External users, when logging in for the first time, have no role
assigned and are unable to create their home because that requires the
create-space permission. This assigns users that don't have a role assigned
to the default user role and persists that assignment in the settings
service so that CreateHome can pick it up when checking permissions
later.
This also disables the auto creation of the user's home in the reva
auth provider (i.e. when using basic auth) as the role assignement has
not happenend at that point. So the home creation will now always happen
in the CreateHome middleware in the proxy.
Configureable via:
PROXY_ACCOUNT_BACKEND_TYPE=cs3
PROXY_ACCOUNT_BACKEND_TYPE=accounts (default)
By using a backend which implements the CS3 user-api (currently provided by reva/storage) it is possible to bypass
the ocis-accounts service and for example use ldap directly.
Hides user and auth related communication behind a facade (user/backend) to minimize logic-duplication across middlewares.
Allows to switich the account backend from accounts to cs3.
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Ralf Haferkamp