From 2a064fd97d952c551c35f7ae23b7ad50cbd3d0d6 Mon Sep 17 00:00:00 2001
From: Eric Espie <eric.espie@combodo.com>
Date: Mon, 12 Sep 2022 10:56:25 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B05394=20-=20use=20session=20for=20the=20F?=
 =?UTF-8?q?SM?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/loginbasic.class.inc.php    |  4 ++--
 application/loginexternal.class.inc.php |  4 ++--
 application/loginform.class.inc.php     | 12 ++----------
 application/loginurl.class.inc.php      |  4 ++--
 4 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/application/loginbasic.class.inc.php b/application/loginbasic.class.inc.php
index 92732fa254..68f8eeaf66 100644
--- a/application/loginbasic.class.inc.php
+++ b/application/loginbasic.class.inc.php
@@ -62,6 +62,7 @@ protected function OnCheckCredentials(&$iErrorCode)
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -70,8 +71,7 @@ protected function OnCredentialsOK(&$iErrorCode)
 	{
 		if (Session::Get('login_mode') == 'basic')
 		{
-			list($sAuthUser) = $this->GetAuthUserAndPassword();
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
diff --git a/application/loginexternal.class.inc.php b/application/loginexternal.class.inc.php
index 7ef8b5b35a..a7055a14ba 100644
--- a/application/loginexternal.class.inc.php
+++ b/application/loginexternal.class.inc.php
@@ -45,6 +45,7 @@ protected function OnCheckCredentials(&$iErrorCode)
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -53,8 +54,7 @@ protected function OnCredentialsOK(&$iErrorCode)
 	{
 		if (Session::Get('login_mode') == 'external')
 		{
-			$sAuthUser = $this->GetAuthUser();
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'external', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'external', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
diff --git a/application/loginform.class.inc.php b/application/loginform.class.inc.php
index 41fbe4ae58..d8e5bc8ee4 100644
--- a/application/loginform.class.inc.php
+++ b/application/loginform.class.inc.php
@@ -71,6 +71,7 @@ protected function OnCheckCredentials(&$iErrorCode)
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -82,17 +83,8 @@ protected function OnCredentialsOK(&$iErrorCode)
 	{
 		if (Session::Get('login_mode') == 'form')
 		{
-			if (Session::IsSet('auth_user'))
-			{
-				// If FSM reenter this state (example 2FA) then the auth_user is not resubmitted
-				$sAuthUser = Session::Get('auth_user');
-			}
-			else
-			{
-				$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
-			}
 			// Store 'auth_user' in session for further use
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
diff --git a/application/loginurl.class.inc.php b/application/loginurl.class.inc.php
index 553ec0062c..5540584816 100644
--- a/application/loginurl.class.inc.php
+++ b/application/loginurl.class.inc.php
@@ -60,6 +60,7 @@ protected function OnCheckCredentials(&$iErrorCode)
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -68,8 +69,7 @@ protected function OnCredentialsOK(&$iErrorCode)
 	{
 		if (Session::Get('login_mode') == 'url')
 		{
-			$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}