From f37c2399b1319f76a0ec88e78453de79ba5e7e8b Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Sat, 4 Jan 2020 13:34:50 +0100
Subject: [PATCH] Update sessionInfo during auth process with 2FA

---
 .../Lemonldap/NG/Portal/2F/Engines/Default.pm  |  6 ++++--
 .../Lemonldap/NG/Portal/Main/SecondFactor.pm   | 18 +++++++++---------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
index cffcf663c..33da5c9fa 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
@@ -299,8 +299,10 @@ sub run {
     $req->sessionInfo->{_2fRealSession} = $req->id;
     $req->sessionInfo->{_2fUrldc}       = $req->urldc;
     $req->sessionInfo->{_2fUtime}       = $req->{sessionInfo}->{_utime};
-    $req->sessionInfo->{_impSpoofId}    = $spoofId;
-    $req->sessionInfo->{_impUser}       = $req->user;
+    if ( $self->conf->{impersonationRule} ) {
+        $req->sessionInfo->{_impSpoofId} = $spoofId;
+        $req->sessionInfo->{_impUser}    = $req->user;
+    }
     my $token = $self->ott->createToken( $req->sessionInfo );
     delete $req->{authResult};
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
index 7cd747cc8..c04b14069 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_BADCREDENTIALS
 );
 
-our $VERSION = '2.0.6';
+our $VERSION = '2.0.8';
 
 extends qw(
   Lemonldap::NG::Portal::Main::Plugin
@@ -101,23 +101,23 @@ sub _verify {
     # Launch second factor verification
     my $res = $self->verify( $req, $session );
 
+    # Update sessionInfo
+    delete $session->{$_}
+      foreach (qw(tokenSessionStartTimestamp tokenTimeoutTimestamp _type));
+    $req->sessionInfo($session);
+    $req->id( delete $req->sessionInfo->{_2fRealSession} );
+    $req->urldc( delete $req->sessionInfo->{_2fUrldc} );
+    $req->{sessionInfo}->{_utime} = delete $req->{sessionInfo}->{_2fUtime};
+
     # Case error
     if ($res) {
         $req->noLoginDisplay(1);
-        $req->sessionInfo($session);
-        $req->id( delete $req->sessionInfo->{_2fRealSession} );
-        $req->urldc( delete $req->sessionInfo->{_2fUrldc} );
-        $req->{sessionInfo}->{_utime} = delete $req->{sessionInfo}->{_2fUtime};
         $req->authResult(PE_BADCREDENTIALS);
         return $self->p->do( $req,
             [ sub { $self->p->storeHistory(@_) }, sub { $res } ] );
     }
 
     # Else restore session
-    $req->sessionInfo($session);
-    $req->id( delete $req->sessionInfo->{_2fRealSession} );
-    $req->urldc( delete $req->sessionInfo->{_2fUrldc} );
-    $req->{sessionInfo}->{_utime} = delete $req->{sessionInfo}->{_2fUtime};
     $req->mustRedirect(1);
     $self->userLogger->notice( $self->prefix
           . '2F verification for '
-- 
GitLab