fix updateUserLastLogin is called regardless of the value of isValid.

hobbitronics · hobbitronics · commit 342c05e673d5 · 2024-10-09T13:36:40.000+09:30
diff --git a/modules/mfa/src/Auth/Process/Mfa.php b/modules/mfa/src/Auth/Process/Mfa.php
@@ -700,9 +700,11 @@ public static function isRememberMeCookieValid(
             if ((int)$expireDate > time()) {
                 $expectedString = self::generateRememberMeCookieString($rememberSecret, $state['employeeId'], $expireDate, $mfaOptions);
                 $isValid = password_verify($expectedString, $cookieHash);
-
-                $idBrokerClient = self::getIdBrokerClient($state['idBrokerConfig']);
-                $idBrokerClient->updateUserLastLogin($state['employeeId']);
+                
+                if ($isValid) {
+                    $idBrokerClient = self::getIdBrokerClient($state['idBrokerConfig']);
+                    $idBrokerClient->updateUserLastLogin($state['employeeId']);
+                }
 
                 return $isValid;
             }
