diff --git a/accounts/pkg/storage/cs3.go b/accounts/pkg/storage/cs3.go index 6d2aef584ea..38fc41c4f34 100644 --- a/accounts/pkg/storage/cs3.go +++ b/accounts/pkg/storage/cs3.go @@ -10,13 +10,11 @@ import ( "net/http" "path" "path/filepath" - "strconv" "strings" user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" v1beta11 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" - types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/rgrpc/todo/pool" "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/token/manager/jwt" @@ -299,19 +297,9 @@ func AuthenticateCS3(ctx context.Context, su config.ServiceUser, tm token.Manage Id: &user.UserId{ OpaqueId: su.UUID, }, - Groups: []string{}, - Opaque: &types.Opaque{ - Map: map[string]*types.OpaqueEntry{ - "uid": { - Decoder: "plain", - Value: []byte(strconv.FormatInt(su.UID, 10)), - }, - "gid": { - Decoder: "plain", - Value: []byte(strconv.FormatInt(su.GID, 10)), - }, - }, - }, + Groups: []string{}, + UidNumber: su.UID, + GidNumber: su.GID, } s, err := scope.GetOwnerScope() if err != nil { diff --git a/ocs/pkg/server/http/svc_test.go b/ocs/pkg/server/http/svc_test.go index ff04f7f8a5b..d5a1f26033d 100644 --- a/ocs/pkg/server/http/svc_test.go +++ b/ocs/pkg/server/http/svc_test.go @@ -11,13 +11,11 @@ import ( "net/http/httptest" "net/url" "path/filepath" - "strconv" "strings" "testing" "github.com/asim/go-micro/v3/client" user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" - types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/auth/scope" "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/token/manager/jwt" @@ -643,23 +641,17 @@ func mintToken(ctx context.Context, su *User, roleIds []string) (token string, e Id: &user.UserId{ OpaqueId: su.ID, }, - Groups: []string{}, Opaque: &types.Opaque{ Map: map[string]*types.OpaqueEntry{ - "uid": { - Decoder: "plain", - Value: []byte(strconv.Itoa(su.UIDNumber)), - }, - "gid": { - Decoder: "plain", - Value: []byte(strconv.Itoa(su.GIDNumber)), - }, "roles": { Decoder: "json", Value: roleIDsJSON, }, }, }, + Groups: []string{}, + UidNumber: su.UIDNumber, + GidNumber: su.GIDNumber, } s, _ := scope.GetOwnerScope() return tokenManager.MintToken(ctx, u, s) diff --git a/ocs/pkg/service/v0/users.go b/ocs/pkg/service/v0/users.go index f8f7e5024ba..e87fe9da425 100644 --- a/ocs/pkg/service/v0/users.go +++ b/ocs/pkg/service/v0/users.go @@ -13,11 +13,9 @@ import ( "github.com/asim/go-micro/plugins/client/grpc/v3" merrors "github.com/asim/go-micro/v3/errors" gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" - cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" revauser "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" - types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/rgrpc/todo/pool" "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/token/manager/jwt" @@ -53,14 +51,13 @@ func (o Ocs) GetSelf(w http.ResponseWriter, r *http.Request) { // TODO(someone) this fix is in place because if the user backend (PROXY_ACCOUNT_BACKEND_TYPE) is set to, for instance, // cs3, we cannot count with the accounts service. if u != nil { - uid, gid := o.extractUIDAndGID(u) d := &data.User{ UserID: u.Username, DisplayName: u.DisplayName, LegacyDisplayName: u.DisplayName, Email: u.Mail, - UIDNumber: uid, - GIDNumber: gid, + UIDNumber: u.UidNumber, + GIDNumber: u.GidNumber, } mustNotFail(render.Render(w, r, response.DataRender(d))) return @@ -495,18 +492,8 @@ func (o Ocs) mintTokenForUser(ctx context.Context, account *accounts.Account) (s Idp: o.config.IdentityManagement.Address, }, Groups: []string{}, - Opaque: &types.Opaque{ - Map: map[string]*types.OpaqueEntry{ - "uid": { - Decoder: "plain", - Value: []byte(strconv.FormatInt(account.UidNumber, 10)), - }, - "gid": { - Decoder: "plain", - Value: []byte(strconv.FormatInt(account.GidNumber, 10)), - }, - }, - }, + UidNumber: account.UidNumber, + GidNumber: