Skip to content

Commit

Permalink
GUACAMOLE-1289: Clean up formatting issues.
Browse files Browse the repository at this point in the history
  • Loading branch information
aleitner committed Apr 4, 2024
1 parent 7c49466 commit 85100bc
Show file tree
Hide file tree
Showing 5 changed files with 110 additions and 110 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -102,60 +102,60 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)

try {

String redirectUrl = confService.getRedirectUrl().toString();

String builtUrl = UriComponentsBuilder
.fromUriString(redirectUrl)
.queryParam(Credentials.RESUME_QUERY, DuoAuthenticationProvider.PROVIDER_IDENTIFER)
.build()
.toUriString();

// Set up the Duo Client
Client duoClient = new Client.Builder(
confService.getClientId(),
confService.getClientSecret(),
confService.getAPIHostname(),
builtUrl)
.build();
duoClient.healthCheck();
// Retrieve signed Duo Code and State from the request
String duoCode = request.getParameter(DUO_CODE_PARAMETER_NAME);
String duoState = request.getParameter(DUO_STATE_PARAMETER_NAME);

// If no code or state is received, assume Duo MFA redirect has not occured and do it.
if (duoCode == null || duoState == null) {

// Get a new session state from the Duo client
duoState = duoClient.generateState();
long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthTimeout() * 1000L);

// Request additional credentials
throw new TranslatableGuacamoleInsufficientCredentialsException(
"Verification using Duo is required before authentication "
+ "can continue.", "LOGIN.INFO_DUO_AUTH_REQUIRED",
new CredentialsInfo(Collections.singletonList(
new RedirectField(
DUO_CODE_PARAMETER_NAME,
new URI(duoClient.createAuthUrl(username, duoState)),
new TranslatableMessage("LOGIN.INFO_DUO_REDIRECT_PENDING")
)
)),
duoState, DuoAuthenticationProvider.PROVIDER_IDENTIFER,
DUO_STATE_PARAMETER_NAME, expirationTimestamp
);

}
// Get the token from the DuoClient using the code and username, and check status
Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, username);
if (token == null
|| token.getAuth_result() == null
|| !DUO_TOKEN_SUCCESS_VALUE.equals(token.getAuth_result().getStatus()))
throw new TranslatableGuacamoleClientException("Provided Duo "
+ "validation code is incorrect.",
"LOGIN.INFO_DUO_VALIDATION_CODE_INCORRECT");
String redirectUrl = confService.getRedirectUrl().toString();

String builtUrl = UriComponentsBuilder
.fromUriString(redirectUrl)
.queryParam(Credentials.RESUME_QUERY, DuoAuthenticationProvider.PROVIDER_IDENTIFER)
.build()
.toUriString();

// Set up the Duo Client
Client duoClient = new Client.Builder(
confService.getClientId(),
confService.getClientSecret(),
confService.getAPIHostname(),
builtUrl)
.build();

duoClient.healthCheck();

// Retrieve signed Duo Code and State from the request
String duoCode = request.getParameter(DUO_CODE_PARAMETER_NAME);
String duoState = request.getParameter(DUO_STATE_PARAMETER_NAME);

// If no code or state is received, assume Duo MFA redirect has not occured and do it
if (duoCode == null || duoState == null) {

// Get a new session state from the Duo client
duoState = duoClient.generateState();
long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthTimeout() * 1000L);

// Request additional credentials
throw new TranslatableGuacamoleInsufficientCredentialsException(
"Verification using Duo is required before authentication "
+ "can continue.", "LOGIN.INFO_DUO_AUTH_REQUIRED",
new CredentialsInfo(Collections.singletonList(
new RedirectField(
DUO_CODE_PARAMETER_NAME,
new URI(duoClient.createAuthUrl(username, duoState)),
new TranslatableMessage("LOGIN.INFO_DUO_REDIRECT_PENDING")
)
)),
duoState, DuoAuthenticationProvider.PROVIDER_IDENTIFER,
DUO_STATE_PARAMETER_NAME, expirationTimestamp
);

