Repository: incubator-guacamole-client Updated Branches: refs/heads/master eb087ae29 -> 728d9b937
GUACAMOLE-284: Veto authentication result if a database account is required but unavailable. Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/45ee8950 Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/45ee8950 Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/45ee8950 Branch: refs/heads/master Commit: 45ee895044cd7a4e5489ed0d4bd818368522a8ca Parents: bedd09f Author: Michael Jumper <[email protected]> Authored: Sun Jun 4 13:32:52 2017 -0700 Committer: Michael Jumper <[email protected]> Committed: Sun Jun 4 22:21:18 2017 -0700 ---------------------------------------------------------------------- .../auth/jdbc/JDBCAuthenticationProviderService.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/45ee8950/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java index dd39f24..2e85e78 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java @@ -104,8 +104,16 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider } - // Update password if password is expired + // Veto authentication result if account is required but unavailable + // due to account restrictions UserModel userModel = user.getModel(); + if (environment.isUserRequired() + && (userModel.isDisabled() || !user.isAccountValid() || !user.isAccountAccessible())) { + throw new GuacamoleInvalidCredentialsException("Invalid login", + CredentialsInfo.USERNAME_PASSWORD); + } + + // Update password if password is expired if (userModel.isExpired() || passwordPolicyService.isPasswordExpired(user)) userService.resetExpiredPassword(user, authenticatedUser.getCredentials());
