Skip to content

Commit

Permalink
Use CS3 user object fields to store UID and GID
Browse files Browse the repository at this point in the history
  • Loading branch information
ishank011 committed Jun 16, 2021
1 parent 36971ea commit 6168ee7
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 90 deletions.
18 changes: 3 additions & 15 deletions accounts/pkg/storage/cs3.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,11 @@ import (
"net/http"
"path"
"path/filepath"
"strconv"
"strings"

user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
v1beta11 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
"github.com/cs3org/reva/pkg/token"
"github.com/cs3org/reva/pkg/token/manager/jwt"
Expand Down Expand Up @@ -299,19 +297,9 @@ func AuthenticateCS3(ctx context.Context, su config.ServiceUser, tm token.Manage
Id: &user.UserId{
OpaqueId: su.UUID,
},
Groups: []string{},
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": {
Decoder: "plain",
Value: []byte(strconv.FormatInt(su.UID, 10)),
},
"gid": {
Decoder: "plain",
Value: []byte(strconv.FormatInt(su.GID, 10)),
},
},
},
Groups: []string{},
UidNumber: su.UID,
GidNumber: su.GID,
}
s, err := scope.GetOwnerScope()
if err != nil {
Expand Down
13 changes: 3 additions & 10 deletions ocs/pkg/server/http/svc_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
"net/http/httptest"
"net/url"
"path/filepath"
"strconv"
"strings"
"testing"

Expand Down Expand Up @@ -643,23 +642,17 @@ func mintToken(ctx context.Context, su *User, roleIds []string) (token string, e
Id: &user.UserId{
OpaqueId: su.ID,
},
Groups: []string{},
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": {
Decoder: "plain",
Value: []byte(strconv.Itoa(su.UIDNumber)),
},
"gid": {
Decoder: "plain",
Value: []byte(strconv.Itoa(su.GIDNumber)),
},
"roles": {
Decoder: "json",
Value: roleIDsJSON,
},
},
},
Groups: []string{},
UidNumber: int64(su.UIDNumber),
GidNumber: int64(su.GIDNumber),
}
s, _ := scope.GetOwnerScope()
return tokenManager.MintToken(ctx, u, s)
Expand Down
50 changes: 6 additions & 44 deletions ocs/pkg/service/v0/users.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,9 @@ import (
"github.com/asim/go-micro/plugins/client/grpc/v3"
merrors "github.com/asim/go-micro/v3/errors"
gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
revauser "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
"github.com/cs3org/reva/pkg/token"
"github.com/cs3org/reva/pkg/token/manager/jwt"
Expand Down Expand Up @@ -53,14 +51,13 @@ func (o Ocs) GetSelf(w http.ResponseWriter, r *http.Request) {
// TODO(someone) this fix is in place because if the user backend (PROXY_ACCOUNT_BACKEND_TYPE) is set to, for instance,
// cs3, we cannot count with the accounts service.
if u != nil {
uid, gid := o.extractUIDAndGID(u)
d := &data.User{
UserID: u.Username,
DisplayName: u.DisplayName,
LegacyDisplayName: u.DisplayName,
Email: u.Mail,
UIDNumber: uid,
GIDNumber: gid,
UIDNumber: u.UidNumber,
GIDNumber: u.GidNumber,
}
mustNotFail(render.Render(w, r, response.DataRender(d)))
return
Expand Down Expand Up @@ -495,18 +492,8 @@ func (o Ocs) mintTokenForUser(ctx context.Context, account *accounts.Account) (s
Idp: o.config.IdentityManagement.Address,
},
Groups: []string{},
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": {
Decoder: "plain",
Value: []byte(strconv.FormatInt(account.UidNumber, 10)),
},
"gid": {
Decoder: "plain",
Value: []byte(strconv.FormatInt(account.GidNumber, 10)),
},
},
},
UidNumber: account.UidNumber,
GidNumber: account.GidNumber,
}
s, err := scope.GetOwnerScope()
if err != nil {
Expand Down Expand Up @@ -750,36 +737,11 @@ func (o Ocs) fetchAccountFromCS3Backend(ctx context.Context, name string) (*acco
if err != nil {
return nil, err
}
uid, gid := o.extractUIDAndGID(u)
return &accounts.Account{
OnPremisesSamAccountName: u.Username,
DisplayName: u.DisplayName,
Mail: u.Mail,
UidNumber: uid,
GidNumber: gid,
UidNumber: u.UidNumber,
GidNumber: u.GidNumber,
}, nil
}

