From: Philipp Hufnagl <p.hufnagl@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH access-control v2 1/1] fix #4546: api: Return user expiration date on access/ticket API call
Date: Tue, 10 Oct 2023 12:40:34 +0200 [thread overview]
Message-ID: <20231010104034.932760-6-p.hufnagl@proxmox.com> (raw)
In-Reply-To: <20231010104034.932760-1-p.hufnagl@proxmox.com>
Adds an additional, optional parameter to the access/tickets api call
which tells when the currently used user account will expire. If it will
not expire, the parameter will not be added.
Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
---
src/PVE/API2/AccessControl.pm | 8 ++++++++
src/PVE/AccessControl.pm | 8 ++++++++
2 files changed, 16 insertions(+)
diff --git a/src/PVE/API2/AccessControl.pm b/src/PVE/API2/AccessControl.pm
index 74b3910..caba720 100644
--- a/src/PVE/API2/AccessControl.pm
+++ b/src/PVE/API2/AccessControl.pm
@@ -267,6 +267,11 @@ __PACKAGE__->register_method ({
ticket => { type => 'string', optional => 1},
CSRFPreventionToken => { type => 'string', optional => 1 },
clustername => { type => 'string', optional => 1 },
+ 'account-expiry-date' => {
+ type => 'number',
+ description => "Account expiration date as a UNIX timestamp",
+ optional => 1 ,
+ },
# cap => computed api permissions, unless there's a u2f challenge
}
},
@@ -304,6 +309,9 @@ __PACKAGE__->register_method ({
die PVE::Exception->new("authentication failure\n", code => 401);
}
+ my $expires = PVE::AccessControl::lookup_user_expiration($username);
+ $res->{'account-expiry-date'} = $expires if defined($expires);
+
$res->{cap} = $rpcenv->compute_api_permission($username)
if !defined($res->{NeedTFA});
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index cc0f00b..b30570b 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1234,6 +1234,14 @@ sub lookup_username {
return $username;
}
+sub lookup_user_expiration {
+ my ($username) = @_;
+ my $usercfg = cfs_read_file('user.cfg');
+ my $expires = $usercfg->{users}->{$username}->{expire};
+ return undef if $expires == 0;
+ return $expires;
+}
+
sub normalize_path {
my $path = shift;
--
2.39.2
prev parent reply other threads:[~2023-10-10 10:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 10:40 [pve-devel] [PATCH proxmox-widget-toolkit/manager/access-control v2 0/5] fix #4546: Show warning hint/badge if user account is expiring in next few days Philipp Hufnagl
2023-10-10 10:40 ` [pve-devel] [PATCH proxmox-widget-toolkit v2 1/3] fix #4546: css: create a new css class for warning texts Philipp Hufnagl
2023-10-10 10:40 ` [pve-devel] [PATCH proxmox-widget-toolkit v2 2/3] fix #4546: utils: Highlight accounts in user management that exprie soon Philipp Hufnagl
2023-10-10 10:40 ` [pve-devel] [PATCH proxmox-widget-toolkit v2 3/3] fix #4546: utils: Expand authentication data with account expiry date Philipp Hufnagl
2023-10-10 10:40 ` [pve-devel] [PATCH proxmox-widget-toolkit v2 1/1] fix #4546: ui: notify user if there usser account expires soon Philipp Hufnagl
2023-10-10 10:40 ` Philipp Hufnagl [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231010104034.932760-6-p.hufnagl@proxmox.com \
--to=p.hufnagl@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.