From 225736d2373c9035083b11198c08993f6e494d1c Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Fri, 12 Aug 2016 14:49:37 -0700
Subject: [PATCH] GUACAMOLE-78: Store anonymous users' authentication results
 in memory only. Do not persist via cookie.

---
 .../app/auth/service/authenticationService.js | 31 ++++++++++++++++---
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/guacamole/src/main/webapp/app/auth/service/authenticationService.js b/guacamole/src/main/webapp/app/auth/service/authenticationService.js
index e6fc0d789..74f0570b4 100644
--- a/guacamole/src/main/webapp/app/auth/service/authenticationService.js
+++ b/guacamole/src/main/webapp/app/auth/service/authenticationService.js
@@ -53,6 +53,14 @@ angular.module('auth').factory('authenticationService', ['$injector',
 
     var service = {};
 
+    /**
+     * The most recent authentication result, or null if no authentication
+     * result is cached.
+     *
+     * @type AuthenticationResult
+     */
+    var cachedResult = null;
+
     /**
      * The unique identifier of the local cookie which stores the result of the
      * last authentication attempt.
@@ -72,12 +80,17 @@ angular.module('auth').factory('authenticationService', ['$injector',
      */
     var getAuthenticationResult = function getAuthenticationResult() {
 
+        // Use cached result, if any
+        if (cachedResult)
+            return cachedResult;
+
         // Return explicit null if no auth data is currently stored
         var data = $cookieStore.get(AUTH_COOKIE_ID);
         if (!data)
             return null;
 
-        return new AuthenticationResult(data);
+        // Update cache and return retrieved auth result
+        return (cachedResult = new AuthenticationResult(data));
 
     };
 
@@ -92,12 +105,22 @@ angular.module('auth').factory('authenticationService', ['$injector',
     var setAuthenticationResult = function setAuthenticationResult(data) {
 
         // Clear the currently-stored result if the last attempt failed
-        if (!data)
+        if (!data) {
+            cachedResult = null;
             $cookieStore.remove(AUTH_COOKIE_ID);
+        }
 
         // Otherwise store the authentication attempt directly
-        else
-            $cookieStore.put(AUTH_COOKIE_ID, data);
+        else {
+
+            // Always store in cache
+            cachedResult = data;
+
+            // Store cookie ONLY if not anonymous
+            if (data.username !== AuthenticationResult.ANONYMOUS_USERNAME)
+                $cookieStore.put(AUTH_COOKIE_ID, data);
+
+        }
 
     };