forked from cs3org/reva
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
- Loading branch information
Showing
9 changed files
with
155 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
Bugfix: fix OCM userid encoding | ||
|
||
We now base64 encode the remote userid and provider as the local federated user id. This allows us to always differentiate them from local users and unpack the encoded user id and provider when making requests to the remote ocm provider. | ||
|
||
https://github.com/cs3org/reva/pull/4833 | ||
https://github.com/owncloud/ocis/issues/9927 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
package user | ||
|
||
import ( | ||
"encoding/base64" | ||
"fmt" | ||
"net/url" | ||
"strings" | ||
|
||
userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" | ||
) | ||
|
||
// FederatedID creates a federated user id by | ||
// 1. stripping the protocol from the domain and | ||
// 2. base64 encoding the opaque id with the domain to get a unique identifier that cannot collide with other users | ||
func FederatedID(id *userpb.UserId) *userpb.UserId { | ||
// strip protocol from the domain | ||
domain := id.Idp | ||
if u, err := url.Parse(domain); err == nil && u.Host != "" { | ||
domain = u.Host | ||
} | ||
return &userpb.UserId{ | ||
Type: userpb.UserType_USER_TYPE_FEDERATED, | ||
Idp: domain, | ||
OpaqueId: base64.URLEncoding.EncodeToString([]byte(id.OpaqueId + "@" + domain)), | ||
} | ||
} | ||
|
||
// RemoteID creates a remote user id by | ||
// 1. decoding the base64 encoded opaque id | ||
// 2. splitting the opaque id at the last @ to get the opaque id and the domain | ||
func RemoteID(id *userpb.UserId) *userpb.UserId { | ||
remoteId := &userpb.UserId{ | ||
Type: userpb.UserType_USER_TYPE_PRIMARY, | ||
Idp: id.Idp, | ||
OpaqueId: id.OpaqueId, | ||
} | ||
bytes, err := base64.URLEncoding.DecodeString(id.GetOpaqueId()) | ||
if err != nil { | ||
return remoteId | ||
} | ||
remote := string(bytes) | ||
last := strings.LastIndex(remote, "@") | ||
if last == -1 { | ||
return remoteId | ||
} | ||
remoteId.OpaqueId = remote[:last] | ||
remoteId.Idp = remote[last+1:] | ||
|
||
return remoteId | ||
} | ||
|
||
// FormatOCMUser formats a user id in the form of <opaque-id>@<idp> used by the OCM API in shareWith, owner and creator fields | ||
func FormatOCMUser(u *userpb.UserId) string { | ||
return fmt.Sprintf("%s@%s", u.OpaqueId, u.Idp) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,6 +21,7 @@ package grpc_test | |
import ( | ||
"bytes" | ||
"context" | ||
"encoding/base64" | ||
"encoding/json" | ||
"fmt" | ||
"net/http" | ||
|
@@ -106,23 +107,43 @@ var _ = Describe("ocm invitation workflow", func() { | |
einstein = &userpb.User{ | ||
Id: &userpb.UserId{ | ||
OpaqueId: "4c510ada-c86b-4815-8820-42cdf82c3d51", | ||
Idp: "cernbox.cern.ch", | ||
Idp: "https://cernbox.cern.ch", | ||
Type: userpb.UserType_USER_TYPE_PRIMARY, | ||
}, | ||
Username: "einstein", | ||
Mail: "[email protected]", | ||
DisplayName: "Albert Einstein", | ||
} | ||
federatedEinstein = &userpb.User{ | ||
Id: &userpb.UserId{ | ||
Type: userpb.UserType_USER_TYPE_FEDERATED, | ||
Idp: "cernbox.cern.ch", | ||
OpaqueId: base64.URLEncoding.EncodeToString([]byte("[email protected]")), | ||
}, | ||
Username: "einstein", | ||
Mail: "[email protected]", | ||
DisplayName: "Albert Einstein", | ||
} | ||
marie = &userpb.User{ | ||
Id: &userpb.UserId{ | ||
OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c", | ||
Idp: "cesnet.cz", | ||
Idp: "https://cesnet.cz", | ||
Type: userpb.UserType_USER_TYPE_PRIMARY, | ||
}, | ||
Username: "marie", | ||
Mail: "[email protected]", | ||
DisplayName: "Marie Curie", | ||
} | ||
federatedMarie = &userpb.User{ | ||
Id: &userpb.UserId{ | ||
Type: userpb.UserType_USER_TYPE_FEDERATED, | ||
Idp: "cesnet.cz", | ||
OpaqueId: base64.URLEncoding.EncodeToString([]byte("[email protected]")), | ||
}, | ||
Username: "marie", | ||
