From a5cc73a54cca5a5dee4617287c56feba6ac791f5 Mon Sep 17 00:00:00 2001
From: Xavier Guimard <x.guimard@free.fr>
Date: Sat, 30 Jun 2018 07:44:05 +0200
Subject: [PATCH] Avoid session conflict between Issuer and Auth CAS (#1468)

---
 .../lib/Lemonldap/NG/Portal/Auth/CAS.pm         |  1 +
 .../lib/Lemonldap/NG/Portal/Issuer/CAS.pm       |  3 ++-
 .../lib/Lemonldap/NG/Portal/Lib/CAS.pm          | 17 ++++++++++++++---
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
index 3054ddb53..0a2af8b9f 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
@@ -20,6 +20,7 @@ extends 'Lemonldap::NG::Portal::Main::Auth', 'Lemonldap::NG::Portal::Lib::CAS';
 
 has srvNumber => ( is => 'rw', default => 0 );
 has srvList => ( is => 'rw', default => sub { [] } );
+use constant sessionKind => 'CAS';
 
 # INITIALIZATION
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
index 335b1cce5..946af2bfb 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@@ -20,7 +20,8 @@ extends 'Lemonldap::NG::Portal::Main::Issuer',
 
 # INITIALIZATION
 
-use constant beforeAuth => 'storeEnvAndCheckGateway';
+use constant beforeAuth  => 'storeEnvAndCheckGateway';
+use constant sessionKind => 'ICAS';
 
 sub init {
     my ($self) = @_;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
index 7ac576762..9f5cee513 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
@@ -106,7 +106,7 @@ sub getCasSession {
             cacheModule        => $self->conf->{localSessionStorage},
             cacheModuleOptions => $self->conf->{localSessionStorageOptions},
             id                 => $id,
-            kind               => "CAS",
+            kind               => $self->sessionKind,
             ( $info ? ( info => $info ) : () ),
         }
     );
@@ -255,7 +255,12 @@ sub deleteCasSecondarySessions {
     my $cas_sessions =
       $module->searchOn( $moduleOptions, "_cas_id", $session_id );
 
-    if ( my @cas_sessions_keys = keys %$cas_sessions ) {
+    if (
+        my @cas_sessions_keys =
+        grep { $cas_sessions->{$_}->{_session_kind} eq $self->sessionKind }
+        keys %$cas_sessions
+      )
+    {
 
         foreach my $cas_session (@cas_sessions_keys) {
 
@@ -404,7 +409,13 @@ sub validateST {
             my $pgtIdSessions =
               $module->searchOn( $moduleOptions, "pgtIou", $pgtIou );
 
-            foreach my $id ( keys %$pgtIdSessions ) {
+            foreach my $id (
+                grep {
+                    $pgtIdSessions->{$_}->{_session_kind} eq $self->sessionKind
+                }
+                keys %$pgtIdSessions
+              )
+            {
 
                 # There should be only on session
                 my $pgtIdSession = $self->getCasSession($id) or next;