From 4940f34483d796aaeedc3f7317d69a877c059ada Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 22 Jan 2015 16:25:06 -0800
Subject: [PATCH 1/4] GUAC-1001: Document that identifiers and usernames must
 not be null.

---
 .../org/glyptodon/guacamole/net/auth/Connection.java     | 9 +++++++--
 .../glyptodon/guacamole/net/auth/ConnectionGroup.java    | 9 +++++++--
 .../main/java/org/glyptodon/guacamole/net/auth/User.java | 5 ++++-
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/Connection.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/Connection.java
index 6bf36bec6..cfd6447f2 100644
--- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/Connection.java
+++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/Connection.java
@@ -52,8 +52,13 @@ public interface Connection {
     public void setName(String name);
 
     /**
-     * Returns the unique identifier assigned to this Connection.
-     * @return The unique identifier assigned to this Connection.
+     * Returns the unique identifier assigned to this Connection. All
+     * connections must have a deterministic, unique identifier which may not
+     * be null.
+     *
+     * @return
+     *     The unique identifier assigned to this Connection, which may not be
+     *     null.
      */
     public String getIdentifier();
 
diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ConnectionGroup.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ConnectionGroup.java
index b5da32b68..6b5f84712 100644
--- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ConnectionGroup.java
+++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ConnectionGroup.java
@@ -52,8 +52,13 @@ public interface ConnectionGroup {
     public void setName(String name);
 
     /**
-     * Returns the unique identifier assigned to this ConnectionGroup.
-     * @return The unique identifier assigned to this ConnectionGroup.
+     * Returns the unique identifier assigned to this ConnectionGroup. All
+     * connection groups must have a deterministic, unique identifier which may
+     * not be null.
+     *
+     * @return
+     *     The unique identifier assigned to this ConnectionGroup, which may
+     *     not be null.
      */
     public String getIdentifier();
 
diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/User.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/User.java
index c04e5df63..8409844c1 100644
--- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/User.java
+++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/User.java
@@ -36,8 +36,11 @@ public interface User {
 
     /**
      * Returns the name of this user, which must be unique across all users.
+     * All users must have a deterministic, unique username which may not be
+     * null.
      *
-     * @return The name of this user.
+     * @return
+     *     The unique username of this user, which may not be null.
      */
     public String getUsername();
 

From adc745da4388f693e0672391016d36a85b42369b Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 22 Jan 2015 16:26:07 -0800
Subject: [PATCH 2/4] GUAC-1001: Generate username within
 SimpleAuthenticationProvider if no username is given.

---
 .../net/auth/simple/SimpleAuthenticationProvider.java  | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
index f899ce036..52fb333a5 100644
--- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
+++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
@@ -66,6 +66,9 @@ public abstract class SimpleAuthenticationProvider
     public UserContext getUserContext(Credentials credentials)
             throws GuacamoleException {
 
+        // Get username, if any
+        String username = credentials.getUsername();
+
         // Get configurations
         Map<String, GuacamoleConfiguration> configs =
                 getAuthorizedConfigurations(credentials);
@@ -83,7 +86,12 @@ public abstract class SimpleAuthenticationProvider
             tokenFilter.filterValues(config.getParameters());
         
         // Return user context restricted to authorized configs
-        return new SimpleUserContext(credentials.getUsername(), configs);
+        if (username != null)
+            return new SimpleUserContext(username, configs);
+
+        // If there is no associated username, let SimpleUserContext generate one
+        else
+            return new SimpleUserContext(configs);
 
     }
 

From 0893493893e19ae37555947452ca08e8bf40ca25 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 22 Jan 2015 16:37:25 -0800
Subject: [PATCH 3/4] GUAC-1001: Treat queries with empty permission filter
 lists as unfiltered.

---
 .../connectiongroup/ConnectionGroupRESTService.java  | 12 ++++++++----
 .../net/basic/rest/user/UserRESTService.java         |  4 ++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
index 7fc93a273..049a9d1bc 100644
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
@@ -297,10 +297,10 @@ public class ConnectionGroupRESTService {
      *     The ID of the connection group to retrieve.
      *
      * @param permissions
-     *     If specified, limit the returned list to only those connections for
-     *     which the current user has any of the given permissions. Otherwise, 
-     *     all visible connections are returned. Connection groups are 
-     *     unaffected by this parameter.
+     *     If specified and non-empty, limit the returned list to only those
+     *     connections for which the current user has any of the given
+     *     permissions. Otherwise, all visible connections are returned.
+     *     Connection groups are unaffected by this parameter.
      * 
      * @return
      *     The requested connection group, including all descendants.
@@ -319,6 +319,10 @@ public class ConnectionGroupRESTService {
 
         UserContext userContext = authenticationService.getUserContext(authToken);
 
+        // Do not filter on permissions if no permissions are specified
+        if (permissions != null && permissions.isEmpty())
+            permissions = null;
+        
         // Retrieve requested connection group and all descendants
         APIConnectionGroup connectionGroup = retrieveConnectionGroup(userContext, connectionGroupID, true, permissions);
         if (connectionGroup == null)
diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java
index aa8c56107..8f12aff47 100644
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java
@@ -176,6 +176,10 @@ public class UserRESTService {
         UserContext userContext = authenticationService.getUserContext(authToken);
         User self = userContext.self();
         
+        // Do not filter on permissions if no permissions are specified
+        if (permissions != null && permissions.isEmpty())
+            permissions = null;
+
         // An admin user has access to any user
         boolean isAdmin = self.hasPermission(new SystemPermission(SystemPermission.Type.ADMINISTER));
 

From 32754af507df7be404f0e334c69d1faa554537e4 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 22 Jan 2015 17:12:16 -0800
Subject: [PATCH 4/4] GUAC-1001: Generate a username if blank, too.

---
 .../guacamole/net/auth/simple/SimpleAuthenticationProvider.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
index 52fb333a5..f48ffaaba 100644
--- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
+++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
@@ -86,7 +86,7 @@ public abstract class SimpleAuthenticationProvider
             tokenFilter.filterValues(config.getParameters());
         
         // Return user context restricted to authorized configs
-        if (username != null)
+        if (username != null && !username.isEmpty())
             return new SimpleUserContext(username, configs);
 
         // If there is no associated username, let SimpleUserContext generate one