From 85100bcf0c5ec4ed536b6d4ea7876ae97bca4431 Mon Sep 17 00:00:00 2001 From: Alex Leitner Date: Thu, 4 Apr 2024 01:32:48 +0000 Subject: [PATCH] GUACAMOLE-1289: Clean up formatting issues. --- .../auth/duo/UserVerificationService.java | 108 +++++++++--------- .../auth/duo/conf/ConfigurationService.java | 14 +-- .../guacamole/auth/json/user/UserData.java | 2 +- ...amoleInsufficientCredentialsException.java | 70 ++++++------ .../rest/auth/AuthenticationService.java | 26 ++--- 5 files changed, 110 insertions(+), 110 deletions(-) diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java index efd8a43572..295ee3ca1a 100644 --- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java +++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java @@ -102,60 +102,60 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser) try { - String redirectUrl = confService.getRedirectUrl().toString(); - - String builtUrl = UriComponentsBuilder - .fromUriString(redirectUrl) - .queryParam(Credentials.RESUME_QUERY, DuoAuthenticationProvider.PROVIDER_IDENTIFER) - .build() - .toUriString(); - - // Set up the Duo Client - Client duoClient = new Client.Builder( - confService.getClientId(), - confService.getClientSecret(), - confService.getAPIHostname(), - builtUrl) - .build(); - - duoClient.healthCheck(); - - // Retrieve signed Duo Code and State from the request - String duoCode = request.getParameter(DUO_CODE_PARAMETER_NAME); - String duoState = request.getParameter(DUO_STATE_PARAMETER_NAME); - - // If no code or state is received, assume Duo MFA redirect has not occured and do it. - if (duoCode == null || duoState == null) { - - // Get a new session state from the Duo client - duoState = duoClient.generateState(); - long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthTimeout() * 1000L); - - // Request additional credentials - throw new TranslatableGuacamoleInsufficientCredentialsException( - "Verification using Duo is required before authentication " - + "can continue.", "LOGIN.INFO_DUO_AUTH_REQUIRED", - new CredentialsInfo(Collections.singletonList( - new RedirectField( - DUO_CODE_PARAMETER_NAME, - new URI(duoClient.createAuthUrl(username, duoState)), - new TranslatableMessage("LOGIN.INFO_DUO_REDIRECT_PENDING") - ) - )), - duoState, DuoAuthenticationProvider.PROVIDER_IDENTIFER, - DUO_STATE_PARAMETER_NAME, expirationTimestamp - ); - - } - - // Get the token from the DuoClient using the code and username, and check status - Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, username); - if (token == null - || token.getAuth_result() == null - || !DUO_TOKEN_SUCCESS_VALUE.equals(token.getAuth_result().getStatus())) - throw new TranslatableGuacamoleClientException("Provided Duo " - + "validation code is incorrect.", - "LOGIN.INFO_DUO_VALIDATION_CODE_INCORRECT"); + String redirectUrl = confService.getRedirectUrl().toString(); + + String builtUrl = UriComponentsBuilder + .fromUriString(redirectUrl) + .queryParam(Credentials.RESUME_QUERY, DuoAuthenticationProvider.PROVIDER_IDENTIFER) + .build() + .toUriString(); + + // Set up the Duo Client + Client duoClient = new Client.Builder( + confService.getClientId(), + confService.getClientSecret(), + confService.getAPIHostname(), + builtUrl) + .build(); + + duoClient.healthCheck(); + + // Retrieve signed Duo Code and State from the request + String duoCode = request.getParameter(DUO_CODE_PARAMETER_NAME); + String duoState = request.getParameter(DUO_STATE_PARAMETER_NAME); + + // If no code or state is received, assume Duo MFA redirect has not occured and do it + if (duoCode == null || duoState == null) { + + // Get a new session state from the Duo client + duoState = duoClient.generateState(); + long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthTimeout() * 1000L); + + // Request additional credentials + throw new TranslatableGuacamoleInsufficientCredentialsException( + "Verification using Duo is required before authentication " + + "can continue.", "LOGIN.INFO_DUO_AUTH_REQUIRED", + new CredentialsInfo(Collections.singletonList( + new RedirectField( + DUO_CODE_PARAMETER_NAME, + new URI(duoClient.createAuthUrl(username, duoState)), + new TranslatableMessage("LOGIN.INFO_DUO_REDIRECT_PENDING") + ) + )), + duoState, DuoAuthenticationProvider.PROVIDER_IDENTIFER, + DUO_STATE_PARAMETER_NAME, expirationTimestamp + ); + + } + + // Get the token from the DuoClient using the code and username, and check status + Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, username); + if (token == null + || token.getAuth_result() == null + || !DUO_TOKEN_SUCCESS_VALUE.equals(token.getAuth_result().getStatus())) + throw new TranslatableGuacamoleClientException("Provided Duo " + + "validation code is incorrect.", + "LOGIN.INFO_DUO_VALIDATION_CODE_INCORRECT"); } catch (DuoException e) { throw new GuacamoleServerException("Duo Client error.", e); diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/conf/ConfigurationService.