diff --git a/doc/licenses/okhttp-4.9.1/LICENSE.txt b/doc/licenses/okhttp-4.12.0/LICENSE.txt
similarity index 100%
rename from doc/licenses/okhttp-4.9.1/LICENSE.txt
rename to doc/licenses/okhttp-4.12.0/LICENSE.txt
diff --git a/doc/licenses/okhttp-4.9.1/NOTICE b/doc/licenses/okhttp-4.12.0/NOTICE
similarity index 94%
rename from doc/licenses/okhttp-4.9.1/NOTICE
rename to doc/licenses/okhttp-4.12.0/NOTICE
index 7ab6fba62b..b3e81bd2ff 100644
--- a/doc/licenses/okhttp-4.9.1/NOTICE
+++ b/doc/licenses/okhttp-4.12.0/NOTICE
@@ -1,4 +1,4 @@
-Copyright 2021 Square, Inc.
+Copyright 2023 Square, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/doc/licenses/okhttp-4.9.1/README b/doc/licenses/okhttp-4.12.0/README
similarity index 88%
rename from doc/licenses/okhttp-4.9.1/README
rename to doc/licenses/okhttp-4.12.0/README
index 4277242602..c322ec2a66 100644
--- a/doc/licenses/okhttp-4.9.1/README
+++ b/doc/licenses/okhttp-4.12.0/README
@@ -1,7 +1,7 @@
okhttp (https://square.github.io/okhttp/)
---------------------------------------------
- Version: 4.9.1
+ Version: 4.12.0
From: 'Square Inc'
License(s):
Apache 2.0
diff --git a/doc/licenses/okhttp-4.12.0/dep-coordinates.txt b/doc/licenses/okhttp-4.12.0/dep-coordinates.txt
new file mode 100644
index 0000000000..8aeb660e82
--- /dev/null
+++ b/doc/licenses/okhttp-4.12.0/dep-coordinates.txt
@@ -0,0 +1,2 @@
+com.squareup.okhttp3:okhttp:jar:4.12.0
+com.squareup.okhttp3:logging-interceptor:jar:4.12.0
diff --git a/doc/licenses/okhttp-4.9.1/dep-coordinates.txt b/doc/licenses/okhttp-4.9.1/dep-coordinates.txt
deleted file mode 100644
index 0215ca270b..0000000000
--- a/doc/licenses/okhttp-4.9.1/dep-coordinates.txt
+++ /dev/null
@@ -1 +0,0 @@
-com.squareup.okhttp3:okhttp:jar:4.9.1
diff --git a/doc/licenses/okio-2.8.0/dep-coordinates.txt b/doc/licenses/okio-2.8.0/dep-coordinates.txt
deleted file mode 100644
index 88c8776ad2..0000000000
--- a/doc/licenses/okio-2.8.0/dep-coordinates.txt
+++ /dev/null
@@ -1 +0,0 @@
-com.squareup.okio:okio:jar:2.8.0
diff --git a/doc/licenses/okio-2.8.0/LICENSE.txt b/doc/licenses/okio-3.6.0/LICENSE.txt
similarity index 100%
rename from doc/licenses/okio-2.8.0/LICENSE.txt
rename to doc/licenses/okio-3.6.0/LICENSE.txt
diff --git a/doc/licenses/okio-2.8.0/NOTICE b/doc/licenses/okio-3.6.0/NOTICE
similarity index 94%
rename from doc/licenses/okio-2.8.0/NOTICE
rename to doc/licenses/okio-3.6.0/NOTICE
index 9004e5d831..b3e81bd2ff 100644
--- a/doc/licenses/okio-2.8.0/NOTICE
+++ b/doc/licenses/okio-3.6.0/NOTICE
@@ -1,4 +1,4 @@
-Copyright 2020 Square, Inc.
