diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index c807779ec..7679698a9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -370,8 +370,6 @@ sub run { } else { my $ask_for_consent = 1; - -######################## my $_oidcConsents; my @RPoidcConsent = (); @@ -404,18 +402,6 @@ sub run { { rp => $rp, epoch => '', scope => '' }; } -################### - - #if ( $req->{sessionInfo}->{"_oidc_consent_time_$rp"} - #and $req->{sessionInfo}->{"_oidc_consent_scope_$rp"} ) - - #{ - #$ask_for_consent = 0; - #my $consent_time = - #$req->{sessionInfo}->{"_oidc_consent_time_$rp"}; - #my $consent_scope = - #$req->{sessionInfo}->{"_oidc_consent_scope_$rp"}; - if ( $RPoidcConsent[0]{rp} eq $rp ) { $ask_for_consent = 0; @@ -451,6 +437,7 @@ sub run { if ( $req->param('confirm') and $req->param('confirm') == 1 ) { + ############ $self->p->updatePersistentSession( $req, { "_oidc_consent_time_$rp" => time } ); $self->p->updatePersistentSession( @@ -460,20 +447,15 @@ sub run { $oidc_request->{'scope'} } ); - -################ - + ############ $RPoidcConsent[0]{epoch} = time; $RPoidcConsent[0]{scope} = $oidc_request->{'scope'}; - push @{$_oidcConsents}, @RPoidcConsent; $self->logger->debug( "Append Relying Party $rp Consent"); $self->p->updatePersistentSession( $req, { _oidcConsents => to_json($_oidcConsents) } ); -################# - $self->logger->debug( "Consent given for Relying Party $rp"); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm index 7e30aaa5d..706fd3d0a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm @@ -7,6 +7,7 @@ our $VERSION = '2.0.0'; package Lemonldap::NG::Portal::Main; use strict; use Mouse; +use JSON; has skinRules => ( is => 'rw' ); @@ -521,18 +522,46 @@ sub mkOidcConsent { } } - my $consents = {}; - - foreach ( keys %$session ) { - if ( $_ =~ /_oidc_consent_time_(.+)$/ ) { - $consents->{$1}->{time} = $session->{ "_oidc_consent_time_" . $1 }; - $consents->{$1}->{scope} = - $session->{ "_oidc_consent_scope_" . $1 }; - $consents->{$1}->{displayName} = - $self->conf->{oidcRPMetaDataOptions}->{$1} - ->{oidcRPMetaDataOptionsDisplayName}; + # Loading existing oidcConsents + $self->logger->debug("Loading OIDC Consents ..."); + my @consents = (); + if ( exists $session->{_oidcConsents} ) { + @consents = eval { + from_json( $session->{_oidcConsents}, { allow_nonref => 1 } ); + }; + if ($@) { + $self->logger->error("Corrupted session (_oidcConsents): $@"); + return PE_ERROR; } } + else { + $self->logger->debug("No OIDC Consent found"); + + #$_oidcConsents = []; + } + + my $consents = {}; +##################### + + foreach (@consents) { + my $rp = {$_}->{rp}; + $consents->{$rp}->{epoch} = $_->{epoch}; + $consents->{$rp}->{scope} = $_->{scope}; + $consents->{$rp}->{displayName} = + $self->conf->{oidcRPMetaDataOptions}->{$rp}->{oidcRPMetaDataOptionsDisplayName}; + } + + #foreach ( keys %$session ) { + #if ( $_ =~ /_oidc_consent_time_(.+)$/ ) { + #$consents->{$1}->{time} = $session->{ "_oidc_consent_time_" . $1 }; + #$consents->{$1}->{scope} = + #$session->{ "_oidc_consent_scope_" . $1 }; + #$consents->{$1}->{displayName} = + #$self->conf->{oidcRPMetaDataOptions}->{$1} + #->{oidcRPMetaDataOptionsDisplayName}; + #} + #} +##################### return $self->loadTemplate( 'oidcConsents', @@ -541,7 +570,7 @@ sub mkOidcConsent { map { { name => $_, - time => $consents->{$_}->{time}, + time => $consents->{$_}->{epoch}, scope => $consents->{$_}->{scope}, displayName => $consents->{$_}->{displayName} }