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/conf/ConfigurationService.java index 212b4a6182..37b86222fa 100644 --- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/conf/ConfigurationService.java +++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/conf/ConfigurationService.java @@ -55,8 +55,8 @@ public class ConfigurationService { }; /** - * The property within guacamole.properties which defines the integration - * key received from Duo for verifying Guacamole users. This value MUST be + * The property within guacamole.properties which defines the client id + * received from Duo for verifying Guacamole users. This value MUST be * exactly 20 characters. */ private static final StringGuacamoleProperty DUO_CLIENT_ID = @@ -79,7 +79,7 @@ public class ConfigurationService { public String getName() { return "duo-client-secret"; } }; - + /** * The property within guacamole.properties which defines the redirect URL * that Duo will call after the second factor has been completed. This @@ -87,7 +87,7 @@ public class ConfigurationService { */ private static final URIGuacamoleProperty DUO_REDIRECT_URL = new URIGuacamoleProperty() { - + @Override public String getName() { return "duo-redirect-url"; } @@ -140,8 +140,8 @@ public String getClientId() throws GuacamoleException { } /** - * Returns the client secert received from Duo for verifying Guacamole users, - * as defined in guacamole.properties by the "duo-client-secert" property. + * Returns the client secret received from Duo for verifying Guacamole users, + * as defined in guacamole.properties by the "duo-client-secret" property. * This value MUST be exactly 20 characters. * * @return @@ -153,7 +153,7 @@ public String getClientId() throws GuacamoleException { public String getClientSecret() throws GuacamoleException { return environment.getRequiredProperty(DUO_CLIENT_SECRET); } - + /** * Return the callback URL that will be called by Duo after authentication * with Duo has been completed. This should be the URL to return the user diff --git a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserData.java b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserData.java index 2e3048f0fa..ea9644c9d3 100644 --- a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserData.java +++ b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserData.java @@ -379,7 +379,7 @@ public boolean isExpired() { return false; // Otherwise, compare expiration timestamp against system time - return System.currentTimeMillis() > expirationTimestamp; + return System.currentTimeMillis() >= expirationTimestamp; } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/credentials/GuacamoleInsufficientCredentialsException.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/credentials/GuacamoleInsufficientCredentialsException.java index def5350b6e..8c76694743 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/credentials/GuacamoleInsufficientCredentialsException.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/credentials/GuacamoleInsufficientCredentialsException.java @@ -28,36 +28,36 @@ */ public class GuacamoleInsufficientCredentialsException extends GuacamoleCredentialsException { -/** - * The default state token to use when no specific state information is provided. - */ -private static final String DEFAULT_STATE = ""; + /** + * The default state token to use when no specific state information is provided. + */ + private static final String DEFAULT_STATE = ""; -/** - * The default provider identifier to use when no specific provider is identified. - * This serves as a placeholder indicating that either no specific provider is - * responsible for the exception or the responsible provider has not been identified. - */ -private static final String DEFAULT_PROVIDER_IDENTIFIER = ""; + /** + * The default provider identifier to use when no specific provider is identified. + * This serves as a placeholder indicating that either no specific provider is + * responsible for the exception or the responsible provider has not been identified. + */ + private static final String DEFAULT_PROVIDER_IDENTIFIER = ""; -/** - * The default query identifier to use when no specific query is identified. - * This serves as a placeholder and indicates that the specific query related to - * the provider's state resume operation has not been provided. - */ -private static final String DEFAULT_QUERY_IDENTIFIER = ""; + /** + * The default query identifier to use when no specific query is identified. + * This serves as a placeholder and indicates that the specific query related to + * the provider's state resume operation has not been provided. + */ + private static final String DEFAULT_QUERY_IDENTIFIER = ""; -/** - * The default expiration timestamp to use when no specific expiration is provided, - * effectively indicating that the state token does not expire. - */ -private static final long DEFAULT_EXPIRES = -1L; + /** + * The default expiration timestamp to use when no specific expiration is provided, + * effectively indicating that the state token does not expire. + */ + private static final long DEFAULT_EXPIRES = -1L; -/** - * An opaque