[3/6] incubator-guacamole-client git commit: GUACAMOLE-284: Add convenience methods for determining whether a user account is disabled/expired.

Tue, 06 Jun 2017 20:09:08 -0700 

GUACAMOLE-284: Add convenience methods for determining whether a user account 
is disabled/expired.

Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/f4fce6a0
Tree: 
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/f4fce6a0
Diff: 
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/f4fce6a0

Branch: refs/heads/master
Commit: f4fce6a07a94a6a4f8919df5bffe171e82aa3081
Parents: c87ec1b
Author: Michael Jumper <mjum...@apache.org>
Authored: Sun Jun 4 14:08:49 2017 -0700
Committer: Michael Jumper <mjum...@apache.org>
Committed: Sun Jun 4 22:21:19 2017 -0700

----------------------------------------------------------------------
 .../jdbc/JDBCAuthenticationProviderService.java | 48 ++++++++------------
 .../guacamole/auth/jdbc/user/ModeledUser.java   | 24 ++++++++++
 2 files changed, 44 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/f4fce6a0/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
----------------------------------------------------------------------
diff --git 
a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
 
b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
index 37ff3bc..b753ff8 100644
--- 
a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
+++ 
b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
@@ -28,7 +28,6 @@ import 
org.apache.guacamole.auth.jdbc.sharing.user.SharedAuthenticatedUser;
 import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
 import org.apache.guacamole.auth.jdbc.user.ModeledUser;
 import org.apache.guacamole.auth.jdbc.user.ModeledUserContext;
-import org.apache.guacamole.auth.jdbc.user.UserModel;
 import org.apache.guacamole.auth.jdbc.user.UserService;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
@@ -88,40 +87,33 @@ public class JDBCAuthenticationProviderService implements 
AuthenticationProvider
 
         // Retrieve user account for already-authenticated user
         ModeledUser user = userService.retrieveUser(authenticationProvider, 
authenticatedUser);
-        if (user != null) {
+        if (user != null && !user.isDisabled()) {
 
-            // User data only exists for purposes of retrieval if the account
-            // is not disabled
-            UserModel userModel = user.getModel();
-            if (!userModel.isDisabled()) {
+            // Apply account restrictions if this extension authenticated
+            // the user OR if an account from this extension is explicitly
+            // required
+            if (authenticatedUser instanceof ModeledAuthenticatedUser
+                    || environment.isUserRequired()) {
 
-                // Apply account restrictions if this extension authenticated
-                // the user OR if an account from this extension is explicitly
-                // required
-                if (authenticatedUser instanceof ModeledAuthenticatedUser
-                        || environment.isUserRequired()) {
+                // Verify user account is still valid as of today
+                if (!user.isAccountValid())
+                    throw new 
GuacamoleClientException("LOGIN.ERROR_NOT_VALID");
 
-                    // Verify user account is still valid as of today
-                    if (!user.isAccountValid())
-                        throw new 
GuacamoleClientException("LOGIN.ERROR_NOT_VALID");
+                // Verify user account is allowed to be used at the current 
time
+                if (!user.isAccountAccessible())
+                    throw new 
GuacamoleClientException("LOGIN.ERROR_NOT_ACCESSIBLE");
 
-                    // Verify user account is allowed to be used at the 
current time
-                    if (!user.isAccountAccessible())
-                        throw new 
GuacamoleClientException("LOGIN.ERROR_NOT_ACCESSIBLE");
-
-                    // Update password if password is expired
-                    if (userModel.isExpired() || 
passwordPolicyService.isPasswordExpired(user))
-                        userService.resetExpiredPassword(user, 
authenticatedUser.getCredentials());
-
-                }
-
-                // Link to user context
-                ModeledUserContext context = userContextProvider.get();
-                context.init(user.getCurrentUser());
-                return context;
+                // Update password if password is expired
+                if (user.isExpired() || 
passwordPolicyService.isPasswordExpired(user))
+                    userService.resetExpiredPassword(user, 
authenticatedUser.getCredentials());
 
             }
 
+            // Link to user context
+            ModeledUserContext context = userContextProvider.get();
+            context.init(user.getCurrentUser());
+            return context;
+
         }
 
         // Do not invalidate the authentication result of users who were

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/f4fce6a0/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
----------------------------------------------------------------------
diff --git 
a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
 
b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
index 418ffad..745fe5f 100644
--- 
a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
+++ 
b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
@@ -766,4 +766,28 @@ public class ModeledUser extends 
ModeledDirectoryObject<UserModel> implements Us
         return isActive(getAccessWindowStart(), getAccessWindowEnd());
     }
 
+    /**
+     * Returns whether the user has been disabled. Disabled users are not
+     * allowed to login. Although their account data exists, all login attempts
+     * will fail as if the account does not exist.
+     *
+     * @return
+     *     true if the account is disabled, false otherwise.
+     */
+    public boolean isDisabled() {
+        return getModel().isDisabled();
+    }
+
+    /**
+     * Returns whether the user's password has expired. If a user's password is
+     * expired, it must be immediately changed upon login. A user account with
+     * an expired password cannot be used until the password has been changed.
+     *
+     * @return
+     *     true if the user's password has expired, false otherwise.
+     */
+    public boolean isExpired() {
+        return getModel().isExpired();
+    }
+
 }

Reply via email to