From bf53b5515dd64f7d8779a21fd8f4a2f9761a42f5 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 23 Oct 2015 15:22:31 -0700
Subject: [PATCH] GUAC-1115: Move DN derivation into UserService.

---
 .../ldap/AuthenticationProviderService.java   | 28 +++++----------
 .../guacamole/auth/ldap/user/UserService.java | 36 +++++++++++++++++++
 2 files changed, 44 insertions(+), 20 deletions(-)

diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/AuthenticationProviderService.java
index cde57227e..a9098fbfe 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/AuthenticationProviderService.java
@@ -27,10 +27,10 @@ import com.google.inject.Provider;
 import com.novell.ldap.LDAPConnection;
 import com.novell.ldap.LDAPException;
 import java.io.UnsupportedEncodingException;
-import java.util.List;
 import org.glyptodon.guacamole.auth.ldap.user.AuthenticatedUser;
 import org.glyptodon.guacamole.auth.ldap.user.UserContext;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.ldap.user.UserService;
 import org.glyptodon.guacamole.net.auth.Credentials;
 import org.glyptodon.guacamole.net.auth.credentials.CredentialsInfo;
 import org.glyptodon.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
@@ -50,18 +50,18 @@ public class AuthenticationProviderService {
      */
     private final Logger logger = LoggerFactory.getLogger(AuthenticationProviderService.class);
 
-    /**
-     * Service for escaping parts of LDAP queries.
-     */
-    @Inject
-    private EscapingService escapingService;
-
     /**
      * Service for retrieving LDAP server configuration information.
      */
     @Inject
     private ConfigurationService confService;
 
+    /**
+     * Service for retrieving users and their corresponding LDAP DNs.
+     */
+    @Inject
+    private UserService userService;
+
     /**
      * Provider for AuthenticatedUser objects.
      */
@@ -93,20 +93,8 @@ public class AuthenticationProviderService {
     private String getUserBindDN(String username)
             throws GuacamoleException {
 
-        // Pull username attributes from properties
-        List<String> usernameAttributes = confService.getUsernameAttributes();
-
-        // We need exactly one base DN to derive the user DN
-        if (usernameAttributes.size() != 1) {
-            logger.warn("Cannot directly derive user DN when multiple username attributes are specified");
-            return null;
-        }
-
         // Derive user DN from base DN
-        return
-                    escapingService.escapeDN(usernameAttributes.get(0))
-            + "=" + escapingService.escapeDN(username)
-            + "," + confService.getUserBaseDN();
+        return userService.deriveUserDN(username);
 
     }
 
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/user/UserService.java b/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/user/UserService.java
index a7af395ef..0f01bde36 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/user/UserService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/user/UserService.java
@@ -269,4 +269,40 @@ public class UserService {
 
     }
 
+    /**
+     * Determines the DN which corresponds to the user having the given
+     * username. The DN will either be derived directly from the user base DN,
+     * or queried from the LDAP server, depending on how LDAP authentication
+     * has been configured.
+     *
+     * @param username
+     *     The username of the user whose corresponding DN should be returned.
+     *
+     * @return
+     *     The DN which corresponds to the user having the given username.
+     *
+     * @throws GuacamoleException
+     *     If required properties are missing, and thus the user DN cannot be
+     *     determined.
+     */
+    public String deriveUserDN(String username)
+            throws GuacamoleException {
+
+        // Pull username attributes from properties
+        List<String> usernameAttributes = confService.getUsernameAttributes();
+
+        // We need exactly one base DN to derive the user DN
+        if (usernameAttributes.size() != 1) {
+            logger.warn("Cannot directly derive user DN when multiple username attributes are specified");
+            return null;
+        }
+
+        // Derive user DN from base DN
+        return
+                    escapingService.escapeDN(usernameAttributes.get(0))
+            + "=" + escapingService.escapeDN(username)
+            + "," + confService.getUserBaseDN();
+
+    }
+
 }