safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-96: Migrate to TOTP-specific field type for authentication code.

Browse Source
This commit is contained in:
Michael Jumper
2017-11-20 12:03:18 -08:00
parent 0844e9d422
commit 8ac8fec478
9 changed files with 259 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
extensions/guacamole-auth-totp/pom.xml
View File

@@ -53,6 +53,85 @@
</configuration>
</plugin>
<!-- Pre-cache Angular templates with maven-angular-plugin -->
<plugin>
<groupId>com.keithbranton.mojo</groupId>
<artifactId>angular-maven-plugin</artifactId>
<version>0.3.2</version>
<executions>
<execution>
<phase>generate-resources</phase>
<goals>
<goal>html2js</goal>
</goals>
</execution>
</executions>
<configuration>
<sourceDir>${basedir}/src/main/resources</sourceDir>
<include>**/*.html</include>
<target>${basedir}/src/main/resources/generated/templates-main/templates.js</target>
<prefix>app/ext/totp</prefix>
</configuration>
</plugin>
<!-- JS/CSS Minification Plugin -->
<plugin>
<groupId>com.samaxes.maven</groupId>
<artifactId>minify-maven-plugin</artifactId>
<version>1.7.5</version>
<executions>
<execution>
<id>default-cli</id>
<configuration>
<charset>UTF-8</charset>
<webappSourceDir>${basedir}/src/main/resources</webappSourceDir>
<webappTargetDir>${project.build.directory}/classes</webappTargetDir>
<cssSourceDir>/</cssSourceDir>
<cssTargetDir>/</cssTargetDir>
<cssFinalFile>totp.css</cssFinalFile>
<cssSourceFiles>
<cssSourceFile>license.txt</cssSourceFile>
</cssSourceFiles>
<cssSourceIncludes>
<cssSourceInclude>**/*.css</cssSourceInclude>
</cssSourceIncludes>
<jsSourceDir>/</jsSourceDir>
<jsTargetDir>/</jsTargetDir>
<jsFinalFile>totp.js</jsFinalFile>
<jsSourceFiles>
<jsSourceFile>license.txt</jsSourceFile>
</jsSourceFiles>
<jsSourceIncludes>
<jsSourceInclude>**/*.js</jsSourceInclude>
</jsSourceIncludes>
<!-- Do not minify and include tests -->
<jsSourceExcludes>
<jsSourceExclude>**/*.test.js</jsSourceExclude>
</jsSourceExcludes>
<jsEngine>CLOSURE</jsEngine>
<!-- Disable warnings for JSDoc annotations -->
<closureWarningLevels>
<misplacedTypeAnnotation>OFF</misplacedTypeAnnotation>
<nonStandardJsDocs>OFF</nonStandardJsDocs>
</closureWarningLevels>
</configuration>
<goals>
<goal>minify</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- Assembly plugin - for easy distribution -->
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
@@ -105,6 +184,7 @@
<excludes>
<exclude>**/*.json</exclude>
<exclude>src/licenses/**/*</exclude>
<exclude>src/main/resources/templates/*.html</exclude>
</excludes>
</configuration>

