From: dklawren Date: Mon, 10 Jun 2019 20:18:13 +0000 (-0400) Subject: Bug 1557779 - OAuth flow broken when user is not already logged in *and* uses duo... X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=193cf1fde9fb14980a5b385d3d1a627c55159b85;p=thirdparty%2Fbugzilla.git Bug 1557779 - OAuth flow broken when user is not already logged in *and* uses duo auth --- diff --git a/Bugzilla.pm b/Bugzilla.pm index 89bf3bc77..8ab2f48c4 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -283,9 +283,10 @@ sub login { # At this point, we now know if a real person is logged in. # Check if a password reset is required - my $cgi = Bugzilla->cgi; - my $script_name = $cgi->script_name; - my $do_logout = $cgi->param('logout'); + my $cgi = Bugzilla->cgi; + my $script_name = $cgi->script_name; + my $do_logout = $cgi->param('logout'); + my $on_token_page = $script_name eq '/token.cgi'; if ($authenticated_user->password_change_required) { @@ -319,7 +320,6 @@ sub login { my $expired = defined $date && $date < DateTime->now; my $on_mfa_page = $script_name eq '/userprefs.cgi' && $cgi->param('tab') eq 'mfa'; - my $on_token_page = $script_name eq '/token.cgi'; Bugzilla->request_cache->{mfa_warning} = 1; Bugzilla->request_cache->{mfa_grace_period_expired} = $expired; @@ -393,9 +393,12 @@ sub login { # If Mojo native app is requesting login, we need to possibly redirect my $C = $Bugzilla::App::CGI::C; - if ($C->session->{override_login_target}) { - my $mojo_url = Mojo::URL->new($C->session->{override_login_target}); - $mojo_url->query($C->session->{cgi_params}); + my $session = $C->session; + if (!$on_token_page && $session->{override_login_target}) { + my $override_login_target = delete $session->{override_login_target}; + my $cgi_params = delete $session->{cgi_params}; + my $mojo_url = Mojo::URL->new($override_login_target); + $mojo_url->query($cgi_params); $C->redirect_to($mojo_url); }