GUACMAOLE-1289: Fixup and debugging.

2025-09-06 05:07:41 +00:00 · 2023-10-06 14:22:27 -04:00
parent cbd7f60f5d
commit 7807bb9c11
2 changed files with 19 additions and 1 deletions
--- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java
@@ -42,6 +42,11 @@ public class DuoAuthenticationProviderModule extends AbstractModule {
     */
    private final AuthenticationProvider authProvider;
    
+    /**
+     * The session manager that stores authentication attempts.
+     */
+    private final DuoAuthenticationSessionManager authSessionManager;
+
    /**
     * Creates a new Duo authentication provider module which configures
     * injection for the DuoAuthenticationProvider.
@@ -62,6 +67,9 @@ public class DuoAuthenticationProviderModule extends AbstractModule {
        // Store associated auth provider
        this.authProvider = authProvider;
        
+        // Create a new session manager
+        this.authSessionManager = new DuoAuthenticationSessionManager();
+
    }

    @Override
@@ -72,9 +80,10 @@ public class DuoAuthenticationProviderModule extends AbstractModule {
        bind(Environment.class).toInstance(environment);

        // Bind Duo-specific services
+        bind(DuoAuthenticationSessionManager.class).toInstance(authSessionManager);
        bind(ConfigurationService.class);
        bind(UserVerificationService.class);
-        bind(DuoAuthenticationSessionManager.class);
+        

    }

--- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
+++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
@@ -37,12 +37,16 @@ import org.apache.guacamole.language.TranslatableMessage;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 /**
 * Service for verifying the identity of a user against Duo.
 */
 public class UserVerificationService {

+    private static final Logger LOGGER = LoggerFactory.getLogger(UserVerificationService.class);
+    
    /**
     * The name of the parameter which Duo will return in it's GET call-back
     * that contains the code that the client will use to generate a token.
@@ -124,6 +128,7 @@ public class UserVerificationService {

            // Get a new session state from the Duo client
            duoState = duoClient.generateState();
+            LOGGER.debug(">>> DUO <<< STATE DEFER: {}", duoState);
            
            // Add this session 
            duoSessionManager.defer(new DuoAuthenticationSession(confService.getAuthTimeout(), duoState, username), duoState);
@@ -143,8 +148,12 @@ public class UserVerificationService {

        }
        
+        LOGGER.debug(">>> DUO <<< STATE RESUME: {}", duoState);
+
        // Retrieve the deferred authenticaiton attempt
        DuoAuthenticationSession duoSession = duoSessionManager.resume(duoState);
+        if (duoSession == null)
+            throw new GuacamoleServerException("Failed to resume Duo authentication session.");
        
        // Get the token from the DuoClient using the code and username, and check status
        Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, duoSession.getUsername());