From 8dd5537cf30f9b9a57e637dae53c47c237416064 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Mon, 20 Nov 2017 01:05:42 -0800 Subject: [PATCH] GUACAMOLE-96: Pull TOTP key from user attribute. --- .../guacamole/auth/totp/UserVerificationService.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java index 7cffffe09..cb737307f 100644 --- a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java +++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java @@ -22,6 +22,7 @@ package org.apache.guacamole.auth.totp; import com.google.common.io.BaseEncoding; import java.security.InvalidKeyException; import java.util.Collections; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleException; @@ -46,6 +47,11 @@ public class UserVerificationService { */ private final Logger logger = LoggerFactory.getLogger(UserVerificationService.class); + /** + * The name of the user attribute which stores the TOTP key. + */ + private static final String TOTP_KEY_ATTRIBUTE_NAME = "guac-totp-key"; + /** * The name of the HTTP parameter which will contain the TOTP code provided * by the user to verify their identity. @@ -84,10 +90,8 @@ public class UserVerificationService { * UserContext, or null if no TOTP key is associated with the user. */ public String getKey(UserContext context){ - - // FIXME: Hard-coded key - return "JBSWY3DPEHPK3PXP"; - + Map attributes = context.self().getAttributes(); + return attributes.get(TOTP_KEY_ATTRIBUTE_NAME); } /**