Hardcoded service user for auth requests

2026-01-07 21:00:30 -06:00 · 2020-10-01 09:35:33 +02:00
parent 60a3f3cc6e
commit 673d7cf50c
3 changed files with 55 additions and 0 deletions
--- a/accounts/pkg/config/config.go
+++ b/accounts/pkg/config/config.go
@@ -79,6 +79,14 @@ type CS3 struct {
 	DataPrefix   string
 }

+// ServiceUser defines the user required for EOS
+type ServiceUser struct {
+	Username string
+	Password string
+	UID      int64
+	GID      int64
+}
+
 // Config merges all Account config parameters.
 type Config struct {
 	LDAP         LDAP
@@ -89,6 +97,7 @@ type Config struct {
 	Log          Log
 	TokenManager TokenManager
 	Repo         Repo
+	ServiceUser  ServiceUser
 }

 // New returns a new config.
--- a/accounts/pkg/flagset/flagset.go
+++ b/accounts/pkg/flagset/flagset.go
@@ -127,6 +127,34 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"ACCOUNTS_STORAGE_CS3_DATA_PREFIX"},
 			Destination: &cfg.Repo.CS3.DataPrefix,
 		},
+		&cli.StringFlag{
+			Name:        "service-user-username",
+			Value:       "",
+			Usage:       "username of the internal service user (required on EOS)",
+			EnvVars:     []string{"ACCOUNTS_SERVICE_USER_USERNAME"},
+			Destination: &cfg.ServiceUser.Username,
+		},
+		&cli.StringFlag{
+			Name:        "service-user-password",
+			Value:       "",
+			Usage:       "password of the internal service user (required on EOS)",
+			EnvVars:     []string{"ACCOUNTS_SERVICE_USER_PASSWORD"},
+			Destination: &cfg.ServiceUser.Password,
+		},
+		&cli.Int64Flag{
+			Name:        "service-user-uid",
+			Value:       0,
+			Usage:       "uid of the internal service user (required on EOS)",
+			EnvVars:     []string{"ACCOUNTS_SERVICE_USER_UID"},
+			Destination: &cfg.ServiceUser.UID,
+		},
+		&cli.Int64Flag{
+			Name:        "service-user-gid",
+			Value:       0,
+			Usage:       "gid of the internal service user (required on EOS)",
+			EnvVars:     []string{"ACCOUNTS_SERVICE_USER_GID"},
+			Destination: &cfg.ServiceUser.GID,
+		},
 	}
 }

--- a/accounts/pkg/service/v0/accounts.go
+++ b/accounts/pkg/service/v0/accounts.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"path/filepath"
 	"regexp"
+	"strings"
 	"sync"
 	"time"

@@ -120,6 +121,23 @@ func (s Service) ListAccounts(ctx context.Context, in *proto.ListAccountsRequest
 		if password == "" {
 			return merrors.Unauthorized(s.id, "password must not be empty")
 		}
+
+		// hardcoded check against service user
+		if s.Config.ServiceUser.Username != "" &&
+			strings.EqualFold(match[1], s.Config.ServiceUser.Username) &&
+			match[2] == s.Config.ServiceUser.Password {
+			out.Accounts = []*proto.Account{
+				{
+					Id:             "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
+					AccountEnabled: true,
+					PreferredName:  s.Config.ServiceUser.Username,
+					DisplayName:    s.Config.ServiceUser.Username,
+					UidNumber:      s.Config.ServiceUser.UID,
+					GidNumber:      s.Config.ServiceUser.GID,
+				},
+			}
+			return nil
+		}
 	}

 	// only search for accounts