Make sure tokens handled by 2F modules are temporary sessions (#2791)
This commit is contained in:
parent
5e72df3f06
commit
318e08ccc7
|
@ -437,6 +437,12 @@ sub _choice {
|
||||||
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
unless ( $session->{_2fRealSession} ) {
|
||||||
|
$self->logger->error("Invalid 2FA session token");
|
||||||
|
$req->noLoginDisplay(1);
|
||||||
|
return $self->p->do( $req, [ sub { PE_ERROR } ] );
|
||||||
|
}
|
||||||
|
|
||||||
$req->sessionInfo($session);
|
$req->sessionInfo($session);
|
||||||
|
|
||||||
# New token
|
# New token
|
||||||
|
|
|
@ -5,6 +5,7 @@ use Mouse;
|
||||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||||
PE_SENDRESPONSE
|
PE_SENDRESPONSE
|
||||||
PE_OK
|
PE_OK
|
||||||
|
PE_ERROR
|
||||||
PE_NOTOKEN
|
PE_NOTOKEN
|
||||||
PE_TOKENEXPIRED
|
PE_TOKENEXPIRED
|
||||||
PE_BADCREDENTIALS
|
PE_BADCREDENTIALS
|
||||||
|
@ -104,6 +105,11 @@ sub _verify {
|
||||||
$req->noLoginDisplay(1);
|
$req->noLoginDisplay(1);
|
||||||
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
||||||
}
|
}
|
||||||
|
unless ( $session->{_2fRealSession} ) {
|
||||||
|
$self->logger->error("Invalid 2FA session token");
|
||||||
|
$req->noLoginDisplay(1);
|
||||||
|
return $self->p->do( $req, [ sub { PE_ERROR } ] );
|
||||||
|
}
|
||||||
|
|
||||||
# Launch second factor verification
|
# Launch second factor verification
|
||||||
my $res = $self->verify( $req, $session );
|
my $res = $self->verify( $req, $session );
|
||||||
|
|
Loading…
Reference in New Issue