From d05df2f85e22f71daeefce5d92683c7256b35c7b Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 11 Nov 2021 11:43:10 +0100 Subject: [PATCH 1/9] fix basic auth with custom user claim --- changelog/unreleased/fix-basic-auth-with-custom-user-claim | 7 +++++++ proxy/pkg/command/server.go | 1 + proxy/pkg/middleware/authentication.go | 1 + proxy/pkg/middleware/basic_auth.go | 1 + 4 files changed, 10 insertions(+) create mode 100644 changelog/unreleased/fix-basic-auth-with-custom-user-claim diff --git a/changelog/unreleased/fix-basic-auth-with-custom-user-claim b/changelog/unreleased/fix-basic-auth-with-custom-user-claim new file mode 100644 index 000000000..2729e67e3 --- /dev/null +++ b/changelog/unreleased/fix-basic-auth-with-custom-user-claim @@ -0,0 +1,7 @@ +Bugfix: Fix basic auth with custom user claim + +We've fixed authentication with basic if oCIS is configured to use a non-standard claim +as user claim (`PROXY_USER_OIDC_CLAIM`). Prior to this bugfix the authentication always +failed and is now working. + +https://github.com/owncloud/ocis/pull/2755 diff --git a/proxy/pkg/command/server.go b/proxy/pkg/command/server.go index 8b4341103..40ec611a8 100644 --- a/proxy/pkg/command/server.go +++ b/proxy/pkg/command/server.go @@ -220,6 +220,7 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) middleware.EnableBasicAuth(cfg.EnableBasicAuth), middleware.UserProvider(userProvider), middleware.OIDCIss(cfg.OIDC.Issuer), + middleware.UserOIDCClaim(cfg.UserOIDCClaim), middleware.CredentialsByUserAgent(cfg.Reva.Middleware.Auth.CredentialsByUserAgent), ), middleware.SignedURLAuth( diff --git a/proxy/pkg/middleware/authentication.go b/proxy/pkg/middleware/authentication.go index 2e0f0f5dc..79a6746f4 100644 --- a/proxy/pkg/middleware/authentication.go +++ b/proxy/pkg/middleware/authentication.go @@ -126,6 +126,7 @@ func newBasicAuth(options Options) func(http.Handler) http.Handler { EnableBasicAuth(options.EnableBasicAuth), AccountsClient(options.AccountsClient), OIDCIss(options.OIDCIss), + UserOIDCClaim(options.UserOIDCClaim), CredentialsByUserAgent(options.CredentialsByUserAgent), ) } diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go index b778c092c..14e4ef59d 100644 --- a/proxy/pkg/middleware/basic_auth.go +++ b/proxy/pkg/middleware/basic_auth.go @@ -85,6 +85,7 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler { // fake oidc claims claims := map[string]interface{}{ oidc.OwncloudUUID: user.Id.OpaqueId, + options.UserOIDCClaim: user.Id.OpaqueId, oidc.Iss: user.Id.Idp, oidc.PreferredUsername: user.Username, oidc.Email: user.Mail, From 7dca7b4fae1eea751cc45d685bb5978719381555 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Mon, 15 Nov 2021 10:21:39 +0100 Subject: [PATCH 2/9] set only user oidc claim only if cs3 claim is userid --- proxy/pkg/command/server.go | 1 + proxy/pkg/middleware/authentication.go | 1 + proxy/pkg/middleware/basic_auth.go | 10 ++++++++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/proxy/pkg/command/server.go b/proxy/pkg/command/server.go index 40ec611a8..50376b362 100644 --- a/proxy/pkg/command/server.go +++ b/proxy/pkg/command/server.go @@ -221,6 +221,7 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) middleware.UserProvider(userProvider), middleware.OIDCIss(cfg.OIDC.Issuer), middleware.UserOIDCClaim(cfg.UserOIDCClaim), + middleware.UserCS3Claim(cfg.UserCS3Claim), middleware.CredentialsByUserAgent(cfg.Reva.Middleware.Auth.CredentialsByUserAgent), ), middleware.SignedURLAuth( diff --git a/proxy/pkg/middleware/authentication.go b/proxy/pkg/middleware/authentication.go index 79a6746f4..b2b63c45f 100644 --- a/proxy/pkg/middleware/authentication.go +++ b/proxy/pkg/middleware/authentication.go @@ -127,6 +127,7 @@ func newBasicAuth(options Options) func(http.Handler) http.Handler { AccountsClient(options.AccountsClient), OIDCIss(options.OIDCIss), UserOIDCClaim(options.UserOIDCClaim), + UserCS3Claim(options.UserCS3Claim), CredentialsByUserAgent(options.CredentialsByUserAgent), ) } diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go index 14e4ef59d..c74c8a509 100644 --- a/proxy/pkg/middleware/basic_auth.go +++ b/proxy/pkg/middleware/basic_auth.go @@ -84,11 +84,17 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler { // fake oidc claims claims := map[string]interface{}{ - oidc.OwncloudUUID: user.Id.OpaqueId, - options.UserOIDCClaim: user.Id.OpaqueId, oidc.Iss: user.Id.Idp, oidc.PreferredUsername: user.Username, oidc.Email: user.Mail, + oidc.OwncloudUUID: user.Id.OpaqueId, + } + + if options.UserCS3Claim == "userid" { + // set the custom user claim only if users will be looked up by the the userid on the CS3api + // OpaqueId contains the userid configured in STORAGE_LDAP_USER_SCHEMA_UID + claims[options.UserOIDCClaim] = user.Id.OpaqueId + } next.ServeHTTP(w, req.WithContext(oidc.NewContext(req.Context(), claims))) From bfd7496230980f46a3a5e9aabca840481be2e396 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Mon, 15 Nov 2021 16:08:39 +0545 Subject: [PATCH 3/9] [tests-only] use archiver endpoint with path --- ...ected-failures-localAPI-on-OCIS-storage.md | 3 + .../apiArchiver/downloadByPath.feature | 133 ++++++++++++++++++ .../features/bootstrap/ArchiverContext.php | 73 +++++++--- 3 files changed, 192 insertions(+), 17 deletions(-) create mode 100644 tests/acceptance/features/apiArchiver/downloadByPath.feature diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index a8a479882..d847734ab 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -3,3 +3,6 @@ #### [downloading the /Shares folder using the archiver endpoint does not work](https://github.com/owncloud/ocis/issues/2751) - [apiArchiver/downloadById.feature:134](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiArchiver/downloadById.feature#L134) - [apiArchiver/downloadById.feature:135](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiArchiver/downloadById.feature#L135) + +#### [downloading an archive with invalid path returns HTTP/500](https://github.com/owncloud/ocis/issues/2768= +- [apiArchiver/downloadByPath.feature:69](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiArchiver/apiArchiver/downloadByPath.feature:69) diff --git a/tests/acceptance/features/apiArchiver/downloadByPath.feature b/tests/acceptance/features/apiArchiver/downloadByPath.feature new file mode 100644 index 000000000..8f109658a --- /dev/null +++ b/tests/acceptance/features/apiArchiver/downloadByPath.feature @@ -0,0 +1,133 @@ +@api @skipOnOcV10 +Feature: download multiple resources bundled into an archive + As a user + I want to be able to download multiple items at once + So that I don't have to execute repetitive tasks + + As a developer + I want to be able to use the full path of the resource to download multiple items at once + So that I don't have to know the ID of the resource + + Background: + Given user "Alice" has been created with default attributes and without skeleton files + + + Scenario Outline: download a single file + Given user "Alice" has uploaded file with content "some data" to "/textfile0.txt" + When user "Alice" downloads the archive of "/home/textfile0.txt" using the resource path and setting these headers + | header | value | + | User-Agent | | + Then the HTTP status code should be "200" + And the downloaded archive should contain these files: + | name | content | + | textfile0.txt | some data | + Examples: + | user-agent | archive-type | + | Linux | tar | + | Windows NT | zip | + + + Scenario Outline: download a single folder + Given user "Alice" has created folder "my_data" + And user "Alice" has uploaded file with content "some data" to "/my_data/textfile0.txt" + And user "Alice" has uploaded file with content "more data" to "/my_data/an_other_file.txt" + When user "Alice" downloads the archive of "/home/my_data" using the resource path and setting these headers + | header | value | + | User-Agent | | + Then the HTTP status code should be "200" + And the downloaded archive should contain these files: + | name | content | + | my_data/textfile0.txt | some data | + | my_data/an_other_file.txt | more data | + Examples: + | user-agent | archive-type | + | Linux | tar | + | Windows NT | zip | + + + Scenario: download multiple files and folders + Given user "Alice" has uploaded