GUAC-1176: Add password expiration attribute.

2025-09-06 13:17:41 +00:00 · 2015-05-27 13:08:26 -07:00
parent 368ceea080
commit 10aea5d0a3
9 changed files with 88 additions and 15 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
@@ -77,6 +77,7 @@ CREATE TABLE `guacamole_user` (
  `password_hash` binary(32)   NOT NULL,
  `password_salt` binary(32),
  `disabled`      boolean      NOT NULL DEFAULT 0,
+  `expired`       boolean      NOT NULL DEFAULT 0,

  PRIMARY KEY (`user_id`),
  UNIQUE KEY `username` (`username`)
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.7.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.7.sql
@@ -26,3 +26,9 @@

 ALTER TABLE guacamole_user ADD COLUMN disabled BOOLEAN NOT NULL DEFAULT 0;

+--
+-- Add per-user password expiration flag
+--
+
+ALTER TABLE guacamole_user ADD COLUMN expired BOOLEAN NOT NULL DEFAULT 0;
+
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
@@ -33,6 +33,7 @@
        <result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
        <result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
        <result column="disabled"      property="disabled"     jdbcType="BOOLEAN"/>
+        <result column="expired"       property="expired"      jdbcType="BOOLEAN"/>
    </resultMap>

    <!-- Select all usernames -->
@@ -59,7 +60,8 @@
            username,
            password_hash,
            password_salt,
-            disabled
+            disabled,
+            expired
        FROM guacamole_user
        WHERE username IN
            <foreach collection="identifiers" item="identifier"
@@ -77,7 +79,8 @@
            username,
            password_hash,
            password_salt,
-            disabled
+            disabled,
+            expired
        FROM guacamole_user
        JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
        WHERE username IN
@@ -98,7 +101,8 @@
            username,
            password_hash,
            password_salt,
-            disabled
+            disabled,
+            expired
        FROM guacamole_user
        WHERE
            username = #{username,jdbcType=VARCHAR}
@@ -119,13 +123,15 @@
            username,
            password_hash,
            password_salt,
-            disabled
+            disabled,
+            expired
        )
        VALUES (
            #{object.identifier,jdbcType=VARCHAR},
            #{object.passwordHash,jdbcType=BINARY},
            #{object.passwordSalt,jdbcType=BINARY},
-            #{object.disabled,jdbcType=BOOLEAN}
+            #{object.disabled,jdbcType=BOOLEAN},
+            #{object.expired,jdbcType=BOOLEAN}
        )

    </insert>
@@ -135,7 +141,8 @@
        UPDATE guacamole_user
        SET password_hash = #{object.passwordHash,jdbcType=BINARY},
            password_salt = #{object.passwordSalt,jdbcType=BINARY},
-            disabled = #{object.disabled,jdbcType=BOOLEAN}
+            disabled = #{object.disabled,jdbcType=BOOLEAN},
+            expired = #{object.expired,jdbcType=BOOLEAN}
        WHERE user_id = #{object.objectID,jdbcType=VARCHAR}
    </update>