Skip to content

Commit

Permalink
[tests-only] Merge master into edge (#2435)
Browse files Browse the repository at this point in the history
* [Build-deps] Additional rules for CODEOWNERS (#2323)

* Remove share refs from trashbin (#2298)

* Public link propfind (#2315)

* fix public share type in propfinds (#2316)

* Bump core commit id for tests (#2331)

* Revert "Fix content disposition (#2303)" (#2332)

This reverts commit 3cba223.

* [Build-deps]: Bump github.com/gomodule/redigo from 1.8.5 to 1.8.6 (#2326)

* [Build-deps]: Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 (#2324)

* [Build-deps]: Bump github.com/aws/aws-sdk-go from 1.42.9 to 1.42.19 (#2325)

* fix app provider new file action and improve app provider error codes (#2210)

* Parse URL path to determine file name (#2346)

* v1.17.0

* handle non existent spaces gracefully (#2354)

* Bump core commit id for tests (#2365)

* [Build-deps]: Bump github.com/minio/minio-go/v7 from 7.0.16 to 7.0.18 (#2363)

* [Build-deps]: Bump github.com/ReneKroon/ttlcache/v2 from 2.9.0 to 2.10.0 (#2358)

* [Build-deps]: Bump go.opentelemetry.io/otel/exporters/jaeger (#2362)

* fix tests by pointing to the right owncloud/core commit id for tests (#2375)

* add new file capabilties to ocs for the app provider (#2379)

* Remove test from expected to fail and bump commit id (#2380)

* add .drone.env to CODEOWNERS as it is part of the test files (#2378)

* fix webdav copy for zero byte files (#2374)

* Implement touch file (#2369)

* implement cs3org/cs3apis#154

* use TouchFile for the app provider

* add changelog and comments

* revert use TouchFile in app provider

* fix resource typo

Co-authored-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>

Co-authored-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>

* Dummy implementation of the Lock CS3APIs (#2350)

* allow new file create with app provider on public links (#2385)

* Bump core commit id and use core master for tests (#2391)

* Add product to ocs Version struct (#2397)

The web ui will announce the backend version in the javascript console
and is supposed to include the product name as well. The version seems
to be a good location for the product field as it already includes the
software edition as well.

* bump core commit id for tests (#2404)

* [Build-deps]: Bump github.com/mattn/go-sqlite3 from 1.14.9 to 1.14.10 (#2409)

* [Build-deps]: Bump github.com/minio/minio-go/v7 from 7.0.18 to 7.0.20 (#2408)

* [Build-deps]: Bump github.com/rs/cors from 1.8.0 to 1.8.2 (#2399)

* [Build-deps]: Bump github.com/ReneKroon/ttlcache/v2 (#2387)

* [Build-deps]: Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#2359)

* [tests-only] format .drone.star (#2411)

* update tus/tusd to version 1.8.0 (#2393)

* Fixes for apps in public shares, project spaces for EOS driver (#2371)

* [Build-deps]: Bump github.com/aws/aws-sdk-go from 1.42.19 to 1.42.27 (#2414)

* [Build-deps]: Bump github.com/rs/zerolog from 1.26.0 to 1.26.1 (#2388)

* update owncloud core commit id (#2418)

* [Build-deps]: Bump github.com/mattn/go-sqlite3 (#2425)

* [Build-deps]: Bump github.com/gomodule/redigo from 1.8.6 to 1.8.8 (#2426)

* OIDC and WOPI changes for lightweight users (#2278)

* don't create references in gateway

Signed-off-by: jkoberg <jkoberg@owncloud.com>

* don't run virtual views testsuite

Signed-off-by: jkoberg <jkoberg@owncloud.com>

* bring back token scope expanding

Signed-off-by: jkoberg <jkoberg@owncloud.com>

Co-authored-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
Co-authored-by: Gianmaria Del Monte <39946305+gmgigi96@users.noreply.github.com>
Co-authored-by: David Christofas <dchristofas@owncloud.com>
Co-authored-by: Swikriti Tripathi <41103328+SwikritiT@users.noreply.github.com>
Co-authored-by: Ishank Arora <ishank011@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Willy Kloucek <34452982+wkloucek@users.noreply.github.com>
Co-authored-by: Michael Barz <mbarz@owncloud.com>
Co-authored-by: Phil Davis <phil@jankaritech.com>
Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz>
Co-authored-by: Saw-jan Gurung <saw.jan.grg3e@gmail.com>
Co-authored-by: PKiran <39373750+kiranparajuli589@users.noreply.github.com>
  • Loading branch information
13 people authored and butonic committed Feb 14, 2022
1 parent 6b8e690 commit 626d28a
Show file tree
Hide file tree
Showing 16 changed files with 250 additions and 62 deletions.
3 changes: 3 additions & 0 deletions changelog/unreleased/oidc-lw-users.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Enhancement: OIDC driver changes for lightweight users