file with content "some data" to "/textfile0.txt" + And user "Alice" has uploaded file with content "other data" to "/textfile1.txt" + And user "Alice" has created folder "my_data" + And user "Alice" has uploaded file with content "some data" to "/my_data/textfile2.txt" + And user "Alice" has created folder "more_data" + And user "Alice" has uploaded file with content "more data" to "/more_data/an_other_file.txt" + When user "Alice" downloads the archive of these items using the resource paths + | /home/textfile0.txt | + | /home/textfile1.txt | + | /home/my_data | + | /home/more_data | + Then the HTTP status code should be "200" + And the downloaded tar archive should contain these files: + | name | content | + | textfile0.txt | some data | + | textfile1.txt | other data | + | my_data/textfile2.txt | some data | + | more_data/an_other_file.txt | more data | + + + Scenario: download a not existing single file + When user "Alice" downloads the archive of "/doesnotexist.txt" of user "Alice" using the resource path + Then the HTTP status code should be "400" + + + Scenario: download multiple shared items as share receiver + Given user "Brian" has been created with default attributes and without skeleton files + And user "Alice" has uploaded file with content "some data" to "/textfile0.txt" + And user "Alice" has uploaded file with content "other data" to "/textfile1.txt" + And user "Alice" has created folder "my_data" + And user "Alice" has uploaded file with content "some data" to "/my_data/textfile2.txt" + And user "Alice" has created folder "more_data" + And user "Alice" has uploaded file with content "more data" to "/more_data/an_other_file.txt" + And user "Alice" has shared file "textfile0.txt" with user "Brian" + And user "Alice" has shared file "textfile1.txt" with user "Brian" + And user "Alice" has shared folder "my_data" with user "Brian" + And user "Alice" has shared folder "more_data" with user "Brian" + And user "Brian" has accepted share "/textfile0.txt" offered by user "Alice" + And user "Brian" has accepted share "/textfile1.txt" offered by user "Alice" + And user "Brian" has accepted share "/my_data" offered by user "Alice" + And user "Brian" has accepted share "/more_data" offered by user "Alice" + When user "Brian" downloads the archive of these items using the resource path + | /home/Shares/textfile0.txt | + | /home/Shares/textfile1.txt | + | /home/Shares/my_data | + | /home/Shares/more_data | + Then the HTTP status code should be "200" + And the downloaded tar archive should contain these files: + | name | content | + | textfile0.txt | some data | + | textfile1.txt | other data | + | my_data/textfile2.txt | some data | + | more_data/an_other_file.txt | more data | + + + Scenario Outline: download the Shares folder as share receiver + Given user "Brian" has been created with default attributes and without skeleton files + And user "Alice" has uploaded file with content "some data" to "/textfile0.txt" + And user "Alice" has uploaded file with content "other data" to "/textfile1.txt" + And user "Alice" has created folder "my_data" + And user "Alice" has uploaded file with content "some data" to "/my_data/textfile2.txt" + And user "Alice" has created folder "more_data" + And user "Alice" has uploaded file with content "more data" to "/more_data/an_other_file.txt" + And user "Alice" has shared file "textfile0.txt" with user "Brian" + And user "Alice" has shared file "textfile1.txt" with user "Brian" + And user "Alice" has shared folder "my_data" with user "Brian" + And user "Alice" has shared folder "more_data" with user "Brian" + And user "Brian" has accepted share "/textfile0.txt" offered by user "Alice" + And user "Brian" has accepted share "/textfile1.txt" offered by user "Alice" + And user "Brian" has accepted share "/my_data" offered by user "Alice" + And user "Brian" has accepted share "/more_data" offered by user "Alice" + When user "Brian" downloads the archive of "/home/Shares" using the resource path and setting these headers + | header | value | + | User-Agent | | + Then the HTTP status code should be "200" + And the downloaded archive should contain these files: + | name | content | + | Shares/textfile0.txt | some data | + | Shares/textfile1.txt | other data | + | Shares/my_data/textfile2.txt | some data | + | Shares/more_data/an_other_file.txt | more data | + Examples: + | user-agent | archive-type | + | Linux | tar | + | Windows NT | zip | diff --git a/tests/acceptance/features/bootstrap/ArchiverContext.php b/tests/acceptance/features/bootstrap/ArchiverContext.php index f2c5f9ed9..dd93dc834 100644 --- a/tests/acceptance/features/bootstrap/ArchiverContext.php +++ b/tests/acceptance/features/bootstrap/ArchiverContext.php @@ -63,19 +63,52 @@ class ArchiverContext implements Context { } /** - * @When user :user downloads the archive of :resourceId using the resource id and setting these headers + * @param string $user + * @param string $resource + * @param string $addressType id|ids|path|paths + * + * @return string + * + * @throws Exception + */ + private function getArchiverQueryString( + string $user, + string $resource, + string $addressType + ): string { + switch ($addressType) { + case 'id': + case 'ids': + return 'id=' . $this->featureContext->getFileIdForPath($user, $resource); + break; + case 'path': + case 'paths': + return 'path=' . $resource; + default: + throw new Exception( + '"' . $addressType . + '" is not a legal value for $addressType, must be id|ids|path|paths' + ); + } + } + + /** + * @When user :user downloads the archive of :resource using the resource :addressType and setting these headers * * @param string $user * @param string $resource + * @param string $addressType id|path * @param TableNode $headersTable * * @return void * * @throws \GuzzleHttp\Exception\GuzzleException + * @throws Exception */ - public function userDownloadsTheArchiveOfUsingTheResourceId( + public function userDownloadsTheArchive( string $user, string $resource, + string $addressType, TableNode $headersTable ): void { $this->featureContext->verifyTableNodeColumns( @@ -86,11 +119,12 @@ class ArchiverContext implements Context { foreach ($headersTable as $row) { $headers[$row['header']] = $row ['value']; } - $resourceId = $this->featureContext->getFileIdForPath($user, $resource); + $user = $this->featureContext->getActualUsername($user); + $queryString = $this->getArchiverQueryString($user, $resource, $addressType); $this->featureContext->setResponse( HttpRequestHelper::get( - $this->featureContext->getBaseUrl() . '/archiver?id=' . $resourceId, + $this->featureContext->getBaseUrl() . '/archiver?' . $queryString, '', $user, $this->featureContext->getPasswordForUser($user), @@ -100,26 +134,29 @@ class ArchiverContext implements Context { } /** - * @When user :downloader downloads the archive of :item of user :owner using the resource id + * @When user :downloader downloads the archive of :item of user :owner using the resource :addressType * * @param string $downloader Who sends the request * @param string $resource * @param string $owner Who is the real owner of the file + * @param string $addressType id|path * * @return void * * @throws \GuzzleHttp\Exception\GuzzleException + * @throws Exception */ - public function userDownloadsTheArchiveOfItemOfUserUsingTheResourceId( + public function userDownloadsTheArchiveOfItemOfUser( string $downloader, string $resource, - string $owner + string $owner, + string $addressType ): void { - $resourceId = $this->featureContext->getFileIdForPath($owner, $resource); $downloader = $this->featureContext->getActualUsername($downloader); + $queryString = $this->getArchiverQueryString($owner, $resource, $addressType); $this->featureContext->setResponse( HttpRequestHelper::get( - $this->featureContext->getBaseUrl() . '/archiver?id=' . $resourceId, + $this->featureContext->getBaseUrl() . '/archiver?' . $queryString, '', $downloader, $this->featureContext->getPasswordForUser($downloader), @@ -128,29 +165,31 @@ class ArchiverContext implements Context { } /** - * @When user :arg1 downloads the archive of these items using the resource ids + * @When user :user downloads the archive of these items using the resource :addressType * * @param string $user * @param TableNode $items + * @param string $addressType ids|paths * * @return void * * @throws \GuzzleHttp\Exception\GuzzleException */ - public function userDownloadsTheArchiveOfTheseItemsUsingTheResourceIds( + public function userDownloadsTheArchiveOfTheseItems( string $user, - TableNode $items + TableNode $items, + string $addressType ): void { $user = $this->featureContext->getActualUsername($user); - $resourceIdsString = ''; + $queryString = ''; foreach ($items->getRows() as $item) { - $fileId = $this->featureContext->getFileIdForPath($user, $item[0]); - $resourceIdsString .