mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-07 12:50:21 -06:00
Code Issues Packages Projects Releases Wiki Activity
13,608 Commits 50 Branches 39 Tags
fc807299b697c16965d128db356cf25ebfd5bfe3
Commit Graph

186 Commits

Author SHA1 Message Date
jkoberg
d347448ec0 remove duplicated sutureservice code 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
 2023-06-02 12:02:27 +02:00
Ralf Haferkamp
7a4bc71e65 Revert "idp/proxy: Match users by ID instead of name by default" 
This reverts commit 52951b42b0.

The change broke authentication for at least the desktop client when
using the builtin idp. There seem to be issues in the IDP (lico) which
result in the implicit scoped not being added correctly in some case.
When that scope is missing the `lg.uuid` claim will not be present in
the userinfo and we can correctly match users by id.

This reverts back to the old behaviour of matching users by name. Which
also brings some aspects of https://github.com/owncloud/ocis/issues/904

Fixes #6415
 2023-06-01 11:13:47 +02:00
Jörn Friedrich Dreyer
632b206675 trace proxie middlewares (#6313) 
* trace proxie middlewares

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* Update ocis-pkg/service/grpc/client.go

Co-authored-by: Christian Richter <1058116+dragonchaser@users.noreply.github.com>

* default tls is off

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

---------

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: Christian Richter <1058116+dragonchaser@users.noreply.github.com>
 2023-05-27 10:18:24 +02:00
Jörn Friedrich Dreyer
b8bdd4573a introduce otlp tracing (#5132) 
* introduce otel tracing

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* use new trace provider initialization

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* work

* bump reva

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* remove commented code

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* add vendor changes

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

---------

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-05-26 22:21:03 +02:00
Martin
9f2500eba1 Merge pull request #6379 from rhafer/issue/6194 
proxy: Return an error when autoprovision a user fails
 2023-05-24 18:50:15 +02:00
Ralf Haferkamp
3dc0fff1f4 proxy: Return an error when autoprovision a user fails 
Fixes: #6194
 2023-05-24 17:17:15 +02:00
Ralf Haferkamp
54adf267c0 Fix oidc username claim name 
It's 'preferred_username' not 'preferred_user'.
 2023-05-24 17:12:38 +02:00
Michael Barz
e4aaf79614 Merge pull request #6355 from owncloud/fix-cors-headers 
fix preflight requests
 2023-05-24 09:40:01 +02:00
Ralf Haferkamp
52951b42b0 idp/proxy: Match users by ID instead of name by default 
Reconfigure the oidc clients for lico, so that lico adds the "lg.uuid" to
tokens and userinfo by default. That claim will contain the userid. So
we can now use the userid for matching users when using the default
idm/idp configuration. This fixes further problems so that users being
recreated with the same name are correctly treated as differnt users.

Fixes: #904
 2023-05-23 09:48:47 +02:00
Jörn Friedrich Dreyer
0edb2b9c5b fix preflight requests 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-05-22 16:28:51 +02:00
Phil Davis
f19830e919 Reword 'allows to' sentences 2023-05-18 09:46:25 +05:45
Michael Barz
43ed7392be add missing response body to blocked requests 2023-05-11 16:31:19 +02:00
mmattel
d5855a56d5 [docs-only] Fix typo in proxy readme yaml example 2023-05-11 09:44:14 +02:00
mmattel
589a0f5ce1 [docs-only] Fix caching envvar use 2023-05-10 11:37:05 +02:00
Martin
4ad0638429 Update services/proxy/README.md 
Co-authored-by: Michael Barz <mbarz@owncloud.com>
 2023-05-02 21:06:25 +02:00
mmattel
1d73b0e025 update proxy_tls description 2023-05-02 20:41:15 +02:00
Ralf Haferkamp
b7990875c1 oidc: Remove "aud" claim validation of logout tokens (#6156) 
The "aud" claim of the logout token is supposed to contain the client-id
of the client for which the token was issued. Our current implementation of
validating that claim is somewhat broken. We only allow to configure a single
value for the allowed client id. But we have different client-ids
accessing oCIS.

This completely removes the current validation of the `aud` claim until
we come up with a working solution. As we currently require a session id
to be present in the logout token the risk not validating the `aud`
claim is pretty low.

