update reva to ec4099da

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2026-01-06 04:09:40 -06:00 · 2021-08-11 20:33:27 +00:00
parent 648cfd0f43
commit 55aacdea13
24 changed files with 102 additions and 88 deletions
--- a/proxy/pkg/middleware/account_resolver.go
+++ b/proxy/pkg/middleware/account_resolver.go
@@ -7,9 +7,9 @@ import (
 	"github.com/cs3org/reva/pkg/auth/scope"
 	"github.com/owncloud/ocis/proxy/pkg/user/backend"

-	tokenPkg "github.com/cs3org/reva/pkg/token"
+	revactx "github.com/cs3org/reva/pkg/ctx"
+	"github.com/cs3org/reva/pkg/token"
 	"github.com/cs3org/reva/pkg/token/manager/jwt"
-	revauser "github.com/cs3org/reva/pkg/user"
 	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/oidc"
 )
@@ -44,7 +44,7 @@ func AccountResolver(optionSetters ...Option) func(next http.Handler) http.Handl
 type accountResolver struct {
 	next                  http.Handler
 	logger                log.Logger
-	tokenManager          tokenPkg.Manager
+	tokenManager          token.Manager
 	userProvider          backend.UserBackend
 	autoProvisionAccounts bool
 	userOIDCClaim         string
@@ -55,7 +55,7 @@ type accountResolver struct {
 func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	ctx := req.Context()
 	claims := oidc.FromContext(ctx)
-	u, ok := revauser.ContextGetUser(ctx)
+	u, ok := revactx.ContextGetUser(ctx)
 	// TODO what if an X-Access-Token is set? happens eg for download requests to the /data endpoint in the reva frontend

 	if claims == nil && !ok {
@@ -102,7 +102,7 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		}

 		// add user to context for selectors
-		ctx = revauser.ContextSetUser(ctx, u)
+		ctx = revactx.ContextSetUser(ctx, u)
 		req = req.WithContext(ctx)

 		m.logger.Debug().Interface("claims", claims).Interface("user", u).Msg("associated claims with user")
@@ -120,7 +120,7 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		return
 	}

-	req.Header.Set(tokenPkg.TokenHeader, token)
+	req.Header.Set(revactx.TokenHeader, token)

 	m.next.ServeHTTP(w, req)
 }
--- a/proxy/pkg/middleware/account_resolver_test.go
+++ b/proxy/pkg/middleware/account_resolver_test.go
@@ -7,7 +7,7 @@ import (
 	"testing"

 	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	"github.com/cs3org/reva/pkg/token"
+	revactx "github.com/cs3org/reva/pkg/ctx"
 	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/oidc"
 	"github.com/owncloud/ocis/proxy/pkg/config"
@@ -29,7 +29,7 @@ func TestTokenIsAddedWithMailClaim(t *testing.T) {

 	sut.ServeHTTP(rw, req)

-	token := req.Header.Get(token.TokenHeader)
+	token := req.Header.Get(revactx.TokenHeader)
 	assert.NotEmpty(t, token)
 	assert.Contains(t, token, "eyJ")
 }
@@ -47,7 +47,7 @@ func TestTokenIsAddedWithUsernameClaim(t *testing.T) {

 	sut.ServeHTTP(rw, req)

-	token := req.Header.Get(token.TokenHeader)
+	token := req.Header.Get(revactx.TokenHeader)
 	assert.NotEmpty(t, token)

 	assert.Contains(t, token, "eyJ")
@@ -73,7 +73,7 @@ func TestUnauthorizedOnUserNotFound(t *testing.T) {

 	sut.ServeHTTP(rw, req)

-	token := req.Header.Get(token.TokenHeader)
+	token := req.Header.Get(revactx.TokenHeader)
 	assert.Empty(t, token)
 	assert.Equal(t, http.StatusUnauthorized, rw.Code)
 }
@@ -87,7 +87,7 @@ func TestUnauthorizedOnUserDisabled(t *testing.T) {

 	sut.ServeHTTP(rw, req)

-	token := req.Header.Get(token.TokenHeader)
+	token := req.Header.Get(revactx.TokenHeader)
 	assert.Empty(t, token)
 	assert.Equal(t, http.StatusUnauthorized, rw.Code)
 }
@@ -100,7 +100,7 @@ func TestInternalServerErrorOnMissingMailAndUsername(t *testing.T) {

 	sut.ServeHTTP(rw, req)