= 'id=' . $fileId . '&'; + $queryString .= $this->getArchiverQueryString($user, $item[0], $addressType) . '&'; } - $resourceIdsString = \rtrim($resourceIdsString, '&'); + + $queryString = \rtrim($queryString, '&'); $this->featureContext->setResponse( HttpRequestHelper::get( - $this->featureContext->getBaseUrl() . '/archiver?' . $resourceIdsString, + $this->featureContext->getBaseUrl() . '/archiver?' . $queryString, '', $user, $this->featureContext->getPasswordForUser($user), From f7847be02861d6aa475a601b0aaa55cdd9183882 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Mon, 15 Nov 2021 16:20:53 +0545 Subject: [PATCH 4/9] [tests-only] fix archiver tests expectations --- .../features/apiArchiver/downloadById.feature | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/acceptance/features/apiArchiver/downloadById.feature b/tests/acceptance/features/apiArchiver/downloadById.feature index 518241951..1437a9763 100644 --- a/tests/acceptance/features/apiArchiver/downloadById.feature +++ b/tests/acceptance/features/apiArchiver/downloadById.feature @@ -124,11 +124,11 @@ Feature: download multiple resources bundled into an archive | User-Agent | | Then the HTTP status code should be "200" And the downloaded archive should contain these files: - | name | content | - | Shares/textfile0.txt | some data | - | Shares/textfile1.txt | other data | - | Shares/my_data/textfile0.txt | some data | - | Shares/my_data/an_other_file.txt | more data | + | name | content | + | Shares/textfile0.txt | some data | + | Shares/textfile1.txt | other data | + | Shares/my_data/textfile2.txt | some data | + | Shares/more_data/an_other_file.txt | more data | Examples: | user-agent | archive-type | | Linux | tar | From e91dd8c57d70628a6693da3416c4f2e2533d58b8 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Mon, 15 Nov 2021 13:10:10 +0100 Subject: [PATCH 5/9] add attr and tree as inspection / debugging tools to the docker image --- ocis/docker/Dockerfile.linux.amd64 | 2 +- ocis/docker/Dockerfile.linux.arm | 2 +- ocis/docker/Dockerfile.linux.arm64 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ocis/docker/Dockerfile.linux.amd64 b/ocis/docker/Dockerfile.linux.amd64 index 475fc8fb3..6729daf58 100644 --- a/ocis/docker/Dockerfile.linux.amd64 +++ b/ocis/docker/Dockerfile.linux.amd64 @@ -5,7 +5,7 @@ ARG REVISION="" RUN apk update && \ apk upgrade && \ - apk add ca-certificates mailcap && \ + apk add ca-certificates mailcap tree attr && \ rm -rf /var/cache/apk/* && \ echo 'hosts: files dns' >| /etc/nsswitch.conf diff --git a/ocis/docker/Dockerfile.linux.arm b/ocis/docker/Dockerfile.linux.arm index ea4cde97e..922246bb0 100644 --- a/ocis/docker/Dockerfile.linux.arm +++ b/ocis/docker/Dockerfile.linux.arm @@ -5,7 +5,7 @@ ARG REVISION="" RUN apk update && \ apk upgrade && \ - apk add ca-certificates mailcap && \ + apk add ca-certificates mailcap tree attr && \ rm -rf /var/cache/apk/* && \ echo 'hosts: files dns' >| /etc/nsswitch.conf diff --git a/ocis/docker/Dockerfile.linux.arm64 b/ocis/docker/Dockerfile.linux.arm64 index 2a2534d4f..47ccad926 100644 --- a/ocis/docker/Dockerfile.linux.arm64 +++ b/ocis/docker/Dockerfile.linux.arm64 @@ -5,7 +5,7 @@ ARG REVISION="" RUN apk update && \ apk upgrade && \ - apk add ca-certificates mailcap && \ + apk add ca-certificates mailcap tree attr && \ rm -rf /var/cache/apk/* && \ echo 'hosts: files dns' >| /etc/nsswitch.conf From 62704ceb2e4e58315ecb41e900d867f554baa4c9 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Mon, 15 Nov 2021 13:24:26 +0100 Subject: [PATCH 