store timestamp into session, not state

restena-sw · restena-sw · commit 5c2740e52239 · 2025-04-09T16:01:00.000+02:00
diff --git a/src/Auth/Process/WebAuthn.php b/src/Auth/Process/WebAuthn.php
@@ -142,17 +142,17 @@ public function process(array &$state): void {
             unset($state['Attributes']['internal:FIDO2PasswordlessAuthentication']);
             return;
         }
-
+        $session = Session::getSessionFromRequest();
+        $lastSecondFactor = $session->getData("DateTime", 'LastSuccessfulSecondFactor');
         if // do we need to do secondFactor in interval, or even every time?
            // we skip only if an interval is configured AND we did successfully authenticate, AND are within the interval
         (
                 $this->SecondFactorMaxAge >= 0 && // 
                 (
-                isset($state['Attributes']['LastSuccessfulSecondFactor']) &&
-                $state['Attributes']['LastSuccessfulSecondFactor'] instanceof \DateTime
+                $lastSecondFactor instanceof \DateTime
                 )
         ) {
-            $interval = \DateTime::diff($state['Attributes']['LastSuccessfulSecondFactor'], \DateTime());
+            $interval = \DateTime::diff($lastSecondFactor, \DateTime());
             if ($interval->invert == 1) {
                 throw new \Exception("We are talking to a future self. Amazing.");
             }
diff --git a/src/Controller/AuthProcess.php b/src/Controller/AuthProcess.php
@@ -231,7 +231,7 @@ function (WebAuthnAuthenticationEvent $authObject, array $state) {
             // take note of the current timestamp so we know 
             // a) that second-factor was done successfully in the current sesssion
             // b) when that event occured, so as to make regular re-auths configurable
-            $state['Attributes']['LastSuccessfulSecondFactor'] = new \DateTime();
+            $this->session->setData("DateTime", 'LastSuccessfulSecondFactor', new \DateTime());
             $this->authState::saveState($state, 'webauthn:request');
         }
         if ($state['FIDO2PasswordlessAuthMode'] === true) {

Original file line number	Diff line number	Diff line change
`@@ -142,17 +142,17 @@ public function process(array &$state): void {`
`142`	`142`	`unset($state['Attributes']['internal:FIDO2PasswordlessAuthentication']);`
`143`	`143`	`return;`
`144`	`144`	`}`
`145`		`-`
	`145`	`+ $session = Session::getSessionFromRequest();`
	`146`	`+ $lastSecondFactor = $session->getData("DateTime", 'LastSuccessfulSecondFactor');`
`146`	`147`	`if // do we need to do secondFactor in interval, or even every time?`
`147`	`148`	`// we skip only if an interval is configured AND we did successfully authenticate, AND are within the interval`
`148`	`149`	`(`
`149`	`150`	`$this->SecondFactorMaxAge >= 0 && //`
`150`	`151`	`(`
`151`		`- isset($state['Attributes']['LastSuccessfulSecondFactor']) &&`
`152`		`- $state['Attributes']['LastSuccessfulSecondFactor'] instanceof \DateTime`
	`152`	`+ $lastSecondFactor instanceof \DateTime`
`153`	`153`	`)`
`154`	`154`	`) {`
`155`		`- $interval = \DateTime::diff($state['Attributes']['LastSuccessfulSecondFactor'], \DateTime());`
	`155`	`+ $interval = \DateTime::diff($lastSecondFactor, \DateTime());`
`156`	`156`	`if ($interval->invert == 1) {`
`157`	`157`	`throw new \Exception("We are talking to a future self. Amazing.");`
`158`	`158`	`}`
Original file line number	Diff line number	Diff line change
`@@ -231,7 +231,7 @@ function (WebAuthnAuthenticationEvent $authObject, array $state) {`
`231`	`231`	`// take note of the current timestamp so we know`
`232`	`232`	`// a) that second-factor was done successfully in the current sesssion`
`233`	`233`	`// b) when that event occured, so as to make regular re-auths configurable`
`234`		`- $state['Attributes']['LastSuccessfulSecondFactor'] = new \DateTime();`
	`234`	`+ $this->session->setData("DateTime", 'LastSuccessfulSecondFactor', new \DateTime());`
`235`	`235`	`$this->authState::saveState($state, 'webauthn:request');`
`236`	`236`	`}`
`237`	`237`	`if ($state['FIDO2PasswordlessAuthMode'] === true) {`