From 5082e6c027fb37a565ddcea40cde2585707ebd0d Mon Sep 17 00:00:00 2001
From: markv9401 <34800035+markv9401@users.noreply.github.com>
Date: Mon, 17 Oct 2022 17:03:39 +0200
Subject: [PATCH] Add UserID to context during initial login (#4829)

* Add UserID to context during initial login
UserID is also suffixed with "_init" so that own role assignment safety check is passed

Fixes: https://github.com/owncloud/ocis/issues/4787

* Fix missing gofmt -s bug

Co-authored-by: root <root@localhost.localdomain>
---
 services/proxy/pkg/user/backend/cs3.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/proxy/pkg/user/backend/cs3.go b/services/proxy/pkg/user/backend/cs3.go
index d6efa2e7d..997ba33b9 100644
--- a/services/proxy/pkg/user/backend/cs3.go
+++ b/services/proxy/pkg/user/backend/cs3.go
@@ -17,12 +17,14 @@ import (
 	"github.com/cs3org/reva/v2/pkg/token"
 	libregraph "github.com/owncloud/libre-graph-api-go"
 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	"github.com/owncloud/ocis/v2/ocis-pkg/middleware"
 	"github.com/owncloud/ocis/v2/ocis-pkg/oidc"
 	"github.com/owncloud/ocis/v2/ocis-pkg/registry"
 	settingssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/service/v0/errorcode"
 	settingsService "github.com/owncloud/ocis/v2/services/settings/pkg/service/v0"
 	merrors "go-micro.dev/v4/errors"
+	"go-micro.dev/v4/metadata"
 	"go-micro.dev/v4/selector"
 )
 
@@ -85,6 +87,9 @@ func (c *cs3backend) GetUserByClaims(ctx context.Context, claim, value string, w
 				// https://github.com/owncloud/ocis/v2/issues/1825 for more context.
 				if user.Id.Type == cs3.UserType_USER_TYPE_PRIMARY {
 					c.logger.Info().Str("userid", user.Id.OpaqueId).Msg("user has no role assigned, assigning default user role")
+					// Updating context to have the Account-ID field and suffixing with _init
+					// so that the safety check for setting users' own role doesn't fail
+					ctx = metadata.Set(ctx, middleware.AccountID, user.Id.OpaqueId+"_init")
 					_, err := c.settingsRoleService.AssignRoleToUser(ctx, &settingssvc.AssignRoleToUserRequest{
 						AccountUuid: user.Id.OpaqueId,
 						RoleId:      settingsService.BundleUUIDRoleUser,