From c7cb40d8f136a3f169b53bbed9656a317e8c36ce Mon Sep 17 00:00:00 2001
From: Virtually Nick <vnick@apache.org>
Date: Fri, 3 Apr 2020 23:17:43 -0400
Subject: [PATCH] GUACAMOLE-770: Avoid letting attribute be manually set and
 reset confirmation along with secret.

---
 .../java/org/apache/guacamole/auth/totp/user/TOTPUser.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/TOTPUser.java b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/TOTPUser.java
index e21064c06..d50e3a68c 100644
--- a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/TOTPUser.java
+++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/TOTPUser.java
@@ -108,12 +108,17 @@ public class TOTPUser extends DelegatingUser {
         // Create independent, mutable copy of attributes
         attributes = new HashMap<>(attributes);
         
+        // Do not expose any TOTP secret attribute outside this extension
+        attributes.remove(TOTP_KEY_SECRET_ATTRIBUTE_NAME);
+        
         // Pull off the boolean reset field
         String reset = attributes.remove(TOTP_KEY_SECRET_RESET_FIELD);
         
         // If reset has been set to true, clear the secret.
-        if (reset != null && reset.equals("true"))
+        if (reset != null && reset.equals("true")) {
             attributes.put(TOTP_KEY_SECRET_ATTRIBUTE_NAME, null);
+            attributes.put(TOTP_KEY_CONFIRMED_ATTRIBUTE_NAME, null);
+        }
 
         super.setAttributes(attributes);