diff --git a/doc/licenses/okhttp-4.9.1/LICENSE.txt b/doc/licenses/okhttp-4.12.0/LICENSE.txt
similarity index 100%
rename from doc/licenses/okhttp-4.9.1/LICENSE.txt
rename to doc/licenses/okhttp-4.12.0/LICENSE.txt
diff --git a/doc/licenses/okhttp-4.9.1/NOTICE b/doc/licenses/okhttp-4.12.0/NOTICE
similarity index 94%
rename from doc/licenses/okhttp-4.9.1/NOTICE
rename to doc/licenses/okhttp-4.12.0/NOTICE
index 7ab6fba62b..b3e81bd2ff 100644
--- a/doc/licenses/okhttp-4.9.1/NOTICE
+++ b/doc/licenses/okhttp-4.12.0/NOTICE
@@ -1,4 +1,4 @@
-Copyright 2021 Square, Inc.
+Copyright 2023 Square, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/doc/licenses/okhttp-4.9.1/README b/doc/licenses/okhttp-4.12.0/README
similarity index 88%
rename from doc/licenses/okhttp-4.9.1/README
rename to doc/licenses/okhttp-4.12.0/README
index 4277242602..c322ec2a66 100644
--- a/doc/licenses/okhttp-4.9.1/README
+++ b/doc/licenses/okhttp-4.12.0/README
@@ -1,7 +1,7 @@
okhttp (https://square.github.io/okhttp/)
---------------------------------------------
- Version: 4.9.1
+ Version: 4.12.0
From: 'Square Inc'
License(s):
Apache 2.0
diff --git a/doc/licenses/okhttp-4.12.0/dep-coordinates.txt b/doc/licenses/okhttp-4.12.0/dep-coordinates.txt
new file mode 100644
index 0000000000..8aeb660e82
--- /dev/null
+++ b/doc/licenses/okhttp-4.12.0/dep-coordinates.txt
@@ -0,0 +1,2 @@
+com.squareup.okhttp3:okhttp:jar:4.12.0
+com.squareup.okhttp3:logging-interceptor:jar:4.12.0
diff --git a/doc/licenses/okhttp-4.9.1/dep-coordinates.txt b/doc/licenses/okhttp-4.9.1/dep-coordinates.txt
deleted file mode 100644
index 0215ca270b..0000000000
--- a/doc/licenses/okhttp-4.9.1/dep-coordinates.txt
+++ /dev/null
@@ -1 +0,0 @@
-com.squareup.okhttp3:okhttp:jar:4.9.1
diff --git a/doc/licenses/okio-2.8.0/dep-coordinates.txt b/doc/licenses/okio-2.8.0/dep-coordinates.txt
deleted file mode 100644
index 88c8776ad2..0000000000
--- a/doc/licenses/okio-2.8.0/dep-coordinates.txt
+++ /dev/null
@@ -1 +0,0 @@
-com.squareup.okio:okio:jar:2.8.0
diff --git a/doc/licenses/okio-2.8.0/LICENSE.txt b/doc/licenses/okio-3.6.0/LICENSE.txt
similarity index 100%
rename from doc/licenses/okio-2.8.0/LICENSE.txt
rename to doc/licenses/okio-3.6.0/LICENSE.txt
diff --git a/doc/licenses/okio-2.8.0/NOTICE b/doc/licenses/okio-3.6.0/NOTICE
similarity index 94%
rename from doc/licenses/okio-2.8.0/NOTICE
rename to doc/licenses/okio-3.6.0/NOTICE
index 9004e5d831..b3e81bd2ff 100644
--- a/doc/licenses/okio-2.8.0/NOTICE
+++ b/doc/licenses/okio-3.6.0/NOTICE
@@ -1,4 +1,4 @@
-Copyright 2020 Square, Inc.
