Idp 781 update last login after mfa

hobbitronics commented 1 week ago

IDP-781

Fixed

update last_login_utc after mfa verification

Feature PR Checklist

[ ] Documentation (README, local.env.dist, api.raml, etc.)
[ ] Tests created or updated
[ ] Run make composershow
[ ] Run make psr2

sonarcloud[bot] commented 1 week ago

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

hobbitronics commented 1 week ago

It's going to be more tricky than this, because the same endpoint is used to verify a new webauthn, and we probably don't want to set the date in that case. Though I suppose it wouldn't be terrible since they would have had to login not long prior to that time in order to add the webauthn.

We would also need to update the last_login_utc when mfa isn't required (30 days or so after using it). That data doesn't seem to be available here unless its stored in the user. I am guessing it is stored as a cookie or in a session by simpleSaml on the client. I am starting to think this is the tricky part.

hobbitronics commented 6 days ago

Closing as a different approach is required

silinternational / idp-id-broker