func (o Ocs) extractUIDAndGID(u *cs3.User) (int64, int64) {
var uid, gid int64
var err error
if u.Opaque != nil && u.Opaque.Map != nil {
if uidObj, ok := u.Opaque.Map["uid"]; ok {
if uidObj.Decoder == "plain" {
uid, err = strconv.ParseInt(string(uidObj.Value), 10, 64)
if err != nil {
o.logger.Error().Err(err).Interface("user", u).Msg("could not extract uid for user")
}
}
}
if gidObj, ok := u.Opaque.Map["gid"]; ok {
if gidObj.Decoder == "plain" {
gid, err = strconv.ParseInt(string(gidObj.Value), 10, 64)
if err != nil {
o.logger.Error().Err(err).Interface("user", u).Msg("could not extract gid for user")
}
}
}
}
return uid, gid
}
4 changes: 2 additions & 2 deletions proxy/pkg/middleware/account_resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if u == nil && claims != nil {
var claim, value string
switch {
case claims.Email != "":
claim, value = "mail", claims.Email
case claims.PreferredUsername != "":
claim, value = "username", claims.PreferredUsername
case claims.Email != "":
claim, value = "mail", claims.Email
case claims.OcisID != "":
//claim, value = "id", claims.OcisID
default:
Expand Down
25 changes: 11 additions & 14 deletions proxy/pkg/user/backend/accounts.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"context"
"fmt"
"net/http"
"strconv"
"strings"

cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
Expand Down Expand Up @@ -140,18 +139,8 @@ func (a *accountsServiceBackend) accountToUser(account *accounts.Account) *cs3.U
Mail: account.Mail,
MailVerified: account.ExternalUserState == "" || account.ExternalUserState == "Accepted",
Groups: expandGroups(account),
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": {
Decoder: "plain",
Value: []byte(strconv.FormatInt(account.UidNumber, 10)),
},
"gid": {
Decoder: "plain",
Value: []byte(strconv.FormatInt(account.GidNumber, 10)),
},
},
},
UidNumber: account.UidNumber,
GidNumber: account.GidNumber,
}
return user
}
Expand Down Expand Up @@ -209,7 +198,15 @@ func injectRoles(ctx context.Context, u *cs3.User, ss settings.RoleService) erro
return err
}

u.Opaque.Map["roles"] = enc
if u.Opaque == nil {
u.Opaque = &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"roles": enc,
},
}
} else {
u.Opaque.Map["roles"] = enc
}

return nil
}
7 changes: 2 additions & 5 deletions proxy/pkg/user/backend/accounts_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -145,11 +145,8 @@ func assertUserMatchesAccount(t *testing.T, exp *accounts.Account, act *userv1be
assert.Equal(t, `["a","b"]`, string(act.Opaque.Map["roles"].GetValue()))

// UID/GID
assert.NotNil(t, act.Opaque.Map["uid"])
assert.Equal(t, "1", string(act.Opaque.Map["uid"].GetValue()))

assert.NotNil(t, act.Opaque.Map["gid"])
assert.Equal(t, "2", string(act.Opaque.Map["gid"].GetValue()))
assert.Equal(t, int64(1), act.UidNumber)
assert.Equal(t, int64(2), act.GidNumber)
}

func newAccountsBackend(mockAccounts []*accounts.Account, mockRoles []*settings.UserRoleAssignment) UserBackend {
Expand Down

0 comments on commit 6168ee7

Please sign in to comment.