* extract and test role claim parsing
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add failing test
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* read segmented roles claim as array and string
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* reuse more code by extracting WalkSegments
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add TestSplitWithEscaping
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* docs and error for unhandled case
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add claims test
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add missing ReadStringClaim docs
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---------
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* enhancement: add graph beta listPermissions endpoint
besides the new api endpoint it includes several utilities to simplify the graph api development.
* resolve drive and item id from the request path
* generic pointer and value utilities
* space root detection
* update GetDriveAndItemIDParam signature to return a error
* move errorcode package
* enhancement: add generic error code handling
* fix: rebase
With Go 1.20 the "Rewrite" hook for ReverseProxy was introduced to
supersede of the "Director" hook (see:
a55793835f)
The Rewrite hooks allows for better separation between the incoming and
outgoing request. In particular it makes it pretty easy to set the
correct X-Forwarded-* Headers on the outgoing request.
The need for using "Rewrite" came up when trying to embed
authelia. It uses the X-Forwarded-Host and X-Forwared-Proto headers to
e.g. compute the correct return values for the various endpoints in
.well-known/openid-configuration.
This gets us a rid of the need to configure the reva jwt secret in the
proxy. Also we no longer need to fake an internal admin user for
autoprovsioning user and/or assigning the roles to users from oidc
claims.
We were using stretchr/testify and test-go/testify inconsitently and
sometimes mixed in the same tests. This can cause very strange issue,
e.g when using things like mock.MatchedBy().
This moves all our code to stretchr/testify, which seems to be far
more active and maintained then test-go/testify.
* Move away from global tracers.
This PR moves away from global tracers and instead initialises
a tracer provider at Service setup and passes it where it needs to be.
* Change tracing provider to be set via options.
Also change name for GetServiceTraceProvider.
* Add changelog.
* enhancement: use reva client pool selectors
register mock service to registry and pass tests
* enhancement: bump reva
* Fix a couple of linter issues
---------
Co-authored-by: Ralf Haferkamp <rhaferkamp@owncloud.com>
This reverts commit 52951b42b0.
The change broke authentication for at least the desktop client when
using the builtin idp. There seem to be issues in the IDP (lico) which
result in the implicit scoped not being added correctly in some case.
When that scope is missing the `lg.uuid` claim will not be present in
the userinfo and we can correctly match users by id.
This reverts back to the old behaviour of matching users by name. Which
also brings some aspects of https://github.com/owncloud/ocis/issues/904Fixes#6415