account.GidNumber, } s, err := scope.GetOwnerScope() if err != nil { @@ -750,36 +737,11 @@ func (o Ocs) fetchAccountFromCS3Backend(ctx context.Context, name string) (*acco if err != nil { return nil, err } - uid, gid := o.extractUIDAndGID(u) return &accounts.Account{ OnPremisesSamAccountName: u.Username, DisplayName: u.DisplayName, Mail: u.Mail, - UidNumber: uid, - GidNumber: gid, + UidNumber: u.UidNumber, + GidNumber: u.GidNumber, }, nil } - -func (o Ocs) extractUIDAndGID(u *cs3.User) (int64, int64) { - var uid, gid int64 - var err error - if u.Opaque != nil && u.Opaque.Map != nil { - if uidObj, ok := u.Opaque.Map["uid"]; ok { - if uidObj.Decoder == "plain" { - uid, err = strconv.ParseInt(string(uidObj.Value), 10, 64) - if err != nil { - o.logger.Error().Err(err).Interface("user", u).Msg("could not extract uid for user") - } - } - } - if gidObj, ok := u.Opaque.Map["gid"]; ok { - if gidObj.Decoder == "plain" { - gid, err = strconv.ParseInt(string(gidObj.Value), 10, 64) - if err != nil { - o.logger.Error().Err(err).Interface("user", u).Msg("could not extract gid for user") - } - } - } - } - return uid, gid -} diff --git a/proxy/pkg/middleware/account_resolver.go b/proxy/pkg/middleware/account_resolver.go index c9e5819fce5..6aa829c49a3 100644 --- a/proxy/pkg/middleware/account_resolver.go +++ b/proxy/pkg/middleware/account_resolver.go @@ -57,10 +57,10 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) { if u == nil && claims != nil { var claim, value string switch { - case claims.Email != "": - claim, value = "mail", claims.Email case claims.PreferredUsername != "": claim, value = "username", claims.PreferredUsername + case claims.Email != "": + claim, value = "mail", claims.Email case claims.OcisID != "": //claim, value = "id", claims.OcisID default: diff --git a/proxy/pkg/user/backend/accounts.go b/proxy/pkg/user/backend/accounts.go index 29ce07b6a75..98164688868 100644 --- a/proxy/pkg/user/backend/accounts.go +++ b/proxy/pkg/user/backend/accounts.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "net/http" - "strconv" "strings" cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" @@ -140,18 +139,8 @@ func (a *accountsServiceBackend) accountToUser(account *accounts.Account) *cs3.U Mail: account.Mail, MailVerified: account.ExternalUserState == "" || account.ExternalUserState == "Accepted", Groups: expandGroups(account), - Opaque: &types.Opaque{ - Map: map[string]*types.OpaqueEntry{ - "uid": { - Decoder: "plain", - Value: []byte(strconv.FormatInt(account.UidNumber, 10)), - }, - "gid": { - Decoder: "plain", - Value: []byte(strconv.FormatInt(account.GidNumber, 10)), - }, - }, - }, + UidNumber: account.UidNumber, + GidNumber: account.GidNumber, } return user } @@ -209,7 +198,15 @@ func injectRoles(ctx context.Context, u *cs3.User, ss settings.RoleService) erro return err } - u.Opaque.Map["roles"] = enc + if u.Opaque == nil { + u.Opaque = &types.Opaque{ + Map: map[string]*types.OpaqueEntry{ + "roles": enc, + }, + } + } else { + u.Opaque.Map["roles"] = enc + } return nil } diff --git a/proxy/pkg/user/backend/accounts_test.go b/proxy/pkg/user/backend/accounts_test.go index b518f8e54ed..11093d94a82 100644 --- a/proxy/pkg/user/backend/accounts_test.go +++ b/proxy/pkg/user/backend/accounts_test.go @@ -145,11 +145,8 @@ func assertUserMatchesAccount(t *testing.T, exp *accounts.Account, act *userv1be assert.Equal(t, `["a","b"]`, string(act.Opaque.Map["roles"].GetValue())) // UID/GID - assert.NotNil(t, act.Opaque.Map["uid"]) - assert.Equal(t, "1", string(act.Opaque.Map["uid"].GetValue())) - - assert.NotNil(t, act.Opaque.Map["gid"]) - assert.Equal(t, "2", string(act.Opaque.Map["gid"].GetValue())) + assert.Equal(t, int64(1), act.UidNumber) + assert.Equal(t, int64(2), act.GidNumber) } func newAccountsBackend(mockAccounts []*accounts.Account, mockRoles []*settings.UserRoleAssignment) UserBackend {