safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-07 13:41:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1176: Stub password reset logic.

Browse Source
This commit is contained in:
Michael Jumper
2015-05-27 15:15:22 -07:00
parent e51363f9c5
commit 542c87d631
1 changed files with 61 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
View File

@@ -24,8 +24,16 @@ package org.glyptodon.guacamole.auth.jdbc.user;
import com.google.inject.Inject; import com.google.inject.Inject;
import com.google.inject.Provider; import com.google.inject.Provider;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.form.Field;
import org.glyptodon.guacamole.net.auth.Credentials; import org.glyptodon.guacamole.net.auth.Credentials;
import org.glyptodon.guacamole.net.auth.credentials.CredentialsInfo;
import org.glyptodon.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
import org.glyptodon.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* Service which creates new UserContext instances for valid users based on * Service which creates new UserContext instances for valid users based on
@@ -35,6 +43,11 @@ import org.glyptodon.guacamole.net.auth.Credentials;
*/ */
public class UserContextService { public class UserContextService {
/**
* Logger for this class.
*/
private static final Logger logger = LoggerFactory.getLogger(UserService.class);
/** /**
* Service for accessing users. * Service for accessing users.
*/ */
@@ -47,19 +60,45 @@ public class UserContextService {
@Inject @Inject
private Provider<UserContext> userContextProvider; private Provider<UserContext> userContextProvider;
/**
* The name of the HTTP parameter to expect if the user is changing their
* expired password upon login.
*/
private static final String NEW_PASSWORD_PARAMETER = "new-password";
/**
* The field to provide the user when their password is expired and must
* be changed.
*/
private static final Field NEW_PASSWORD = new Field(NEW_PASSWORD_PARAMETER, "New password", Field.Type.PASSWORD);
/**
* Information describing the expected credentials if a user's password is
* expired. If a user's password is expired, it must be changed during the
* login process.
*/
private static final CredentialsInfo EXPIRED_PASSWORD = new CredentialsInfo(Arrays.asList(
CredentialsInfo.USERNAME,
CredentialsInfo.PASSWORD,
NEW_PASSWORD
));
/** /**
* Authenticates the user having the given credentials, returning a new * Authenticates the user having the given credentials, returning a new
* UserContext instance if the credentials are valid. * UserContext instance only if the credentials are valid. If the
* credentials are invalid or expired, an appropriate GuacamoleException
* will be thrown.
* *
* @param credentials * @param credentials
* The credentials to use to produce the UserContext. * The credentials to use to produce the UserContext.
* *
* @return * @return
* A new UserContext instance for the user identified by the given * A new UserContext instance for the user identified by the given
* credentials, or null if the credentials are not valid. * credentials.
* *
* @throws GuacamoleException * @throws GuacamoleException
* If an error occurs during authentication. * If an error occurs during authentication, or if the given
* credentials are invalid or expired.
*/ */
public org.glyptodon.guacamole.net.auth.UserContext public org.glyptodon.guacamole.net.auth.UserContext
getUserContext(Credentials credentials) getUserContext(Credentials credentials)
@@ -69,6 +108,24 @@ public class UserContextService {
ModeledUser user = userService.retrieveUser(credentials); ModeledUser user = userService.retrieveUser(credentials);
if (user != null && !user.getModel().isDisabled()) { if (user != null && !user.getModel().isDisabled()) {
// Update password if password is expired
if (user.getModel().isExpired()) {
// Pull new password from HTTP request
HttpServletRequest request = credentials.getRequest();
String newPassword = request.getParameter(NEW_PASSWORD_PARAMETER);
// Require new password if account is expired
if (newPassword == null) {
logger.info("The password of user \"{}\" has expired and must be reset.", user.getIdentifier());
throw new GuacamoleInsufficientCredentialsException("Password expired", EXPIRED_PASSWORD);
}
// STUB: Change password if new password given
logger.info("Resetting expired password of user \"{}\".", user.getIdentifier());
}
// Upon successful authentication, return new user context // Upon successful authentication, return new user context
UserContext context = userContextProvider.get(); UserContext context = userContextProvider.get();
context.init(user.getCurrentUser()); context.init(user.getCurrentUser());
@@ -77,7 +134,7 @@ public class UserContextService {
} }
// Otherwise, unauthorized // Otherwise, unauthorized
return null; throw new GuacamoleInvalidCredentialsException("Invalid login", CredentialsInfo.USERNAME_PASSWORD);
} }