From 5e9db8f1dbde81c59e882383d0c5e6fcf7a82baf Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 21 May 2024 12:25:55 -0600
Subject: [PATCH] Fix reintroduced login loop

---
 src/djangooidc/oidc.py  | 6 ++++++
 src/djangooidc/views.py | 1 +
 2 files changed, 7 insertions(+)

diff --git a/src/djangooidc/oidc.py b/src/djangooidc/oidc.py
index 10fb2ec9f..a720006ed 100644
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@@ -247,6 +247,12 @@ class Client(oic.Client):
             raise o_e.AuthenticationFailed(locator=state)
         info_response_dict = info_response.to_dict()
 
+        # Define vtm/vtr information on the user dictionary so we can track this in one location.
+        # If a user has this information, then they are bumped up in terms of verification level.
+        if session.get("needs_step_up_auth") is True:
+            info_response_dict["vtm"] = session.get("vtm", "")
+            info_response_dict["vtr"] = session.get("vtr", "")
+
         logger.debug("user info: %s" % info_response_dict)
         return info_response_dict
 
diff --git a/src/djangooidc/views.py b/src/djangooidc/views.py
index 9d5bbe360..d94e173c2 100644
--- a/src/djangooidc/views.py
+++ b/src/djangooidc/views.py
@@ -98,6 +98,7 @@ def login_callback(request):
         # Tests for the presence of the vtm/vtr values in the userinfo object.
         # If they are there, then we can set a flag in our session for tracking purposes.
         needs_step_up_auth = _requires_step_up_auth(userinfo)
+        request.session["needs_step_up_auth"] = needs_step_up_auth
 
         # Return a redirect request to a new auth url that does biometric validation
         if needs_step_up_auth: