From 6f90abd22d16150aff8aaea97edd230f64e93b8b Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Thu, 14 Nov 2024 11:55:58 +0100
Subject: [PATCH] fix(ocm): Adjust for recend change for federated user IDs

The UserIds as returned by e.g. GetAcceptedUser do already contain
the provider domain in the IDP field now.

Also adjust the provider domain in the OCM config to be really a domain
without URI scheme and path.
---
 changelog/unreleased/fix-ocm-external-idp.md  |  7 +++++++
 services/graph/pkg/identity/backend.go        |  7 -------
 services/ocm/pkg/revaconfig/config.go         | 20 ++++++++++++++++---
 tests/acceptance/bootstrap/FeatureContext.php |  2 +-
 4 files changed, 25 insertions(+), 11 deletions(-)
 create mode 100644 changelog/unreleased/fix-ocm-external-idp.md

diff --git a/changelog/unreleased/fix-ocm-external-idp.md b/changelog/unreleased/fix-ocm-external-idp.md
new file mode 100644
index 000000000..6e13949c3
--- /dev/null
+++ b/changelog/unreleased/fix-ocm-external-idp.md
@@ -0,0 +1,7 @@
+Bugfix: Fix federated sharing when using an external IDP
+
+We fixed a bug that caused federated sharing to fail, when the
+federated oCIS instances where sharing the same external IDP.
+
+https://github.com/owncloud/ocis/pull/10567
+https://github.com/cs3org/reva/pull/4933
diff --git a/services/graph/pkg/identity/backend.go b/services/graph/pkg/identity/backend.go
index 8f3d09686..976f97d5c 100644
--- a/services/graph/pkg/identity/backend.go
+++ b/services/graph/pkg/identity/backend.go
@@ -8,7 +8,6 @@ import (
 	"github.com/CiscoM31/godata"
 	cs3group "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
 	cs3user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	ocmuser "github.com/cs3org/reva/v2/pkg/ocm/user"
 	libregraph "github.com/owncloud/libre-graph-api-go"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/errorcode"
 )
@@ -134,12 +133,6 @@ func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User {
 		OnPremisesSamAccountName: u.GetUsername(),
 		Id:                       &u.GetId().OpaqueId,
 	}
-	// decode the remote id if the user is federated
-	if u.GetId().GetType() == cs3user.UserType_USER_TYPE_FEDERATED {
-		remoteID := ocmuser.RemoteID(u.GetId())
-		user.Identities[0].Issuer = &remoteID.Idp
-		user.Identities[0].IssuerAssignedId = &remoteID.OpaqueId
-	}
 	return user
 }
 
diff --git a/services/ocm/pkg/revaconfig/config.go b/services/ocm/pkg/revaconfig/config.go
index 601cfc3bb..9a33ce13c 100644
--- a/services/ocm/pkg/revaconfig/config.go
+++ b/services/ocm/pkg/revaconfig/config.go
@@ -2,6 +2,7 @@ package revaconfig
 
 import (
 	"math"
+	"net/url"
 
 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
 	"github.com/owncloud/ocis/v2/services/ocm/pkg/config"
@@ -9,6 +10,19 @@ import (
 
 // OCMConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
 func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]interface{} {
+
+	// Construct the ocm provider domain from the oCIS URL
+	providerDomain := ""
+	u, err := url.Parse(cfg.Commons.OcisURL)
+	switch {
+	case err != nil:
+		logger.Error().Err(err).Msg("could not parse oCIS URL")
+	case u.Host == "":
+		logger.Error().Msg("oCIS URL has no host")
+	default:
+		providerDomain = u.Host
+	}
+
 	return map[string]interface{}{
 		"shared": map[string]interface{}{
 			"jwt_secret":          cfg.TokenManager.JWTSecret,
@@ -59,7 +73,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 					"smtp_credentials":   map[string]string{},
 					"gatewaysvc":         cfg.Reva.Address,
 					"mesh_directory_url": cfg.ScienceMesh.MeshDirectoryURL,
-					"provider_domain":    cfg.Commons.OcisURL,
+					"provider_domain":    providerDomain,
 					"events": map[string]interface{}{
 						"natsaddress":          cfg.Events.Endpoint,
 						"natsclusterid":        cfg.Events.Cluster,
@@ -121,7 +135,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 							"file": cfg.OCMInviteManager.Drivers.JSON.File,
 						},
 					},
-					"provider_domain":  cfg.Commons.OcisURL,
+					"provider_domain":  providerDomain,
 					"token_expiration": cfg.OCMInviteManager.TokenExpiration.String(),
 					"ocm_timeout":      int(math.Round(cfg.OCMInviteManager.Timeout.Seconds())),
 					"ocm_insecure":     cfg.OCMInviteManager.Insecure,
@@ -142,7 +156,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter
 						},
 					},
 					"gatewaysvc":      cfg.Reva.Address,
-					"provider_domain": cfg.Commons.OcisURL,
+					"provider_domain": providerDomain,
 					"webdav_endpoint": cfg.Commons.OcisURL,
 					"webapp_template": cfg.OCMShareProvider.WebappTemplate,
 					"client_insecure": cfg.OCMShareProvider.Insecure,
diff --git a/tests/acceptance/bootstrap/FeatureContext.php b/tests/acceptance/bootstrap/FeatureContext.php
index 842a71d32..5bf1cb956 100644
--- a/tests/acceptance/bootstrap/FeatureContext.php
+++ b/tests/acceptance/bootstrap/FeatureContext.php
@@ -2396,7 +2396,7 @@ class FeatureContext extends BehatVariablesContext {
 				"code" => "%identities_issuer_id_pattern%",
 				"function" => [
 					__NAMESPACE__ . '\TestHelpers\GraphHelper',
-					"getUUIDv4Regex"
+					"getFederatedUserRegex"
 				],
 				"parameter" => []
 			],