+Copyright 2023 Square, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/doc/licenses/okio-2.8.0/README b/doc/licenses/okio-3.6.0/README
similarity index 90%
rename from doc/licenses/okio-2.8.0/README
rename to doc/licenses/okio-3.6.0/README
index cf4693dbd7..8dea3d581d 100644
--- a/doc/licenses/okio-2.8.0/README
+++ b/doc/licenses/okio-3.6.0/README
@@ -1,7 +1,7 @@
okio (https://square.github.io/okio/)
---------------------------------------------
- Version: 2.8.0
+ Version: 3.6.0
From: 'Square Inc'
License(s):
Apache 2.0 (bundled/retrofit-2.9.0/LICENSE.txt)
diff --git a/doc/licenses/okio-3.6.0/dep-coordinates.txt b/doc/licenses/okio-3.6.0/dep-coordinates.txt
new file mode 100644
index 0000000000..b785b2613d
--- /dev/null
+++ b/doc/licenses/okio-3.6.0/dep-coordinates.txt
@@ -0,0 +1,2 @@
+com.squareup.okio:okio:jar:3.6.0
+com.squareup.okio:okio-jvm:jar:3.6.0
diff --git a/doc/licenses/spring-web-5.3.25/dep-coordinates.txt b/doc/licenses/spring-web-5.3.25/dep-coordinates.txt
deleted file mode 100644
index 0670c0fa8d..0000000000
--- a/doc/licenses/spring-web-5.3.25/dep-coordinates.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-org.springframework:spring-web:jar:5.3.25
-org.springframework:spring-beans:jar:5.3.25
-org.springframework:spring-core:jar:5.3.25
-org.springframework:spring-jcl:jar:5.3.25
diff --git a/doc/licenses/spring-web-5.3.25/LICENSE b/doc/licenses/spring-web-5.3.33/LICENSE
similarity index 100%
rename from doc/licenses/spring-web-5.3.25/LICENSE
rename to doc/licenses/spring-web-5.3.33/LICENSE
diff --git a/doc/licenses/spring-web-5.3.25/README b/doc/licenses/spring-web-5.3.33/README
similarity index 91%
rename from doc/licenses/spring-web-5.3.25/README
rename to doc/licenses/spring-web-5.3.33/README
index f719e88ff7..48b1f0358f 100644
--- a/doc/licenses/spring-web-5.3.25/README
+++ b/doc/licenses/spring-web-5.3.33/README
@@ -1,7 +1,7 @@
Spring Framework (https://spring.io/projects/spring-framework)
--------------------------------------------------------------
- Version: 5.3.25
+ Version: 5.3.33
From: 'Spring' (https://spring.io/)
License(s):
Apache v2.0
diff --git a/doc/licenses/spring-web-5.3.33/dep-coordinates.txt b/doc/licenses/spring-web-5.3.33/dep-coordinates.txt
new file mode 100644
index 0000000000..442a22e196
--- /dev/null
+++ b/doc/licenses/spring-web-5.3.33/dep-coordinates.txt
@@ -0,0 +1,4 @@
+org.springframework:spring-web:jar:5.3.33
+org.springframework:spring-beans:jar:5.3.33
+org.springframework:spring-core:jar:5.3.33
+org.springframework:spring-jcl:jar:5.3.33
diff --git a/extensions/guacamole-auth-duo/pom.xml b/extensions/guacamole-auth-duo/pom.xml
index f7f49563c2..31b239e6da 100644
--- a/extensions/guacamole-auth-duo/pom.xml
+++ b/extensions/guacamole-auth-duo/pom.xml
@@ -47,20 +47,32 @@
com.squareup.okhttp3
okhttp
- 4.9.1
+ 4.12.0
+
+
+
+ com.squareup.okhttp3
+ logging-interceptor
+ 4.12.0
org.jetbrains.kotlin
kotlin-stdlib-common
- 1.4.10
+ 1.9.23
org.jetbrains.kotlin
kotlin-stdlib
- 1.4.10
+ 1.9.23
+
+
+
+ org.jetbrains.kotlin
+ kotlin-stdlib-jdk8
+ 1.9.23
@@ -95,6 +107,13 @@
2.5
provided
+
+
+ jakarta.ws.rs
+ jakarta.ws.rs-api
+ 2.1.6
+ provided
+
@@ -102,13 +121,6 @@
duo-universal-sdk
1.1.3
-
-
-
- org.springframework
- spring-web
- 5.3.25
-
diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
index 26ab71221e..918b7a28fa 100644
--- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
+++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
@@ -27,6 +27,7 @@
import java.net.URISyntaxException;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.UriBuilder;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.auth.duo.conf.ConfigurationService;
@@ -39,7 +40,6 @@
import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.web.util.UriComponentsBuilder;
/**
* Service for verifying the identity of a user against Duo.
@@ -102,13 +102,9 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
try {
- String redirectUrl = confService.getRedirectUri().toString();
-
- String builtUrl = UriComponentsBuilder
- .fromUriString(redirectUrl)
+ String builtUrl = UriBuilder.fromUri(confService.getRedirectUri().toString())
.queryParam(Credentials.RESUME_QUERY, DuoAuthenticationProvider.PROVIDER_IDENTIFER)
- .build()
- .toUriString();
+ .build().toString();
// Set up the Duo Client
Client duoClient = new Client.Builder(
@@ -120,15 +116,10 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
duoClient.healthCheck();
- // Retrieve signed Duo Code and State from the request
- String duoCode = request.getParameter(DUO_CODE_PARAMETER_NAME);
- String duoState = request.getParameter(DUO_STATE_PARAMETER_NAME);
-
- // If no code or state is received, assume Duo MFA redirect has not occured and do it
- if (duoCode == null || duoState == null) {
+ if (!credentials.isAuthenticationResumed()) {
// Get a new session state from the Duo client
- duoState = duoClient.generateState();
+ String duoState = duoClient.generateState();
long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthTimeout() * 1000L);
// Request additional credentials
@@ -147,6 +138,9 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
);
}
+
+ // Retrieve signed Duo Code and State from the request
+ String duoCode = request.getParameter(DUO_CODE_PARAMETER_NAME);
// Get the token from the DuoClient using the code and username, and check status
Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, username);
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
index 45eebe80df..74ca0d09aa 100644
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
@@ -48,6 +48,12 @@ public class Credentials implements Serializable {
* Unique identifier associated with this specific version of Credentials.
*/
private static final long serialVersionUID = 1L;
+
+ /**
+ * Flag indicating whether these credentials are part of an ongoing
+ * authentication process that is to be resumed.
+ */
+ private Boolean authenticationResumed;
/**
* An arbitrary username.
@@ -84,9 +90,9 @@ public class Credentials implements Serializable {
/**
* Construct a Credentials object with the given username, password,
- * and HTTP request. The information is assigned to the various
- * storage objects, and the remote hostname and address is parsed out
- * of the request object.
+ * HTTP request. The information is assigned to
+ * the various storage objects, and the remote hostname and address is
+ * parsed out of the request object.
*
* @param username
* The username that was provided for authentication.
@@ -98,20 +104,43 @@ public class Credentials implements Serializable {
* The HTTP request associated with the authentication
* request.
*/
- public Credentials(String username, String password, HttpServletRequest request) {
+ public Credentials(String username, String password,
+ HttpServletRequest request) {
this.username = username;
this.password = password;
this.request = request;
+ this.authenticationResumed = false;
+
+ if (request != null) {
+ // Set the remote address
+ this.remoteAddress = request.getRemoteAddr();
- // Set the remote address
- this.remoteAddress = request.getRemoteAddr();
+ // Get the remote hostname
+ this.remoteHostname = request.getRemoteHost();
- // Get the remote hostname
- this.remoteHostname = request.getRemoteHost();
+ // If session exists get it, but don't create a new one.
+ this.session = request.getSession(false);
+ }
- // If session exists get it, but don't create a new one.
- this.session = request.getSession(false);
+ }
+
+ /**
+ * Checks if the current authentication process is a resumed one.
+ *
+ * @return True if authentication is resumed, otherwise false.
+ */
+ public Boolean isAuthenticationResumed() {
+ return authenticationResumed;
+ }
+ /**
+ * Sets the flag indicating whether the authentication process should be
+ * resumed.
+ *
+ * @param authenticationResumed the flag indicating whether to resume authentication.
+ */
+ public void setAuthenticationResumed(Boolean authenticationResumed) {
+ this.authenticationResumed = authenticationResumed;
}
/**
diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java b/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java
index dc8d3bb7da..c13e734436 100644
--- a/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java
@@ -328,6 +328,7 @@ private List getUserContexts(GuacamoleSession existingSess
long expiration = e.getExpires();
String queryIdentifier = e.getQueryIdentifier();
String providerIdentifier = e.getProviderIdentifier();
+ credentials.setAuthenticationResumed(true);
resumableStateMap.put(state, new ResumableAuthenticationState(providerIdentifier,
queryIdentifier, expiration, credentials));