From a31663cf38edb403e919f11afa55553647109c5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Mon, 9 Mar 2015 16:44:19 +0000
Subject: [PATCH] Delete captcha session only when authentication process is
 finished (#788)

---
 .../lib/Lemonldap/NG/Portal/Simple.pm         | 48 ++++++++++++++-----
 1 file changed, 36 insertions(+), 12 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index 357692b68..22e3679f7 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -71,7 +71,7 @@ use Digest::MD5;
 #inherits Apache::Session
 #link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage
 
-our $VERSION = '1.4.2';
+our $VERSION = '1.4.4';
 
 use base qw(Lemonldap::NG::Common::CGI Exporter);
 our @ISA;
@@ -657,14 +657,6 @@ sub checkCaptcha {
         }
     );
 
-    # Remove captcha session (will not be used anymore)
-    if ( $captcha->removeSession ) {
-        $self->lmLog( "Code $code match captcha $ccode", 'debug' );
-    }
-    else {
-        $self->lmLog( "Unable to remove captcha session $ccode", 'warn' );
-    }
-
     # Check code
     if ( $captcha && $captcha->code ) {
 
@@ -678,6 +670,34 @@ sub checkCaptcha {
     return 0;
 }
 
+## @method int removeCaptcha(ccode)
+# Remove captcha session
+# @param captcha code generated by Authen::Captcha
+# @return a constant
+sub removeCaptcha {
+    my ( $self, $ccode ) = splice @_;
+
+    # Get captcha object
+    my $captcha = Lemonldap::NG::Common::Captcha->new(
+        {
+            storageModule        => $self->{captchaStorage},
+            storageModuleOptions => $self->{captchaStorageOptions},
+            md5                  => $ccode,
+            size                 => $self->{captcha_size},
+        }
+    );
+
+    # Remove captcha session (will not be used anymore)
+    if ( $captcha->removeSession ) {
+        $self->lmLog( "Captcha session $ccode removed", 'debug' );
+        return 0;
+    }
+    else {
+        $self->lmLog( "Unable to remove captcha session $ccode", 'warn' );
+        return 1;
+    }
+}
+
 ## @method boolean isTrustedUrl(string url)
 # Check if an URL's domain name is declared in LL::NG config or is declared as trusted domain
 # @param url Parameter url
@@ -1654,9 +1674,8 @@ sub controlExistingSession {
                     'debug'
                 );
 
-                if (
-                    $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth')
-                  )
+                if ( $self->{sessionInfo}->{'_auth'} ne
+                    $self->get_module('auth') )
                 {
                     my $module_name = 'Lemonldap::NG::Portal::Auth'
                       . $self->{sessionInfo}->{_auth};
@@ -2370,6 +2389,11 @@ sub store {
 sub authFinish {
     my $self = shift;
 
+    # Remove captcha session
+    if ( $self->{captcha_check_code} ) {
+        $self->removeCaptcha( $self->{captcha_check_code} );
+    }
+
     eval { $self->{error} = $self->SUPER::authFinish; };
     if ($@) {
         $self->lmLog(