From c20457f89b6d0658bbb684264e06d71fb608817f Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Mon, 29 May 2017 19:03:42 -0700
Subject: [PATCH] GUACAMOLE-393: Add session invalidation hooks to
 AuthenticatedUser.

---
 .../guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java  | 5 +++++
 .../guacamole/net/auth/AbstractAuthenticatedUser.java      | 5 +++++
 .../org/apache/guacamole/net/auth/AuthenticatedUser.java   | 7 +++++++
 .../main/java/org/apache/guacamole/GuacamoleSession.java   | 3 +++
 4 files changed, 20 insertions(+)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
index a3848f427..24118af45 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
@@ -136,4 +136,9 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
         return authenticationProvider;
     }
 
+    @Override
+    public void invalidate() {
+        // Nothing to invalidate
+    }
+
 }
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java
index 730eec004..08b9b4e56 100644
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java
@@ -29,4 +29,9 @@ public abstract class AbstractAuthenticatedUser extends AbstractIdentifiable
 
     // Prior functionality now resides within AbstractIdentifiable
 
+    @Override
+    public void invalidate() {
+        // Nothing to invalidate
+    }
+
 }
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java
index 7f363f28d..f6ceb3abe 100644
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java
@@ -49,4 +49,11 @@ public interface AuthenticatedUser extends Identifiable {
      */
     Credentials getCredentials();
 
+    /**
+     * Invalidates this authenticated user and their associated token such that
+     * they are no longer logged in. This function will be automatically
+     * invoked when the user logs out, or when their session expires.
+     */
+    void invalidate();
+
 }
diff --git a/guacamole/src/main/java/org/apache/guacamole/GuacamoleSession.java b/guacamole/src/main/java/org/apache/guacamole/GuacamoleSession.java
index de8145380..17168afa7 100644
--- a/guacamole/src/main/java/org/apache/guacamole/GuacamoleSession.java
+++ b/guacamole/src/main/java/org/apache/guacamole/GuacamoleSession.java
@@ -252,6 +252,9 @@ public class GuacamoleSession {
             }
         }
 
+        // Invalidate the authenticated user object
+        authenticatedUser.invalidate();
+
     }
     
 }