refresh my rights downgrades authentication level set by 2FA
Concerned version
Version: 2.0.7
Platform: (Nginx/Apache/Node.js)
Summary
- Configure LDAP as auth source with level=2
- Configure a 2F provider with level=5
- Login to portal, level in your session is 5
- Refresh my rights
- level in your session is 2
Logs
[notice] Refresh request for abarnes
[debug] [notice] Refresh request for abarnes
[debug] Set session a6a27e0f53514a796f2c9a29d6495f7576e7faebaaf485cf68108fee76d9b0f1 _updateTime with 20200427125553
[debug] Processing getUser
[debug] Processing setAuthSessionInfo
[debug] Processing setSessionInfo
[debug] Processing setMacros
[debug] Processing setGroups
[debug] Processing setLocalGroups
[debug] Processing code ref
[debug] Processing store
[debug] Store Anne-Louise Barnes in session key cn
[debug] Store abarnes in session key uid
[debug] Store 10.128.239.1 in session key ipAddr
[debug] Store fr in session key _language
[debug] Store LDAP in session key _auth
[debug] Store abarnes in session key _user
[debug] Store abarnes in session key _whatToTrace
[debug] Store 20200427125553 in session key _updateTime
[debug] Store LDAP in session key _userDB
[debug] Store a6a27e0f53514a796f2c9a29d6495f7576e7faebaaf485cf68108fee76d9b0f1 in session key _session_id
[debug] Store abarnes@example.com in session key mail
[debug] Store 2 in session key authenticationLevel
[debug] Store 20200427125010 in session key _startTime
[debug] Store uid=abarnes,ou=People,dc=example,dc=com in session key _dn
[debug] Store 1587991810 in session key _utime
[debug] Store Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 in session key UA
[debug] Store 1587991810 in session key _lastAuthnUTime
[debug] Store HASH(0x55ef6ac458f0) in session key _loginHistory
[debug] Dump: $VAR1 = {'successLogin' => [{'ipAddr' => '10.128.239.1','_utime' => '1587991810','error' => -4},{'_utime' => '1587991732','ipAddr' => '10.128.239.1','error' => -4}]};
[debug] Store SSO in session key _session_kind
[debug] Try to get SSO session a6a27e0f53514a796f2c9a29d6495f7576e7faebaaf485cf68108fee76d9b0f1
[debug] Get session a6a27e0f53514a796f2c9a29d6495f7576e7faebaaf485cf68108fee76d9b0f1 from Portal::Main::Run
[debug] Return SSO session a6a27e0f53514a796f2c9a29d6495f7576e7faebaaf485cf68108fee76d9b0f1
[debug] Looking if ext2F is available
[debug] -> OK
[debug] Processing code ref
[debug] Calling autoredirect
Possible fixes
Not sure, authenticationLevel is set by each Auth module, perhaps we should save the old value and restore it at the end of the refresh?