mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 13:17:41 +00:00
GUACAMOLE-1224: Log user password updates.
This commit is contained in:
Michael Jumper
@@ -94,6 +94,10 @@ public class AffectedObject implements LoggableDetail {
|
|||||||
|
|
||||||
// Users
|
// Users
|
||||||
case USER:
|
case USER:
|
||||||
|
|
||||||
|
if (identifier.equals(event.getAuthenticatedUser().getIdentifier()))
|
||||||
|
return "their own user account";
|
||||||
|
|
||||||
objectType = "user";
|
objectType = "user";
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
@@ -24,6 +24,8 @@ import org.apache.guacamole.GuacamoleException;
|
|||||||
import org.apache.guacamole.GuacamoleResourceNotFoundException;
|
import org.apache.guacamole.GuacamoleResourceNotFoundException;
|
||||||
import org.apache.guacamole.net.auth.AuthenticationProvider;
|
import org.apache.guacamole.net.auth.AuthenticationProvider;
|
||||||
import org.apache.guacamole.net.auth.Credentials;
|
import org.apache.guacamole.net.auth.Credentials;
|
||||||
|
import org.apache.guacamole.net.auth.Identifiable;
|
||||||
|
import org.apache.guacamole.net.auth.User;
|
||||||
import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
|
import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
|
||||||
import org.apache.guacamole.net.event.ApplicationShutdownEvent;
|
import org.apache.guacamole.net.event.ApplicationShutdownEvent;
|
||||||
import org.apache.guacamole.net.event.ApplicationStartedEvent;
|
import org.apache.guacamole.net.event.ApplicationStartedEvent;
|
||||||
@@ -32,6 +34,7 @@ import org.apache.guacamole.net.event.AuthenticationSuccessEvent;
|
|||||||
import org.apache.guacamole.net.event.DirectoryEvent;
|
import org.apache.guacamole.net.event.DirectoryEvent;
|
||||||
import org.apache.guacamole.net.event.DirectoryFailureEvent;
|
import org.apache.guacamole.net.event.DirectoryFailureEvent;
|
||||||
import org.apache.guacamole.net.event.DirectorySuccessEvent;
|
import org.apache.guacamole.net.event.DirectorySuccessEvent;
|
||||||
|
import org.apache.guacamole.net.event.IdentifiableObjectEvent;
|
||||||
import org.apache.guacamole.net.event.UserSessionInvalidatedEvent;
|
import org.apache.guacamole.net.event.UserSessionInvalidatedEvent;
|
||||||
import org.apache.guacamole.net.event.listener.Listener;
|
import org.apache.guacamole.net.event.listener.Listener;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
@@ -48,6 +51,26 @@ public class EventLoggingListener implements Listener {
|
|||||||
*/
|
*/
|
||||||
private final Logger logger = LoggerFactory.getLogger(EventLoggingListener.class);
|
private final Logger logger = LoggerFactory.getLogger(EventLoggingListener.class);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns whether the given event affects the password of a User object.
|
||||||
|
*
|
||||||
|
* @param event
|
||||||
|
* The event to check.
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
* true if a user's password is specifically set or modified by the
|
||||||
|
* given event, false otherwise.
|
||||||
|
*/
|
||||||
|
private boolean isPasswordAffected(IdentifiableObjectEvent<?> event) {
|
||||||
|
|
||||||
|
Identifiable object = event.getObject();
|
||||||
|
if (!(object instanceof User))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
return ((User) object).getPassword() != null;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Logs that an operation was performed on an object within a Directory
|
* Logs that an operation was performed on an object within a Directory
|
||||||
* successfully.
|
* successfully.
|
||||||
@@ -65,10 +88,16 @@ public class EventLoggingListener implements Listener {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case ADD:
|
case ADD:
|
||||||
|
if (isPasswordAffected(event))
|
||||||
|
logger.info("{} successfully created {}, setting their password", new RequestingUser(event), new AffectedObject(event));
|
||||||
|
else
|
||||||
logger.info("{} successfully created {}", new RequestingUser(event), new AffectedObject(event));
|
logger.info("{} successfully created {}", new RequestingUser(event), new AffectedObject(event));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UPDATE:
|
case UPDATE:
|
||||||
|
if (isPasswordAffected(event))
|
||||||
|
logger.info("{} successfully updated {}, changing their password", new RequestingUser(event), new AffectedObject(event));
|
||||||
|
else
|
||||||
logger.info("{} successfully updated {}", new RequestingUser(event), new AffectedObject(event));
|
logger.info("{} successfully updated {}", new RequestingUser(event), new AffectedObject(event));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
@@ -41,6 +41,7 @@ import org.apache.guacamole.net.auth.Directory;
|
|||||||
import org.apache.guacamole.net.auth.UserContext;
|
import org.apache.guacamole.net.auth.UserContext;
|
||||||
import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
|
import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
|
||||||
import org.apache.guacamole.net.auth.simple.SimpleActivityRecordSet;
|
import org.apache.guacamole.net.auth.simple.SimpleActivityRecordSet;
|
||||||
|
import org.apache.guacamole.net.event.DirectoryEvent;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectResource;
|
import org.apache.guacamole.rest.directory.DirectoryObjectResource;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
||||||
import org.apache.guacamole.rest.history.UserHistoryResource;
|
import org.apache.guacamole.rest.history.UserHistoryResource;
|
||||||
@@ -134,6 +135,7 @@ public class UserResource
|
|||||||
public void updateObject(APIUser modifiedObject) throws GuacamoleException {
|
public void updateObject(APIUser modifiedObject) throws GuacamoleException {
|
||||||
|
|
||||||
// A user may not use this endpoint to update their password
|
// A user may not use this endpoint to update their password
|
||||||
|
try {
|
||||||
User currentUser = getUserContext().self();
|
User currentUser = getUserContext().self();
|
||||||
if (
|
if (
|
||||||
currentUser.getIdentifier().equals(modifiedObject.getUsername())
|
currentUser.getIdentifier().equals(modifiedObject.getUsername())
|
||||||
@@ -142,6 +144,11 @@ public class UserResource
|
|||||||
"Permission denied. The password update endpoint must"
|
"Permission denied. The password update endpoint must"
|
||||||
+ " be used to change the current user's password.");
|
+ " be used to change the current user's password.");
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
catch (GuacamoleException | RuntimeException | Error e) {
|
||||||
|
fireDirectoryFailureEvent(DirectoryEvent.Operation.UPDATE, e);
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
|
||||||
super.updateObject(modifiedObject);
|
super.updateObject(modifiedObject);
|
||||||
|
|
||||||
@@ -184,8 +191,15 @@ public class UserResource
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Set password to the newly provided one
|
// Set password to the newly provided one
|
||||||
|
try {
|
||||||
user.setPassword(userPasswordUpdate.getNewPassword());
|
user.setPassword(userPasswordUpdate.getNewPassword());
|
||||||
getDirectory().update(user);
|
getDirectory().update(user);
|
||||||
|
fireDirectorySuccessEvent(DirectoryEvent.Operation.UPDATE);
|
||||||
|
}
|
||||||
|
catch (GuacamoleException | RuntimeException | Error e) {
|
||||||
|
fireDirectoryFailureEvent(DirectoryEvent.Operation.UPDATE, e);
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user