From ad4b3fc55c2f9ef8e2dfa6eabb095ac0ddea9e17 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 8 May 2024 15:40:06 +0200 Subject: [PATCH] proxy(autoprovision): Save the subject and issuer claims when creating a user We now use the graph user's identities property to store the subject and issuer claims when autoprovisioning a user. The attrbute is not really used anywhere yet, but will allow us to detect renames and other changes in the future. Closes: #8956 --- services/proxy/pkg/user/backend/cs3.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/services/proxy/pkg/user/backend/cs3.go b/services/proxy/pkg/user/backend/cs3.go index 5750cd2ee..2646c7d35 100644 --- a/services/proxy/pkg/user/backend/cs3.go +++ b/services/proxy/pkg/user/backend/cs3.go @@ -16,6 +16,7 @@ import ( "go-micro.dev/v4/selector" "github.com/owncloud/ocis/v2/ocis-pkg/log" + "github.com/owncloud/ocis/v2/ocis-pkg/oidc" "github.com/owncloud/ocis/v2/ocis-pkg/registry" "github.com/owncloud/ocis/v2/services/graph/pkg/errorcode" "github.com/owncloud/ocis/v2/services/proxy/pkg/config" @@ -176,7 +177,7 @@ func (c *cs3backend) CreateUserFromClaims(ctx context.Context, claims map[string return nil, err } - newUser, err := c.libregraphUserFromClaims(newctx, claims) + newUser, err := c.libregraphUserFromClaims(claims) if err != nil { c.logger.Error().Err(err).Interface("claims", claims).Msg("Error creating user from claims") return nil, fmt.Errorf("Error creating user from claims: %w", err) @@ -267,7 +268,7 @@ func (c cs3backend) isAlreadyExists(resp *http.Response) (bool, error) { return false, nil } -func (c cs3backend) libregraphUserFromClaims(ctx context.Context, claims map[string]interface{}) (libregraph.User, error) { +func (c cs3backend) libregraphUserFromClaims(claims map[string]interface{}) (libregraph.User, error) { user := libregraph.User{} if dn, ok := claims[c.autoProvisionClaims.DisplayName].(string); ok { user.SetDisplayName(dn) @@ -283,6 +284,17 @@ func (c cs3backend) libregraphUserFromClaims(ctx context.Context, claims map[str if mail, ok := claims[c.autoProvisionClaims.Email].(string); ok { user.SetMail(mail) } + + sub, subExists := claims[oidc.Sub].(string) + iss, issExists := claims[oidc.Iss].(string) + + if subExists && issExists { + var objectIdentity libregraph.ObjectIdentity + objectIdentity.SetIssuer(iss) + objectIdentity.SetIssuerAssignedId(sub) + user.Identities = append(user.Identities, objectIdentity) + } + return user, nil }