GUACAMOLE-96: Migrate to TOTP-specific field type for authentication code. Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/8ac8fec4 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/8ac8fec4 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/8ac8fec4
Branch: refs/heads/master Commit: 8ac8fec47834a13317591a676faf11ed29b34929 Parents: 0844e9d Author: Michael Jumper <mjum...@apache.org> Authored: Mon Nov 20 12:03:18 2017 -0800 Committer: Michael Jumper <mjum...@apache.org> Committed: Sun Feb 4 19:45:17 2018 -0800 ---------------------------------------------------------------------- extensions/guacamole-auth-totp/pom.xml | 80 ++++++++++++++++++++ .../auth/totp/UserVerificationService.java | 28 ++----- .../auth/totp/form/AuthenticationCodeField.java | 48 ++++++++++++ .../src/main/resources/config/totpConfig.js | 33 ++++++++ .../authenticationCodeFieldController.js | 29 +++++++ .../src/main/resources/guac-manifest.json | 14 +++- .../src/main/resources/styles/totp.css | 20 +++++ .../templates/authenticationCodeField.html | 3 + .../src/main/resources/totpModule.js | 28 +++++++ 9 files changed, 259 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/pom.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/pom.xml b/extensions/guacamole-auth-totp/pom.xml index 5b421d7..17aff05 100644 --- a/extensions/guacamole-auth-totp/pom.xml +++ b/extensions/guacamole-auth-totp/pom.xml @@ -53,6 +53,85 @@ </configuration> </plugin> + <!-- Pre-cache Angular templates with maven-angular-plugin --> + <plugin> + <groupId>com.keithbranton.mojo</groupId> + <artifactId>angular-maven-plugin</artifactId> + <version>0.3.2</version> + <executions> + <execution> + <phase>generate-resources</phase> + <goals> + <goal>html2js</goal> + </goals> + </execution> + </executions> + <configuration> + <sourceDir>${basedir}/src/main/resources</sourceDir> + <include>**/*.html</include> + <target>${basedir}/src/main/resources/generated/templates-main/templates.js</target> + <prefix>app/ext/totp</prefix> + </configuration> + </plugin> + + <!-- JS/CSS Minification Plugin --> + <plugin> + <groupId>com.samaxes.maven</groupId> + <artifactId>minify-maven-plugin</artifactId> + <version>1.7.5</version> + <executions> + <execution> + <id>default-cli</id> + <configuration> + <charset>UTF-8</charset> + + <webappSourceDir>${basedir}/src/main/resources</webappSourceDir> + <webappTargetDir>${project.build.directory}/classes</webappTargetDir> + + <cssSourceDir>/</cssSourceDir> + <cssTargetDir>/</cssTargetDir> + <cssFinalFile>totp.css</cssFinalFile> + + <cssSourceFiles> + <cssSourceFile>license.txt</cssSourceFile> + </cssSourceFiles> + + <cssSourceIncludes> + <cssSourceInclude>**/*.css</cssSourceInclude> + </cssSourceIncludes> + + <jsSourceDir>/</jsSourceDir> + <jsTargetDir>/</jsTargetDir> + <jsFinalFile>totp.js</jsFinalFile> + + <jsSourceFiles> + <jsSourceFile>license.txt</jsSourceFile> + </jsSourceFiles> + + <jsSourceIncludes> + <jsSourceInclude>**/*.js</jsSourceInclude> + </jsSourceIncludes> + + <!-- Do not minify and include tests --> + <jsSourceExcludes> + <jsSourceExclude>**/*.test.js</jsSourceExclude> + </jsSourceExcludes> + <jsEngine>CLOSURE</jsEngine> + + <!-- Disable warnings for JSDoc annotations --> + <closureWarningLevels> + <misplacedTypeAnnotation>OFF</misplacedTypeAnnotation> + <nonStandardJsDocs>OFF</nonStandardJsDocs> + </closureWarningLevels> + + </configuration> + <goals> + <goal>minify</goal> + </goals> + </execution> + </executions> + </plugin> + <!-- Assembly plugin - for easy distribution --> <plugin> <artifactId>maven-assembly-plugin</artifactId> @@ -105,6 +184,7 @@ <excludes> <exclude>**/*.json</exclude> <exclude>src/licenses/**/*</exclude> + <exclude>src/main/resources/templates/*.html</exclude> </excludes> </configuration> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java index d694c5e..da24995 100644 --- a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java +++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java @@ -28,8 +28,8 @@ import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleUnsupportedException; +import org.apache.guacamole.auth.totp.form.AuthenticationCodeField; import org.apache.guacamole.form.Field; -import org.apache.guacamole.form.TextField; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.User; @@ -62,26 +62,6 @@ public class UserVerificationService { private static final String TOTP_KEY_CONFIRMED_ATTRIBUTE_NAME = "guac-totp-key-confirmed"; /** - * The name of the HTTP parameter which will contain the TOTP code provided - * by the user to verify their identity. - */ - private static final String TOTP_PARAMETER_NAME = "guac-totp"; - - /** - * The field which should be exposed to the user to request that they - * provide their TOTP code. - */ - private static final Field TOTP_FIELD = new TextField(TOTP_PARAMETER_NAME); - - /** - * CredentialsInfo object describing the credentials expected for a user - * who has verified their identity with TOTP. - */ - private static final CredentialsInfo TOTP_CREDENTIALS = new CredentialsInfo( - Collections.singletonList(TOTP_FIELD) - ); - - /** * BaseEncoding instance which decoded/encodes base32. */ private static final BaseEncoding BASE32 = BaseEncoding.base32(); @@ -234,14 +214,16 @@ public class UserVerificationService { HttpServletRequest request = credentials.getRequest(); // Retrieve TOTP from request - String code = request.getParameter(TOTP_PARAMETER_NAME); + String code = request.getParameter(AuthenticationCodeField.PARAMETER_NAME); // If no TOTP provided, request one if (code == null) { // FIXME: Handle key.isConfirmed() for initial prompt throw new GuacamoleInsufficientCredentialsException( - "LOGIN.INFO_TOTP_REQUIRED", TOTP_CREDENTIALS); + "LOGIN.INFO_TOTP_REQUIRED", new CredentialsInfo( + Collections.