pve: enable tfa lockout, add api_unlock_tfa method

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-05-26 12:19:55 +02:00 · 2023-05-26 12:19:55 +02:00 · 590af894ef
commit 590af894ef
parent 10472bc265
1 changed files with 9 additions and 2 deletions
--- a/pve-rs/src/tfa.rs
+++ b/pve-rs/src/tfa.rs
@ -484,6 +484,14 @@ mod export {
            Err(methods::EntryNotFound) => bail!("no such entry"),
        }
    }
+
+    #[export]
+    fn api_unlock_tfa(#[try_from_ref] this: &Tfa, userid: &str) -> Result<bool, Error> {
+        Ok(methods::unlock_tfa(
+            &mut this.inner.lock().unwrap(),
+            userid,
+        )?)
+    }
 }

 /// Version 1 format of `/etc/pve/priv/tfa.cfg`
@ -993,9 +1001,8 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
        }
    }

-    /// TODO: Enable this once we can consider most clusters to support the new format.
    fn enable_lockout(&self) -> bool {
-        false
+        true
    }
 }