Lukas Wagner
2023-10-06 14:41 ` Stefan Sterz
2023-10-06 13:16 ` [pve-devel] [PATCH manager/access-control/proxmox-widget-toolkit v1 0/4] fix #4546: Show warning hint/badge if user account is expiring in next few days Lukas Wagner
2023-10-09 13:07 ` Philipp Hufnagl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230922143658.1639173-3-p.hufnagl@proxmox.com \
--to=p.hufnagl@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.