From 63cd5ffb40229b0ca5cfb24703b20b32137cd72c Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Fri, 23 Apr 2021 15:36:16 +0200
Subject: [PATCH] Revert 652d8ba9bcda297bec2698dc52cccbd8986e08d8

See #2482
---
 .../lib/Lemonldap/NG/Portal/Main/Process.pm   | 13 +++++-----
 .../lib/Lemonldap/NG/Portal/Main/Run.pm       |  9 +++----
 .../NG/Portal/Plugins/BruteForceProtection.pm | 24 +++++++++----------
 3 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
index 3916f8596..3d260839e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -396,7 +396,7 @@ sub authenticate {
     $req->steps( [
             'setSessionInfo',           'setMacros',
             'setPersistentSessionInfo', 'storeHistory',
-            @{ $self->afterData },      sub { PE_BADCREDENTIALS }
+            @{ $self->afterData }, sub { PE_BADCREDENTIALS }
         ]
     );
 
@@ -475,13 +475,12 @@ sub setGroups {
 }
 
 sub setPersistentSessionInfo {
-
-    # $user passed by BruteForceProtection plugin
-    my ( $self, $req, $user ) = @_;
+    my ( $self, $req ) = @_;
 
     # Do not restore infos if session already opened
     unless ( $req->id ) {
-        my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} } || $user;
+        my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
+
         return PE_OK unless ( $key and length($key) );
 
         my $persistentSession = $self->getPersistentSession($key);
@@ -620,9 +619,9 @@ sub secondFactor {
 }
 
 sub storeHistory {
-    my ( $self, $req, $uid ) = @_;  # $uid passed by BruteForceProtection plugin
+    my ( $self, $req ) = @_;
     if ( $self->conf->{loginHistoryEnabled} ) {
-        $self->registerLogin( $req, $uid );
+        $self->registerLogin($req);
     }
     PE_OK;
 }
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 4b574bc39..9d15c54da 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -1049,9 +1049,7 @@ sub tplParams {
 }
 
 sub registerLogin {
-
-    # $user passed by BruteForceProtection plugin
-    my ( $self, $req, $uid ) = @_;
+    my ( $self, $req ) = @_;
     return
       unless ( $self->conf->{loginHistoryEnabled}
         and defined $req->authResult );
@@ -1081,8 +1079,7 @@ sub registerLogin {
                 }
             }
         }
-        $self->updatePersistentSession( $req, { 'loginHistory' => undef },
-            $uid );
+        $self->updatePersistentSession( $req, { 'loginHistory' => undef } );
         delete $req->sessionInfo->{loginHistory};
     }
 
@@ -1107,7 +1104,7 @@ sub registerLogin {
       if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
 
     # Save into persistent session
-    $self->updatePersistentSession( $req, { _loginHistory => $history }, $uid );
+    $self->updatePersistentSession( $req, { _loginHistory => $history, } );
 
     PE_OK;
 }
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
index 6aab1f1b1..551008ee8 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
@@ -12,7 +12,7 @@ our $VERSION = '2.0.10';
 extends 'Lemonldap::NG::Portal::Main::Plugin';
 
 # INITIALIZATION
-use constant aroundSub => { authenticate => 'check' };
+use constant afterSub => { setPersistentSessionInfo => 'run' };
 
 has lockTimes => (
     is      => 'rw',
@@ -61,7 +61,9 @@ sub init {
           sort { $a <=> $b }
           map {
             $_ =~ s/\D//;
-            abs $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? abs $_ : ()
+            abs $_ < $self->conf->{bruteForceProtectionMaxLockTime}
+              ? abs $_
+              : ()
           }
           grep { /\d+/ }
           split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes};
@@ -99,13 +101,9 @@ sub init {
 }
 
 # RUNNING METHOD
-sub check {
-    my ( $self, $sub, $req ) = @_;
-    my $now = time;
-    $self->p->setSessionInfo($req);
-    $self->logger->debug("Retrieve $req->{user} logins history");
-    $self->p->setPersistentSessionInfo( $req, $req->{user} );
-
+sub run {
+    my ( $self, $req ) = @_;
+    my $now         = time;
     my $countFailed = my @failedLogins =
       map { ( $now - $_->{_utime} ) <= $self->maxAge ? $_ : () }
       @{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
@@ -115,7 +113,7 @@ sub check {
     my $lastFailedLoginEpoch = $failedLogins[0]->{_utime} || undef;
 
     if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) {
-        return $sub->($req) unless $lastFailedLoginEpoch;
+        return PE_OK unless $lastFailedLoginEpoch;
 
         # Delta between current attempt and last failed login
         my $delta = $now - $lastFailedLoginEpoch;
@@ -148,10 +146,10 @@ sub check {
             $req->lockTime( $waitingTime - $delta );
             return PE_WAIT;
         }
-        return $sub->($req);
+        return PE_OK;
     }
 
-    return $sub->($req)
+    return PE_OK
       if ( $countFailed < $self->maxFailed );
 
     # Delta between current attempt and last failed login
@@ -159,7 +157,7 @@ sub check {
     $self->logger->debug(" -> Delta = $delta");
 
     # Delta < Tempo => wait
-    return $sub->($req)
+    return PE_OK
       unless ( $delta < $self->conf->{bruteForceProtectionTempo}
         && $countFailed );