https://github.com/cs3org/reva/pull/2278
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ require (
github.com/go-sql-driver/mysql v1.6.0
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang/protobuf v1.5.2
github.com/gomodule/redigo v1.8.6
github.com/gomodule/redigo v1.8.8
github.com/google/go-cmp v0.5.6
github.com/google/go-github v17.0.0+incompatible
github.com/google/go-querystring v1.1.0 // indirect
Expand All @@ -39,7 +39,7 @@ require (
github.com/imdario/mergo v0.3.12 // indirect
github.com/jedib0t/go-pretty v4.3.0+incompatible
github.com/juliangruber/go-intersect v1.1.0
github.com/mattn/go-sqlite3 v1.14.10
github.com/mattn/go-sqlite3 v2.0.3+incompatible
github.com/mileusna/useragent v1.0.2
github.com/minio/minio-go/v7 v7.0.20
github.com/mitchellh/copystructure v1.2.0 // indirect
Expand Down
10 changes: 4 additions & 6 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -345,8 +345,8 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/gomodule/redigo v1.8.6 h1:h7kHSqUl2kxeaQtVslsfUCPJ1oz2pxcyzLy4zezIzPw=
github.com/gomodule/redigo v1.8.6/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=
github.com/gomodule/redigo v1.8.8 h1:f6cXq6RRfiyrOJEV7p3JhLDlmawGBVBBP1MggY8Mo4E=
github.com/gomodule/redigo v1.8.8/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
Expand Down Expand Up @@ -504,8 +504,8 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-sqlite3 v1.14.10 h1:MLn+5bFRlWMGoSRmJour3CL1w/qL96mvipqpwQW/Sfk=
github.com/mattn/go-sqlite3 v1.14.10/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-tty v0.0.3 h1:5OfyWorkyO7xP52Mq7tB36ajHDG5OHrmBGIS/DtakQI=
github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
Expand Down Expand Up @@ -664,8 +664,6 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/studio-b12/gowebdav v0.0.0-20210917133250-a3a86976a1df h1:C+J/LwTqP8gRPt1MdSzBNZP0OYuDm5wsmDKgwpLjYzo=
github.com/studio-b12/gowebdav v0.0.0-20210917133250-a3a86976a1df/go.mod h1:gCcfDlA1Y7GqOaeEKw5l9dOGx1VLdc/HuQSlQAaZ30s=
github.com/studio-b12/gowebdav v0.0.0-20211109083228-3f8721cd4b6f h1:L2NE7BXnSlSLoNYZ0lCwZDjdnYjCNYC71k9ClZUTFTs=
github.com/studio-b12/gowebdav v0.0.0-20211109083228-3f8721cd4b6f/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE=
github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
Expand Down
3 changes: 3 additions & 0 deletions internal/grpc/interceptors/auth/scope.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,9 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s
if utils.ResourceIDEqual(share.Share.ResourceId, ref.GetResourceId()) {
return nil
}
if ok, err := checkIfNestedResource(ctx, ref, share.Share.ResourceId, client, mgr); err == nil && ok {
return nil
}
}
} else if strings.HasPrefix(k, "publicshare") {
var share link.PublicShare
Expand Down
2 changes: 2 additions & 0 deletions internal/grpc/services/gateway/authprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,8 @@ func (s *svc) Authenticate(ctx context.Context, req *gateway.AuthenticateRequest
ctx = ctxpkg.ContextSetToken(ctx, token)
ctx = ctxpkg.ContextSetUser(ctx, res.User)
ctx = metadata.AppendToOutgoingContext(ctx, ctxpkg.TokenHeader, token)

// TODO(ishank011): Add a cache for these
scope, err := s.expandScopes(ctx, res.TokenScope)
if err != nil {
err = errors.Wrap(err, "authsvc: error expanding token scope")
Expand Down
74 changes: 39 additions & 35 deletions internal/grpc/services/gateway/storageprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ import (
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
registry "github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1"
typesv1beta1 "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"google.golang.org/grpc/codes"

