safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1289: Merge refactor Duo and authentication flow

Browse Source
This commit is contained in:
Virtually Nick
2024-04-29 08:43:22 -04:00
committed by GitHub
parent d6ff746808 ee75b01c50
commit 73f05ec87d
42 changed files with 480 additions and 2042 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
guacamole-ext/src/main/java/org/apache/guacamole/language/TranslatableGuacamoleInsufficientCredentialsException.java
View File

@@ -136,46 +136,6 @@ public class TranslatableGuacamoleInsufficientCredentialsException
this(message, new TranslatableMessage(key), credentialsInfo);
}
/**
* Creates a new TranslatableGuacamoleInsufficientCredentialsException with the specified message,
* translation key, the credential information required for authentication, the state token, and
* an expiration timestamp for the state token. The message is provided in both a non-translatable
* form and as a translatable key which can be used to retrieve the localized message.
*
* @param message
* A human-readable description of the exception that occurred. This
* message should be readable on its own and as-written, without
* requiring a translation service.
*
* @param key
* The arbitrary key which can be used to look up the message to be
* displayed in the user's native language.
*
* @param credentialsInfo
* Information describing the form of valid credentials.
*
* @param state
* An opaque value that may be used by a client to maintain state across requests which are part
* of the same authentication transaction.
*
* @param providerIdentifier
* The identifier of the authentication provider that this exception pertains to.
*
* @param queryIdentifier
* The identifier of the specific query parameter within the
* authentication process that this exception pertains to.
*
* @param expires
* The timestamp after which the state token associated with the authentication process expires,
* specified as the number of milliseconds since the UNIX epoch.
*/
public TranslatableGuacamoleInsufficientCredentialsException(String message,
String key, CredentialsInfo credentialsInfo, String state, String providerIdentifier,
String queryIdentifier, long expires) {
super(message, credentialsInfo, state, providerIdentifier, queryIdentifier, expires);
this.translatableMessage = new TranslatableMessage(key);
}
@Override
public TranslatableMessage getTranslatableMessage() {
return translatableMessage;

14
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticationProvider.java
View File

@@ -42,6 +42,20 @@ public abstract class AbstractAuthenticationProvider implements AuthenticationPr
return null;
}
/**
* {@inheritDoc}
*
* <p>This implementation simply returns the provided {@code credentials}
* without performing any updates. Implementations that wish to perform
* credential updates for in-progress authentication requests should
* override this function.
*/
@Override
public Credentials updateCredentials(Credentials credentials)
throws GuacamoleException {
return credentials;
}
/**
* {@inheritDoc}
*

27
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationProvider.java
View File

@@ -62,6 +62,33 @@ public interface AuthenticationProvider {
*/
Object getResource() throws GuacamoleException;
/**
* Given the set of credentials that a user has submitted during
* authentication but has not yet been provided to the
* {@link #authenticateUser(org.apache.guacamole.net.auth.Credentials)} or
* {@link #updateAuthenticatedUser(org.apache.guacamole.net.auth.AuthenticatedUser, org.apache.guacamole.net.auth.Credentials)}
* functions of installed AuthenticationProviders, returns the set of
* credentials that should be used instead. The returned credentials may
* be the original credentials, with or without modifications, or may be an
* entirely new {@link Credentials} object.
*
* @param credentials
* The credentials provided by a user during authentication.
*
* @return
* The set of credentials that should be provided to all
* AuthenticationProviders, including this AuthenticationProvider. This
* set of credentials may optionally be entirely new or may have been
* modified.
*
* @throws GuacamoleException
* If an error occurs while updating the provided credentials.
*/
default Credentials updateCredentials(Credentials credentials)
throws GuacamoleException {
return credentials;
}
/**
* Returns an AuthenticatedUser representing the user authenticated by the
* given credentials, if any.

10
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
View File

@@ -34,16 +34,6 @@ import javax.servlet.http.HttpSession;
*/
public class Credentials implements Serializable {
/**
* The RESUME_QUERY is a query parameter key used to determine which
* authentication provider's process should be resumed during multi-step
* authentication. The auth provider will set this parameter before
* redirecting to an external service, and it is checked upon return to
* Guacamole to ensure the correct authentication state is continued
* without starting over.
*/
public static final String RESUME_QUERY = "provider_id";
/**
* Unique identifier associated with this specific version of Credentials.
*/

6
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/IdentifierGenerator.java
View File

@@ -36,6 +36,12 @@ public class IdentifierGenerator {
*/
private static final SecureRandom secureRandom = new SecureRandom();
/**
* IdentifierGenerator is a utility class that is not intended to be
* separately instantiated.
*/
private IdentifierGenerator() {}
/**
* Generates a unique and unpredictable identifier. Each identifier is at
* least 256-bit and produced using a cryptographically-secure random

143
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/credentials/GuacamoleInsufficientCredentialsException.java
View File

