From d79988d59e1c6fec528fdf7758e6030f3fcb53fb Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 11 Oct 2018 01:35:51 -0700 Subject: [PATCH] GUACAMOLE-96: Do not require TOTP for users that cannot enroll due to lack of permission to update their account. --- .../auth/totp/user/UserVerificationService.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java index 30108e1c6..2414ee872 100644 --- a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java +++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java @@ -29,6 +29,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.GuacamoleUnsupportedException; import org.apache.guacamole.auth.totp.conf.ConfigurationService; import org.apache.guacamole.auth.totp.form.AuthenticationCodeField; @@ -182,6 +183,15 @@ public class UserVerificationService { try { context.getUserDirectory().update(self); } + catch (GuacamoleSecurityException e) { + logger.info("User \"{}\" cannot store their TOTP key as they " + + "lack permission to update their own account. TOTP " + + "will be disabled for this user.", + self.getIdentifier()); + logger.debug("Permission denied to set TOTP key of user " + + "account.", e); + return false; + } catch (GuacamoleUnsupportedException e) { logger.debug("Extension storage for user is explicitly read-only. " + "Cannot update attributes to store TOTP key.", e);