consume session token only if login was successful (#512)

Co-authored-by: Maciej Wójcik <[email protected]>
DefGuard · Jan 22, 2024 · 6a0c222 · 6a0c222
1 parent ccbe16f
commit 6a0c222
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/grpc/desktop_client_mfa.rs b/src/grpc/desktop_client_mfa.rs
@@ -181,7 +181,7 @@ impl ClientMfaServer {
         let pubkey = self.parse_token(&request.token)?;
 
         // fetch login session
-        let Some(session) = self.sessions.remove(&pubkey) else {
+        let Some(session) = self.sessions.get(&pubkey) else {
             error!("Client login session not found");
             return Err(Status::invalid_argument("login session not found"));
         };
@@ -245,7 +245,7 @@ impl ClientMfaServer {
         // send gateway event
         debug!("Sending `peer_create` message to gateway");
         let device_info = DeviceInfo {
-            device,
+            device: device.clone(),
             network_info: vec![DeviceNetworkInfo {
                 network_id: location.id.expect("Missing location ID"),
                 device_wireguard_ip: network_device.wireguard_ip,
@@ -259,6 +259,9 @@ impl ClientMfaServer {
             Status::internal("unexpected error")
         })?;
 
+        // remove login session from map
+        self.sessions.remove(&pubkey);
+
         // commit transaction
         transaction.commit().await.map_err(|_| {
             error!("Failed to commit transaction");