From 1bd6a448302930ed268d0d22812d655d9c408242 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Tue, 16 Apr 2019 09:57:54 +0200
Subject: [PATCH 4/7] utils: record auth level along with auth event

---
 src/authentic2/utils.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/authentic2/utils.py b/src/authentic2/utils.py
index 0580b1d8..62d92cd8 100644
--- a/src/authentic2/utils.py
+++ b/src/authentic2/utils.py
@@ -357,7 +357,7 @@ def get_nonce(request):
     return nonce
 
 
-def record_authentication_event(request, how, nonce=None):
+def record_authentication_event(request, how, nonce=None, auth_level=None):
     '''Record an authentication event in the session and in the database, in
        later version the database persistence can be removed'''
     from . import models
@@ -372,8 +372,11 @@ def record_authentication_event(request, how, nonce=None):
         'who_id': getattr(request.user, 'pk', None),
         'how': how,
         'when': int(time.time()),
-
     }
+
+    if auth_level:
+        event['auth_level'] = auth_level
+
     kwargs = {
         'who': six.text_type(request.user)[:80],
         'how': how,
@@ -389,9 +392,12 @@ def record_authentication_event(request, how, nonce=None):
 
 def find_authentication_event(request, nonce):
     '''Find an authentication event occurring during this session and matching
-       this nonce.'''
+       this nonce.
+       In case of multiple events (two authentication level increases for example),
+       return the last one.
+   '''
     authentication_events = request.session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, [])
-    for event in authentication_events:
+    for event in reversed(authentication_events):
         if event.get('nonce') == nonce:
             return event
     return None
-- 
2.20.1