fix(ocm): Adjust for recend change for federated user IDs

The UserIds as returned by e.g. GetAcceptedUser do already contain the provider domain in the IDP field now. Also adjust the provider domain in the OCM config to be really a domain without URI scheme and path.
2025-12-31 01:10:20 -06:00 · 2024-11-14 11:55:58 +01:00
parent 6d9915e936
commit 6f90abd22d
4 changed files with 25 additions and 11 deletions
--- a/changelog/unreleased/fix-ocm-external-idp.md
+++ b/changelog/unreleased/fix-ocm-external-idp.md
@@ -0,0 +1,7 @@
+Bugfix: Fix federated sharing when using an external IDP
+
+We fixed a bug that caused federated sharing to fail, when the
+federated oCIS instances where sharing the same external IDP.
+
+https://github.com/owncloud/ocis/pull/10567
+https://github.com/cs3org/reva/pull/4933
--- a/services/graph/pkg/identity/backend.go
+++ b/services/graph/pkg/identity/backend.go
@@ -8,7 +8,6 @@ import (
 	"github.com/CiscoM31/godata"
 	cs3group "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
 	cs3user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	ocmuser "github.com/cs3org/reva/v2/pkg/ocm/user"
 	libregraph "github.com/owncloud/libre-graph-api-go"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/errorcode"
 )
@@ -134,12 +133,6 @@ func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User {
 		OnPremisesSamAccountName: u.GetUsername(),
 		Id:                       &u.GetId().OpaqueId,
 	}
-	// decode the remote id if the user is federated
-	if u.GetId().GetType() == cs3user.UserType_USER_TYPE_FEDERATED {
-		remoteID := ocmuser.RemoteID(u.GetId())
-		user.Identities[0].Issuer = &remoteID.Idp
-		user.Identities[0].IssuerAssignedId = &remoteID.OpaqueId
-	}
 	return user
 }

--- a/services/ocm/pkg/revaconfig/config.go
+++ b/services/ocm/pkg/revaconfig/config.go
@@ -2,6 +2,7 @@ package revaconfig

 import (
 	"math"
+	"net/url"

 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
 	"github.com/owncloud/ocis/v2/services/ocm/pkg/config"
@@ -9,6 +10,19 @@ import (

 // OCMConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
 func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]interface{} {
+
+	// Construct the ocm provider domain from the oCIS URL
+	providerDomain := ""
+	u, err := url.Parse(cfg.Commons.OcisURL)
+	switch {
+	case err != nil:
+		logger.Error().Err(err).Msg("could not parse oCIS URL")
+	case u.Host == "":
+		logger.Error().Msg("oCIS URL has no host")
+	default:
+		providerDomain = u.Host
+	}
+
 	return map[string]interface{}{
 		"shared": map[string]interface{}{
 			"jwt_secret":          cfg.TokenManager.JWTSecret,
@@ -59,7 +73,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 					"smtp_credentials":   map[string]string{},
 					"gatewaysvc":         cfg.Reva.Address,
 					"mesh_directory_url": cfg.ScienceMesh.MeshDirectoryURL,
-					"provider_domain":    cfg.Commons.OcisURL,
+					"provider_domain":    providerDomain,
 					"events": map[string]interface{}{
 						"natsaddress":          cfg.Events.Endpoint,
 						"natsclusterid":        cfg.Events.Cluster,
@@ -121,7 +135,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 							"file": cfg.OCMInviteManager.Drivers.JSON.File,
 						},
 					},
-					"provider_domain":  cfg.Commons.OcisURL,
+					"provider_domain":  providerDomain,
 					"token_expiration": cfg.OCMInviteManager.TokenExpiration.String(),
 					"ocm_timeout":      int(math.Round(cfg.OCMInviteManager.Timeout.Seconds())),
 					"ocm_insecure":     cfg.OCMInviteManager.Insecure,
@@ -142,7 +156,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 						},
 					},
 					"gatewaysvc":      cfg.Reva.Address,
-					"provider_domain": cfg.Commons.OcisURL,
+					"provider_domain": providerDomain,
 					"webdav_endpoint": cfg.Commons.OcisURL,
 					"webapp_template": cfg.OCMShareProvider.WebappTemplate,
 					"client_insecure": cfg.OCMShareProvider.Insecure,
--- a/tests/acceptance/bootstrap/FeatureContext.php
+++ b/tests/acceptance/bootstrap/FeatureContext.php
@@ -2396,7 +2396,7 @@ class FeatureContext extends BehatVariablesContext {
 				"code" => "%identities_issuer_id_pattern%",
 				"function" => [
 					__NAMESPACE__ . '\TestHelpers\GraphHelper',
-					"getUUIDv4Regex"
+					"getFederatedUserRegex"
 				],
 				"parameter" => []
 			],