CAS Authentication middleware does not update user last login as expected.

[phanku]

Hello,

My development team has identified a verifiable and replicable bug within version 2.3.10+ version of the CMS.

The issue:

All user's last login time stamp is never updated when leveraging the CAS Middleware option that is provided within the Xibo CMS.

We followed the instructions located at: https://xibo.org.uk/docs/setup/cas-as-an-authentication-provider to implement the CAS authentication middleware.
The login process works and all users are able to login but as stated above the user's last login time stamp is never updated within the database.

How to replicate:

We are using the Docker version of the Xibo CMS.

1. Set a viable CAS authentication server within the /custom/settings-custom.php file.
2. Verify the login process works and then view the users section of the CMS. Note the last login time stamp of the user.
3. Logout of the CMS.
4. Login to the CMS and note the last login time stamp of the user.

The solution:

After some research we have determined that the /lib/Middleware/CASAuthentication.php file is missing the code needed to cause the CMS to update the last login timestamp for the user.

The solution was identified in https://github.com/xibosignage/xibo-cms/blob/713a950911990e873c73c8a1b2a967f2827aae66/lib/Middleware/AuthenticationBase.php#L84

Add the below code to /lib/Middleware/CASAuthentication.php after line 112:
if ($user->hasIdentity()) { $user->touch(); }