From 6a0c22237a38f776cd45c4d365b291495c852eb3 Mon Sep 17 00:00:00 2001
From: Maciek <mwojcik@teonite.com>
Date: Mon, 22 Jan 2024 12:14:43 +0100
Subject: [PATCH] consume session token only if login was successful (#512)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Maciej Wójcik <wojcik91@gmail.com>
---
 src/grpc/desktop_client_mfa.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/grpc/desktop_client_mfa.rs b/src/grpc/desktop_client_mfa.rs
index 60292da27..c360d9435 100644
--- a/src/grpc/desktop_client_mfa.rs
+++ b/src/grpc/desktop_client_mfa.rs
@@ -181,7 +181,7 @@ impl ClientMfaServer {
         let pubkey = self.parse_token(&request.token)?;
 
         // fetch login session
-        let Some(session) = self.sessions.remove(&pubkey) else {
+        let Some(session) = self.sessions.get(&pubkey) else {
             error!("Client login session not found");
             return Err(Status::invalid_argument("login session not found"));
         };
@@ -245,7 +245,7 @@ impl ClientMfaServer {
         // send gateway event
         debug!("Sending `peer_create` message to gateway");
         let device_info = DeviceInfo {
-            device,
+            device: device.clone(),
             network_info: vec![DeviceNetworkInfo {
                 network_id: location.id.expect("Missing location ID"),
                 device_wireguard_ip: network_device.wireguard_ip,
@@ -259,6 +259,9 @@ impl ClientMfaServer {
             Status::internal("unexpected error")
         })?;
 
+        // remove login session from map
+        self.sessions.remove(&pubkey);
+
         // commit transaction
         transaction.commit().await.map_err(|_| {
             error!("Failed to commit transaction");