+Copyright 2023 Square, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/doc/licenses/okio-2.8.0/README b/doc/licenses/okio-3.6.0/README
similarity index 90%
rename from doc/licenses/okio-2.8.0/README
rename to doc/licenses/okio-3.6.0/README
index cf4693dbd7..8dea3d581d 100644
--- a/doc/licenses/okio-2.8.0/README
+++ b/doc/licenses/okio-3.6.0/README
@@ -1,7 +1,7 @@
okio (https://square.github.io/okio/)
---------------------------------------------
- Version: 2.8.0
+ Version: 3.6.0
From: 'Square Inc'
License(s):
Apache 2.0 (bundled/retrofit-2.9.0/LICENSE.txt)
diff --git a/doc/licenses/okio-3.6.0/dep-coordinates.txt b/doc/licenses/okio-3.6.0/dep-coordinates.txt
new file mode 100644
index 0000000000..b785b2613d
--- /dev/null
+++ b/doc/licenses/okio-3.6.0/dep-coordinates.txt
@@ -0,0 +1,2 @@
+com.squareup.okio:okio:jar:3.6.0
+com.squareup.okio:okio-jvm:jar:3.6.0
diff --git a/doc/licenses/spring-web-5.3.25/LICENSE b/doc/licenses/spring-web-5.3.25/LICENSE
deleted file mode 100644
index ff77379631..0000000000
--- a/doc/licenses/spring-web-5.3.25/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- https://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "{}"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright {yyyy} {name of copyright owner}
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
diff --git a/doc/licenses/spring-web-5.3.25/README b/doc/licenses/spring-web-5.3.25/README
deleted file mode 100644
index f719e88ff7..0000000000
--- a/doc/licenses/spring-web-5.3.25/README
+++ /dev/null
@@ -1,7 +0,0 @@
-Spring Framework (https://spring.io/projects/spring-framework)
---------------------------------------------------------------
-
- Version: 5.3.25
- From: 'Spring' (https://spring.io/)
- License(s):
- Apache v2.0
diff --git a/doc/licenses/spring-web-5.3.25/dep-coordinates.txt b/doc/licenses/spring-web-5.3.25/dep-coordinates.txt
deleted file mode 100644
index 0670c0fa8d..0000000000
--- a/doc/licenses/spring-web-5.3.25/dep-coordinates.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-org.springframework:spring-web:jar:5.3.25
-org.springframework:spring-beans:jar:5.3.25
-org.springframework:spring-core:jar:5.3.25
-org.springframework:spring-jcl:jar:5.3.25
diff --git a/extensions/guacamole-auth-duo/pom.xml b/extensions/guacamole-auth-duo/pom.xml
index f7f49563c2..31b239e6da 100644
--- a/extensions/guacamole-auth-duo/pom.xml
+++ b/extensions/guacamole-auth-duo/pom.xml
@@ -47,20 +47,32 @@
com.squareup.okhttp3
okhttp
- 4.9.1
+ 4.12.0
+
+
+
+ com.squareup.okhttp3
+ logging-interceptor
+ 4.12.0
org.jetbrains.kotlin
kotlin-stdlib-common
- 1.4.10
+ 1.9.23
org.jetbrains.kotlin
kotlin-stdlib
- 1.4.10
+ 1.9.23
+
+
+
+ org.jetbrains.kotlin
+ kotlin-stdlib-jdk8
+ 1.9.23
@@ -95,6 +107,13 @@
2.5
provided
+
+
+ jakarta.ws.rs
+ jakarta.ws.rs-api
+ 2.1.6
+ provided
+
@@ -102,13 +121,6 @@
duo-universal-sdk
1.1.3
-
-
-
- org.springframework
- spring-web
- 5.3.25
-
diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
index 26ab71221e..918b7a28fa 100644
--- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
+++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
@@ -27,6 +27,7 @@
import java.net.URISyntaxException;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.UriBuilder;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.auth.duo.conf.ConfigurationService;
@@ -39,7 +40,6 @@
import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.web.util.UriComponentsBuilder;
/**
* Service for verifying the identity of a user against Duo.
