safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-07 13:41:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-284: Veto authentication result if a database account is required but unavailable.

Browse Source
This commit is contained in:
Michael Jumper
2017-06-04 13:32:52 -07:00
parent bedd09fc10
commit 45ee895044
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
View File

@@ -104,8 +104,16 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
} }
// Update password if password is expired // Veto authentication result if account is required but unavailable
// due to account restrictions
UserModel userModel = user.getModel(); UserModel userModel = user.getModel();
if (environment.isUserRequired()
&& (userModel.isDisabled() || !user.isAccountValid() || !user.isAccountAccessible())) {
throw new GuacamoleInvalidCredentialsException("Invalid login",
CredentialsInfo.USERNAME_PASSWORD);
}
// Update password if password is expired
if (userModel.isExpired() || passwordPolicyService.isPasswordExpired(user)) if (userModel.isExpired() || passwordPolicyService.isPasswordExpired(user))
userService.resetExpiredPassword(user, authenticatedUser.getCredentials()); userService.resetExpiredPassword(user, authenticatedUser.getCredentials());