GUACAMOLE-1656: Simplify auto-refresh behavior in JDBC auth provider.

2025-09-06 21:27:40 +00:00 · 2022-08-08 21:38:45 +00:00
parent 3790d76fc9
commit dfc7e6dd90
2 changed files with 8 additions and 49 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
@@ -89,31 +89,9 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider

    }

-    /**
-     * Gets a user context for the given authentication provider and user. If
-     * forceRefresh is set to true, the user record will be re-fetched even if
-     * it has already been loaded from the database. If not, the existing
-     * user will be used.
-     *
-     * @param authenticationProvider
-     *     The authentication provider to use when loading or refreshing the user.
-     *
-     * @param authenticatedUser
-     *     The user for which the user context is being fetched.
-     *
-     * @param forceRefresh
-     *     A flag that, when set to true, will force the authenticated user to
-     *     refreshed from the database. If false, an existing DB user will be
-     *     reused.
-     *
-     * @return
-     *     The fetched user context.
-     *
-     * @throws GuacamoleException
-     *     If an error occurs while fetching or refreshing the user context.
-     */
-    private ModeledUserContext getUserContext(AuthenticationProvider authenticationProvider,
-            AuthenticatedUser authenticatedUser, boolean forceRefresh) throws GuacamoleException {
+    @Override
+    public ModeledUserContext getUserContext(AuthenticationProvider authenticationProvider,
+            AuthenticatedUser authenticatedUser) throws GuacamoleException {

        // Always allow but provide no data for users authenticated via our own
        // connection sharing links
@@ -124,9 +102,8 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
        boolean databaseCredentialsUsed = (authenticatedUser instanceof ModeledAuthenticatedUser);
        boolean databaseRestrictionsApplicable = (databaseCredentialsUsed || environment.isUserRequired());

-        // Retrieve user account for already-authenticated user, forcing a refresh if requested
-        ModeledUser user = userService.retrieveUser(
-                authenticationProvider, authenticatedUser, forceRefresh);
+        // Retrieve user account for already-authenticated user
+        ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser);
        ModeledUserContext context = userContextProvider.get();
        if (user != null && !user.isDisabled()) {

@@ -182,21 +159,13 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider

    }

-    @Override
-    public ModeledUserContext getUserContext(AuthenticationProvider authenticationProvider,
-            AuthenticatedUser authenticatedUser) throws GuacamoleException {
-
-        // Do not force refresh unless updateUserContext is explicitly called
-        return getUserContext(authenticationProvider, authenticatedUser, false);
-    }
-
    @Override
    public UserContext updateUserContext(AuthenticationProvider authenticationProvider,
            UserContext context, AuthenticatedUser authenticatedUser,
            Credentials credentials) throws GuacamoleException {

-        // Force-refresh the user context
-        return getUserContext(authenticationProvider, authenticatedUser, true);
+        // Refresh the user context
+        return getUserContext(authenticationProvider, authenticatedUser);

    }

--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
@@ -404,11 +404,6 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
     * @param authenticatedUser
     *     The AuthenticatedUser to retrieve the corresponding ModeledUser of.
     *
-     * @param forceRefresh
-     *     Whether the user should be force-refreshed: i.e. re-queried from the
-     *     database. If false, and the user has already been queried, it will
-     *     be returned as-is.
-     *
     * @return
     *     The ModeledUser which corresponds to the given AuthenticatedUser, or
     *     null if no such user exists.
@@ -418,12 +413,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
     *     AuthenticatedUser cannot be created.
     */
    public ModeledUser retrieveUser(AuthenticationProvider authenticationProvider,
-            AuthenticatedUser authenticatedUser, boolean forceRefresh) throws GuacamoleException {
-
-        // If refresh is not being forced, and we already queried this user,
-        // return that rather than querying again
-        if (!forceRefresh && (authenticatedUser instanceof ModeledAuthenticatedUser))
-            return ((ModeledAuthenticatedUser) authenticatedUser).getUser();
+            AuthenticatedUser authenticatedUser) throws GuacamoleException {

        // Retrieve corresponding user model, if such a user exists
        UserModel userModel = userMapper.selectOne(authenticatedUser.getIdentifier());