From b410b99d49c4fd259c3af60a336808a59fec7ba5 Mon Sep 17 00:00:00 2001
From: Nick Couchman <vnick@apache.org>
Date: Sat, 30 Sep 2017 20:55:44 -0400
Subject: [PATCH] GUACAMOLE-362: Refactor ticket validation handling of
 credentials.

---
 .../auth/cas/AuthenticationProviderService.java  | 16 +++++-----------
 .../auth/cas/ticket/TicketValidationService.java | 15 +++++++--------
 2 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
index 325268e5c..a9b3230cc 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
@@ -87,18 +87,12 @@ public class AuthenticationProviderService {
         if (request != null) {
             String ticket = request.getParameter(CASTicketField.PARAMETER_NAME);
             if (ticket != null) {
-                Credentials ticketCredentials = ticketService.validateTicket(ticket);
-                if (ticketCredentials != null) {
-                    String username = ticketCredentials.getUsername();
-                    if (username != null)
-                        credentials.setUsername(username);
-                    String password = ticketCredentials.getPassword();
-                    if (password != null)
-                        credentials.setPassword(password);
+                String username = ticketService.validateTicket(ticket, credentials);
+                if (username != null) {
+                    AuthenticatedUser authenticatedUser = authenticatedUserProvider.get();
+                    authenticatedUser.init(username, credentials);
+                    return authenticatedUser;
                 }
-                AuthenticatedUser authenticatedUser = authenticatedUserProvider.get();
-                authenticatedUser.init(credentials.getUsername(), credentials);
-                return authenticatedUser;
             }
         }
 
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
index 0162801b1..de389643b 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
@@ -57,21 +57,21 @@ public class TicketValidationService {
     private ConfigurationService confService;
 
     /**
-     * Validates and parses the given ID ticket, returning the Credentials object
-     * derived from the parameters provided by the CAS server in the ticket.  If the
+     * Validates and parses the given ID ticket, returning the username
+     * provided by the CAS server in the ticket.  If the
      * ticket is invalid an exception is thrown.
      *
      * @param ticket
      *     The ID ticket to validate and parse.
      *
      * @return
-     *     The Credentials object derived from parameters provided in the ticket.
+     *     The username derived from the ticket.
      *
      * @throws GuacamoleException
      *     If the ID ticket is not valid or guacamole.properties could
      *     not be parsed.
      */
-    public Credentials validateTicket(String ticket) throws GuacamoleException {
+    public String validateTicket(String ticket, Credentials credentials) throws GuacamoleException {
 
         // Retrieve the configured CAS URL, establish a ticket validator,
         // and then attempt to validate the supplied ticket.  If that succeeds,
@@ -80,7 +80,6 @@ public class TicketValidationService {
         Cas20ProxyTicketValidator validator = new Cas20ProxyTicketValidator(casServerUrl);
         validator.setAcceptAnyProxy(true);
         try {
-            Credentials ticketCredentials = new Credentials();
             String confRedirectURI = confService.getRedirectURI();
             Assertion a = validator.validate(ticket, confRedirectURI);
             AttributePrincipal principal =  a.getPrincipal();
@@ -88,17 +87,17 @@ public class TicketValidationService {
             // Retrieve username and set the credentials.
             String username = principal.getName();
             if (username != null)
-                ticketCredentials.setUsername(username);
+                credentials.setUsername(username);
 
             // Retrieve password, attempt decryption, and set credentials.
             Object credObj = principal.getAttributes().get("credential");
             if (credObj != null) {
                 String clearPass = decryptPassword(credObj.toString());
                 if (clearPass != null && !clearPass.isEmpty())
-                    ticketCredentials.setPassword(clearPass);
+                    credentials.setPassword(clearPass);
             }
 
-            return ticketCredentials;
+            return username;
 
         } 
         catch (TicketValidationException e) {