28
extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java
View File

@@ -28,8 +28,8 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.GuacamoleClientException;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleUnsupportedException;
import org.apache.guacamole.auth.totp.form.AuthenticationCodeField;
import org.apache.guacamole.form.Field;
import org.apache.guacamole.form.TextField;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.User;
@@ -61,26 +61,6 @@ public class UserVerificationService {
*/
private static final String TOTP_KEY_CONFIRMED_ATTRIBUTE_NAME = "guac-totp-key-confirmed";
/**
* The name of the HTTP parameter which will contain the TOTP code provided
* by the user to verify their identity.
*/
private static final String TOTP_PARAMETER_NAME = "guac-totp";
/**
* The field which should be exposed to the user to request that they
* provide their TOTP code.
*/
private static final Field TOTP_FIELD = new TextField(TOTP_PARAMETER_NAME);
/**
* CredentialsInfo object describing the credentials expected for a user
* who has verified their identity with TOTP.
*/
private static final CredentialsInfo TOTP_CREDENTIALS = new CredentialsInfo(
Collections.singletonList(TOTP_FIELD)
);
/**
* BaseEncoding instance which decoded/encodes base32.
*/
@@ -234,14 +214,16 @@ public class UserVerificationService {
HttpServletRequest request = credentials.getRequest();
// Retrieve TOTP from request
String code = request.getParameter(TOTP_PARAMETER_NAME);
String code = request.getParameter(AuthenticationCodeField.PARAMETER_NAME);
// If no TOTP provided, request one
if (code == null) {
// FIXME: Handle key.isConfirmed() for initial prompt
throw new GuacamoleInsufficientCredentialsException(
"LOGIN.INFO_TOTP_REQUIRED", TOTP_CREDENTIALS);
"LOGIN.INFO_TOTP_REQUIRED", new CredentialsInfo(
Collections.<Field>singletonList(new AuthenticationCodeField())
));
}

48
extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/form/AuthenticationCodeField.java Normal file
View File

@@ -0,0 +1,48 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.totp.form;
import org.apache.guacamole.form.Field;
/**
* Field which prompts the user for an authentication code generated via TOTP.
*/
public class AuthenticationCodeField extends Field {
/**
* The name of the HTTP parameter which will contain the TOTP code provided
* by the user to verify their identity.
*/
public static final String PARAMETER_NAME = "guac-totp";
/**
* The unique name associated with this field type.
*/
private static final String FIELD_TYPE_NAME = "GUAC_TOTP_CODE";
/**
* Creates a new field which prompts the user for an authentication code
* generated via TOTP.
*/
public AuthenticationCodeField() {
super(PARAMETER_NAME, FIELD_TYPE_NAME);
}
}

33
extensions/guacamole-auth-totp/src/main/resources/config/totpConfig.js Normal file
View File

@@ -0,0 +1,33 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* Config block which registers TOTP-specific field types.
*/
angular.module('guacTOTP').config(['formServiceProvider',
function guacTOTPConfig(formServiceProvider) {
// Define field for the TOTP code provided by the user
formServiceProvider.registerFieldType('GUAC_TOTP_CODE', {
module : 'guacTOTP',
controller : 'authenticationCodeFieldController',
templateUrl : 'app/ext/totp/templates/authenticationCodeField.html'
});
}]);

29
extensions/guacamole-auth-totp/src/main/resources/controllers/authenticationCodeFieldController.js Normal file
View File

@@ -0,0 +1,29 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* Controller for the "GUAC_TOTP_CODE" field which prompts the user to enter
* the code generated by their authentication device.
*/
angular.module('guacTOTP').controller('authenticationCodeFieldController', ['$scope', '$element',
function authenticationCodeFieldController($scope, $element) {
// STUB
}]);

14
extensions/guacamole-auth-totp/src/main/resources/guac-manifest.json
View File

@@ -11,6 +11,18 @@
"translations" : [
"translations/en.json"
]
],
"js" : [
"totp.min.js"
],
"css" : [
"totp.min.css"
],
"resources" : {
"templates/authenticationCodeField.html" : "text/html"
}
}

20
extensions/guacamole-auth-totp/src/main/resources/styles/totp.css Normal file
View File

@@ -0,0 +1,20 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/* STUB */

3
extensions/guacamole-auth-totp/src/main/resources/templates/authenticationCodeField.html Normal file
View File

@@ -0,0 +1,3 @@
<div class="totp-code-field">
<input type="text" ng-model="model" autocorrect="off" autocapitalize="off"/>
</div>

28
extensions/guacamole-auth-totp/src/main/resources/totpModule.js Normal file
View File

@@ -0,0 +1,28 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* Module which provides handling for TOTP multi-factor authentication.
*/
angular.module('guacTOTP', [
'form'
]);
// Ensure the guacTOTP module is loaded along with the rest of the app
angular.module('index').requires.push('guacTOTP');