Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GUACAMOLE-1068: Generate random key at each login if key is unconfirmed. #974

Merged
merged 1 commit into from
Apr 18, 2024
Merged

GUACAMOLE-1068: Generate random key at each login if key is unconfirmed. #974

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 39 additions & 12 deletions ...-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,18 +112,9 @@ private UserTOTPKey getKey(UserContext context,

// If no key is defined, attempt to generate a new key
String secret = attributes.get(TOTPUser.TOTP_KEY_SECRET_ATTRIBUTE_NAME);
if (secret == null || secret.isEmpty()) {

// Generate random key for user
TOTPGenerator.Mode mode = confService.getMode();
UserTOTPKey generated = new UserTOTPKey(username,mode.getRecommendedKeyLength());
if (setKey(context, generated))
return generated;

// Fail if key cannot be set
return null;

}

if (secret == null || secret.isEmpty())
return generateKey(context, username);

// Parse retrieved base32 key value
byte[] key;
Expand All @@ -144,6 +135,38 @@ private UserTOTPKey getKey(UserContext context,
return new UserTOTPKey(username, key, confirmed);

}

/**
* Generate and set a new key for the specified user and context, returning
* the key if the set successfully or null if it fails.
*
* @param context
* The UserContext of the user whose TOTP key should be generated and set.
*
* @param username
* The username of the user associated with the given UserContext.
*
* @return
* The generated and set key, or null if the operation failed.
*
* @throws GuacamoleException
* If a new key is generated, but the extension storing the associated
* user fails while updating the user account, or if the configuration
* cannot be retrieved.
*/
private UserTOTPKey generateKey(UserContext context, String username)
throws GuacamoleException {

// Generate random key for user
TOTPGenerator.Mode mode = confService.getMode();
UserTOTPKey generated = new UserTOTPKey(username,mode.getRecommendedKeyLength());
if (setKey(context, generated))
return generated;

// Fail if key cannot be set
return null;

}

/**
* Attempts to store the given TOTP key within the user account of the user
Expand Down Expand Up @@ -316,6 +339,10 @@ public void verifyIdentity(UserContext context,

// If the user hasn't completed enrollment, request that they do
if (!key.isConfirmed()) {

// If the key has not yet been confirmed, generate a new one.
key = generateKey(context, username);

field.exposeKey(key);
throw new TranslatableGuacamoleInsufficientCredentialsException(
"TOTP enrollment must be completed before "
Expand Down
Loading