From 6f46e1bccb7ec9036999e802e6b747c9fcb4b8e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Tue, 27 Oct 2020 14:33:51 +0100
Subject: [PATCH] use the account.id as ocis userid, tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 .../features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature   | 2 +-
 .../features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature  | 2 +-
 .../features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature   | 2 +-
 ocs/pkg/service/v0/users.go                                  | 4 ++--
 proxy/pkg/middleware/account_uuid.go                         | 5 +----
 5 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature
index eb9a67b17..57eacdea4 100644
--- a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature
+++ b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature
@@ -81,7 +81,7 @@ Feature: auth
       | endpoint                |
       | /ocs/v1.php/cloud/users |
       | /ocs/v2.php/cloud/users |
-    Then the HTTP status code of responses on all endpoints should be "200"
+    Then the HTTP status code of responses on all endpoints should be "401"
     And the OCS status code of responses on all endpoints should be "997"
     When the user "Alice" requests these endpoints with "GET" with basic auth
       | endpoint           |
diff --git a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature
index 0a5e9a9a2..e8614a0f6 100644
--- a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature
+++ b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature
@@ -26,7 +26,7 @@ Feature: auth
       | /ocs/v1.php/privatedata/setattribute/testing/test               |
       | /ocs/v2.php/privatedata/setattribute/testing/test               |
     Then the HTTP status code of responses on all endpoints should be "401"
-    And the OCS status code of responses on all endpoints should be "997"
+    And the OCS status code of responses on all endpoints should be "notset"
 
   # after fixing all issues delete this Scenario and use the one from oC10 core
   Scenario: send POST requests to OCS endpoints as normal user with wrong password
diff --git a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature
index 0b2505bff..64de76d18 100644
--- a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature
+++ b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature
@@ -10,7 +10,7 @@ Feature: auth
       | /ocs/v1.php/apps/files_sharing/api/v1/shares/123 |
       | /ocs/v2.php/apps/files_sharing/api/v1/shares/123 |
     Then the HTTP status code of responses on all endpoints should be "401"
-    And the OCS status code of responses on all endpoints should be "997"
+    And the OCS status code of responses on all endpoints should be "notset"
 
   @issue-ocis-reva-30
   @issue-ocis-ocs-26
diff --git a/ocs/pkg/service/v0/users.go b/ocs/pkg/service/v0/users.go
index 3b3b29127..689386891 100644
--- a/ocs/pkg/service/v0/users.go
+++ b/ocs/pkg/service/v0/users.go
@@ -55,7 +55,7 @@ func (o Ocs) GetSelf(w http.ResponseWriter, r *http.Request) {
 	o.logger.Debug().Interface("account", account).Msg("got user")
 
 	d := &data.User{
-		UserID:            account.PreferredName,
+		UserID:            account.Id,
 		DisplayName:       account.DisplayName,
 		LegacyDisplayName: account.DisplayName,
 		Email:             account.Mail,
@@ -103,7 +103,7 @@ func (o Ocs) GetUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	d := &data.User{
-		UserID:            account.PreferredName,
+		UserID:            account.Id,
 		DisplayName:       account.DisplayName,
 		LegacyDisplayName: account.DisplayName,
 		Email:             account.Mail,
diff --git a/proxy/pkg/middleware/account_uuid.go b/proxy/pkg/middleware/account_uuid.go
index 2785e8fbf..7d3611fd2 100644
--- a/proxy/pkg/middleware/account_uuid.go
+++ b/proxy/pkg/middleware/account_uuid.go
@@ -99,11 +99,8 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler {
 							Iss: opt.OIDCIss,
 						}
 					} else {
-						// we are still forwarding the request, the service is responsible for rendering the error
-						// TODO or render a full blown ocs xml / json error response
-						next.ServeHTTP(w, r)
 						// tell client to reauthenticate
-						//w.WriteHeader(http.StatusUnauthorized)
+						w.WriteHeader(http.StatusUnauthorized)
 						return
 					}
 				} else {