Re: [PR] GUACAMOLE-1289: Resolve relogin issue, remove spring dependency from Duo Auth, and update dependencies with vulnerabilities. [guacamole-client]

Tue, 16 Apr 2024 19:28:33 -0700 


aleitner commented on code in PR #973:
URL: https://github.com/apache/guacamole-client/pull/973#discussion_r1568130149


##########
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java:
##########
@@ -98,20 +104,43 @@ public class Credentials implements Serializable {
      *     The HTTP request associated with the authentication
      *     request.
      */
-    public Credentials(String username, String password, HttpServletRequest 
request) {
+    public Credentials(String username, String password, 
+            HttpServletRequest request) {
         this.username = username;
         this.password = password;
         this.request = request;
+        this.authenticationResumed = false;
+        
+        if (request != null) {
+            // Set the remote address
+            this.remoteAddress = request.getRemoteAddr();
 
-        // Set the remote address
-        this.remoteAddress = request.getRemoteAddr();
+            // Get the remote hostname
+            this.remoteHostname = request.getRemoteHost();
 
-        // Get the remote hostname
-        this.remoteHostname = request.getRemoteHost();
+            // If session exists get it, but don't create a new one.
+            this.session = request.getSession(false);
+        }
 
-        // If session exists get it, but don't create a new one.
-        this.session = request.getSession(false);
+    }
+
+    /**
+     * Checks if the current authentication process is a resumed one.
+     *
+     * @return True if authentication is resumed, otherwise false.
+     */
+    public Boolean isAuthenticationResumed() {

Review Comment:
   You're correct that the SAML extension also uses a `state` parameter, which 
could lead to confusion when both `DUO` and `SAML` are used concurrently, but I 
also added the `provider_id` as a required query parameter for resuming 
authentication. This acts as a namespacing mechanism to prevent collision. When 
redirecting from duo the query parameters will look like such: 
`provider_id=duo&state=abc123&duo_code=abc123`. 
   
   This PR isn't meant for migrating the SSO extensions but their was the plan 
to eventually migrate them to use the same code for resuming authentication.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to