Merge pull request #1951 from ishank011/uid-gid-user-object

Use CS3 user object fields to store UID and GID
2026-02-17 19:08:36 -06:00 · 2021-06-25 10:06:14 +02:00
parent 4675c1442d 6168ee7095
commit 34e0877df7
6 changed files with 27 additions and 90 deletions
--- a/accounts/pkg/storage/cs3.go
+++ b/accounts/pkg/storage/cs3.go
@@ -9,7 +9,6 @@ import (
 	"net/http"
 	"path"
 	"path/filepath"
-	"strconv"
 	"strings"

 	"github.com/cs3org/reva/pkg/auth/scope"
@@ -17,7 +16,6 @@ import (
 	user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	v1beta11 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
 	"github.com/cs3org/reva/pkg/token"
 	"github.com/cs3org/reva/pkg/token/manager/jwt"
@@ -300,19 +298,9 @@ func AuthenticateCS3(ctx context.Context, su config.ServiceUser, tm token.Manage
 		Id: &user.UserId{
 			OpaqueId: su.UUID,
 		},
-		Groups: []string{},
-		Opaque: &types.Opaque{
-			Map: map[string]*types.OpaqueEntry{
-				"uid": {
-					Decoder: "plain",
-					Value:   []byte(strconv.FormatInt(su.UID, 10)),
-				},
-				"gid": {
-					Decoder: "plain",
-					Value:   []byte(strconv.FormatInt(su.GID, 10)),
-				},
-			},
-		},
+		Groups:    []string{},
+		UidNumber: su.UID,
+		GidNumber: su.GID,
 	}
 	s, err := scope.GetOwnerScope()
 	if err != nil {
--- a/ocs/pkg/server/http/svc_test.go
+++ b/ocs/pkg/server/http/svc_test.go
@@ -11,7 +11,6 @@ import (
 	"net/http/httptest"
 	"net/url"
 	"path/filepath"
-	"strconv"
 	"strings"
 	"testing"

@@ -643,23 +642,17 @@ func mintToken(ctx context.Context, su *User, roleIds []string) (token string, e
 		Id: &user.UserId{
 			OpaqueId: su.ID,
 		},
-		Groups: []string{},
 		Opaque: &types.Opaque{
 			Map: map[string]*types.OpaqueEntry{
-				"uid": {
-					Decoder: "plain",
-					Value:   []byte(strconv.Itoa(su.UIDNumber)),
-				},
-				"gid": {
-					Decoder: "plain",
-					Value:   []byte(strconv.Itoa(su.GIDNumber)),
-				},
 				"roles": {
 					Decoder: "json",
 					Value:   roleIDsJSON,
 				},
 			},
 		},
+		Groups: []string{},
+		UidNumber: int64(su.UIDNumber),
+		GidNumber: int64(su.GIDNumber),
 	}
 	s, _ := scope.GetOwnerScope()
 	return tokenManager.MintToken(ctx, u, s)
--- a/ocs/pkg/service/v0/users.go
+++ b/ocs/pkg/service/v0/users.go
@@ -14,11 +14,9 @@ import (
 	"github.com/asim/go-micro/plugins/client/grpc/v3"
 	merrors "github.com/asim/go-micro/v3/errors"
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
-	cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	revauser "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
 	"github.com/cs3org/reva/pkg/token"
 	"github.com/cs3org/reva/pkg/token/manager/jwt"
@@ -54,14 +52,13 @@ func (o Ocs) GetSelf(w http.ResponseWriter, r *http.Request) {
 		// TODO(someone) this fix is in place because if the user backend (PROXY_ACCOUNT_BACKEND_TYPE) is set to, for instance,
 		// cs3, we cannot count with the accounts service.
 		if u != nil {
-			uid, gid := o.extractUIDAndGID(u)
 			d := &data.User{
 				UserID:            u.Username,
 				DisplayName:       u.DisplayName,
 				LegacyDisplayName: u.DisplayName,
 				Email:             u.Mail,
-				UIDNumber:         uid,
-				GIDNumber:         gid,
+				UIDNumber:         u.UidNumber,
+				GIDNumber:         u.GidNumber,
 			}
 			mustNotFail(render.Render(w, r, response.DataRender(d)))
 			return
@@ -490,18 +487,8 @@ func (o Ocs) mintTokenForUser(ctx context.Context, account *accounts.Account) (s
 			Idp:      o.config.IdentityManagement.Address,
 		},
 		Groups: []string{},
-		Opaque: &types.Opaque{
-			Map: map[string]*types.OpaqueEntry{
-				"uid": {
-					Decoder: "plain",
-					Value:   []byte(strconv.FormatInt(account.UidNumber, 10)),
-				},
-				"gid": {
-					Decoder: "plain",
-					Value:   []byte(strconv.FormatInt(account.GidNumber, 10)),
-				},
-			},
-		},
+		UidNumber:                account.UidNumber,
+		GidNumber:                account.GidNumber,
 	}
 	s, err := scope.GetOwnerScope()
 	if err != nil {
@@ -745,36 +732,11 @@ func (o Ocs) fetchAccountFromCS3Backend(ctx context.Context, name string) (*acco
 	if err != nil {
 		return nil, err
 	}
-	uid, gid := o.extractUIDAndGID(u)
 	return &accounts.Account{
 		OnPremisesSamAccountName: u.Username,
 		DisplayName:              u.DisplayName,
 		Mail:                     u.Mail,
-		UidNumber:                uid,
-		GidNumber:                gid,
+		UidNumber:                u.UidNumber,
+		GidNumber:                u.GidNumber,
 	}, nil
 }
-
-func (o Ocs) extractUIDAndGID(u *cs3.User) (int64, int64) {
-	var uid, gid int64
-	var err error
-	if u.Opaque != nil && u.Opaque.Map != nil {
-		if uidObj, ok := u.Opaque.Map["uid"]; ok {
-			if uidObj.Decoder == "plain" {
-				uid, err = strconv.ParseInt(string(uidObj.Value), 10, 64)
-				if err != nil {
-					o.logger.Error().Err(err).Interface("user", u).Msg("could not extract uid for user")
-				}
-			}
-		}
-		if gidObj, ok := u.Opaque.Map["gid"]; ok {
-			if gidObj.Decoder == "plain" {
-				gid, err = strconv.ParseInt(string(gidObj.Value), 10, 64)
-				if err != nil {
-					o.logger.Error().Err(err).Interface("user", u).Msg("could not extract gid for user")
-				}
-			}
-		}
-	}
-	return uid, gid
-}
--- a/proxy/pkg/middleware/account_resolver.go
+++ b/proxy/pkg/middleware/account_resolver.go
@@ -57,10 +57,10 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	if u == nil && claims != nil {
 		var claim, value string
 		switch {
-		case claims.Email != "":
-			claim, value = "mail", claims.Email
 		case claims.PreferredUsername != "":
 			claim, value = "username", claims.PreferredUsername
+		case claims.Email != "":
+			claim, value = "mail", claims.Email
 		case claims.OcisID != "":
 			//claim, value = "id", claims.OcisID
 		default:
--- a/proxy/pkg/user/backend/accounts.go
+++ b/proxy/pkg/user/backend/accounts.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"net/http"
-	"strconv"
 	"strings"

