From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pbs-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 800501FF15C for <inbox@lore.proxmox.com>; Fri, 4 Apr 2025 17:11:10 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AD69A35574; Fri, 4 Apr 2025 17:10:58 +0200 (CEST) From: Hannes Laimer <h.laimer@proxmox.com> To: pbs-devel@lists.proxmox.com Date: Fri, 4 Apr 2025 17:10:12 +0200 Message-Id: <20250404151017.32991-1-h.laimer@proxmox.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.025 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup v2 0/5] ACL removal on user/token deletion + token regeneration X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion <pbs-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/> List-Post: <mailto:pbs-devel@lists.proxmox.com> List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox Backup Server development discussion <pbs-devel@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com> If a user is deleted, all its permissions and tokens will now be deleted with it. If a token is deleted all its permissions will now be deleted. Until now neither of those two happened[1]. The last two commits add the possibility to regenerate tokens, basically revoking the old and generating a new secret while keeping all the set permissions. This is all in the same series since just adding the removal of permissions would kill the currently only way to keep the permissions but change the secret of a token(deleting it and creating it again with the same name[2]). -> pbs-api-types dep has to be bumped since we need the schema added in #4 for #5. [1] https://bugzilla.proxmox.com/show_bug.cgi?id=4382 [2] https://bugzilla.proxmox.com/show_bug.cgi?id=3887 v2: - rebase onto master Hannes Laimer (5): pbs-config: move secret generation into token_shadow fix #4382: api: access: remove permissions of token on deletion fix #4382: api: remove permissions and tokens of user on deletion fix #3887: api: access: allow secret regeneration fix #3887: ui: add regenerate token button pbs-config/Cargo.toml | 1 + pbs-config/src/token_shadow.rs | 10 ++++- src/api2/access/user.rs | 80 +++++++++++++++++++++++++++------- www/config/TokenView.js | 29 ++++++++++++ 4 files changed, 104 insertions(+), 16 deletions(-) -- 2.39.5 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel