From 673d7cf50c25d795ed4a020499f76f3413fba5ca Mon Sep 17 00:00:00 2001
From: Benedikt Kulmann <benedikt@kulmann.biz>
Date: Thu, 1 Oct 2020 09:35:33 +0200
Subject: [PATCH] Hardcoded service user for auth requests

---
 accounts/pkg/config/config.go       |  9 +++++++++
 accounts/pkg/flagset/flagset.go     | 28 ++++++++++++++++++++++++++++
 accounts/pkg/service/v0/accounts.go | 18 ++++++++++++++++++
 3 files changed, 55 insertions(+)

diff --git a/accounts/pkg/config/config.go b/accounts/pkg/config/config.go
index 2b8fcfb7cd..d2df73c18b 100644
--- a/accounts/pkg/config/config.go
+++ b/accounts/pkg/config/config.go
@@ -79,6 +79,14 @@ type CS3 struct {
 	DataPrefix   string
 }
 
+// ServiceUser defines the user required for EOS
+type ServiceUser struct {
+	Username string
+	Password string
+	UID      int64
+	GID      int64
+}
+
 // Config merges all Account config parameters.
 type Config struct {
 	LDAP         LDAP
@@ -89,6 +97,7 @@ type Config struct {
 	Log          Log
 	TokenManager TokenManager
 	Repo         Repo
+	ServiceUser  ServiceUser
 }
 
 // New returns a new config.
diff --git a/accounts/pkg/flagset/flagset.go b/accounts/pkg/flagset/flagset.go
index 885a079229..6b659592a0 100644
--- a/accounts/pkg/flagset/flagset.go
+++ b/accounts/pkg/flagset/flagset.go
@@ -127,6 +127,34 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"ACCOUNTS_STORAGE_CS3_DATA_PREFIX"},
 			Destination: &cfg.Repo.CS3.DataPrefix,
 		},
+		&cli.StringFlag{
+			Name:        "service-user-username",
+			Value:       "",
+			Usage:       "username of the internal service user (required on EOS)",
+			EnvVars:     []string{"ACCOUNTS_SERVICE_USER_USERNAME"},
+			Destination: &cfg.ServiceUser.Username,
+		},
+		&cli.StringFlag{
+			Name:        "service-user-password",
+			Value:       "",
+			Usage:       "password of the internal service user (required on EOS)",
+			EnvVars:     []string{"ACCOUNTS_SERVICE_USER_PASSWORD"},
+			Destination: &cfg.ServiceUser.Password,
+		},
+		&cli.Int64Flag{
+			Name:        "service-user-uid",
+			Value:       0,
+			Usage:       "uid of the internal service user (required on EOS)",
+			EnvVars:     []string{"ACCOUNTS_SERVICE_USER_UID"},
+			Destination: &cfg.ServiceUser.UID,
+		},
+		&cli.Int64Flag{
+			Name:        "service-user-gid",
+			Value:       0,
+			Usage:       "gid of the internal service user (required on EOS)",
+			EnvVars:     []string{"ACCOUNTS_SERVICE_USER_GID"},
+			Destination: &cfg.ServiceUser.GID,
+		},
 	}
 }
 
diff --git a/accounts/pkg/service/v0/accounts.go b/accounts/pkg/service/v0/accounts.go
index f8a4579e79..5ff29c5193 100644
--- a/accounts/pkg/service/v0/accounts.go
+++ b/accounts/pkg/service/v0/accounts.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"path/filepath"
 	"regexp"
+	"strings"
 	"sync"
 	"time"
 
@@ -120,6 +121,23 @@ func (s Service) ListAccounts(ctx context.Context, in *proto.ListAccountsRequest
 		if password == "" {
 			return merrors.Unauthorized(s.id, "password must not be empty")
 		}
+
+		// hardcoded check against service user
+		if s.Config.ServiceUser.Username != "" &&
+			strings.EqualFold(match[1], s.Config.ServiceUser.Username) &&
+			match[2] == s.Config.ServiceUser.Password {
+			out.Accounts = []*proto.Account{
+				{
+					Id:             "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
+					AccountEnabled: true,
+					PreferredName:  s.Config.ServiceUser.Username,
+					DisplayName:    s.Config.ServiceUser.Username,
+					UidNumber:      s.Config.ServiceUser.UID,
+					GidNumber:      s.Config.ServiceUser.GID,
+				},
+			}
+			return nil
+		}
 	}
 
 	// only search for accounts