From ad1fc6d34ff2d806f5b598fa4d0b42ec78fcb9d9 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Thu, 14 Nov 2024 11:55:58 +0100
Subject: [PATCH] fix(ocm): Adjust for recend change for federated user IDs

The UserIds as returned by e.g. GetAcceptedUser do already contain
the provider domain in the IDP field now.

Also adjust the provider domain in the OCM config to be really a domain
without URI scheme and path.
---
 changelog/unreleased/fix-ocm-external-idp.md |  7 +++++++
 services/graph/pkg/identity/backend.go       |  7 -------
 services/ocm/pkg/revaconfig/config.go        | 20 +++++++++++++++++---
 3 files changed, 24 insertions(+), 10 deletions(-)
 create mode 100644 changelog/unreleased/fix-ocm-external-idp.md

diff --git a/changelog/unreleased/fix-ocm-external-idp.md b/changelog/unreleased/fix-ocm-external-idp.md
new file mode 100644
index 00000000000..c26aea5b1a0
--- /dev/null
+++ b/changelog/unreleased/fix-ocm-external-idp.md
@@ -0,0 +1,7 @@
+Bugfix: Fix federated sharing when using an external IDP
+
+We fixed a bug that caused federated sharing to fail, when the
+federated oCIS instances where sharing the same external IDP.
+
+https://github.com/owncloud/ocis/pull/1xxxx
+https://github.com/cs3org/reva/pull/4933
diff --git a/services/graph/pkg/identity/backend.go b/services/graph/pkg/identity/backend.go
index 8f3d09686c3..976f97d5ce2 100644
--- a/services/graph/pkg/identity/backend.go
+++ b/services/graph/pkg/identity/backend.go
@@ -8,7 +8,6 @@ import (
 	"github.com/CiscoM31/godata"
 	cs3group "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
 	cs3user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	ocmuser "github.com/cs3org/reva/v2/pkg/ocm/user"
 	libregraph "github.com/owncloud/libre-graph-api-go"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/errorcode"
 )
@@ -134,12 +133,6 @@ func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User {
 		OnPremisesSamAccountName: u.GetUsername(),
 		Id:                       &u.GetId().OpaqueId,
 	}
-	// decode the remote id if the user is federated
-	if u.GetId().GetType() == cs3user.UserType_USER_TYPE_FEDERATED {
-		remoteID := ocmuser.RemoteID(u.GetId())
-		user.Identities[0].Issuer = &remoteID.Idp
-		user.Identities[0].IssuerAssignedId = &remoteID.OpaqueId
-	}
 	return user
 }
 
diff --git a/services/ocm/pkg/revaconfig/config.go b/services/ocm/pkg/revaconfig/config.go
index 601cfc3bb81..9a33ce13c5f 100644
--- a/services/ocm/pkg/revaconfig/config.go
+++ b/services/ocm/pkg/revaconfig/config.go
@@ -2,6 +2,7 @@ package revaconfig
 
 import (
 	"math"
+	"net/url"
 
 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
 	"github.com/owncloud/ocis/v2/services/ocm/pkg/config"
@@ -9,6 +10,19 @@ import (
 
 // OCMConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
 func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]interface{} {
+
+	// Construct the ocm provider domain from the oCIS URL
+	providerDomain := ""
+	u, err := url.Parse(cfg.Commons.OcisURL)
+	switch {
+	case err != nil:
+		logger.Error().Err(err).Msg("could not parse oCIS URL")
+	case u.Host == "":
+		logger.Error().Msg("oCIS URL has no host")
+	default:
+		providerDomain = u.Host
+	}
+
 	return map[string]interface{}{
 		"shared": map[string]interface{}{
 			"jwt_secret":          cfg.TokenManager.JWTSecret,
@@ -59,7 +73,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 					"smtp_credentials":   map[string]string{},
 					"gatewaysvc":         cfg.Reva.Address,
 					"mesh_directory_url": cfg.ScienceMesh.MeshDirectoryURL,
-					"provider_domain":    cfg.Commons.OcisURL,
+					"provider_domain":    providerDomain,
 					"events": map[string]interface{}{
 						"natsaddress":          cfg.Events.Endpoint,
 						"natsclusterid":        cfg.Events.Cluster,
@@ -121,7 +135,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 							"file": cfg.OCMInviteManager.Drivers.JSON.File,
 						},
 					},
-					"provider_domain":  cfg.Commons.OcisURL,
+					"provider_domain":  providerDomain,
 					"token_expiration": cfg.OCMInviteManager.TokenExpiration.String(),
 					"ocm_timeout":      int(math.Round(cfg.OCMInviteManager.Timeout.Seconds())),
 					"ocm_insecure":     cfg.OCMInviteManager.Insecure,
@@ -142,7 +156,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 						},
 					},
 					"gatewaysvc":      cfg.Reva.Address,
-					"provider_domain": cfg.Commons.OcisURL,
+					"provider_domain": providerDomain,
 					"webdav_endpoint": cfg.Commons.OcisURL,
 					"webapp_template": cfg.OCMShareProvider.WebappTemplate,
 					"client_insecure": cfg.OCMShareProvider.Insecure,