From 82553265121ff4df4f52b1eb71f850893b7a22b2 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Mon, 30 Jan 2023 16:29:04 -0800
Subject: [PATCH] GUACAMOLE-839: Move SSL/TLS client auth logic to separate
 service.

---
 .../main/resources/directives/guacSslAuth.js  | 21 +------
 .../resources/services/clientAuthService.js   | 58 +++++++++++++++++++
 2 files changed, 60 insertions(+), 19 deletions(-)
 create mode 100644 extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/resources/services/clientAuthService.js

diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/resources/directives/guacSslAuth.js b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/resources/directives/guacSslAuth.js
index 82e5c8b6d..49347127a 100644
--- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/resources/directives/guacSslAuth.js
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/resources/directives/guacSslAuth.js
@@ -24,8 +24,7 @@
 angular.module('element').directive('guacSslAuth', ['$injector', function guacSslAuth($injector) {
 
     // Required services
-    var requestService        = $injector.get('requestService');
-    var authenticationService = $injector.get('authenticationService');
+    var clientAuthService = $injector.get('clientAuthService');
 
     var directive = {
         restrict: 'A'
@@ -42,23 +41,7 @@ angular.module('element').directive('guacSslAuth', ['$injector', function guacSs
 
         // Attempt SSL/TLS client authentication upon click
         element.addEventListener('click', function elementClicked() {
-
-            // Transform SSL/TLS identity into an opaque "state" value and
-            // attempt authentication using that value
-            authenticationService.authenticate(
-                requestService({
-                    method: 'GET',
-                    headers : {
-                        'Cache-Control' : undefined, // Avoid sending headers that would result in a pre-flight OPTIONS request for CORS
-                        'Pragma'        : undefined
-                    },
-                    url: 'api/ext/ssl/identity'
-                })
-                .then(function identityRetrieved(data) {
-                    return { 'state' : data.state || '' };
-                })
-            )['catch'](requestService.IGNORE);
-
+            clientAuthService.authenticate();
         });
 
     };
diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/resources/services/clientAuthService.js b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/resources/services/clientAuthService.js
new file mode 100644
index 000000000..3bf9d9e86
--- /dev/null
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/resources/services/clientAuthService.js
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Service for authenticating a user using SSL/TLS client authentication.
+ */
+angular.module('guacSsoSsl').factory('clientAuthService', ['$injector',
+    function clientAuthServiceProvider($injector) {
+
+    // Required services
+    var requestService        = $injector.get('requestService');
+    var authenticationService = $injector.get('authenticationService');
+
+    var service = {};
+
+    /**
+     * Attempt to authenticate using a unique token obtained through SSL/TLS
+     * client authentication.
+     */
+    service.authenticate = function authenticate() {
+
+        // Transform SSL/TLS identity into an opaque "state" value and
+        // attempt authentication using that value
+        authenticationService.authenticate(
+            requestService({
+                method: 'GET',
+                headers : {
+                    'Cache-Control' : undefined, // Avoid sending headers that would result in a pre-flight OPTIONS request for CORS
+                    'Pragma'        : undefined
+                },
+                url: 'api/ext/ssl/identity'
+            })
+            .then(function identityRetrieved(data) {
+                return { 'state' : data.state || '' };
+            })
+        )['catch'](requestService.IGNORE);
+
+    };
+
+    return service;
+
+}]);