GUAC-800: Add support for disabling user accounts.

2025-09-06 13:17:41 +00:00 · 2015-05-26 12:42:57 -07:00
parent b64c4f3b94
commit c8c12663b3
13 changed files with 162 additions and 16 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
@@ -23,7 +23,10 @@
 package org.glyptodon.guacamole.auth.jdbc.user;

 import com.google.inject.Inject;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.Map;
 import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObject;
 import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
@@ -34,6 +37,7 @@ import org.glyptodon.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermis
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionService;
+import org.glyptodon.guacamole.form.Field;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
@@ -47,6 +51,24 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
 */
 public class ModeledUser extends ModeledDirectoryObject<UserModel> implements User {

+    /**
+     * The name of the attribute which controls whether a user account is
+     * disabled.
+     */
+    public static final String DISABLED_ATTRIBUTE_NAME = "disabled";
+
+    /**
+     * A typed field corresponding to the disabled attribute of a user.
+     */
+    public static final Field DISABLED_ATTRIBUTE = new Field(DISABLED_ATTRIBUTE_NAME, "Disabled", "true");
+
+    /**
+     * All possible attributes of user objects.
+     */
+    public static final Collection<Field> ATTRIBUTES = Collections.unmodifiableCollection(Arrays.asList(
+        DISABLED_ATTRIBUTE
+    ));
+
    /**
     * Service for hashing passwords.
     */
@@ -183,12 +205,21 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us

    @Override
    public Map<String, String> getAttributes() {
-        return Collections.<String, String>emptyMap();
+
+        Map<String, String> attributes = new HashMap<String, String>();
+
+        // Set disabled attribute
+        attributes.put("disabled", getModel().isDisabled() ? "true" : null);
+
+        return attributes;
    }

    @Override
    public void setAttributes(Map<String, String> attributes) {
-        // Drop all attributes - none currently supported
+
+        // Translate disabled attribute
+        getModel().setDisabled("true".equals(attributes.get("disabled")));
+
    }

 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java
@@ -135,7 +135,7 @@ public class UserContext extends RestrictedObject

    @Override
    public Collection<Field> getUserAttributes() {
-        return Collections.<Field>emptyList();
+        return ModeledUser.ATTRIBUTES;
    }

    @Override
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
@@ -67,7 +67,7 @@ public class UserContextService  {

        // Authenticate user
        ModeledUser user = userService.retrieveUser(credentials);
-        if (user != null) {
+        if (user != null && !user.getModel().isDisabled()) {

            // Upon successful authentication, return new user context
            UserContext context = userContextProvider.get();
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
@@ -42,6 +42,12 @@ public class UserModel extends ObjectModel {
     */
    private byte[] passwordSalt;

+    /**
+     * Whether the user account is disabled. Disabled accounts exist and can
+     * be modified, but cannot be used.
+     */
+    private boolean disabled;
+
    /**
     * Creates a new, empty user.
     */
@@ -97,4 +103,28 @@ public class UserModel extends ObjectModel {
        this.passwordSalt = passwordSalt;
    }

+    /**
+     * Returns whether the user has been disabled. Disabled users are not
+     * allowed to login. Although their account data exists, all login attempts
+     * will fail as if the account does not exist.
+     *
+     * @return
+     *     true if the account is disabled, false otherwise.
+     */
+    public boolean isDisabled() {
+        return disabled;
+    }
+
+    /**
+     * Sets whether the user is disabled. Disabled users are not allowed to
+     * login. Although their account data exists, all login attempts will fail
+     * as if the account does not exist.
+     *
+     * @param disabled
+     *     true if the account should be disabled, false otherwise.
+     */
+    public void setDisabled(boolean disabled) {
+        this.disabled = disabled;
+    }
+
 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en_US.json
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en_US.json
@@ -0,0 +1,5 @@
+{
+    "USER_ATTRIBUTES" : {
+        "FIELD_HEADER_DISABLED" : "Disabled:"
+    }
+}