From 8984bd4ef1070e271813f1cff1ac59b76b51be69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Thu, 13 Aug 2020 12:49:27 +0200 Subject: [PATCH] Add numeric uid and gid to the access token MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- changelog/unreleased/mint-uid-and-gid.md | 5 +++++ pkg/middleware/account_uuid.go | 20 ++++++++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 changelog/unreleased/mint-uid-and-gid.md diff --git a/changelog/unreleased/mint-uid-and-gid.md b/changelog/unreleased/mint-uid-and-gid.md new file mode 100644 index 0000000..95c059b --- /dev/null +++ b/changelog/unreleased/mint-uid-and-gid.md @@ -0,0 +1,5 @@ +Enhancement: Add numeric uid and gid to the access token + +The eos storage driver is fetching the uid and gid of a user from the access token. This PR is using the response of the accounts service to mint them in the token. + +https://github.com/owncloud/ocis-proxy/pull/89 diff --git a/pkg/middleware/account_uuid.go b/pkg/middleware/account_uuid.go index 620731e..24cb60d 100644 --- a/pkg/middleware/account_uuid.go +++ b/pkg/middleware/account_uuid.go @@ -4,9 +4,11 @@ import ( "context" "fmt" "net/http" + "strconv" "strings" revauser "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" + types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/token/manager/jwt" acc "github.com/owncloud/ocis-accounts/pkg/proto/v0" "github.com/owncloud/ocis-pkg/v2/log" @@ -145,7 +147,7 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { } l.Debug().Interface("claims", claims).Interface("account", account).Msgf("Associated claims with uuid") - token, err := tokenManager.MintToken(r.Context(), &revauser.User{ + user := &revauser.User{ Id: &revauser.UserId{ OpaqueId: account.Id, Idp: claims.Iss, @@ -155,7 +157,21 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { Mail: account.Mail, MailVerified: account.ExternalUserState == "" || account.ExternalUserState == "Accepted", Groups: groups, - }) + Opaque: &types.Opaque{ + Map: map[string]*types.OpaqueEntry{}, + }, + } + + user.Opaque.Map["uid"] = &types.OpaqueEntry{ + Decoder: "plain", + Value: []byte(strconv.FormatInt(account.UidNumber, 10)), + } + user.Opaque.Map["gid"] = &types.OpaqueEntry{ + Decoder: "plain", + Value: []byte(strconv.FormatInt(account.GidNumber, 10)), + } + + token, err := tokenManager.MintToken(r.Context(), user) if err != nil { l.Error().Err(err).Msgf("Could not mint token")