6/9] fix double "the" --- proxy/pkg/middleware/basic_auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go index c74c8a509..6b26dbd0c 100644 --- a/proxy/pkg/middleware/basic_auth.go +++ b/proxy/pkg/middleware/basic_auth.go @@ -91,7 +91,7 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler { } if options.UserCS3Claim == "userid" { - // set the custom user claim only if users will be looked up by the the userid on the CS3api + // set the custom user claim only if users will be looked up by the userid on the CS3api // OpaqueId contains the userid configured in STORAGE_LDAP_USER_SCHEMA_UID claims[options.UserOIDCClaim] = user.Id.OpaqueId From c14fbfd3102bbde154782fb89d4addacff901ba8 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Mon, 15 Nov 2021 18:29:58 +0545 Subject: [PATCH 7/9] Apply suggestions from code review --- .../acceptance/expected-failures-localAPI-on-OCIS-storage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index d847734ab..d2c7337d9 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -4,5 +4,5 @@ - [apiArchiver/downloadById.feature:134](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiArchiver/downloadById.feature#L134) - [apiArchiver/downloadById.feature:135](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiArchiver/downloadById.feature#L135) -#### [downloading an archive with invalid path returns HTTP/500](https://github.com/owncloud/ocis/issues/2768= -- [apiArchiver/downloadByPath.feature:69](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiArchiver/apiArchiver/downloadByPath.feature:69) +#### [downloading an archive with invalid path returns HTTP/500](https://github.com/owncloud/ocis/issues/2768) +- [apiArchiver/downloadByPath.feature:69](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiArchiver/apiArchiver/downloadByPath.feature#L69) From 9ad8d1bd90ec62fbcd88e04c4f54cd8543d54024 Mon Sep 17 00:00:00 2001 From: Willy Kloucek <34452982+wkloucek@users.noreply.github.com> Date: Mon, 15 Nov 2021 13:06:17 +0000 Subject: [PATCH 8/9] Automated changelog update [skip ci] --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d61d6cad..6c14956a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ The following sections list the changes for unreleased. * Bugfix - Don't allow empty password: [#197](https://github.com/owncloud/product/issues/197) * Bugfix - Fix basic auth config: [#2719](https://github.com/owncloud/ocis/pull/2719) +* Bugfix - Fix basic auth with custom user claim: [#2755](https://github.com/owncloud/ocis/pull/2755) * Bugfix - Fix oCIS startup ony systems with IPv6: [#2698](https://github.com/owncloud/ocis/pull/2698) * Bugfix - Fix opening images in media viewer for some usernames: [#2738](https://github.com/owncloud/ocis/pull/2738) * Bugfix - Fix error logging when there is no thumbnail for a file: [#2702](https://github.com/owncloud/ocis/pull/2702) @@ -32,6 +33,14 @@ The following sections list the changes for unreleased. https://github.com/owncloud/ocis/issues/2466 https://github.com/owncloud/ocis/pull/2719 +* Bugfix - Fix basic auth with custom user claim: [#2755](https://github.com/owncloud/ocis/pull/2755) + + We've fixed authentication with basic if oCIS is configured to use a non-standard claim as user + claim (`PROXY_USER_OIDC_CLAIM`). Prior to this bugfix the authentication always failed and + is now working. + + https://github.com/owncloud/ocis/pull/2755 + * Bugfix - Fix oCIS startup ony systems with IPv6: [#2698](https://github.com/owncloud/ocis/pull/2698) We've fixed failing startup of oCIS on systems with IPv6 addresses. From 1cdb3a8003874ebb7b12125797dd427d10e94a08 Mon Sep 17 00:00:00 2001 From: Swikriti Tripathi Date: Mon, 15 Nov 2021 13:13:36 +0545 Subject: [PATCH 9/9] Bump ocis commit id to match latest --- .drone.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.env b/.drone.env index 3c996b4e1..7a54718c4 100644 --- a/.drone.env +++ b/.drone.env @@ -1,5 +1,5 @@ # The test runner source for API tests -CORE_COMMITID=2eead619a0e1bab2ca21bc7bbc4ef77f9d82c42d +CORE_COMMITID=4e808c1a89462fb91d2439dc3d9c490ebced3139 CORE_BRANCH=master # The test runner source for UI tests