From a48daee305224e18c059fa7672c7d128ebe142fe Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Fri, 3 Jan 2020 23:39:57 +0100
Subject: [PATCH] Update sessionInfo during auth process

---
 lemonldap-ng-portal/MANIFEST                  |  9 +++++--
 .../Lemonldap/NG/Portal/2F/Engines/Default.pm | 26 ++++++++++++-------
 .../lib/Lemonldap/NG/Portal/Main/Process.pm   |  9 ++++---
 ...orage.t => 41-Token-with-global-storage.t} |  0
 lemonldap-ng-portal/t/78-2F-Upgrade.t         |  2 +-
 5 files changed, 30 insertions(+), 16 deletions(-)
 rename lemonldap-ng-portal/t/{41-Token-Global-Storage.t => 41-Token-with-global-storage.t} (100%)

diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index efdc1bef1..d74f0a430 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -47,6 +47,7 @@ lib/Lemonldap/NG/Portal/Auth/SSL.pm
 lib/Lemonldap/NG/Portal/Auth/Twitter.pm
 lib/Lemonldap/NG/Portal/Auth/WebID.pm
 lib/Lemonldap/NG/Portal/CDC.pm
+lib/Lemonldap/NG/Portal/CertificateResetByMail/LDAP.pm
 lib/Lemonldap/NG/Portal/Issuer/CAS.pm
 lib/Lemonldap/NG/Portal/Issuer/Get.pm
 lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
@@ -101,6 +102,7 @@ lib/Lemonldap/NG/Portal/Password/REST.pm
 lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm
 lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
 lib/Lemonldap/NG/Portal/Plugins/CDA.pm
+lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm
 lib/Lemonldap/NG/Portal/Plugins/CheckState.pm
 lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
 lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
@@ -370,6 +372,7 @@ site/templates/bootstrap/2fchoice.tpl
 site/templates/bootstrap/2fregisters.tpl
 site/templates/bootstrap/captcha.tpl
 site/templates/bootstrap/casBack2Url.tpl
+site/templates/bootstrap/certificateReset.tpl
 site/templates/bootstrap/checklogins.tpl
 site/templates/bootstrap/checkuser.tpl
 site/templates/bootstrap/confirm.tpl
@@ -439,6 +442,7 @@ site/templates/common/mail/tr.json
 site/templates/common/mail/vi.json
 site/templates/common/mail/zh_CN.json
 site/templates/common/mail_2fcode.tpl
+site/templates/common/mail_certificatReset.tpl
 site/templates/common/mail_confirm.tpl
 site/templates/common/mail_footer.tpl
 site/templates/common/mail_header.tpl
@@ -565,7 +569,7 @@ t/40-Notifications-XML-DBI.t
 t/40-Notifications-XML-File.t
 t/40-Notifications-XML-Server.t
 t/41-Captcha.t
-t/41-Token-Global-Storage.t
+t/41-Token-with-global-storage.t
 t/41-Token.t
 t/42-Register-Demo-with-captcha.t
 t/42-Register-Demo-with-token.t
@@ -579,6 +583,7 @@ t/43-MailPasswordReset-LDAP.t
 t/43-MailPasswordReset-with-captcha.t
 t/43-MailPasswordReset-with-token.t
 t/43-MailPasswordReset.t
+t/44-CertificateResetByMail-LDAP.t
 t/50-IssuerGet.t
 t/57-GlobalLogout-without-Timer.t
 t/57-GlobalLogout.t
@@ -618,7 +623,7 @@ t/68-Impersonation-with-History.t
 t/68-Impersonation-with-merge.t
 t/68-Impersonation-with-TOTP.t
 t/68-Impersonation.t
-t/70-2F-TOTP-8.t
+t/70-2F-TOTP-8-with-global-storage.t
 t/70-2F-TOTP-with-History.t
 t/70-2F-TOTP-with-TTL-and-JSON.t
 t/70-2F-TOTP-with-TTL-and-XML.t
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
index e89fb2938..cffcf663c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
@@ -21,7 +21,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_TOKENEXPIRED
 );
 
-our $VERSION = '2.0.6';
+our $VERSION = '2.0.8';
 
 extends 'Lemonldap::NG::Portal::Main::Plugin';
 with 'Lemonldap::NG::Portal::Lib::OverConf';
@@ -266,15 +266,7 @@ sub run {
     }
 
     # Search for authorized modules for this user
-    my @am;
-    foreach my $m ( @{ $self->sfModules } ) {
-        $self->logger->debug(
-            'Looking if ' . $m->{m}->prefix . '2F is available' );
-        if ( $m->{r}->( $req, $req->sessionInfo ) ) {
-            $self->logger->debug(' -> OK');
-            push @am, $m->{m};
-        }
-    }
+    my @am = $self->searchForAuthorized2Fmodules($req);
 
     # If no 2F module is authorized, skipping 2F
     # Note that a rule may forbid access after (GrantSession plugin)
@@ -546,4 +538,18 @@ sub restoreSession {
       : $self->_displayRegister( $req, @path );
 }
 
+sub searchForAuthorized2Fmodules {
+    my ( $self, $req ) = @_;
+    my @am;
+    foreach my $m ( @{ $self->sfModules } ) {
+        $self->logger->debug(
+            'Looking if ' . $m->{m}->prefix . '2F is available' );
+        if ( $m->{r}->( $req, $req->sessionInfo ) ) {
+            $self->logger->debug(' -> OK');
+            push @am, $m->{m};
+        }
+    }
+    return @am;
+}
+
 1;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
index 8ca879a3f..780428bf5 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -1,6 +1,6 @@
 package Lemonldap::NG::Portal::Main::Process;
 
-our $VERSION = '2.0.7';
+our $VERSION = '2.0.8';
 
 package Lemonldap::NG::Portal::Main;
 
@@ -483,8 +483,11 @@ sub store {
 
     # Update current request
     $req->id( $session->id );
-    $req->{sessionInfo}->{_session_id} = $session->{id};
-    $req->{sessionInfo}->{_session_kind} = $session->{kind};
+    unless ( $self->_sfEngine->searchForAuthorized2Fmodules($req) ) {
+        $self->logger->debug("No 2F module authorized -> Update current request");
+        $req->{sessionInfo}->{_session_id}   = $session->{id};
+        $req->{sessionInfo}->{_session_kind} = $session->{kind};
+    }
 
     # Compute unsecured cookie value if needed
     if ( $self->conf->{securedCookie} == 3 and !$req->refresh ) {
diff --git a/lemonldap-ng-portal/t/41-Token-Global-Storage.t b/lemonldap-ng-portal/t/41-Token-with-global-storage.t
similarity index 100%
rename from lemonldap-ng-portal/t/41-Token-Global-Storage.t
rename to lemonldap-ng-portal/t/41-Token-with-global-storage.t
diff --git a/lemonldap-ng-portal/t/78-2F-Upgrade.t b/lemonldap-ng-portal/t/78-2F-Upgrade.t
index c0f1001ae..07cf03830 100644
--- a/lemonldap-ng-portal/t/78-2F-Upgrade.t
+++ b/lemonldap-ng-portal/t/78-2F-Upgrade.t
@@ -144,7 +144,7 @@ expectRedirection( $res, 'http://test1.example.com' );
 $id    = expectCookie($res);
 
 my $cookies = getCookies($res);
-ok( !defined( $cookies->{lemonldappdata} ), " Make sure no pdata is returned" );
+ok( !$cookies->{lemonldappdata}, " Make sure no pdata is returned" );
 count(1);
 
 clean_sessions();
-- 
GitLab