-	token := req.Header.Get(token.TokenHeader)
+	token := req.Header.Get(revactx.TokenHeader)
 	assert.Empty(t, token)
 	assert.Equal(t, http.StatusInternalServerError, rw.Code)
 }
--- a/proxy/pkg/middleware/create_home.go
+++ b/proxy/pkg/middleware/create_home.go
@@ -6,8 +6,9 @@ import (
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	revactx "github.com/cs3org/reva/pkg/ctx"
 	"github.com/cs3org/reva/pkg/rgrpc/status"
-	tokenPkg "github.com/cs3org/reva/pkg/token"
+	"github.com/cs3org/reva/pkg/token"
 	"github.com/cs3org/reva/pkg/token/manager/jwt"
 	"github.com/owncloud/ocis/ocis-pkg/log"
 	"google.golang.org/grpc/metadata"
@@ -38,7 +39,7 @@ func CreateHome(optionSetters ...Option) func(next http.Handler) http.Handler {
 type createHome struct {
 	next              http.Handler
 	logger            log.Logger
-	tokenManager      tokenPkg.Manager
+	tokenManager      token.Manager
 	revaGatewayClient gateway.GatewayAPIClient
 }

@@ -52,7 +53,7 @@ func (m createHome) ServeHTTP(w http.ResponseWriter, req *http.Request) {

 	// we need to pass the token to authenticate the CreateHome request.
 	//ctx := tokenpkg.ContextSetToken(r.Context(), token)
-	ctx := metadata.AppendToOutgoingContext(req.Context(), tokenPkg.TokenHeader, token)
+	ctx := metadata.AppendToOutgoingContext(req.Context(), revactx.TokenHeader, token)

 	createHomeReq := &provider.CreateHomeRequest{}
 	createHomeRes, err := m.revaGatewayClient.CreateHome(ctx, createHomeReq)
--- a/proxy/pkg/middleware/signed_url_auth.go
+++ b/proxy/pkg/middleware/signed_url_auth.go
@@ -6,15 +6,15 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	revauser "github.com/cs3org/reva/pkg/user"
-	"github.com/owncloud/ocis/proxy/pkg/user/backend"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"

+	revactx "github.com/cs3org/reva/pkg/ctx"
 	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/proxy/pkg/config"
+	"github.com/owncloud/ocis/proxy/pkg/user/backend"
 	store "github.com/owncloud/ocis/store/pkg/proto/v0"
 	"golang.org/x/crypto/pbkdf2"
 )
@@ -54,7 +54,7 @@ func (m signedURLAuth) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		w.WriteHeader(http.StatusInternalServerError)
 	}

-	ctx := revauser.ContextSetUser(req.Context(), user)
+	ctx := revactx.ContextSetUser(req.Context(), user)

 	req = req.WithContext(ctx)

@@ -164,7 +164,7 @@ func (m signedURLAuth) urlIsExpired(query url.Values, now func() time.Time) (exp
 }

 func (m signedURLAuth) signatureIsValid(req *http.Request) (ok bool, err error) {
-	u := revauser.ContextMustGetUser(req.Context())
+	u := revactx.ContextMustGetUser(req.Context())
 	signingKey, err := m.getSigningKey(req.Context(), u.Id.OpaqueId)
 	if err != nil {
 		m.logger.Error().Err(err).Msg("could not retrieve signing key")
--- a/proxy/pkg/proxy/policy/selector.go
+++ b/proxy/pkg/proxy/policy/selector.go
@@ -7,7 +7,7 @@ import (
 	"sort"

 	"github.com/asim/go-micro/plugins/client/grpc/v3"
-	revauser "github.com/cs3org/reva/pkg/user"
+	revactx "github.com/cs3org/reva/pkg/ctx"
 	accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
 	"github.com/owncloud/ocis/ocis-pkg/oidc"
 	"github.com/owncloud/ocis/proxy/pkg/config"
@@ -220,7 +220,7 @@ func NewRegexSelector(cfg *config.RegexSelectorConf) Selector {
 		}

