Add user autoprovisioning via libreGraph

When removing the accounts service we lost the user autoprovision feature. This re-introduces it. When autoprovisioning is enabled (via PROXY_AUTOPROVISION_ACCOUNTS, as in the past) accounts that are not resolvable via cs3 will be provsioned via the libregraph API. Closes: #3540
2026-04-22 19:19:18 -05:00 · 2022-05-24 13:15:08 +02:00
parent d322e50167
commit 38127757e4
5 changed files with 227 additions and 18 deletions
@@ -8,9 +8,8 @@ import (
 	"os"
 	"time"

-	storesvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/store/v0"
-
 	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/cs3org/reva/v2/pkg/token/manager/jwt"
 	chimiddleware "github.com/go-chi/chi/v5/middleware"
 	"github.com/justinas/alice"
 	"github.com/oklog/run"
@@ -30,6 +29,7 @@ import (
 	"github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
 	"github.com/owncloud/ocis/v2/ocis-pkg/version"
 	settingssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
+	storesvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/store/v0"
 	"github.com/urfave/cli/v2"
 	"golang.org/x/oauth2"
 )
@@ -135,7 +135,15 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config)
 	var userProvider backend.UserBackend
 	switch cfg.AccountBackend {
 	case "cs3":
-		userProvider = backend.NewCS3UserBackend(rolesClient, revaClient, cfg.MachineAuthAPIKey, logger)
+		tokenManager, err := jwt.New(map[string]interface{}{
+			"secret": cfg.TokenManager.JWTSecret,
+		})
+		if err != nil {
+			logger.Error().Err(err).
+				Msg("Failed to create token manager")
+		}
+
+		userProvider = backend.NewCS3UserBackend(rolesClient, revaClient, cfg.MachineAuthAPIKey, cfg.OIDC.Issuer, tokenManager, logger)
 	default:
 		logger.Fatal().Msgf("Invalid accounts backend type '%s'", cfg.AccountBackend)
 	}