Delete captcha session only when authentication process is finished (#788)

2015-03-09 16:44:19 +00:00 · 2015-03-09 16:44:19 +00:00 · a31663cf38
commit a31663cf38
parent 68c9968f3d
1 changed files with 36 additions and 12 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@ -71,7 +71,7 @@ use Digest::MD5;
 #inherits Apache::Session
 #link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage

-our $VERSION = '1.4.2';
+our $VERSION = '1.4.4';

 use base qw(Lemonldap::NG::Common::CGI Exporter);
 our @ISA;
@ -657,14 +657,6 @@ sub checkCaptcha {
        }
    );

-    # Remove captcha session (will not be used anymore)
-    if ( $captcha->removeSession ) {
-        $self->lmLog( "Code $code match captcha $ccode", 'debug' );
-    }
-    else {
-        $self->lmLog( "Unable to remove captcha session $ccode", 'warn' );
-    }
-
    # Check code
    if ( $captcha && $captcha->code ) {

@ -678,6 +670,34 @@ sub checkCaptcha {
    return 0;
 }

+## @method int removeCaptcha(ccode)
+# Remove captcha session
+# @param captcha code generated by Authen::Captcha
+# @return a constant
+sub removeCaptcha {
+    my ( $self, $ccode ) = splice @_;
+
+    # Get captcha object
+    my $captcha = Lemonldap::NG::Common::Captcha->new(
+        {
+            storageModule        => $self->{captchaStorage},
+            storageModuleOptions => $self->{captchaStorageOptions},
+            md5                  => $ccode,
+            size                 => $self->{captcha_size},
+        }
+    );
+
+    # Remove captcha session (will not be used anymore)
+    if ( $captcha->removeSession ) {
+        $self->lmLog( "Captcha session $ccode removed", 'debug' );
+        return 0;
+    }
+    else {
+        $self->lmLog( "Unable to remove captcha session $ccode", 'warn' );
+        return 1;
+    }
+}
+
 ## @method boolean isTrustedUrl(string url)
 # Check if an URL's domain name is declared in LL::NG config or is declared as trusted domain
 # @param url Parameter url
@ -1654,9 +1674,8 @@ sub controlExistingSession {
                    'debug'
                );

-                if (
-                    $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth')
-                  )
+                if ( $self->{sessionInfo}->{'_auth'} ne
+                    $self->get_module('auth') )
                {
                    my $module_name = 'Lemonldap::NG::Portal::Auth'
                      . $self->{sessionInfo}->{_auth};
@ -2370,6 +2389,11 @@ sub store {
 sub authFinish {
    my $self = shift;

+    # Remove captcha session
+    if ( $self->{captcha_check_code} ) {
+        $self->removeCaptcha( $self->{captcha_check_code} );
+    }
+
    eval { $self->{error} = $self->SUPER::authFinish; };
    if ($@) {
        $self->lmLog(