BackendService migration of backends #18245
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RobinMcCorkell
force-pushed
the
ext-backend-register.backends
branch
from
ef80049
to
58cd102
Compare
|
NOTE: The SFTP_Key backend unit test still exists here, but the class itself has been removed. It won't work. @MorrisJobke @szepeviktor @rnicoll feel free to push directly to here to fix that |
added 5 commits
August 13, 2015 13:47
Backends are registered to the BackendService through new data structures: Backends are concrete classes, deriving from \OCA\Files_External\Lib\Backend\Backend. During construction, the various configuration parameters of the Backend can be set, in a design similar to Symfony Console. DefinitionParameter stores a parameter configuration for an external storage: name of parameter, human-readable name, type of parameter (text, password, hidden, checkbox), flags (optional or not). Storages in the StoragesController now get their parameters validated server-side (fixes a TODO).
UserGlobalStoragesService reads the global storage configuration, cherry-picking storages applicable to a user. Writing storages through this service is forbidden, on punishment of throwing an exception. As UserGlobalStoragesService and UserStoragesService share a bit of code relating to users, that has been split into UserTrait. UserTrait also allows for the user set to be overridden, rather than using the user from IUserSession. Config\ConfigAdapter has been reworked to use UserStoragesService and UserGlobalStoragesService instead of OC_Mount_Config::getAbsoluteMountPoints(), further reducing dependance on that horrible static class.
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
Prior to this, the storage class name was stored in mount.json under the "class" parameter, and the auth mechanism class name under the "authMechanism" parameter. This decouples the class name from the identifier used to retrieve the backend or auth mechanism. Now, backends/auth mechanisms have a unique identifier, which is saved in the "backend" or "authMechanism" parameter in mount.json respectively. An identifier is considered unique for the object it references, but the underlying class may change (e.g. files_external gets pulled into core and namespaces are modified).
RobinMcCorkell
force-pushed
the
ext-backend-register.backends
branch
from
58cd102
to
91d54d5
Compare
added 4 commits
August 13, 2015 13:58
The following functions have been removed: - addMountPoint() - removeMountPoint() - movePersonalMountPoint() - getSystemMountPoints() - getUserMountPoints() registerBackend() has been rewritten as a shim around BackendService, allowing legacy code to interact with the new API seamlessly addMountPoint() was already disconnected from all production code, so this commit completes the job and removes the function itself, along with disconnecting and removing related functions. Unit tests have likewise been removed. getAbsoluteMountPoints() has been rewritten to use the StoragesServices
The same app container must be used in the settings templates as used in OC_Mount_Config, so that any registered backends are correctly seen
Failure to prepare the storage during backend or auth mechanism manipulation will throw an InsufficientDataForMeaningfulAnswerException, which is propagated to StorageNotAvailableException in the filesystem layer via the FailedStorage helper class. When a storage is unavailable not due to failure, but due to insufficient data being available, a special 'indeterminate' status is returned to the configuration UI.
Loading custom JS on a per-backend basis added needless complexity and made dealing with async required. Now all backends/auth mechanisms load custom JS in PHP
RobinMcCorkell
force-pushed
the
ext-backend-register.backends
branch
from
91d54d5
to
9a726e9
Compare
added 16 commits
August 14, 2015 12:34
Introduces the basic password authentication mechanism, along with a mechanism based on ownCloud credentials stored in the user session. Change to lib/private is an extension of PermissionsMask, as isSharable() override was missing. Session credentials auth mechanism now disables sharing on applied storages, as credentials will not be available.
…ing" This reverts commit 75a5e6e.
The Rackspace/OpenStack differences have been split into separate auth mechanisms, with correct legacy migration
SMB_OC has been merged with SMB, via the identifier aliases mechanism. Legacy migration is done to the Session Credentials password mechanism
The SFTP backend now supports public key authentication alongside password authentication.
phpseclib uses a default RSA key size of 1024, which will soon be insufficient for good security. This boosts the generated key size to 2048-bit.
RobinMcCorkell
force-pushed
the
ext-backend-register.backends
branch
from
9a726e9
to
f683a60
Compare
|
A new inspection was created. |
|
💣 Test FAILed. 💣 |
|
I'm going to close this, as I've decided to migrate storages in separate PRs to reduce regressions testing workload. |
This was referenced Aug 19, 2015
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Daughter PR to #15914, migrating all existing backends to the new API. Everything is nicely segregated into neat commits too, so it should be breeze to review.
cc @PVince81 @DeepDiver1975 @MorrisJobke @LukasReschke (especially for the session credentials mechanism) @icewind1991