}

// Get the token from the DuoClient using the code and username, and check status
Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, username);
if (token == null
|| token.getAuth_result() == null
|| !DUO_TOKEN_SUCCESS_VALUE.equals(token.getAuth_result().getStatus()))
throw new TranslatableGuacamoleClientException("Provided Duo "
+ "validation code is incorrect.",
"LOGIN.INFO_DUO_VALIDATION_CODE_INCORRECT");
}
catch (DuoException e) {
throw new GuacamoleServerException("Duo Client error.", e);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ public class ConfigurationService {
};

/**
* The property within guacamole.properties which defines the integration
* key received from Duo for verifying Guacamole users. This value MUST be
* The property within guacamole.properties which defines the client id
* received from Duo for verifying Guacamole users. This value MUST be
* exactly 20 characters.
*/
private static final StringGuacamoleProperty DUO_CLIENT_ID =
Expand All @@ -79,15 +79,15 @@ public class ConfigurationService {
public String getName() { return "duo-client-secret"; }

};

/**
* The property within guacamole.properties which defines the redirect URL
* that Duo will call after the second factor has been completed. This
* should be the URL used to access Guacamole.
*/
private static final URIGuacamoleProperty DUO_REDIRECT_URL =
new URIGuacamoleProperty() {

@Override
public String getName() { return "duo-redirect-url"; }

Expand Down Expand Up @@ -140,8 +140,8 @@ public String getClientId() throws GuacamoleException {
}

/**
* Returns the client secert received from Duo for verifying Guacamole users,
* as defined in guacamole.properties by the "duo-client-secert" property.
* Returns the client secret received from Duo for verifying Guacamole users,
* as defined in guacamole.properties by the "duo-client-secret" property.
* This value MUST be exactly 20 characters.
*
* @return
Expand All @@ -153,7 +153,7 @@ public String getClientId() throws GuacamoleException {
public String getClientSecret() throws GuacamoleException {
return environment.getRequiredProperty(DUO_CLIENT_SECRET);
}

/**
* Return the callback URL that will be called by Duo after authentication
* with Duo has been completed. This should be the URL to return the user
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -379,7 +379,7 @@ public boolean isExpired() {
return false;

// Otherwise, compare expiration timestamp against system time
return System.currentTimeMillis() > expirationTimestamp;
return System.currentTimeMillis() >= expirationTimestamp;

}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,36 +28,36 @@
*/
public class GuacamoleInsufficientCredentialsException extends GuacamoleCredentialsException {

/**
* The default state token to use when no specific state information is provided.
*/
private static final String DEFAULT_STATE = "";
/**
* The default state token to use when no specific state information is provided.
*/
private static final String DEFAULT_STATE = "";

/**
* The default provider identifier to use when no specific provider is identified.
* This serves as a placeholder indicating that either no specific provider is
* responsible for the exception or the responsible provider has not been identified.
*/
private static final String DEFAULT_PROVIDER_IDENTIFIER = "";
/**
* The default provider identifier to use when no specific provider is identified.
* This serves as a placeholder indicating that either no specific provider is
* responsible for the exception or the responsible provider has not been identified.
*/
private static final String DEFAULT_PROVIDER_IDENTIFIER = "";

/**
* The default query identifier to use when no specific query is identified.
* This serves as a placeholder and indicates that the specific query related to
* the provider's state resume operation has not been provided.
*/
private static final String DEFAULT_QUERY_IDENTIFIER = "";
/**
* The default query identifier to use when no specific query is identified.
* This serves as a placeholder and indicates that the specific query related to
* the provider's state resume operation has not been provided.
*/
private static final String DEFAULT_QUERY_IDENTIFIER = "";

/**
* The default expiration timestamp to use when no specific expiration is provided,
* effectively indicating that the state token does not expire.
*/
private static final long DEFAULT_EXPIRES = -1L;
/**
* The default expiration timestamp to use when no specific expiration is provided,
* effectively indicating that the state token does not expire.
*/
private static final long DEFAULT_EXPIRES = -1L;

/**
* An opaque value that may be used by a client to maintain state across requests
* which are part of the same authentication transaction.
*/
protected final String state;
/**
* An opaque value that may be used by a client to maintain state across requests
* which are part of the same authentication transaction.
*/
protected final String state;

