From dae6b880be05e0f41b87abacce5564300e9f01d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Fri, 5 Feb 2010 10:21:48 +0000
Subject: [PATCH] Portal: force authentication is now working

---
 .../lib/Lemonldap/NG/Portal/Simple.pm         | 40 +++++++++++++++----
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index 41a396f00..56a6e32da 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -312,6 +312,10 @@ sub setDefaultValues {
       unless ( defined( $self->{portalRequireOldPassword} ) );
     $self->{portalOpenLinkInNewWindow} = 0
       unless ( defined( $self->{portalOpenLinkInNewWindow} ) );
+    $self->{portalForceAuthn} = 0
+      unless ( defined( $self->{portalForceAuthn} ) );
+    $self->{portalForceAuthnInterval} = 5
+      unless ( defined( $self->{portalForceAuthnInterval} ) );
     $self->{portalUserAttr} ||= "_user";
     $self->{securedCookie}  ||= 0;
     $self->{cookieName}     ||= "lemonldap";
@@ -862,25 +866,32 @@ sub existingSession {
         my $referer = $self->referer();
         my $id      = $self->{id};
 
+        # Do not force authentication when password is modified
+        return PE_DONE if $self->param('newpassword');
+
+       # Do not force authentication if last successful authentication is recent
+        my $last_authn_utime = $self->{sessionInfo}->{_lastAuthnUTime} || 0;
+        if ( time() - $last_authn_utime < $self->{portalForceAuthnInterval} ) {
+            $self->lmLog(
+"Authentication is recent, so do not force authentication for session $id",
+                'debug'
+            );
+            return PE_DONE;
+        }
+
      # If coming from the portal follow the normal process to update the session
         if ( $referer ? ( $referer =~ m#$self->{portal}#i ) : 0 ) {
             $self->lmLog( "Portal referer detected for session $id", 'debug' );
 
-            # Allow password modification from menu
-            return PE_DONE if $self->param('newpassword');
-
-            # Set the user connected to retrieve updated information
-            $self->{user} = $self->{sessionInfo}->{user};
-
             # Set flag to update session timestamp
             $self->{updateSession} = 1;
 
             # Process
             $self->{error} = $self->_subProcess(
-                qw(issuerDBInit issuerForUnAuthUser authInit
+                qw(issuerDBInit issuerForUnAuthUser authInit extractFormInfo
                   userDBInit getUser setAuthSessionInfo setSessionInfo
                   setMacros setLocalGroups setGroups authenticate
-                  store checkNotification issuerForAuthUser)
+                  store)
             );
             return $self->{error} || PE_DONE;
         }
@@ -1059,9 +1070,22 @@ sub authenticate {
     my $self = shift;
     my $tmp;
     return $tmp if ( $tmp = $self->SUPER::authenticate() );
+
+    # Log good authentication
     $self->_sub( 'userNotice',
         "Good authentication for "
           . $self->{sessionInfo}->{ $self->{whatToTrace} } );
+
+    # Set _lastAuthnUTime
+    $self->{sessionInfo}->{_lastAuthnUTime} = time();
+
+    $self->lmLog(
+        "Store _lastAuthnUTime: "
+          . $self->{sessionInfo}->{_lastAuthnUTime}
+          . " in session",
+        'debug'
+    );
+
     PE_OK;
 }