Mail: "[email protected]", | ||
DisplayName: "Marie Curie", | ||
} | ||
) | ||
|
||
for _, driver := range []string{"json"} { | ||
|
@@ -198,21 +219,21 @@ var _ = Describe("ocm invitation workflow", func() { | |
|
||
Expect(forwardRes.DisplayName).To(Equal(einstein.DisplayName)) | ||
Expect(forwardRes.Email).To(Equal(einstein.Mail)) | ||
Expect(utils.UserEqual(forwardRes.UserId, einstein.Id)).To(BeTrue()) | ||
Expect(utils.UserEqual(forwardRes.UserId, federatedEinstein.Id)).To(BeTrue()) | ||
|
||
usersRes1, err := cernboxgw.FindAcceptedUsers(ctxEinstein, &invitepb.FindAcceptedUsersRequest{}) | ||
Expect(err).ToNot(HaveOccurred()) | ||
Expect(usersRes1.Status.Code).To(Equal(rpc.Code_CODE_OK)) | ||
Expect(usersRes1.AcceptedUsers).To(HaveLen(1)) | ||
info1 := usersRes1.AcceptedUsers[0] | ||
Expect(ocmUserEqual(info1, marie)).To(BeTrue()) | ||
Expect(ocmUserEqual(info1, federatedMarie)).To(BeTrue()) | ||
|
||
usersRes2, err := cesnetgw.FindAcceptedUsers(ctxMarie, &invitepb.FindAcceptedUsersRequest{}) | ||
Expect(err).ToNot(HaveOccurred()) | ||
Expect(usersRes2.Status.Code).To(Equal(rpc.Code_CODE_OK)) | ||
Expect(usersRes2.AcceptedUsers).To(HaveLen(1)) | ||
info2 := usersRes2.AcceptedUsers[0] | ||
Expect(ocmUserEqual(info2, einstein)).To(BeTrue()) | ||
Expect(ocmUserEqual(info2, federatedEinstein)).To(BeTrue()) | ||
}) | ||
|
||
}) | ||
|
@@ -222,8 +243,8 @@ var _ = Describe("ocm invitation workflow", func() { | |
var cleanup func() | ||
BeforeEach(func() { | ||
variables, cleanup, err = initData(driver, nil, map[string][]*userpb.User{ | ||
einstein.Id.OpaqueId: {marie}, | ||
marie.Id.OpaqueId: {einstein}, | ||
einstein.Id.OpaqueId: {federatedMarie}, | ||
marie.Id.OpaqueId: {federatedEinstein}, | ||
}) | ||
Expect(err).ToNot(HaveOccurred()) | ||
}) | ||
|
@@ -417,16 +438,16 @@ var _ = Describe("ocm invitation workflow", func() { | |
|
||
users, code = findAccepted(tknEinstein, cernboxURL) | ||
Expect(code).To(Equal(http.StatusOK)) | ||
Expect(ocmUsersEqual(list.Map(users, remoteToCs3User), []*userpb.User{marie})).To(BeTrue()) | ||
Expect(ocmUsersEqual(list.Map(users, remoteToCs3User), []*userpb.User{federatedMarie})).To(BeTrue()) | ||
}) | ||
}) | ||
|
||
Context("marie already accepted an invitation before", func() { | ||
var cleanup func() | ||
BeforeEach(func() { | ||
variables, cleanup, err = initData(driver, nil, map[string][]*userpb.User{ | ||
einstein.Id.OpaqueId: {marie}, | ||
marie.Id.OpaqueId: {einstein}, | ||
einstein.Id.OpaqueId: {federatedMarie}, | ||
marie.Id.OpaqueId: {federatedEinstein}, | ||
}) | ||
Expect(err).ToNot(HaveOccurred()) | ||
}) | ||
|
@@ -438,14 +459,14 @@ var _ = Describe("ocm invitation workflow", func() { | |
It("fails the invitation workflow", func() { | ||
users, code := findAccepted(tknEinstein, cernboxURL) | ||
Expect(code).To(Equal(http.StatusOK)) | ||
Expect(ocmUsersEqual(list.Map(users, remoteToCs3User), []*userpb.User{marie})).To(BeTrue()) | ||
Expect(ocmUsersEqual(list.Map(users, remoteToCs3User), []*userpb.User{federatedMarie})).To(BeTrue()) | ||
|
||
code = acceptInvite(tknMarie, cesnetURL, "cernbox.cern.ch", token) | ||
Expect(code).To(Equal(http.StatusConflict)) | ||
|
||
users, code = findAccepted(tknEinstein, cernboxURL) | ||
Expect(code).To(Equal(http.StatusOK)) | ||
Expect(ocmUsersEqual(list.Map(users, remoteToCs3User), []*userpb.User{marie})).To(BeTrue()) | ||
Expect(ocmUsersEqual(list.Map(users, remoteToCs3User), []*userpb.User{federatedMarie})).To(BeTrue()) | ||
}) | ||
}) | ||
|
||
|
@@ -507,7 +528,7 @@ var _ = Describe("ocm invitation workflow", func() { | |
|
||
users, code = findAccepted(tknEinstein, cernboxURL) | ||
Expect(code).To(Equal(http.StatusOK)) | ||
Expect(ocmUsersEqual(list.Map(users, remoteToCs3User), []*userpb.User{marie})).To(BeTrue()) | ||
Expect(ocmUsersEqual(list.Map(users, remoteToCs3User), []*userpb.User{federatedMarie})).To(BeTrue()) | ||
}) | ||
}) | ||
|
||
|
Oops, something went wrong.