public ModeledUserContext getUserContext()

in extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java [93:160]

• 38 lines of code
• 13 McCabe index (conditional complexity)

    public ModeledUserContext getUserContext(AuthenticationProvider authenticationProvider,
            AuthenticatedUser authenticatedUser) throws GuacamoleException {

        // Always allow but provide no data for users authenticated via our own
        // connection sharing links
        if (authenticatedUser instanceof SharedAuthenticatedUser)
            return null;

        // Set semantic flags based on context
        boolean databaseCredentialsUsed = (authenticatedUser instanceof ModeledAuthenticatedUser);
        boolean databaseRestrictionsApplicable = (databaseCredentialsUsed || environment.isUserRequired());

        // Retrieve user account for already-authenticated user
        ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser);
        ModeledUserContext context = userContextProvider.get();
        if (user != null && !user.isDisabled()) {

            // Enforce applicable account restrictions
            if (databaseRestrictionsApplicable) {

                // Verify user account is still valid as of today
                if (!user.isAccountValid())
                    throw new TranslatableGuacamoleClientException("User "
                            + "account is no longer valid.",
                            "LOGIN.ERROR_NOT_VALID");

                // Verify user account is allowed to be used at the current time
                if (!user.isAccountAccessible())
                    throw new TranslatableGuacamoleClientException("User "
                            + "account may not be used at this time.",
                            "LOGIN.ERROR_NOT_ACCESSIBLE");

            }

            // Update password if password is expired AND the password was
            // actually involved in the authentication process
            if (databaseCredentialsUsed) {
                if (user.isExpired() || passwordPolicyService.isPasswordExpired(user))
                    userService.resetExpiredPassword(user, authenticatedUser.getCredentials());
            }

        }

        // If no user account is found, and database-specific account
        // restrictions do not apply, get a skeleton user.
        else if (!databaseRestrictionsApplicable) {
            user = userService.retrieveSkeletonUser(authenticationProvider, authenticatedUser);

            // If auto account creation is enabled, add user to DB.
            if (environment.autoCreateAbsentAccounts()) {
                ModeledUser createdUser = userService.createObject(new PrivilegedModeledAuthenticatedUser(user.getCurrentUser()), user);
                user.setModel(createdUser.getModel());
            }

        }

        // Veto authentication result only if database-specific account
        // restrictions apply in this situation
        else
            throw new GuacamoleInvalidCredentialsException("Invalid login",
                    CredentialsInfo.USERNAME_PASSWORD);

        // Initialize the UserContext with the user account and return it.
        context.init(user.getCurrentUser());
        context.recordUserLogin();
        return context;

    }