GUACAMOLE-1656: Force refresh the user context on updateUserContext to ensure that any modified user attributes are picked up.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java

@@ -89,9 +89,31 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
 
     }
 
-    @Override
+    /**
-    public ModeledUserContext getUserContext(AuthenticationProvider authenticationProvider,
+     * Gets a user context for the given authentication provider and user. If
-            AuthenticatedUser authenticatedUser) throws GuacamoleException {
+     * forceRefresh is set to true, the user record will be re-fetched even if
+     * it has already been loaded from the database. If not, the existing
+     * user will be used.
+     *
+     * @param authenticationProvider
+     *     The authentication provider to use when loading or refreshing the user.
+     *
+     * @param authenticatedUser
+     *     The user for which the user context is being fetched.
+     *
+     * @param forceRefresh
+     *     A flag that, when set to true, will force the authenticated user to
+     *     refreshed from the database. If false, an existing DB user will be
+     *     reused.
+     *
+     * @return
+     *     The fetched user context.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while fetching or refreshing the user context.
+     */
+    private ModeledUserContext getUserContext(AuthenticationProvider authenticationProvider,
+            AuthenticatedUser authenticatedUser, boolean forceRefresh) throws GuacamoleException {
 
         // Always allow but provide no data for users authenticated via our own
         // connection sharing links
@@ -102,8 +124,9 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
         boolean databaseCredentialsUsed = (authenticatedUser instanceof ModeledAuthenticatedUser);
         boolean databaseRestrictionsApplicable = (databaseCredentialsUsed || environment.isUserRequired());
 
-        // Retrieve user account for already-authenticated user
+        // Retrieve user account for already-authenticated user, forcing a refresh if requested
-        ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser);
+        ModeledUser user = userService.retrieveUser(
+                authenticationProvider, authenticatedUser, forceRefresh);
         ModeledUserContext context = userContextProvider.get();
         if (user != null && !user.isDisabled()) {
 
@@ -159,13 +182,21 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
 
     }
 
+    @Override
+    public ModeledUserContext getUserContext(AuthenticationProvider authenticationProvider,
+            AuthenticatedUser authenticatedUser) throws GuacamoleException {
+
+        // Do not force refresh unless updateUserContext is explicitly called
+        return getUserContext(authenticationProvider, authenticatedUser, false);
+    }
+
     @Override
     public UserContext updateUserContext(AuthenticationProvider authenticationProvider,
             UserContext context, AuthenticatedUser authenticatedUser,
             Credentials credentials) throws GuacamoleException {
 
-        // No need to update the context
+        // Force-refresh the user context
-        return context;
+        return getUserContext(authenticationProvider, authenticatedUser, true);
 
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java

@@ -404,6 +404,11 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
      * @param authenticatedUser
      *     The AuthenticatedUser to retrieve the corresponding ModeledUser of.
      *
+     * @param forceRefresh
+     *     Whether the user should be force-refreshed: i.e. re-queried from the
+     *     database. If false, and the user has already been queried, it will
+     *     be returned as-is.
+     *
      * @return
      *     The ModeledUser which corresponds to the given AuthenticatedUser, or
      *     null if no such user exists.
@@ -413,10 +418,11 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
      *     AuthenticatedUser cannot be created.
      */
     public ModeledUser retrieveUser(AuthenticationProvider authenticationProvider,
-            AuthenticatedUser authenticatedUser) throws GuacamoleException {
+            AuthenticatedUser authenticatedUser, boolean forceRefresh) throws GuacamoleException {
 
-        // If we already queried this user, return that rather than querying again
+        // If refresh is not being forced, and we already queried this user,
-        if (authenticatedUser instanceof ModeledAuthenticatedUser)
+        // return that rather than querying again
+        if (!forceRefresh && (authenticatedUser instanceof ModeledAuthenticatedUser))
             return ((ModeledAuthenticatedUser) authenticatedUser).getUser();
 
         // Retrieve corresponding user model, if such a user exists

extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/GuacamoleExceptionSupplier.java

@@ -39,4 +39,5 @@ public abstract class GuacamoleExceptionSupplier<T> {
      *    If an error occurs while attemping to calculate the return value.
      */
     public abstract T get() throws GuacamoleException;
+
 }

guacamole/src/main/frontend/src/app/manage/controllers/manageUserController.js

@@ -501,6 +501,4 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
         return userService.deleteUser($scope.dataSource, $scope.user);
     };
 
-    console.log($scope);
-
 }]);