<Field>singletonList(new AuthenticationCodeField()) + )); } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/form/AuthenticationCodeField.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/form/AuthenticationCodeField.java b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/form/AuthenticationCodeField.java new file mode 100644 index 0000000..8119657 --- /dev/null +++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/form/AuthenticationCodeField.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.totp.form; + +import org.apache.guacamole.form.Field; + +/** + * Field which prompts the user for an authentication code generated via TOTP. + */ +public class AuthenticationCodeField extends Field { + + /** + * The name of the HTTP parameter which will contain the TOTP code provided + * by the user to verify their identity. + */ + public static final String PARAMETER_NAME = "guac-totp"; + + /** + * The unique name associated with this field type. + */ + private static final String FIELD_TYPE_NAME = "GUAC_TOTP_CODE"; + + /** + * Creates a new field which prompts the user for an authentication code + * generated via TOTP. + */ + public AuthenticationCodeField() { + super(PARAMETER_NAME, FIELD_TYPE_NAME); + } + +} http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/src/main/resources/config/totpConfig.js ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/resources/config/totpConfig.js b/extensions/guacamole-auth-totp/src/main/resources/config/totpConfig.js new file mode 100644 index 0000000..54bb56c --- /dev/null +++ b/extensions/guacamole-auth-totp/src/main/resources/config/totpConfig.js @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Config block which registers TOTP-specific field types. + */ +angular.module('guacTOTP').config(['formServiceProvider', + function guacTOTPConfig(formServiceProvider) { + + // Define field for the TOTP code provided by the user + formServiceProvider.registerFieldType('GUAC_TOTP_CODE', { + module : 'guacTOTP', + controller : 'authenticationCodeFieldController', + templateUrl : 'app/ext/totp/templates/authenticationCodeField.html' + }); + +}]); http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/src/main/resources/controllers/authenticationCodeFieldController.js ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/resources/controllers/authenticationCodeFieldController.js b/extensions/guacamole-auth-totp/src/main/resources/controllers/authenticationCodeFieldController.js new file mode 100644 index 0000000..c9cecc6 --- /dev/null +++ b/extensions/guacamole-auth-totp/src/main/resources/controllers/authenticationCodeFieldController.js @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Controller for the "GUAC_TOTP_CODE" field which prompts the user to enter + * the code generated by their authentication device. + */ +angular.module('guacTOTP').controller('authenticationCodeFieldController', ['$scope', '$element', + function authenticationCodeFieldController($scope, $element) { + + // STUB + +}]); http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/src/main/resources/guac-manifest.json ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/resources/guac-manifest.json b/extensions/guacamole-auth-totp/src/main/resources/guac-manifest.json index 539562c..dee8291 100644 --- a/extensions/guacamole-auth-totp/src/main/resources/guac-manifest.json +++ b/extensions/guacamole-auth-totp/src/main/resources/guac-manifest.json @@ -11,6 +11,18 @@ "translations" : [ "translations/en.json" - ] + ], + + "js" : [ + "totp.min.js" + ], + + "css" : [ + "totp.min.css" + ], + + "resources" : { + "templates/authenticationCodeField.html" : "text/html" + } } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/src/main/resources/styles/totp.css ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/resources/styles/totp.css b/extensions/guacamole-auth-totp/src/main/resources/styles/totp.css new file mode 100644 index 0000000..8181e2c --- /dev/null +++ b/extensions/guacamole-auth-totp/src/main/resources/styles/totp.css @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/* STUB */ http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/src/main/resources/templates/authenticationCodeField.html ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/resources/templates/authenticationCodeField.html b/extensions/guacamole-auth-totp/src/main/resources/templates/authenticationCodeField.html new file mode 100644 index 0000000..4e7fb0f --- /dev/null +++ b/extensions/guacamole-auth-totp/src/main/resources/templates/authenticationCodeField.html @@ -0,0 +1,3 @@ +<div class="totp-code-field"> + <input type="text" ng-model="model" autocorrect="off" autocapitalize="off"/> +</div> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/8ac8fec4/extensions/guacamole-auth-totp/src/main/resources/totpModule.js ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/resources/totpModule.js b/extensions/guacamole-auth-totp/src/main/resources/totpModule.js new file mode 100644 index 0000000..c6a0c7e --- /dev/null +++ b/extensions/guacamole-auth-totp/src/main/resources/totpModule.js @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Module which provides handling for TOTP multi-factor authentication. + */ +angular.module('guacTOTP', [ + 'form' +]); + +// Ensure the guacTOTP module is loaded along with the rest of the app +angular.module('index').requires.push('guacTOTP');