From a09af34412356ce290c142d90a4e4b38b5ae42e7 Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Tue, 31 Oct 2017 12:04:05 +0000
Subject: [PATCH] Missing $req in updatePersistentSession calls (fixes: #1319)

---
 .../lib/Lemonldap/NG/Portal/Issuer/OpenID.pm  |  4 +--
 .../NG/Portal/Issuer/OpenIDConnect.pm         |  6 ++--
 .../lib/Lemonldap/NG/Portal/Issuer/SAML.pm    |  2 +-
 .../Lemonldap/NG/Portal/Lib/OpenID/SREG.pm    |  4 +--
 ...-Auth-and-issuer-OIDC-authorization_code.t | 28 ++++++++++++++++++-
 5 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
index f5276c70a..23a4f85b8 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
@@ -162,12 +162,12 @@ sub openIDServer {
                 return 1;
             }
             elsif ( $req->param("confirm") and $req->param("confirm") == 1 ) {
-                $self->p->updatePersistentSession(
+                $self->p->updatePersistentSession( $req,
                     { "_openidTrust$trust_root" => 1 } );
                 return 1;
             }
             elsif ( $req->param("confirm") and $req->param("confirm") == -1 ) {
-                $self->p->updatePersistentSession(
+                $self->p->updatePersistentSession( $req,
                     { "_openidTrust$trust_root" => 0 } );
                 return 0;
             }
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
index 64c04db41..a6ce8d16b 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
@@ -384,15 +384,17 @@ sub run {
                     }
 
                     # Check prompt parameter
-                    $ask_for_consent = 1 if ( $prompt =~ /\bconsent\b/ );
+                    $ask_for_consent = 1
+                      if ( $prompt and $prompt =~ /\bconsent\b/ );
                 }
                 if ($ask_for_consent) {
                     if (    $req->param('confirm')
                         and $req->param('confirm') == 1 )
                     {
-                        $self->p->updatePersistentSession(
+                        $self->p->updatePersistentSession( $req,
                             { "_oidc_consent_time_$rp" => time } );
                         $self->p->updatePersistentSession(
+                            $req,
                             {
                                 "_oidc_consent_scope_$rp" =>
                                   $oidc_request->{'scope'}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
index ad9403252..055f75a0f 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
@@ -793,7 +793,7 @@ sub run {
 
                 # Update session
                 $self->logger->debug("Save Lasso identity in session");
-                $self->updatePersistentSession(
+                $self->updatePersistentSession( $req,
                     { _lassoIdentityDump => $login->get_identity->dump },
                     undef, $session_id );
             }
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm
index 577fd839b..e1be6f45e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm
@@ -24,7 +24,7 @@ sub sregHook {
         $h{$_} = undef foreach (
             qw(fullname nickname language postcode timezone country gender email dob)
         );
-        $self->p->updatePersistentSession( \%h );
+        $self->p->updatePersistentSession( $req, \%h );
         return 0;
     }
 
@@ -166,7 +166,7 @@ sub sregHook {
             $ag{$k} = 0;
         }
     }
-    $self->p->updatePersistentSession( \%toStore ) if (%toStore);
+    $self->p->updatePersistentSession( $req, \%toStore ) if (%toStore);
 
     # Check if user has agreed request
     if ($accepted) {
diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
index b4c823cb4..0366add43 100644
--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
@@ -185,7 +185,33 @@ ok(
     'Test if user is reject on SP'
 );
 count(1);
-expectRedirection( $res, qr#^http://auth.op.com/oauth2/authorize# );
+( $url, $query ) =
+  expectRedirection( $res, qr#^http://auth.op.com(/oauth2/authorize)\?(.*)$# );
+
+# Test if consent was saved
+# -------------------------
+
+# Push request to OP
+switch ('op');
+ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ),
+    "Push request to OP,         endpoint $url" );
+count(1);
+expectOK($res);
+
+# Try to authenticate to OP
+$query = "user=french&password=french&$query";
+ok(
+    $res = $op->_post(
+        $url,
+        IO::String->new($query),
+        accept => 'text/html',
+        length => length($query),
+    ),
+    "Post authentication,        endpoint $url"
+);
+count(1);
+$idpId = expectCookie($res);
+expectRedirection( $res, qr#^http://auth.rp.com/# );
 
 #print STDERR Dumper($res);
 
-- 
GitLab