Return an error if http session could not be found (#2382)

2020-11-16 18:37:26 +01:00 · 2020-11-16 18:37:26 +01:00 · 8f1b30b6d0
commit 8f1b30b6d0
parent 4ceb75c970
1 changed files with 13 additions and 3 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm
@ -4,6 +4,7 @@ use strict;
 use Mouse;
 use Lemonldap::NG::Portal::Main::Constants qw(
  PE_APACHESESSIONERROR
+  PE_ERROR
  PE_OK
 );

@ -37,9 +38,18 @@ sub changeUrldc {
            $cdaInfos->{cookie_name}  = $self->{conf}->{cookieName};
        }
        else {
-            $cdaInfos->{cookie_value} =
-              $req->{sessionInfo}->{_httpSession};
-            $cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
+            if ( $req->{sessionInfo}->{_httpSession} ) {
+                $cdaInfos->{cookie_value} =
+                  $req->{sessionInfo}->{_httpSession};
+                $cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
+            }
+            else {
+                $self->logger->error(
+                        "Session does not contain _httpSession field. "
+                      . "Portal must be accessed over HTTPS when using CDA with double cookie"
+                );
+                return PE_ERROR;
+            }
        }

        my $cdaSession =