-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
when sharing via ocs look up user by username #1281
Conversation
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
8b28fa5
to
2dd898f
Compare
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
2dd898f
to
d7dd62a
Compare
@ishank011 does this affect the OCM layer? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't directly affect it, but this creates inconsistency with other invocations of CreateShare/CreateOCMShare.
https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go#L474-L476 here we still assume that we're getting the opaque ID as the input. Also in the cmd actions share-create and ocm-share-create, we still assume the opaque ID, so it'd be good to have the same thing across all the calls.
@ishank011 @labkode we are looking into tho ocs and ocdav apis. we tried to use the userid / opaque id because it is the only real stable identifier that does not change. ocs and ocdav really only know about usernames. with the oc10 limitation that usernames cannot change. also testsuites, web, desktop and mobile clients all use that username. but if we use the userid as the username it has different properties, like userid is case sensitive, username is not ... I have been trying hard to introduce a stable userid. And for the cs3 api that is the user opaqueid. But for the legacy ocs and ocdav apis that is thh username. now ocm has a federated sharing id ... which imo should use the cs3 opaqueid. but if you want to stay backwards compatible you need a migration strategy anyway. I haven't looked at the OCM code. What property are you using to construct the federated sharing id? oc10 uses the username... |
@butonic for OCM, we ensure that the cs3 userID (opaque ID + IdP) is unique and use that to identify remote users. |
yes, the ocs ocdav and imo ocm endpoints should only expose the username, because that is what existing clients expect. the services should map them to a proper cs3 user id. well, if ocm exposes the internal userid that might make sense because it needs stable user identifiers. for a migration you could make the existing username the userid (since they are currently unique and should not collide with uuids which should be used in the future) |
@labkode @ishank011 should I update the ocm service to expect the username? I'm not too deep into that ui, so I don't know if that would match the spec. |
Looking at https://rawgit.com/GEANT/OCM-API/v1/docs.html#null%2Fpaths%2F~1shares%2Fpost I can only find
|
Ok that is the cloudId, formerly known as federated sharing id, which consists of the username and the host. See https://github.com/owncloud/core/blob/master/apps/federatedfilesharing/lib/Address.php for details. The translateUid function is even some old magic that uses the login used for ldap accounts. This is obviously already a deprecated fragile design, because it does cover changing usernames. Changing that is out of scope for Reva. So I think the correct way to handle this for now is to only expose the username. That will migrating users to ocis/reva easier. A stable an persistent identifier can be introduced later. Following protocol driven development we should propose this change to the ocm spec. |
Yes, using the username would be fine, but we'd still need to provide the ID of the provider as users across different providers can have the same username. This should be added to the spec IMO. Regarding retrieving users from other claims, I can add a similar method to the OCM user service, so that shouldn't be a problem. |
The ocs api returns usernames when listing share recipients, so the lookup when creating the share needs to search the usernames and not the userid.
related: owncloud/ocis#627