@@ -28,95 +28,6 @@ package org.apache.guacamole.net.auth.credentials;
*/
public class GuacamoleInsufficientCredentialsException extends GuacamoleCredentialsException {
/**
* The default state token to use when no specific state information is provided.
*/
private static final String DEFAULT_STATE = "";
/**
* The default provider identifier to use when no specific provider is identified.
* This serves as a placeholder indicating that either no specific provider is
* responsible for the exception or the responsible provider has not been identified.
*/
private static final String DEFAULT_PROVIDER_IDENTIFIER = "";
/**
* The default query identifier to use when no specific query is identified.
* This serves as a placeholder and indicates that the specific query related to
* the provider's state resume operation has not been provided.
*/
private static final String DEFAULT_QUERY_IDENTIFIER = "";
/**
* The default expiration timestamp to use when no specific expiration is provided,
* effectively indicating that the state token does not expire.
*/
private static final long DEFAULT_EXPIRES = -1L;
/**
* An opaque value that may be used by a client to maintain state across requests
* which are part of the same authentication transaction.
*/
protected final String state;
/**
* The identifier for the authentication provider that threw this exception.
* This is used to link the exception back to the originating source of the
* authentication attempt, allowing clients to determine which provider's
* authentication process should be resumed.
*/
protected final String providerIdentifier;
/**
* An identifier for the specific query within the URL for this provider that can
* be checked to resume the authentication state.
*/
protected final String queryIdentifier;
/**
* The timestamp after which the state token associated with the authentication process
* should no longer be considered valid, expressed as the number of milliseconds since
* UNIX epoch.
*/
protected final long expires;
/**
* Creates a new GuacamoleInsufficientCredentialsException with the specified
* message, the credential information required for authentication, the state
* token associated with the authentication process, and an expiration timestamp.
*
* @param message
* A human-readable description of the exception that occurred.
*
* @param credentialsInfo
* Information describing the form of valid credentials.
*
* @param state
* An opaque value that may be used by a client to maintain state
* across requests which are part of the same authentication transaction.
*
* @param providerIdentifier
* The identifier of the authentication provider that this exception pertains to.
*
* @param queryIdentifier
* The identifier of the specific query parameter within the
* authentication process that this exception pertains to.
*
* @param expires
* The timestamp after which the state token associated with the
* authentication process should no longer be considered valid, expressed
* as the number of milliseconds since UNIX epoch.
*/
public GuacamoleInsufficientCredentialsException(String message,
CredentialsInfo credentialsInfo, String state,
String providerIdentifier, String queryIdentifier, long expires) {
super(message, credentialsInfo);
this.state = state;
this.providerIdentifier = providerIdentifier;
this.queryIdentifier = queryIdentifier;
this.expires = expires;
}
/**
* Creates a new GuacamoleInsufficientCredentialsException with the given
* message, cause, and associated credential information.
@@ -133,10 +44,6 @@ public class GuacamoleInsufficientCredentialsException extends GuacamoleCredenti
public GuacamoleInsufficientCredentialsException(String message, Throwable cause,
CredentialsInfo credentialsInfo) {
super(message, cause, credentialsInfo);
this.state = DEFAULT_STATE;
this.providerIdentifier = DEFAULT_PROVIDER_IDENTIFIER;
this.queryIdentifier = DEFAULT_QUERY_IDENTIFIER;
this.expires = DEFAULT_EXPIRES;
}
/**
@@ -151,10 +58,6 @@ public class GuacamoleInsufficientCredentialsException extends GuacamoleCredenti
*/
public GuacamoleInsufficientCredentialsException(String message, CredentialsInfo credentialsInfo) {
super(message, credentialsInfo);
this.state = DEFAULT_STATE;
this.providerIdentifier = DEFAULT_PROVIDER_IDENTIFIER;
this.queryIdentifier = DEFAULT_QUERY_IDENTIFIER;
this.expires = DEFAULT_EXPIRES;
}
/**
@@ -169,52 +72,6 @@ public class GuacamoleInsufficientCredentialsException extends GuacamoleCredenti
*/
public GuacamoleInsufficientCredentialsException(Throwable cause, CredentialsInfo credentialsInfo) {
super(cause, credentialsInfo);
this.state = DEFAULT_STATE;
this.providerIdentifier = DEFAULT_PROVIDER_IDENTIFIER;
this.queryIdentifier = DEFAULT_QUERY_IDENTIFIER;
this.expires = DEFAULT_EXPIRES;
}
/**
* Retrieves the state token associated with the authentication process.
*
* @return The opaque state token used to maintain consistency across multiple
* requests in the same authentication transaction.
*/
public String getState() {
return state;
}
/**
* Retrieves the identifier of the authentication provider responsible for this exception.
*
* @return The identifier of the authentication provider, allowing clients to know
* which provider's process should be resumed in response to this exception.
*/
public String getProviderIdentifier() {
return providerIdentifier;
}
/**
* Retrieves the specific query identifier associated with the URL for the provider
* that can be checked to resume the authentication state.
*
* @return The query identifier that serves as a reference to a specific point or
* transaction within the provider's authentication process.
*/
public String getQueryIdentifier() {
return queryIdentifier;
}
/**
* Retrieves the expiration timestamp of the state token, specified as the
* number of milliseconds since the UNIX epoch.
*
* @return The expiration timestamp of the state token, or a negative value if
* the token does not expire.
*/
public long getExpires() {
return expires;
}
}