Related: #6149
 2023-04-27 10:34:09 +02:00
Andre Duffeck
be569b7c59 [full-ci] More cache cleanup (#6134) 
* Make env var names consistent with the others

* Remove unused OCS cache

* Use the same cache database for shared caches

* Bump reva
 2023-04-25 15:46:59 +02:00
Martin
9bf4b3eb18 Merge pull request #6119 from owncloud/update_readme_caching 
[docs-only] Add caching/storing info to services where missing
 2023-04-24 15:13:49 +02:00
Andre Duffeck
77bb3d8bcd [full-ci] Refactor stores (#6019) 
* Streamline the store implementation with and into reva

* Adapt to the cache/store refactoring in reva

* Streamline config options and their env vars

* Apply suggestions from code review

Co-authored-by: Martin <github@diemattels.at>

* Use the same database for all stores

* Bump reva

* Configure stat and filemetadata cache separately

* Fix default config

---------

Co-authored-by: Martin <github@diemattels.at>
 2023-04-24 15:13:35 +02:00
EParzefall
e2686f90b9 spelling fixes 2023-04-24 13:55:10 +02:00
mmattel
84d2d8dae9 [docs-only] Fix texts and typos in README.md files 2023-04-23 10:02:27 +02:00
Ralf Haferkamp
70a80125c3 Fix backchannel logout 
Use access token to lookup session id. The userinfo endpoint does
not return the session id. Also add some debug logging.

Co-authored-by: Christian Richter <crichter@owncloud.com>
Co-authored-by: Michael Barz <mbarz@owncloud.com>
 2023-04-20 18:04:52 +02:00
Christian Richter
a6ced1f99f Simplifiy Unmarshall function for stringAsBool struct 
Co-authored-by: Julian Koberg <jkoberg@owncloud.com>
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-20 11:45:13 +02:00
Christian Richter
7b1be941b7 improve documentation strings for env vars 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-20 11:26:32 +02:00
Christian Richter
cec99493f2 Add workaround for chiRouter racecondition in chi.RegisterMethod() 
Co-authored-by: Ralf Haferkamp <rhaferkamp@owncloud.com>
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-20 10:19:05 +02:00
Christian Richter
30bcf32062 incorporate requested changes 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-20 09:00:58 +02:00
Christian Richter
3d6d4c7c7c add missing http method 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-19 17:32:50 +02:00
Christian Richter
e88a0d7bc3 add tests for oidc backchannel logout 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-19 17:32:49 +02:00
Christian Richter
15691ae78a fix contexts, render result 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
d2d7c49df4 properly parse logout request 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
dc399a61ac implement backchannel logout, reuse useringo cache 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Christian Richter
a900d0ed8d Refactor caches 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
bc15b8a396 work on logout 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
b608d0b0f9 move verify access token code to oidc client 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
58dce9bed8 use our oidc client 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
97894acccd add missing error check, redirect stub 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Christian Richter
a3640b0565 extract full claims from jwt token to get session id 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-19 17:32:23 +02:00
Michael Barz
1f19462d44 Merge pull request #6076 from owncloud/policies-proxy-tus-uploads 
fix: proxy policies middleware tus filename evaluation
 2023-04-19 10:09:14 +02:00
Ralf Haferkamp
6059747491 proxy: Rework oidc role mapper to allow multiple matching roles 
If multiple claims values have a valid matching for ocis roles, we'll pick
the ocis role that appears first in the mapping configuration.
 2023-04-19 08:56:47 +02:00
Florian Schade
fdaf39f5d1 fix: proxy policies middleware tus filename evaluation 
when uploading files via uppy (tus), the path does not give any information about the file, PUT contains the filename in the path, tus POST not.

this pr extracts the HeaderUploadMetadata from that POST request and enhances the policies grpc environment request with that information.

Therefore, the policies service is now able to evaluate proxy requests for tus uploads too.
 2023-04-18 20:26:52 +02:00
mmattel
b2504035e0 fix readme service names 2023-04-12 18:40:41 +02:00
mmattel
255dd06c92 [docs-only] Fix readme.md for caches 2023-04-04 09:15:24 +02:00
Michael Barz
b2568972da Merge pull request #5992 from owncloud/basic-auth-header 
do not send www-authenticate basic for Api requests
 2023-04-03 15:22:09 +02:00
André Duffeck
d640719b7a Fix oidc auth cache 2023-04-03 14:00:11 +02:00
Michael Barz
df537ea98d do not send www-authenticate basic for Api requests 2023-04-03 11:34:42 +02:00
jkoberg
66a0d5a5ff avoid panic when oidcClient.Get fails 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
 2023-03-31 10:59:44 +02:00
kobergj
bfe8ed8db5 Merge pull request #5700 from owncloud/invitations 
Invitations service
 2023-03-28 15:27:56 +02:00
Dennis Sieben
e28603e633 - fixed typos 2023-03-27 08:54:51 +02:00
Jörn Friedrich Dreyer
f805cca363 initial invitations skeleton 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-03-24 11:42:48 +01:00