 		// if no cookie is present, try to route by selector
-		if u, ok := revauser.ContextGetUser(r.Context()); ok {
+		if u, ok := revactx.ContextGetUser(r.Context()); ok {
 			for i := range regexRules {
 				switch regexRules[i].property {
 				case "mail":
--- a/proxy/pkg/proxy/policy/selector_test.go
+++ b/proxy/pkg/proxy/policy/selector_test.go
@@ -8,7 +8,7 @@ import (

 	"github.com/asim/go-micro/v3/client"
 	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	revauser "github.com/cs3org/reva/pkg/user"
+	revactx "github.com/cs3org/reva/pkg/ctx"
 	"github.com/owncloud/ocis/accounts/pkg/proto/v0"
 	"github.com/owncloud/ocis/ocis-pkg/oidc"
 	"github.com/owncloud/ocis/proxy/pkg/config"
@@ -173,15 +173,15 @@ func TestRegexSelector(t *testing.T) {

 	var tests = []testCase{
 		{"unauthenticated", context.Background(), "unauthenticated"},
-		{"default", revauser.ContextSetUser(context.Background(), &userv1beta1.User{}), "default"},
-		{"mail-ocis", revauser.ContextSetUser(context.Background(), &userv1beta1.User{Mail: "marie@example.org"}), "ocis"},
-		{"mail-oc10", revauser.ContextSetUser(context.Background(), &userv1beta1.User{Mail: "einstein@example.org"}), "oc10"},
-		{"username-einstein", revauser.ContextSetUser(context.Background(), &userv1beta1.User{Username: "einstein"}), "ocis"},
-		{"username-feynman", revauser.ContextSetUser(context.Background(), &userv1beta1.User{Username: "feynman"}), "ocis"},
-		{"username-marie", revauser.ContextSetUser(context.Background(), &userv1beta1.User{Username: "marie"}), "oc10"},
-		{"id-nil", revauser.ContextSetUser(context.Background(), &userv1beta1.User{Id: &userv1beta1.UserId{}}), "default"},
-		{"id-1", revauser.ContextSetUser(context.Background(), &userv1beta1.User{Id: &userv1beta1.UserId{OpaqueId: "4c510ada-c86b-4815-8820-42cdf82c3d51"}}), "ocis"},
-		{"id-2", revauser.ContextSetUser(context.Background(), &userv1beta1.User{Id: &userv1beta1.UserId{OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c"}}), "oc10"},
+		{"default", revactx.ContextSetUser(context.Background(), &userv1beta1.User{}), "default"},
+		{"mail-ocis", revactx.ContextSetUser(context.Background(), &userv1beta1.User{Mail: "marie@example.org"}), "ocis"},
+		{"mail-oc10", revactx.ContextSetUser(context.Background(), &userv1beta1.User{Mail: "einstein@example.org"}), "oc10"},
+		{"username-einstein", revactx.ContextSetUser(context.Background(), &userv1beta1.User{Username: "einstein"}), "ocis"},
+		{"username-feynman", revactx.ContextSetUser(context.Background(), &userv1beta1.User{Username: "feynman"}), "ocis"},
+		{"username-marie", revactx.ContextSetUser(context.Background(), &userv1beta1.User{Username: "marie"}), "oc10"},
+		{"id-nil", revactx.ContextSetUser(context.Background(), &userv1beta1.User{Id: &userv1beta1.UserId{}}), "default"},
+		{"id-1", revactx.ContextSetUser(context.Background(), &userv1beta1.User{Id: &userv1beta1.UserId{OpaqueId: "4c510ada-c86b-4815-8820-42cdf82c3d51"}}), "ocis"},
+		{"id-2", revactx.ContextSetUser(context.Background(), &userv1beta1.User{Id: &userv1beta1.UserId{OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c"}}), "oc10"},
 	}

 	for _, tc := range tests {
--- a/proxy/pkg/proxy/proxy.go
+++ b/proxy/pkg/proxy/proxy.go
@@ -288,6 +288,10 @@ func defaultPolicies() []config.Policy {
 					Endpoint: "/ocs/",
 					Backend:  "http://localhost:9140",
 				},
+				{
+					Endpoint: "/ocs/v[12].php/cloud/users/signing-key",
+					Backend:  "http://localhost:9110",
+				},
 				{
 					Type:     config.QueryRoute,
 					Endpoint: "/remote.php/?preview=1",