2 files changed, 29 insertions, 3 deletions

diff --git a/perllib/Catalyst/Authentication/Credential/2FA.pm b/perllib/Catalyst/Authentication/Credential/2FA.pm
index 8b6771037..3f59ada06 100644
--- a/perllib/Catalyst/Authentication/Credential/2FA.pm
+++ b/perllib/Catalyst/Authentication/Credential/2FA.pm
@@ -2,7 +2,7 @@ package Catalyst::Authentication::Credential::2FA;
 
 use strict;
 use warnings;
-use Auth::GoogleAuth;
+use FixMyStreet::Auth::GoogleAuth;
 
 our $VERSION = "0.01";
 
@@ -52,8 +52,8 @@ sub authenticate {
             }
 
             if ($action eq 'activate') {
-                my $auth = Auth::GoogleAuth->new;
-                $c->stash->{qr_code} = $auth->qr_code($secret, $user_obj->email, 'FixMyStreet');
+                my $auth = FixMyStreet::Auth::GoogleAuth->new;
+                $c->stash->{qr_code} = $auth->qr_code($secret, $user_obj->email, $c->cobrand->base_url);
                 $c->stash->{secret32} = $auth->secret32;
                 $c->stash->{stage} = 'activate';
             }
diff --git a/perllib/Catalyst/Plugin/FixMyStreet/Session/RotateSession.pm b/perllib/Catalyst/Plugin/FixMyStreet/Session/RotateSession.pm
new file mode 100644
index 000000000..8da88721f
--- /dev/null
+++ b/perllib/Catalyst/Plugin/FixMyStreet/Session/RotateSession.pm
@@ -0,0 +1,26 @@
+package Catalyst::Plugin::FixMyStreet::Session::RotateSession;
+use Moose::Role;
+use namespace::autoclean;
+
+# After successful authentication, rotate the session ID
+after set_authenticated => sub {
+    my $c = shift;
+    $c->change_session_id;
+};
+
+# The below is necessary otherwise the rotation fails due to the delegate
+# holding on to the now-deleted old session. See
+# https://rt.cpan.org/Public/Bug/Display.html?id=112679
+
+after delete_session_data => sub {
+    my ($c, $key) = @_;
+
+    my ($field) = split(':', $key);
+    if ($field eq 'session') {
+        $c->_session_store_delegate->_session_row(undef);
+    } elsif ($field eq 'flash') {
+        $c->_session_store_delegate->_flash_row(undef);
+    }
+};
+
+1;