GUACAMOLE-1239: Make identifier comparison case-insensitive.

2025-09-07 13:41:21 +00:00 · 2023-07-18 17:26:40 -04:00
parent 073d1d476e
commit 4d5101574a
43 changed files with 853 additions and 12 deletions
--- a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
+++ b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
@@ -53,5 +53,26 @@ public class ConfigurationService {
            "REMOTE_USER"
        );
    }
+    
+    /**
+     * Returns true if the usernames provided to the header authentication
+     * module should be treated as case-sensitive, or false if usernames
+     * should be treated as case-insensitive. This will default to the global
+     * Guacamole configuration for case-sensitivity, which defaults to true, but
+     * can be overridden for this extension, if desired.
+     * 
+     * @return
+     *     true if usernames should be treated as case-sensitive, otherwise
+     *     false.
+     * 
+     * @throws GuacamoleException 
+     *     If guacamole.properties cannot be parsed.
+     */
+    public boolean getCaseSensitiveUsernames() throws GuacamoleException {
+        return environment.getProperty(
+            HTTPHeaderGuacamoleProperties.HTTP_AUTH_CASE_SENSITIVE_USERNAMES,
+            environment.getCaseSensitiveUsernames()
+        );
+    }

 }
--- a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
+++ b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
@@ -19,7 +19,7 @@

 package org.apache.guacamole.auth.header;

-import org.apache.guacamole.properties.IntegerGuacamoleProperty;
+import org.apache.guacamole.properties.BooleanGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;


@@ -36,7 +36,7 @@ public class HTTPHeaderGuacamoleProperties {
    private HTTPHeaderGuacamoleProperties() {}

    /**
-     * The header used for HTTP header authentication.
+     * A property used to configure the header used for HTTP header authentication.
     */
    public static final StringGuacamoleProperty HTTP_AUTH_HEADER = new StringGuacamoleProperty() {

@@ -44,5 +44,17 @@ public class HTTPHeaderGuacamoleProperties {
        public String getName() { return "http-auth-header"; }

    };
+    
+    /**
+     * A property used to configure whether or not usernames within the header
+     * module should be treated as case-sensitive.
+     */
+    public static final BooleanGuacamoleProperty HTTP_AUTH_CASE_SENSITIVE_USERNAMES =
+            new BooleanGuacamoleProperty() {
+        
+        @Override
+        public String getName() { return "http-auth-case-sensitive-usernames"; }
+        
+    };

 }
--- a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
+++ b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
@@ -20,9 +20,13 @@
 package org.apache.guacamole.auth.header.user;

 import com.google.inject.Inject;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.header.ConfigurationService;
 import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 /**
 * An HTTP header implementation of AuthenticatedUser, associating a
@@ -31,12 +35,23 @@ import org.apache.guacamole.net.auth.Credentials;
 */
 public class AuthenticatedUser extends AbstractAuthenticatedUser {

+    /**
+     * Logger for this class.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticatedUser.class);
+    
    /**
     * Reference to the authentication provider associated with this
     * authenticated user.
     */
    @Inject
    private AuthenticationProvider authProvider;
+    
+    /**
+     * Service for retrieving header configuration information.
+     */
+    @Inject
+    private ConfigurationService confService;

    /**
     * The credentials provided when this user was authenticated.
@@ -58,6 +73,19 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser {
        setIdentifier(username.toLowerCase());
    }

+    @Override
+    public boolean isCaseSensitive() {
+        try {
+            return confService.getCaseSensitiveUsernames();
+        }
+        catch (GuacamoleException e) {
+            LOGGER.error("Error when trying to retrieve header configuration: {}."
+                    + " Usernames comparison will be case-sensitive.", e);
+            LOGGER.debug("Exception caught when retrieving header configuration.", e);
+            return true;
+        }
+    }
+    
    @Override
    public AuthenticationProvider getAuthenticationProvider() {
        return authProvider;