update last_login_utc in mfa process

modules/mfa/public/prompt-for-mfa.php

@@ -32,8 +32,6 @@
 $cookieHash = filter_input(INPUT_COOKIE, 'c1') ?? ''; // hashed string
 $expireDate = filter_input(INPUT_COOKIE, 'c2') ?? 0;  // expiration timestamp
 if (Mfa::isRememberMeCookieValid(base64_decode($cookieHash), $expireDate, $mfaOptions, $state)) {
-    $idBrokerClient = Mfa::getIdBrokerClient($state['idBrokerConfig']);
-    $idBrokerClient->updateUserLastLogin($state['employeeId']);
     $logger->warning(json_encode([
         'event' => 'MFA skipped due to valid remember-me cookie',
         'employeeId' => $state['employeeId'],

modules/mfa/src/Auth/Process/Mfa.php

@@ -161,7 +161,7 @@ protected function getAttributeAllValues(string $attributeName, array $state): ?
      * @param array $idBrokerConfig
      * @return IdBrokerClient
      */
-    static function getIdBrokerClient(array $idBrokerConfig): IdBrokerClient|FakeIdBrokerClient
+    private static function getIdBrokerClient(array $idBrokerConfig): IdBrokerClient|FakeIdBrokerClient
     {
         $clientClass = $idBrokerConfig['clientClass'];
         $baseUri = $idBrokerConfig['baseUri'];
@@ -699,7 +699,12 @@ public static function isRememberMeCookieValid(
             // Check if value of expireDate is in future
             if ((int)$expireDate > time()) {
                 $expectedString = self::generateRememberMeCookieString($rememberSecret, $state['employeeId'], $expireDate, $mfaOptions);
-                return password_verify($expectedString, $cookieHash);
+                $isValid = password_verify($expectedString, $cookieHash);
+
+                $idBrokerClient = self::getIdBrokerClient($state['idBrokerConfig']);
+                $idBrokerClient->updateUserLastLogin($state['employeeId']);
+
+                return $isValid;
             }
         }