Commit f37c2399 authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

Update sessionInfo during auth process with 2FA

parent 778ade26
...@@ -299,8 +299,10 @@ sub run { ...@@ -299,8 +299,10 @@ sub run {
$req->sessionInfo->{_2fRealSession} = $req->id; $req->sessionInfo->{_2fRealSession} = $req->id;
$req->sessionInfo->{_2fUrldc} = $req->urldc; $req->sessionInfo->{_2fUrldc} = $req->urldc;
$req->sessionInfo->{_2fUtime} = $req->{sessionInfo}->{_utime}; $req->sessionInfo->{_2fUtime} = $req->{sessionInfo}->{_utime};
$req->sessionInfo->{_impSpoofId} = $spoofId; if ( $self->conf->{impersonationRule} ) {
$req->sessionInfo->{_impUser} = $req->user; $req->sessionInfo->{_impSpoofId} = $spoofId;
$req->sessionInfo->{_impUser} = $req->user;
}
my $token = $self->ott->createToken( $req->sessionInfo ); my $token = $self->ott->createToken( $req->sessionInfo );
delete $req->{authResult}; delete $req->{authResult};
......
...@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( ...@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS PE_BADCREDENTIALS
); );
our $VERSION = '2.0.6'; our $VERSION = '2.0.8';
extends qw( extends qw(
Lemonldap::NG::Portal::Main::Plugin Lemonldap::NG::Portal::Main::Plugin
...@@ -101,23 +101,23 @@ sub _verify { ...@@ -101,23 +101,23 @@ sub _verify {
# Launch second factor verification # Launch second factor verification
my $res = $self->verify( $req, $session ); my $res = $self->verify( $req, $session );
# Update sessionInfo
delete $session->{$_}
foreach (qw(tokenSessionStartTimestamp tokenTimeoutTimestamp _type));
$req->sessionInfo($session);
$req->id( delete $req->sessionInfo->{_2fRealSession} );
$req->urldc( delete $req->sessionInfo->{_2fUrldc} );
$req->{sessionInfo}->{_utime} = delete $req->{sessionInfo}->{_2fUtime};
# Case error # Case error
if ($res) { if ($res) {
$req->noLoginDisplay(1); $req->noLoginDisplay(1);
$req->sessionInfo($session);
$req->id( delete $req->sessionInfo->{_2fRealSession} );
$req->urldc( delete $req->sessionInfo->{_2fUrldc} );
$req->{sessionInfo}->{_utime} = delete $req->{sessionInfo}->{_2fUtime};
$req->authResult(PE_BADCREDENTIALS); $req->authResult(PE_BADCREDENTIALS);
return $self->p->do( $req, return $self->p->do( $req,
[ sub { $self->p->storeHistory(@_) }, sub { $res } ] ); [ sub { $self->p->storeHistory(@_) }, sub { $res } ] );
} }
# Else restore session # Else restore session
$req->sessionInfo($session);
$req->id( delete $req->sessionInfo->{_2fRealSession} );
$req->urldc( delete $req->sessionInfo->{_2fUrldc} );
$req->{sessionInfo}->{_utime} = delete $req->{sessionInfo}->{_2fUtime};
$req->mustRedirect(1); $req->mustRedirect(1);
$self->userLogger->notice( $self->prefix $self->userLogger->notice( $self->prefix
. '2F verification for ' . '2F verification for '
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment