From efe0ad448f1b58e14199e9a8da82a924acf3ddda Mon Sep 17 00:00:00 2001
From: Yadd <yadd@debian.org>
Date: Tue, 1 Feb 2022 16:02:20 +0100
Subject: [PATCH] Combination: accept "stop()" from authentication backends
 (#2660)

---
 .../Lemonldap/NG/Portal/Auth/Combination.pm   | 48 +++++++++++++++----
 1 file changed, 40 insertions(+), 8 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm
index 2c2117e8f..933b4f83f 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm
@@ -3,12 +3,17 @@ package Lemonldap::NG::Portal::Auth::Combination;
 use strict;
 use Mouse;
 use Lemonldap::NG::Common::Combination::Parser;
-use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_FIRSTACCESS);
+use Lemonldap::NG::Portal::Main::Constants qw(
+  PE_CONFIRM
+  PE_ERROR
+  PE_FIRSTACCESS
+  PE_FORMEMPTY
+  PE_OK
+);
 use Scalar::Util 'weaken';
 
 our $VERSION = '2.0.12';
 
-# TODO: See Lib::Wrapper
 extends 'Lemonldap::NG::Portal::Main::Auth';
 with 'Lemonldap::NG::Portal::Lib::OverConf';
 
@@ -231,13 +236,14 @@ sub try {
         return PE_ERROR;
     }
 
+    my $stop = 0;
     if ( $nb < @$stack - 1 ) {
 
         # TODO: change logLevel for userLog()
         ( $res, $name ) = $stack->[$nb]->[$type]->( $subname, $req, @args );
 
         # On error, restart authentication with next scheme
-        if ( $res > PE_OK ) {
+        unless ( $stop = $self->stop( $stack->[$nb]->[$type], $res ) ) {
             $self->logger->info(qq'Scheme "$name" returned $res, trying next');
             $req->data->{dataKeep}->{combinationTry}++;
             $req->steps( [ @{ $req->data->{combinationSteps} } ] );
@@ -251,11 +257,17 @@ sub try {
     $req->sessionInfo->{ [ '_auth', '_userDB' ]->[$type] } = $name;
     $req->sessionInfo->{_combinationTry} =
       $req->data->{dataKeep}->{combinationTry};
-    if ( $res > 0 and $res != PE_FIRSTACCESS ) {
-        $self->userLogger->warn( 'All schemes failed'
-              . ( $req->user ? ' for user ' . $req->user : '' ) . ' ('
-              . $req->address
-              . ')' );
+    if ( $res > 0 ) {
+        if ($stop) {
+            $self->userLogger->info(
+                "Combination stopped by plugin $name (code $res)");
+        }
+        elsif ( $res != PE_FIRSTACCESS ) {
+            $self->userLogger->warn( 'All schemes failed'
+                  . ( $req->user ? ' for user ' . $req->user : '' ) . ' ('
+                  . $req->address
+                  . ')' );
+        }
     }
     return $res;
 }
@@ -269,6 +281,26 @@ sub name {
       || 'Combination';
 }
 
+sub stop {
+    my ( $self, $mod, $res ) = @_;
+    return 1
+      if (
+        $res <= 0    # PE_OK
+        or $res == PE_CONFIRM
+
+        # TODO: adding this may generate behavior change
+        #or $res == PE_FIRSTACCESS
+        #or $res == PE_FORMEMPTY
+      );
+    my $ret;
+    eval { $ret = $mod->( 'stop', $res ) };
+    if ($@) {
+        $self->logger->debug( 'Trying to call optional stop: ' . $@ );
+        return 0;
+    }
+    return $ret;
+}
+
 package Lemonldap::NG::Portal::Lib::Combination::UserLogger;
 
 # This logger rewrite "warn" to "notice"