fix: Fix authentication timeout in rare cases that could lead to a stacktrace

Fixes: #285

.changelogs/1.1.6/285_fix_authentication_timeout.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix authentication timeout in rare cases that could lead to a stacktrace (@gyptazy). [#285]

.changelogs/1.1.6/290_validate_user_token_syntax.yml

@@ -0,0 +1,2 @@
+added:
+  - Add validation for provided API user token id to avoid confusions (@gyptazy). [#291]

.changelogs/1.1.6/291_fix_stack_trace_no_user_permissions_testing.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix stacktrace output when validating permissions on non existing users in Proxmox (@gyptazy). [#291]

proxlb/main.py

@@ -51,14 +51,14 @@ def main():
     # Validate of an optional service delay
     Helper.get_service_delay(proxlb_config)
 
-    # Connect to Proxmox API & create API object
-    proxmox_api = ProxmoxApi(proxlb_config)
-
-    # Overwrite password after creating the API object
-    proxlb_config["proxmox_api"]["pass"] = "********"
-
     while True:
 
+        # Connect to Proxmox API & create API object
+        proxmox_api = ProxmoxApi(proxlb_config)
+
+        # Overwrite password after creating the API object
+        proxlb_config["proxmox_api"]["pass"] = "********"
+
         # Validate if reload signal was sent during runtime
         # and reload the ProxLB configuration and adjust log level
         if Helper.proxlb_reload:

proxlb/utils/proxmox_api.py

@@ -135,6 +135,14 @@ class ProxmoxApi:
         proxlb_credentials = proxlb_config["proxmox_api"]
         present_auth_pass = "pass" in proxlb_credentials
         present_auth_secret = "token_secret" in proxlb_credentials
+        token_id = proxlb_credentials.get("token_id", None)
+
+        if token_id:
+            non_allowed_chars = ["@", "!"]
+            for char in non_allowed_chars:
+                if char in token_id:
+                    logger.error(f"Wrong user/token format defined. User and token id must be splitted! Please see: https://github.com/gyptazy/ProxLB/blob/main/docs/03_configuration.md#required-permissions-for-a-user")
+                    sys.exit(1)
 
         if present_auth_pass and present_auth_secret:
             logger.critical(f"Username/password and API token authentication are mutal exclusive. Please use only one!")
@@ -336,7 +344,15 @@ class ProxmoxApi:
         permissions_available = []
 
         # Get the permissions for the current user/token from API
-        permissions = proxmox_api.access.permissions.get()
+        try:
+            permissions = proxmox_api.access.permissions.get()
+        except proxmoxer.core.ResourceException as api_error:
+            if "no such user" in str(api_error):
+                logger.error("Authentication to Proxmox API not possible: User not known - please check your username and config file.")
+                sys.exit(1)
+            else:
+                logger.error(f"Proxmox API error: {api_error}")
+                sys.exit(1)
 
         # Get all available permissions of the current user/token
         for path, permission in permissions.items():