GUACMAOLE-1289: Fixup and debugging.

apache · Mar 29, 2024 · 7807bb9 · 7807bb9
1 parent cbd7f60
commit 7807bb9
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/...auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java b/...auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java
@@ -41,6 +41,11 @@ public class DuoAuthenticationProviderModule extends AbstractModule {
      * module has configured injection.
      */
     private final AuthenticationProvider authProvider;
+
+    /**
+     * The session manager that stores authentication attempts.
+     */
+    private final DuoAuthenticationSessionManager authSessionManager;
 
     /**
      * Creates a new Duo authentication provider module which configures
@@ -61,6 +66,9 @@ public DuoAuthenticationProviderModule(AuthenticationProvider authProvider)
 
         // Store associated auth provider
         this.authProvider = authProvider;
+
+        // Create a new session manager
+        this.authSessionManager = new DuoAuthenticationSessionManager();
 
     }
 
@@ -72,9 +80,10 @@ protected void configure() {
         bind(Environment.class).toInstance(environment);
 
         // Bind Duo-specific services
+        bind(DuoAuthenticationSessionManager.class).toInstance(authSessionManager);
         bind(ConfigurationService.class);
         bind(UserVerificationService.class);
-        bind(DuoAuthenticationSessionManager.class);
+
 
     }
 

diff --git a/...acamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java b/...acamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
@@ -37,12 +37,16 @@
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Service for verifying the identity of a user against Duo.
  */
 public class UserVerificationService {
 
+    private static final Logger LOGGER = LoggerFactory.getLogger(UserVerificationService.class);
+
     /**
      * The name of the parameter which Duo will return in it's GET call-back
      * that contains the code that the client will use to generate a token.
@@ -124,6 +128,7 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
 
             // Get a new session state from the Duo client
             duoState = duoClient.generateState();
+            LOGGER.debug(">>> DUO <<< STATE DEFER: {}", duoState);
 
             // Add this session 
             duoSessionManager.defer(new DuoAuthenticationSession(confService.getAuthTimeout(), duoState, username), duoState);
@@ -142,9 +147,13 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
             );
 
         }
+
+        LOGGER.debug(">>> DUO <<< STATE RESUME: {}", duoState);
 
         // Retrieve the deferred authenticaiton attempt
         DuoAuthenticationSession duoSession = duoSessionManager.resume(duoState);
+        if (duoSession == null)
+            throw new GuacamoleServerException("Failed to resume Duo authentication session.");
 
         // Get the token from the DuoClient using the code and username, and check status
         Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, duoSession.getUsername());