use on_premises_sam_account_name property of accounts and groups

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
owncloud · Jul 9, 2020 · 19716c3 · 19716c3
1 parent 503e7c5
commit 19716c3
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/changelog/unreleased/user-and-group-name-mapping b/changelog/unreleased/user-and-group-name-mapping
@@ -0,0 +1,6 @@
+Change: mint on_premises_sam_account_name property of accounts and groups in the reva token
+
+An accounts username is now taken from the on_premises_sam_account_name property instead of the preferred_name.
+Furthermore the group name (also from on_premises_sam_account_name property) is now minted into the token as well.
+
+https://github.com/owncloud/ocis-proxy/pull/62
diff --git a/pkg/middleware/account_uuid.go b/pkg/middleware/account_uuid.go
@@ -65,10 +65,11 @@ func createAccount(l log.Logger, claims *oidc.StandardClaims, ac acc.AccountsSer
 	// TODO check if fields are missing.
 	req := &acc.CreateAccountRequest{
 		Account: &acc.Account{
-			DisplayName:   claims.DisplayName,
-			PreferredName: claims.PreferredUsername,
-			Mail:          claims.Email,
-			CreationType:  "LocalAccount",
+			DisplayName:              claims.DisplayName,
+			PreferredName:            claims.PreferredUsername,
+			OnPremisesSamAccountName: claims.PreferredUsername,
+			Mail:                     claims.Email,
+			CreationType:             "LocalAccount",
 		},
 	}
 	created, err := ac.CreateAccount(context.Background(), req)
@@ -125,16 +126,22 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler {
 				return
 			}
 
+			groups := make([]string, len(account.MemberOf))
+			for i := range account.MemberOf {
+				// reva needs the unix group name
+				groups[i] = account.MemberOf[i].OnPremisesSamAccountName
+			}
+
 			l.Debug().Interface("claims", claims).Interface("account", account).Msgf("Associated claims with uuid")
 			token, err := tokenManager.MintToken(r.Context(), &revauser.User{
 				Id: &revauser.UserId{
 					OpaqueId: account.Id,
 				},
-				Username:     account.PreferredName,
+				Username:     account.OnPremisesSamAccountName,
 				DisplayName:  account.DisplayName,
 				Mail:         account.Mail,
 				MailVerified: account.ExternalUserState == "" || account.ExternalUserState == "Accepted",
-				// TODO groups
+				Groups:       groups,
 			})
 
 			if err != nil {