proxmox-login: fix ticket userid check for PMG quarantine tickets

We simply strip the "@quarantine" at the end. Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2023-08-02 14:30:04 +02:00 · 2023-08-02 14:30:04 +02:00 · 9599cb6fd6
commit 9599cb6fd6
parent 25024fa687
1 changed files with 9 additions and 7 deletions
--- a/proxmox-login/src/lib.rs
+++ b/proxmox-login/src/lib.rs
@ -57,6 +57,13 @@ fn normalize_url(mut api_url: String) -> String {
    api_url
 }

+fn check_ticket_userid(ticket_userid: &str, expected_userid: &str) -> Result<(), ResponseError> {
+    if ticket_userid != expected_userid.trim_end_matches("@quarantine") {
+        return Err("returned ticket contained unexpected userid".into());
+    }
+    Ok(())
+}
+
 impl Login {
    /// Prepare a request given an existing ticket string.
    pub fn renew(
@ -152,9 +159,7 @@ impl Login {

        Ok(match ticket {
            TicketResponse::Full(ticket) => {
-                if ticket.userid() != self.userid {
-                    return Err("returned ticket contained unexpected userid".into());
-                }
+                check_ticket_userid(ticket.userid(), &self.userid)?;
                TicketResult::Full(Authentication {
                    csrfprevention_token: response
                        .csrfprevention_token
@ -294,10 +299,7 @@ impl SecondFactorChallenge {
        }

        let ticket: Ticket = response.ticket.ok_or("no ticket in response")?.parse()?;
-
-        if ticket.userid() != self.userid {
-            return Err("returned ticket contained unexpected userid".into());
-        }
+        check_ticket_userid(ticket.userid(), &self.userid)?;

        Ok(Authentication {
            ticket,