Commit ce8fe0f2 authored by o's avatar o
Browse files

Merge branch 'sendSessionToken' into 'master'

send session token on saml_auth and handoff

See merge request !10
parents 7cd5701b 2efc1b2a
Pipeline #8607 passed with stages
in 3 minutes and 22 seconds
......@@ -83,13 +83,17 @@ class ApplicationController < ActionController::Base
cookies.encrypted[:logged_in] = l.to_json
end
def reset_user_session
def reset_user_session(keep_token=false)
unless session_expired?
url = session[:origin_url]
end
if keep_token
token = session[:login_token]
end
reset_session
session[:locale] = I18n.locale
session[:origin_url] = url
session[:login_token] = token
update_session_expiry
end
......
......@@ -7,6 +7,7 @@ class HandoffLoginController < LoginController
unlock: unlock,
totp: totp,
webauthn: webauthn,
token: session[:login_token],
)
end
......
......@@ -106,7 +106,7 @@ class LoginController < ApplicationController
def new
flash[:notice] = nil
new_login_session
new_login_session(true)
end
def nonce_js
......@@ -141,11 +141,11 @@ EOF
private
def new_login_session
def new_login_session(keep_token=false)
load_news_frame
f = flash[:notice]
fails = session[:auth_failures] || 0
reset_user_session
reset_user_session(keep_token)
params.delete(:user_id)
session[:auth_failures] = fails
flash[:notice] = f
......
......@@ -81,7 +81,8 @@ class SamlLoginController < LoginController
unlock: unlock,
totp: totp,
webauthn: webauthn,
saml_request: @saml_request
saml_request: @saml_request,
token: session[:login_token],
)
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment