From ee75b01c50c463395807dde9f4b3a32f01025733 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Fri, 26 Apr 2024 00:40:51 -0700 Subject: [PATCH] GUACAMOLE-1289: Expiration times for AuthenticationSessionManager are relative, not absolute. --- .../apache/guacamole/auth/duo/UserVerificationService.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java index 1fe6d9979a..2333e21ef0 100644 --- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java +++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java @@ -26,6 +26,7 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.Collections; +import java.util.concurrent.TimeUnit; import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleServerException; @@ -36,7 +37,6 @@ import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; -import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -202,8 +202,8 @@ else if (token.getAuth_result() == null || !DUO_TOKEN_SUCCESS_VALUE.equals(token // GUAC_PASSWORD tokens continue to work as expected despite the // redirect to/from the external Duo service) duoState = duoClient.generateState(); - long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthenticationTimeout() * 60000L); - sessionManager.defer(new DuoAuthenticationSession(credentials, expirationTimestamp), duoState); + long expiresAfter = TimeUnit.MINUTES.toMillis(confService.getAuthenticationTimeout()); + sessionManager.defer(new DuoAuthenticationSession(credentials, expiresAfter), duoState); // Obtain authentication URL from Duo client String duoAuthUrlString;