@@ -102,13 +102,9 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
try {
- String redirectUrl = confService.getRedirectUri().toString();
-
- String builtUrl = UriComponentsBuilder
- .fromUriString(redirectUrl)
+ String builtUrl = UriBuilder.fromUri(confService.getRedirectUri().toString())
.queryParam(Credentials.RESUME_QUERY, DuoAuthenticationProvider.PROVIDER_IDENTIFER)
- .build()
- .toUriString();
+ .build().toString();
// Set up the Duo Client
Client duoClient = new Client.Builder(
@@ -120,15 +116,10 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
duoClient.healthCheck();
- // Retrieve signed Duo Code and State from the request
- String duoCode = request.getParameter(DUO_CODE_PARAMETER_NAME);
- String duoState = request.getParameter(DUO_STATE_PARAMETER_NAME);
-
- // If no code or state is received, assume Duo MFA redirect has not occured and do it
- if (duoCode == null || duoState == null) {
+ if (!credentials.isAuthenticationResumed()) {
// Get a new session state from the Duo client
- duoState = duoClient.generateState();
+ String duoState = duoClient.generateState();
long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthTimeout() * 1000L);
// Request additional credentials
@@ -147,6 +138,9 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
);
}
+
+ // Retrieve signed Duo Code and State from the request
+ String duoCode = request.getParameter(DUO_CODE_PARAMETER_NAME);
// Get the token from the DuoClient using the code and username, and check status
Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, username);
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
index 45eebe80df..b54bd86929 100644
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
@@ -48,6 +48,12 @@ public class Credentials implements Serializable {
* Unique identifier associated with this specific version of Credentials.
*/
private static final long serialVersionUID = 1L;
+
+ /**
+ * Flag indicating whether these credentials are part of an ongoing
+ * authentication process that is to be resumed.
+ */
+ private Boolean authenticationResumed;
/**
* An arbitrary username.
@@ -84,7 +90,7 @@ public class Credentials implements Serializable {
/**
* Construct a Credentials object with the given username, password,
- * and HTTP request. The information is assigned to the various
+ * and HTTP request. The information is assigned to the various
* storage objects, and the remote hostname and address is parsed out
* of the request object.
*
@@ -98,20 +104,43 @@ public class Credentials implements Serializable {
* The HTTP request associated with the authentication
* request.
*/
- public Credentials(String username, String password, HttpServletRequest request) {
+ public Credentials(String username, String password,
+ HttpServletRequest request) {
this.username = username;
this.password = password;
this.request = request;
+ this.authenticationResumed = false;
+
+ if (request != null) {
+ // Set the remote address
+ this.remoteAddress = request.getRemoteAddr();
- // Set the remote address
- this.remoteAddress = request.getRemoteAddr();
+ // Get the remote hostname
+ this.remoteHostname = request.getRemoteHost();
- // Get the remote hostname
- this.remoteHostname = request.getRemoteHost();
+ // If session exists get it, but don't create a new one.
+ this.session = request.getSession(false);
+ }
- // If session exists get it, but don't create a new one.
- this.session = request.getSession(false);
+ }
+
+ /**
+ * Checks if the current authentication process is a resumed one.
+ *
+ * @return True if authentication is resumed, otherwise false.
+ */
+ public Boolean isAuthenticationResumed() {
+ return authenticationResumed;
+ }
+ /**
+ * Sets the flag indicating whether the authentication process should be
+ * resumed.
+ *
+ * @param authenticationResumed the flag indicating whether to resume authentication.
+ */
+ public void setAuthenticationResumed(Boolean authenticationResumed) {
+ this.authenticationResumed = authenticationResumed;
}
/**
diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java b/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java
index dc8d3bb7da..c13e734436 100644
--- a/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java
@@ -328,6 +328,7 @@ private List getUserContexts(GuacamoleSession existingSess
long expiration = e.getExpires();
String queryIdentifier = e.getQueryIdentifier();
String providerIdentifier = e.getProviderIdentifier();
+ credentials.setAuthenticationResumed(true);
resumableStateMap.put(state, new ResumableAuthenticationState(providerIdentifier,
queryIdentifier, expiration, credentials));