GUAC-800: Add support for disabling user accounts.

2025-09-06 13:17:41 +00:00 · 2015-05-26 12:42:57 -07:00
parent b64c4f3b94
commit c8c12663b3
13 changed files with 162 additions and 16 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
@@ -117,6 +117,7 @@ CREATE TABLE guacamole_user (
  username      varchar(128) NOT NULL,
  password_hash bytea        NOT NULL,
  password_salt bytea,
+  disabled      boolean      NOT NULL DEFAULT FALSE,

  PRIMARY KEY (user_id),

--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.7.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.7.sql
@@ -0,0 +1,28 @@
+--
+-- Copyright (C) 2015 Glyptodon LLC
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a copy
+-- of this software and associated documentation files (the "Software"), to deal
+-- in the Software without restriction, including without limitation the rights
+-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+-- copies of the Software, and to permit persons to whom the Software is
+-- furnished to do so, subject to the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included in
+-- all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+-- THE SOFTWARE.
+--
+
+--
+-- Add per-user disable flag
+--
+
+ALTER TABLE guacamole_user ADD COLUMN disabled boolean NOT NULL DEFAULT FALSE;
+
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/guac-manifest.json
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/guac-manifest.json
@@ -7,6 +7,10 @@

    "authProviders" : [
        "org.glyptodon.guacamole.auth.postgresql.PostgreSQLAuthenticationProvider"
+    ],
+
+    "translations" : [
+        "translations/en_US.json"
    ]

 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
@@ -32,6 +32,7 @@
        <result column="username"      property="identifier"   jdbcType="VARCHAR"/>
        <result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
        <result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
+        <result column="disabled"      property="disabled"     jdbcType="BOOLEAN"/>
    </resultMap>

    <!-- Select all usernames -->
@@ -57,7 +58,8 @@
            user_id,
            username,
            password_hash,
-            password_salt
+            password_salt,
+            disabled
        FROM guacamole_user
        WHERE username IN
            <foreach collection="identifiers" item="identifier"
@@ -74,7 +76,8 @@
            guacamole_user.user_id,
            username,
            password_hash,
-            password_salt
+            password_salt,
+            disabled
        FROM guacamole_user
        JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
        WHERE username IN
@@ -94,7 +97,8 @@
            user_id,
            username,
            password_hash,
-            password_salt
+            password_salt,
+            disabled
        FROM guacamole_user
        WHERE
            username = #{username,jdbcType=VARCHAR}
@@ -114,12 +118,14 @@
        INSERT INTO guacamole_user (
            username,
            password_hash,
-            password_salt
+            password_salt,
+            disabled
        )
        VALUES (
            #{object.identifier,jdbcType=VARCHAR},
            #{object.passwordHash,jdbcType=BINARY},
-            #{object.passwordSalt,jdbcType=BINARY}
+            #{object.passwordSalt,jdbcType=BINARY},
+            #{object.disabled,jdbcType=BOOLEAN}
        )

    </insert>
@@ -128,7 +134,8 @@
    <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.user.UserModel">
        UPDATE guacamole_user
        SET password_hash = #{object.passwordHash,jdbcType=BINARY},
-            password_salt = #{object.passwordSalt,jdbcType=BINARY}
+            password_salt = #{object.passwordSalt,jdbcType=BINARY},
+            disabled = #{object.disabled,jdbcType=BOOLEAN}
        WHERE user_id = #{object.objectID,jdbcType=VARCHAR}
    </update>