From 7ad33e80520f22ba780f88f76664c1c745482143 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 8 Jan 2021 10:30:11 +0100
Subject: [PATCH] tfa: use UNAUTHORIZED http status in password check

to trigger our 3s delay in the rest handler

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 src/api2/access/tfa.rs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/api2/access/tfa.rs b/src/api2/access/tfa.rs
index d6ef550c..faef06a8 100644
--- a/src/api2/access/tfa.rs
+++ b/src/api2/access/tfa.rs
@@ -25,8 +25,9 @@ fn tfa_update_auth(
     let authid: Authid = rpcenv.get_auth_id().unwrap().parse()?;
 
     if authid.user() != Userid::root_userid() {
-        let password = password.ok_or_else(|| format_err!("missing password"))?;
-        let _: () = crate::auth::authenticate_user(authid.user(), &password)?;
+        let password = password.ok_or_else(|| http_err!(UNAUTHORIZED, "missing password"))?;
+        let _: () = crate::auth::authenticate_user(authid.user(), &password)
+            .map_err(|err| http_err!(UNAUTHORIZED, "{}", err))?;
     }
 
     // After authentication, verify that the to-be-modified user actually exists:
@@ -37,7 +38,7 @@ fn tfa_update_auth(
             .lookup::<crate::config::user::User>("user", userid.as_str())
             .is_err()
         {
-            bail!("user '{}' does not exists.", userid);
+            http_bail!(UNAUTHORIZED, "user '{}' does not exists.", userid);
         }
     }