(fix)graph: Always set UserType in /users responses

LDAP users without a UserType attribute get the UserType "Member" by default. Federated users get the UserType "Federated". Related #9702
2026-01-05 03:40:01 -06:00 · 2024-08-07 16:36:48 +02:00
parent 847d168b38
commit 80e8a2ec1a
3 changed files with 34 additions and 3 deletions
--- a/services/graph/pkg/identity/backend.go
+++ b/services/graph/pkg/identity/backend.go
@@ -19,6 +19,12 @@ var (
 	ErrNotFound = errorcode.New(errorcode.ItemNotFound, "not found")
 )

+const (
+	UserTypeMember    = "Member"
+	UserTypeGuest     = "Guest"
+	UserTypeFederated = "Federated"
+)
+
 // Backend defines the Interface for an IdentityBackend implementation
 type Backend interface {
 	// CreateUser creates a given user in the identity backend.
@@ -106,9 +112,10 @@ type EducationBackend interface {

 // CreateUserModelFromCS3 converts a cs3 User object into a libregraph.User
 func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User {
-	if u.Id == nil {
+	if u.GetId() == nil {
 		u.Id = &cs3user.UserId{}
 	}
+	userType := cs3UserTypeToGraph(u.GetId().GetType())
 	return &libregraph.User{
 		Identities: []libregraph.ObjectIdentity{
 			{
@@ -116,6 +123,7 @@ func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User {
 				IssuerAssignedId: &u.GetId().OpaqueId,
 			},
 		},
+		UserType:                 &userType,
 		DisplayName:              &u.DisplayName,
 		Mail:                     &u.Mail,
 		OnPremisesSamAccountName: &u.Username,
@@ -123,9 +131,21 @@ func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User {
 	}
 }

+func cs3UserTypeToGraph(cs3type cs3user.UserType) string {
+	switch cs3type {
+	case cs3user.UserType_USER_TYPE_PRIMARY:
+		return UserTypeMember
+	case cs3user.UserType_USER_TYPE_FEDERATED:
+		return UserTypeFederated
+	case cs3user.UserType_USER_TYPE_GUEST:
+		return UserTypeGuest
+	}
+	return "unknown"
+}
+
 // CreateGroupModelFromCS3 converts a cs3 Group object into a libregraph.Group
 func CreateGroupModelFromCS3(g *cs3group.Group) *libregraph.Group {
-	if g.Id == nil {
+	if g.GetId() == nil {
 		g.Id = &cs3group.GroupId{}
 	}
 	return &libregraph.Group{
--- a/services/graph/pkg/identity/ldap.go
+++ b/services/graph/pkg/identity/ldap.go
@@ -810,9 +810,14 @@ func (i *LDAP) createUserModelFromLDAP(e *ldap.Entry) *libregraph.User {
 			Id:                       &id,
 			GivenName:                pointerOrNil(e.GetEqualFoldAttributeValue(i.userAttributeMap.givenName)),
 			Surname:                  &surname,
-			UserType:                 pointerOrNil(e.GetEqualFoldAttributeValue(i.userAttributeMap.userType)),
 			AccountEnabled:           booleanOrNil(e.GetEqualFoldAttributeValue(i.userAttributeMap.accountEnabled)),
 		}
+
+		userType := e.GetEqualFoldAttributeValue(i.userAttributeMap.userType)
+		if userType == "" {
+			userType = UserTypeMember
+		}
+		user.SetUserType(userType)
 		var identities []libregraph.ObjectIdentity
 		for _, identityStr := range e.GetEqualFoldAttributeValues(i.userAttributeMap.identities) {
 			parts := strings.SplitN(identityStr, "$", 3)
--- a/services/graph/pkg/identity/ldap_test.go
+++ b/services/graph/pkg/identity/ldap_test.go
@@ -397,6 +397,7 @@ func TestUpdateUser(t *testing.T) {
 				displayName:              "testUser",
 				onPremisesSamAccountName: "testUser",
 				accountEnabled:           nil,
+				userType:                 &memberType,
 			},
 			assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
 				return assert.Nil(t, err, args...)
@@ -526,6 +527,7 @@ func TestUpdateUser(t *testing.T) {
 				displayName:              "newName",
 				onPremisesSamAccountName: "testUser",
 				accountEnabled:           nil,
+				userType:                 &memberType,
 			},
 			assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
 				return assert.Nil(t, err, args...)
@@ -655,6 +657,7 @@ func TestUpdateUser(t *testing.T) {
 				displayName:              "newName",
 				onPremisesSamAccountName: "newName",
 				accountEnabled:           nil,
+				userType:                 &memberType,
 			},
 			assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
 				return assert.Nil(t, err, args...)
@@ -844,6 +847,7 @@ func TestUpdateUser(t *testing.T) {
 				displayName:              "testUser",
 				onPremisesSamAccountName: "testUser",
 				accountEnabled:           &falseBool,
+				userType:                 &memberType,
 			},
 			assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
 				return assert.Nil(t, err, args...)
@@ -974,6 +978,7 @@ func TestUpdateUser(t *testing.T) {
 				displayName:              "testUser",
 				onPremisesSamAccountName: "testUser",
 				accountEnabled:           &falseBool,
+				userType:                 &memberType,
 			},
 			assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
 				return assert.Nil(t, err, args...)
@@ -1140,6 +1145,7 @@ func TestUpdateUser(t *testing.T) {
 				displayName:              "testUser",
 				onPremisesSamAccountName: "testUser",
 				accountEnabled:           &trueBool,
+				userType:                 &memberType,
 			},
 			assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
 				return assert.Nil(t, err, args...)