From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0B4CA91535 for ; Tue, 20 Dec 2022 15:57:23 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E8A1734DE6 for ; Tue, 20 Dec 2022 15:57:22 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 20 Dec 2022 15:57:21 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id D229244E34 for ; Tue, 20 Dec 2022 15:57:20 +0100 (CET) From: Hannes Laimer To: pbs-devel@lists.proxmox.com Date: Tue, 20 Dec 2022 15:57:09 +0100 Message-Id: <20221220145714.63985-1-h.laimer@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.034 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [user.rs, proxmox.com, acl.rs] Subject: [pbs-devel] [PATCH proxmox-backup 0/5] ACL removal on user/token deletion + token regeneration X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2022 14:57:23 -0000 If a user is deleted all its permissions and tokens will now be deleted with it. If a token is deleted all its permissions will now be deleted. Until now neither of those two happened[1]. The last two commits add the possibility to regenerate tokens, basically revoking the old and generating a new secret while keeping all the set permissions. This is all in the same series since just adding the removal of permissions would kill the currently only way to keep the permissions but change the secret of a token(deleting it and creating it again with the same name[2]). [1] https://bugzilla.proxmox.com/show_bug.cgi?id=4382 [2] https://bugzilla.proxmox.com/show_bug.cgi?id=3887 Hannes Laimer (5): pbs-config: add delete_authid to ACL-tree fix #4382: api2: remove permissions of token on deletion fix #4382: api2: remove permissions and tokens of user on deletion fix #3887: api2: add regenerate token endpoint fix #3887: ui: add regenerate token button pbs-config/src/acl.rs | 71 +++++++++++++++++++++++++++++++ src/api2/access/user.rs | 92 +++++++++++++++++++++++++++++++++++++++-- www/config/TokenView.js | 30 ++++++++++++++ 3 files changed, 190 insertions(+), 3 deletions(-) -- 2.30.2