Impersonation breaks login history
Concerned version
Version: %2.0.4
Platform: Debian / Nginx
Summary
On a clean install
- Enable impersonation
- Use rule:
$uid = "dalek"
(a user that doesn't exist) - Identity use rule :
0
- Go to portal and login as dwho (without impersonation)
- Logout, login again
Login history only shows the latest login, but should be showing the last 5
Logs
LLNG[7967]: Session granted for dwho by Demo (10.128.239.1)
LLNG[7967]: Processing code ref
LLNG[7967]: Launching ::Plugins::Impersonation::run
LLNG[7967]: No impersonation required
LLNG[7967]: Rename real attributes...
LLNG[7967]: -> Store _user in realSession key: real__user
LLNG[7967]: Delete _user
...
LLNG[7967]: -> Store uid in realSession key: real_uid
LLNG[7967]: Delete uid
LLNG[7967]: Delete _loginHistory
...
I suppose _loginHistory is deleted from the session because it matches impersonationHiddenAttributes
. But as a result, only the current login gets saved to the user's psession.
Seems to me like the impersonation plugin shouldn't act at all in that case (dwho isn't authorized to use impersonation, and isn't asking for a surrogate identity)