Fix bad request (#2501)

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm

@@ -8,7 +8,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_TOKENEXPIRED
 );
 
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.12';
 
 extends 'Lemonldap::NG::Portal::Main::Plugin';
 
@@ -125,7 +125,7 @@ sub confirm {
     my $res = $self->p->process($req);
     return $self->p->do( $req, [ sub { $res } ] ) if $res;
 
-    if ( $upg or $req->param('confirm') == 1 ) {
+    if ( $upg or $req->param('confirm') and $req->param('confirm') == 1 ) {
         $req->data->{noerror} = 1;
 
         if ($sfOnly) {
@@ -152,7 +152,11 @@ sub confirm {
         }
     }
     else {
+
         # Go to portal
+        $self->logger->debug("Upgrade session failed -> Go to portal");
+        $req->mustRedirect(1);
+        return $self->p->do( $req, [ sub { PE_OK } ] );
     }
 }
 

lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t

@@ -0,0 +1,100 @@
+use Test::More;
+use strict;
+use IO::String;
+use Data::Dumper;
+
+require 't/test-lib.pm';
+require 't/smtp.pm';
+
+use_ok('Lemonldap::NG::Common::FormEncode');
+count(1);
+my $res;
+
+my $client = LLNG::Manager::Test->new( {
+        ini => {
+            logLevel         => 'debug',
+            sfOnlyUpgrade    => 1,
+            u2fActivation => 1,
+            u2fAuthnLevel => 5,
+            authentication   => 'Demo',
+            userDB           => 'Same',
+            'vhostOptions'   => {
+                'test1.example.com' => {
+                    'vhostAuthnLevel' => 3
+                },
+            },
+        }
+    }
+);
+
+# CASE 1: no 2F available
+# -----------------------
+my $query = 'user=rtyler&password=rtyler';
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new($query),
+        length => length($query),
+        accept => 'text/html',
+    ),
+    'Auth query'
+);
+count(1);
+
+my $id = expectCookie($res);
+
+# After attempting to access test1,
+# the handler sends up back to /upgradesession
+# --------------------------------------------
+
+ok(
+    $res = $client->_get(
+        '/upgradesession',
+        query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',
+        accept => 'text/html',
+        cookie => "lemonldap=$id",
+    ),
+    'Upgrade session query'
+);
+count(1);
+
+( my $host, my $url, $query ) =
+  expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );
+
+# Accept session upgrade
+# ----------------------
+
+ok(
+    $res = $client->_post(
+        '/upgradesession',
+        IO::String->new($query),
+        length => length($query),
+        accept => 'text/html',
+        cookie => "lemonldap=$id",
+    ),
+    'Accept session upgrade query'
+);
+count(1);
+
+my $pdata = expectCookie( $res, 'lemonldappdata' );
+
+# A message warns the user that they do not have any 2FA available
+expectPortalError( $res, 83 );
+
+$query = 'user=rtyler&password=rtyler';
+ok(
+    $res = $client->_post(
+        '/upgradesession',
+        IO::String->new($query),
+        length => length($query),
+        accept => 'text/html',
+        cookie => "lemonldap=$id",
+    ),
+    'Accept session upgrade query'
+);
+count(1);
+expectRedirection( $res, 'http://auth.example.com/' );
+clean_sessions();
+
+done_testing( count() );
+