mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-06 04:09:40 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix the account resolver middleware

Browse Source
This commit is contained in:
David Christofas
2021-09-29 10:19:12 +02:00
parent f36017f188
commit 04a8ef7c35
2 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
proxy/pkg/middleware/account_resolver.go
View File

@@ -42,7 +42,7 @@ type accountResolver struct {
func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
ctx := req.Context()
claims := oidc.FromContext(ctx)
u, ok := revactx.ContextGetUser(ctx)
user, ok := revactx.ContextGetUser(ctx)
token := ""
// TODO what if an X-Access-Token is set? happens eg for download requests to the /data endpoint in the reva frontend
@@ -51,7 +51,7 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
return
}
if u == nil && claims != nil {
if user == nil && claims != nil {
var err error
var value string
@@ -62,7 +62,7 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
return
}
u, token, err = m.userProvider.GetUserByClaims(req.Context(), m.userCS3Claim, value, true)
user, token, err = m.userProvider.GetUserByClaims(req.Context(), m.userCS3Claim, value, true)
if errors.Is(err, backend.ErrAccountNotFound) {
m.logger.Debug().Str("claim", m.userOIDCClaim).Str("value", value).Msg("User by claim not found")
@@ -72,7 +72,7 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
return
}
m.logger.Debug().Interface("claims", claims).Msg("Autoprovisioning user")
u, err = m.userProvider.CreateUserFromClaims(req.Context(), claims)
user, err = m.userProvider.CreateUserFromClaims(req.Context(), claims)
// TODO instead of creating an account create a personal storage via the CS3 admin api?
// see https://cs3org.github.io/cs3apis/#cs3.admin.user.v1beta1.CreateUserRequest
}
@@ -90,10 +90,25 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
}
// add user to context for selectors
ctx = revactx.ContextSetUser(ctx, u)
ctx = revactx.ContextSetUser(ctx, user)
req = req.WithContext(ctx)
m.logger.Debug().Interface("claims", claims).Interface("user", u).Msg("associated claims with user")
m.logger.Debug().Interface("claims", claims).Interface("user", user).Msg("associated claims with user")
} else if user != nil {
var err error
_, token, err = m.userProvider.GetUserByClaims(req.Context(), "username", user.Username, true)
if errors.Is(err, backend.ErrAccountDisabled) {
m.logger.Debug().Interface("user", user).Msg("Disabled")
w.WriteHeader(http.StatusUnauthorized)
return
}
if err != nil {
m.logger.Error().Err(err).Msg("Could not get user by claim")
w.WriteHeader(http.StatusInternalServerError)
return
}
}
req.Header.Set(revactx.TokenHeader, token)