"github.com/cs3org/reva/pkg/appctx"
ctxpkg "github.com/cs3org/reva/pkg/ctx"
Expand All @@ -46,6 +47,8 @@ import (
"github.com/cs3org/reva/pkg/utils"
"github.com/golang-jwt/jwt"
"github.com/pkg/errors"

gstatus "google.golang.org/grpc/status"
)

/* About caching
Expand Down Expand Up @@ -558,15 +561,16 @@ func (s *svc) TouchFile(ctx context.Context, req *provider.TouchFileRequest) (*p
c, _, err := s.find(ctx, req.Ref)
if err != nil {
return &provider.TouchFileResponse{
Status: status.NewStatusFromErrType(ctx, fmt.Sprintf("gateway could not find reference %+v", req.Ref), err),
Status: status.NewStatusFromErrType(ctx, "TouchFile ref="+req.Ref.String(), err),
}, nil
}

res, err := c.TouchFile(ctx, req)
if err != nil {
return &provider.TouchFileResponse{
Status: status.NewStatusFromErrType(ctx, "gateway could not call TouchFile", err),
}, nil
if gstatus.Code(err) == codes.PermissionDenied {
return &provider.TouchFileResponse{Status: &rpc.Status{Code: rpc.Code_CODE_PERMISSION_DENIED}}, nil
}
return nil, errors.Wrap(err, "gateway: error calling TouchFile")
}

return res, nil
Expand Down Expand Up @@ -651,9 +655,10 @@ func (s *svc) SetArbitraryMetadata(ctx context.Context, req *provider.SetArbitra

res, err := c.SetArbitraryMetadata(ctx, req)
if err != nil {
return &provider.SetArbitraryMetadataResponse{
Status: status.NewStatusFromErrType(ctx, "gateway could not call SetArbitraryMetadata", err),
}, nil
if gstatus.Code(err) == codes.PermissionDenied {
return &provider.SetArbitraryMetadataResponse{Status: &rpc.Status{Code: rpc.Code_CODE_PERMISSION_DENIED}}, nil
}
return nil, errors.Wrap(err, "gateway: error calling SetArbitraryMetadata")
}

s.cache.RemoveStat(ctxpkg.ContextMustGetUser(ctx), req.Ref.ResourceId)
Expand All @@ -673,12 +678,13 @@ func (s *svc) UnsetArbitraryMetadata(ctx context.Context, req *provider.UnsetArb

res, err := c.UnsetArbitraryMetadata(ctx, req)
if err != nil {
return &provider.UnsetArbitraryMetadataResponse{
Status: status.NewStatusFromErrType(ctx, "gateway could not call UnsetArbitraryMetadata", err),
}, nil
if gstatus.Code(err) == codes.PermissionDenied {
return &provider.UnsetArbitraryMetadataResponse{Status: &rpc.Status{Code: rpc.Code_CODE_PERMISSION_DENIED}}, nil
}
return nil, errors.Wrap(err, "gateway: error calling UnsetArbitraryMetadata")
}

s.cache.RemoveStat(ctxpkg.ContextMustGetUser(ctx), req.Ref.ResourceId)

return res, nil
}

Expand All @@ -695,72 +701,70 @@ func (s *svc) SetLock(ctx context.Context, req *provider.SetLockRequest) (*provi

res, err := c.SetLock(ctx, req)
if err != nil {
return &provider.SetLockResponse{
Status: status.NewStatusFromErrType(ctx, "gateway could not call SetLock", err),
}, nil
if gstatus.Code(err) == codes.PermissionDenied {
return &provider.SetLockResponse{Status: &rpc.Status{Code: rpc.Code_CODE_PERMISSION_DENIED}}, nil
}
return nil, errors.Wrap(err, "gateway: error calling SetLock")
}

return res, nil
}

// GetLock returns an existing lock on the given reference
func (s *svc) GetLock(ctx context.Context, req *provider.GetLockRequest) (*provider.GetLockResponse, error) {
var c provider.ProviderAPIClient
var err error
c, _, req.Ref, err = s.findAndUnwrap(ctx, req.Ref)
c, _, err := s.find(ctx, req.Ref)
if err != nil {
return &provider.GetLockResponse{
Status: status.NewStatusFromErrType(ctx, fmt.Sprintf("gateway could not find space for ref=%+v", req.Ref), err),
Status: status.NewStatusFromErrType(ctx, "GetLock ref="+req.Ref.String(), err),
}, nil
}

