improve service user authentication

Signed-off-by: jkoberg <jkoberg@owncloud.com>
cs3org · Aug 24, 2023 · 662ac1d · 662ac1d
1 parent ae3b406
commit 662ac1d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/pkg/auth/manager/serviceaccounts/serviceaccounts.go b/pkg/auth/manager/serviceaccounts/serviceaccounts.go
@@ -71,6 +71,7 @@ func (m *manager) Authenticate(ctx context.Context, userID string, secret string
 		Id: &userpb.UserId{
 			OpaqueId: userID,
 			Type:     userpb.UserType_USER_TYPE_SERVICE,
+			Idp:      "none",
 		},
 	}, scope, nil
 }
@@ -80,7 +81,6 @@ type inmemAuthenticator struct {
 }
 
 func (a *inmemAuthenticator) Authenticate(userID string, secret string) error {
-	// TODO: hash secrets
 	if a.m[userID] == secret {
 		return nil
 	}

diff --git a/pkg/utils/grpc.go b/pkg/utils/grpc.go
@@ -24,8 +24,8 @@ func GetUser(userID *user.UserId, gwc gateway.GatewayAPIClient) (*user.User, err
 	return getUserResponse.GetUser(), nil
 }
 
-// ImpersonateServiceUser impersonates the given user
-func ImpersonateServiceUser(serviceUserID string, gwc gateway.GatewayAPIClient, serviceUserSecret string) (context.Context, error) {
+// GetServiceUserContext returns an authenticated context of the given service user
+func GetServiceUserContext(serviceUserID string, gwc gateway.GatewayAPIClient, serviceUserSecret string) (context.Context, error) {
 	ctx := context.Background()
 	authRes, err := gwc.Authenticate(ctx, &gateway.AuthenticateRequest{
 		Type:         "serviceaccounts",
@@ -36,7 +36,7 @@ func ImpersonateServiceUser(serviceUserID string, gwc gateway.GatewayAPIClient,
 		return nil, err
 	}
 	if authRes.GetStatus().GetCode() != rpc.Code_CODE_OK {
-		return nil, fmt.Errorf("error impersonating user: %s", authRes.Status.Message)
+		return nil, fmt.Errorf("error authenticating service user: %s", authRes.Status.Message)
 	}
 
 	return metadata.AppendToOutgoingContext(ctx, revactx.TokenHeader, authRes.Token), nil