/**
* The identifier for the authentication provider that threw this exception.
Expand All @@ -73,12 +73,12 @@ public class GuacamoleInsufficientCredentialsException extends GuacamoleCredenti
*/
protected final String queryIdentifier;

/**
* The timestamp after which the state token associated with the authentication process
* should no longer be considered valid, expressed as the number of milliseconds since
* UNIX epoch.
*/
protected final long expires;
/**
* The timestamp after which the state token associated with the authentication process
* should no longer be considered valid, expressed as the number of milliseconds since
* UNIX epoch.
*/
protected final long expires;

/**
* Creates a new GuacamoleInsufficientCredentialsException with the specified
Expand Down Expand Up @@ -107,9 +107,9 @@ public class GuacamoleInsufficientCredentialsException extends GuacamoleCredenti
* authentication process should no longer be considered valid, expressed
* as the number of milliseconds since UNIX epoch.
*/
public GuacamoleInsufficientCredentialsException(String message,
CredentialsInfo credentialsInfo, String state, String providerIdentifier, String queryIdentifier,
long expires) {
public GuacamoleInsufficientCredentialsException(String message,
CredentialsInfo credentialsInfo, String state,
String providerIdentifier, String queryIdentifier, long expires) {
super(message, credentialsInfo);
this.state = state;
this.providerIdentifier = providerIdentifier;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,7 @@ private List<DecoratedUserContext> getUserContexts(GuacamoleSession existingSess
*
* @return
* Resumed credentials if a valid resumable state is found; otherwise,
* returns {@code null}.
* returns null.
*/
private Credentials resumeAuthentication(Credentials credentials) {

Expand All @@ -373,11 +373,11 @@ private Credentials resumeAuthentication(Credentials credentials) {
// Retrieve signed State from the request
HttpServletRequest request = credentials.getRequest();

// Retrieve the provider id from the query parameters.
// Retrieve the provider id from the query parameters
String resumableProviderId = request.getParameter(Credentials.RESUME_QUERY);
// Check if a provider id is set.
// Check if a provider id is set
if (resumableProviderId == null || resumableProviderId.isEmpty()) {
// return if a provider id is not set.
// Return if a provider id is not set
return null;
}

Expand All @@ -387,34 +387,34 @@ private Credentials resumeAuthentication(Credentials credentials) {
Map.Entry<String, ResumableAuthenticationState> entry = iterator.next();
ResumableAuthenticationState resumableState = entry.getValue();

// Check if the provider ID from the request matches the one in the map entry.
// Check if the provider ID from the request matches the one in the map entry
boolean providerMatches = resumableProviderId.equals(resumableState.getProviderIdentifier());
if (!providerMatches) {
// If the provider doesn't match, skip to the next entry.
// If the provider doesn't match, skip to the next entry
continue;
}

// Use the query identifier from the entry to retrieve the corresponding state parameter.
// Use the query identifier from the entry to retrieve the corresponding state parameter
String stateQueryParameter = resumableState.getQueryIdentifier();
String stateFromParameter = request.getParameter(stateQueryParameter);

// Check if the `state` parameter is set.
// Check if the the state parameter is set
if (stateFromParameter == null || stateFromParameter.isEmpty()) {
// Remove and continue if `state` is not provided or is empty.
// Remove and continue if`state is not provided or is empty
iterator.remove();
continue;
}

// If the key in the entry (state) matches the state parameter provided in the request.
// If the key in the entry (state) matches the state parameter provided in the request
if (entry.getKey().equals(stateFromParameter)) {

// Remove the current entry from the map.
// Remove the current entry from the map
iterator.remove();

// Check if the resumableState has expired
if (!resumableState.isExpired()) {

// Set the actualCredentials to the credentials from the matched entry.
// Set the actualCredentials to the credentials from the matched entry
resumedCredentials = resumableState.getCredentials();

if (resumedCredentials != null) {
Expand All @@ -423,7 +423,7 @@ private Credentials resumeAuthentication(Credentials credentials) {

}

// Exit the loop since we've found the matching state and it's unique.
// Exit the loop since we've found the matching state and it's unique
break;
}
}
Expand Down

0 comments on commit 85100bc

Please sign in to comment.