res, err := c.GetLock(ctx, req)
if err != nil {
return &provider.GetLockResponse{
Status: status.NewStatusFromErrType(ctx, "gateway could not call GetLock", err),
}, nil
if gstatus.Code(err) == codes.PermissionDenied {
return &provider.GetLockResponse{Status: &rpc.Status{Code: rpc.Code_CODE_PERMISSION_DENIED}}, nil
}
return nil, errors.Wrap(err, "gateway: error calling GetLock")
}

return res, nil
}

// RefreshLock refreshes an existing lock on the given reference
func (s *svc) RefreshLock(ctx context.Context, req *provider.RefreshLockRequest) (*provider.RefreshLockResponse, error) {
var c provider.ProviderAPIClient
var err error
c, _, req.Ref, err = s.findAndUnwrap(ctx, req.Ref)
c, _, err := s.find(ctx, req.Ref)
if err != nil {
return &provider.RefreshLockResponse{
Status: status.NewStatusFromErrType(ctx, fmt.Sprintf("gateway could not find space for ref=%+v", req.Ref), err),
Status: status.NewStatusFromErrType(ctx, "RefreshLock ref="+req.Ref.String(), err),
}, nil
}

res, err := c.RefreshLock(ctx, req)
if err != nil {
return &provider.RefreshLockResponse{
Status: status.NewStatusFromErrType(ctx, "gateway could not call RefreshLock", err),
}, nil
if gstatus.Code(err) == codes.PermissionDenied {
return &provider.RefreshLockResponse{Status: &rpc.Status{Code: rpc.Code_CODE_PERMISSION_DENIED}}, nil
}
return nil, errors.Wrap(err, "gateway: error calling RefreshLock")
}

return res, nil
}

// Unlock removes an existing lock from the given reference
func (s *svc) Unlock(ctx context.Context, req *provider.UnlockRequest) (*provider.UnlockResponse, error) {
var c provider.ProviderAPIClient
var err error
c, _, req.Ref, err = s.findAndUnwrap(ctx, req.Ref)
c, _, err := s.find(ctx, req.Ref)
if err != nil {
return &provider.UnlockResponse{
Status: status.NewStatusFromErrType(ctx, fmt.Sprintf("gateway could not find space for ref=%+v", req.Ref), err),
Status: status.NewStatusFromErrType(ctx, "Unlock ref="+req.Ref.String(), err),
}, nil
}

res, err := c.Unlock(ctx, req)
if err != nil {
return &provider.UnlockResponse{
Status: status.NewStatusFromErrType(ctx, "gateway could not call Unlock", err),
}, nil
if gstatus.Code(err) == codes.PermissionDenied {
return &provider.UnlockResponse{Status: &rpc.Status{Code: rpc.Code_CODE_PERMISSION_DENIED}}, nil
}
return nil, errors.Wrap(err, "gateway: error calling Unlock")
}

return res, nil
Expand Down
55 changes: 51 additions & 4 deletions internal/grpc/services/gateway/usershareprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,17 @@ import (
"context"
"path"

ctxpkg "github.com/cs3org/reva/pkg/ctx"
rtrace "github.com/cs3org/reva/pkg/trace"

rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
typesv1beta1 "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/pkg/appctx"
ctxpkg "github.com/cs3org/reva/pkg/ctx"
"github.com/cs3org/reva/pkg/errtypes"
"github.com/cs3org/reva/pkg/rgrpc/status"
"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
"github.com/cs3org/reva/pkg/storage/utils/grants"
rtrace "github.com/cs3org/reva/pkg/trace"
"github.com/pkg/errors"
)

Expand Down Expand Up @@ -327,8 +326,56 @@ func (s *svc) UpdateReceivedShare(ctx context.Context, req *collaboration.Update