 	cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
@@ -140,18 +139,8 @@ func (a *accountsServiceBackend) accountToUser(account *accounts.Account) *cs3.U
 		Mail:         account.Mail,
 		MailVerified: account.ExternalUserState == "" || account.ExternalUserState == "Accepted",
 		Groups:       expandGroups(account),
-		Opaque: &types.Opaque{
-			Map: map[string]*types.OpaqueEntry{
-				"uid": {
-					Decoder: "plain",
-					Value:   []byte(strconv.FormatInt(account.UidNumber, 10)),
-				},
-				"gid": {
-					Decoder: "plain",
-					Value:   []byte(strconv.FormatInt(account.GidNumber, 10)),
-				},
-			},
-		},
+		UidNumber:    account.UidNumber,
+		GidNumber:    account.GidNumber,
 	}
 	return user
 }
@@ -209,7 +198,15 @@ func injectRoles(ctx context.Context, u *cs3.User, ss settings.RoleService) erro
 		return err
 	}

-	u.Opaque.Map["roles"] = enc
+	if u.Opaque == nil {
+		u.Opaque = &types.Opaque{
+			Map: map[string]*types.OpaqueEntry{
+				"roles": enc,
+			},
+		}
+	} else {
+		u.Opaque.Map["roles"] = enc
+	}

 	return nil
 }
--- a/proxy/pkg/user/backend/accounts_test.go
+++ b/proxy/pkg/user/backend/accounts_test.go
@@ -145,11 +145,8 @@ func assertUserMatchesAccount(t *testing.T, exp *accounts.Account, act *userv1be
 	assert.Equal(t, `["a","b"]`, string(act.Opaque.Map["roles"].GetValue()))

 	// UID/GID
-	assert.NotNil(t, act.Opaque.Map["uid"])
-	assert.Equal(t, "1", string(act.Opaque.Map["uid"].GetValue()))
-
-	assert.NotNil(t, act.Opaque.Map["gid"])
-	assert.Equal(t, "2", string(act.Opaque.Map["gid"].GetValue()))
+	assert.Equal(t, int64(1), act.UidNumber)
+	assert.Equal(t, int64(2), act.GidNumber)
 }

 func newAccountsBackend(mockAccounts []*accounts.Account, mockRoles []*settings.UserRoleAssignment) UserBackend {