value that may be used by a client to maintain state across requests - * which are part of the same authentication transaction. - */ -protected final String state; + /** + * An opaque value that may be used by a client to maintain state across requests + * which are part of the same authentication transaction. + */ + protected final String state; /** * The identifier for the authentication provider that threw this exception. @@ -73,12 +73,12 @@ public class GuacamoleInsufficientCredentialsException extends GuacamoleCredenti */ protected final String queryIdentifier; -/** - * The timestamp after which the state token associated with the authentication process - * should no longer be considered valid, expressed as the number of milliseconds since - * UNIX epoch. - */ -protected final long expires; + /** + * The timestamp after which the state token associated with the authentication process + * should no longer be considered valid, expressed as the number of milliseconds since + * UNIX epoch. + */ + protected final long expires; /** * Creates a new GuacamoleInsufficientCredentialsException with the specified @@ -107,9 +107,9 @@ public class GuacamoleInsufficientCredentialsException extends GuacamoleCredenti * authentication process should no longer be considered valid, expressed * as the number of milliseconds since UNIX epoch. */ - public GuacamoleInsufficientCredentialsException(String message, - CredentialsInfo credentialsInfo, String state, String providerIdentifier, String queryIdentifier, - long expires) { + public GuacamoleInsufficientCredentialsException(String message, + CredentialsInfo credentialsInfo, String state, + String providerIdentifier, String queryIdentifier, long expires) { super(message, credentialsInfo); this.state = state; this.providerIdentifier = providerIdentifier; diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java b/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java index 1fafa4a300..725321b5d7 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java @@ -364,7 +364,7 @@ private List getUserContexts(GuacamoleSession existingSess * * @return * Resumed credentials if a valid resumable state is found; otherwise, - * returns {@code null}. + * returns null. */ private Credentials resumeAuthentication(Credentials credentials) { @@ -373,11 +373,11 @@ private Credentials resumeAuthentication(Credentials credentials) { // Retrieve signed State from the request HttpServletRequest request = credentials.getRequest(); - // Retrieve the provider id from the query parameters. + // Retrieve the provider id from the query parameters String resumableProviderId = request.getParameter(Credentials.RESUME_QUERY); - // Check if a provider id is set. + // Check if a provider id is set if (resumableProviderId == null || resumableProviderId.isEmpty()) { - // return if a provider id is not set. + // Return if a provider id is not set return null; } @@ -387,34 +387,34 @@ private Credentials resumeAuthentication(Credentials credentials) { Map.Entry entry = iterator.next(); ResumableAuthenticationState resumableState = entry.getValue(); - // Check if the provider ID from the request matches the one in the map entry. + // Check if the provider ID from the request matches the one in the map entry boolean providerMatches = resumableProviderId.equals(resumableState.getProviderIdentifier()); if (!providerMatches) { - // If the provider doesn't match, skip to the next entry. + // If the provider doesn't match, skip to the next entry continue; } - // Use the query identifier from the entry to retrieve the corresponding state parameter. + // Use the query identifier from the entry to retrieve the corresponding state parameter String stateQueryParameter = resumableState.getQueryIdentifier(); String stateFromParameter = request.getParameter(stateQueryParameter); - // Check if the `state` parameter is set. + // Check if the the state parameter is set if (stateFromParameter == null || stateFromParameter.isEmpty()) { - // Remove and continue if `state` is not provided or is empty. + // Remove and continue if`state is not provided or is empty iterator.remove(); continue; } - // If the key in the entry (state) matches the state parameter provided in the request. + // If the key in the entry (state) matches the state parameter provided in the request if (entry.getKey().equals(stateFromParameter)) { - // Remove the current entry from the map. + // Remove the current entry from the map iterator.remove(); // Check if the resumableState has expired if (!resumableState.isExpired()) { - // Set the actualCredentials to the credentials from the matched entry. + // Set the actualCredentials to the credentials from the matched entry resumedCredentials = resumableState.getCredentials(); if (resumedCredentials != null) { @@ -423,7 +423,7 @@ private Credentials resumeAuthentication(Credentials credentials) { } - // Exit the loop since we've found the matching state and it's unique. + // Exit the loop since we've found the matching state and it's unique break; } }