s.cache.RemoveStat(ctxpkg.ContextMustGetUser(ctx), req.Share.Share.ResourceId)
return c.UpdateReceivedShare(ctx, req)
}
/*
TODO: Leftover from master merge. Do we need this?
if err != nil {
appctx.GetLogger(ctx).
Err(err).
Msg("UpdateReceivedShare: failed to get user share provider")
return &collaboration.UpdateReceivedShareResponse{
Status: status.NewInternal(ctx, "error getting share provider client"),
}, nil
}
// check if we have a resource id in the update response that we can use to update references
if res.GetShare().GetShare().GetResourceId() == nil {
log.Err(err).Msg("gateway: UpdateReceivedShare must return a ResourceId")
return &collaboration.UpdateReceivedShareResponse{
Status: &rpc.Status{
Code: rpc.Code_CODE_INTERNAL,
},
}, nil
}
// properties are updated in the order they appear in the field mask
// when an error occurs the request ends and no further fields are updated
for i := range req.UpdateMask.Paths {
switch req.UpdateMask.Paths[i] {
case "state":
switch req.GetShare().GetState() {
case collaboration.ShareState_SHARE_STATE_ACCEPTED:
rpcStatus := s.createReference(ctx, res.GetShare().GetShare().GetResourceId())
if rpcStatus.Code != rpc.Code_CODE_OK {
return &collaboration.UpdateReceivedShareResponse{Status: rpcStatus}, nil
}
case collaboration.ShareState_SHARE_STATE_REJECTED:
rpcStatus := s.removeReference(ctx, res.GetShare().GetShare().ResourceId)
if rpcStatus.Code != rpc.Code_CODE_OK && rpcStatus.Code != rpc.Code_CODE_NOT_FOUND {
return &collaboration.UpdateReceivedShareResponse{Status: rpcStatus}, nil
}
}
case "mount_point":
// TODO(labkode): implementing updating mount point
err = errtypes.NotSupported("gateway: update of mount point is not yet implemented")
return &collaboration.UpdateReceivedShareResponse{
Status: status.NewUnimplemented(ctx, err, "error updating received share"),
}, nil
default:
return nil, errtypes.NotSupported("updating " + req.UpdateMask.Paths[i] + " is not supported")
}
}
return res, nil
*/
}
func (s *svc) removeReference(ctx context.Context, resourceID *provider.ResourceId) *rpc.Status {
log := appctx.GetLogger(ctx)

Expand Down
6 changes: 6 additions & 0 deletions pkg/app/provider/wopi/wopi.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ import (
"github.com/beevik/etree"
appprovider "github.com/cs3org/go-cs3apis/cs3/app/provider/v1beta1"
appregistry "github.com/cs3org/go-cs3apis/cs3/app/registry/v1beta1"
userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
"github.com/cs3org/reva/pkg/app"
"github.com/cs3org/reva/pkg/app/provider/registry"
Expand Down Expand Up @@ -139,6 +140,11 @@ func (p *wopiProvider) GetAppURL(ctx context.Context, resource *provider.Resourc

u, ok := ctxpkg.ContextGetUser(ctx)
if ok { // else defaults to "Guest xyz"
if u.Id.Type == userpb.UserType_USER_TYPE_LIGHTWEIGHT {
q.Add("userid", resource.Owner.OpaqueId+"@"+resource.Owner.Idp)
} else {
q.Add("userid", u.Id.OpaqueId+"@"+u.Id.Idp)
}
var isPublicShare bool
if u.Opaque != nil {
if _, ok := u.Opaque.Map["public-share-role"]; ok {
Expand Down
23 changes: 22 additions & 1 deletion pkg/auth/manager/oidc/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ package oidc
import (
"context"
"fmt"
"strings"
"time"

oidc "github.com/coreos/go-oidc"
Expand Down Expand Up @@ -130,6 +131,12 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
if claims["email_verified"] == nil { // This is not set in simplesamlphp
claims["email_verified"] = false
}
if claims["preferred_username"] == nil {
claims["preferred_username"] = claims[am.c.IDClaim]
}
if claims["name"] == nil {
claims["name"] = claims[am.c.IDClaim]
}

if claims["email"] == nil {
return nil, nil, fmt.Errorf("no \"email\" attribute found in userinfo: maybe the client did not request the oidc \"email\"-scope")
Expand Down Expand Up @@ -158,7 +165,7 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
userID := &user.UserId{
OpaqueId: claims[am.c.IDClaim].(string), // a stable non reassignable id
Idp: claims["issuer"].(string), // in the scope of this issuer
Type: user.UserType_USER_TYPE_PRIMARY,
Type: getUserType(claims[am.c.IDClaim].(string)),
}
gwc, err := pool.GetGatewayServiceClient(am.c.GatewaySvc)
if err != nil {
Expand Down Expand Up @@ -236,3 +243,17 @@ func (am *mgr) getOIDCProvider(ctx context.Context) (*oidc.Provider, error) {
am.provider = provider
return am.provider, nil
}

func getUserType(upn string) user.UserType {
var t user.UserType
switch {
case strings.HasPrefix(upn, "guest"):
t = user.UserType_USER_TYPE_LIGHTWEIGHT
case strings.Contains(upn, "@"):
t = user.UserType_USER_TYPE_FEDERATED
default:
t = user.UserType_USER_TYPE_PRIMARY
}
return t

}
Loading

0 comments on commit 626d28a

Please sign in to comment.