From 1ec63176a8f68de617a6e30a122021b6b3d1a76c Mon Sep 17 00:00:00 2001
From: Ishank Arora <ishank.arora@cern.ch>
Date: Fri, 3 Apr 2020 13:57:26 +0200
Subject: [PATCH] ocm: Check for ID provider match as well when creating shares

---
 examples/ocmd/users.demo.json         |  4 ++--
 internal/http/services/ocmd/shares.go | 12 ++++++++----
 pkg/user/manager/json/json.go         |  3 +--
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/examples/ocmd/users.demo.json b/examples/ocmd/users.demo.json
index 1cd409696a..0c19c0760a 100644
--- a/examples/ocmd/users.demo.json
+++ b/examples/ocmd/users.demo.json
@@ -2,7 +2,7 @@
 	{
 		"id": {
 			"opaque_id": "4c510ada-c86b-4815-8820-42cdf82c3d51",
-			"idp": "http://localhost:20080"
+			"idp": "http://cernbox.cern.ch"
 		},
 		"username": "einstein",
 		"secret": "relativity",
@@ -13,7 +13,7 @@
 	{
 		"id": {
 			"opaque_id": "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-			"idp": "http://localhost:20080"
+			"idp": "http://cesnet.cz"
 		},
 		"username": "marie",
 		"secret": "radioactivity",
diff --git a/internal/http/services/ocmd/shares.go b/internal/http/services/ocmd/shares.go
index 2c8404fa05..8180c0d428 100644
--- a/internal/http/services/ocmd/shares.go
+++ b/internal/http/services/ocmd/shares.go
@@ -85,16 +85,20 @@ func (h *sharesHandler) createShare(w http.ResponseWriter, r *http.Request) {
 	}
 	prefix := hRes.GetPath()
 
-	shareWith := r.FormValue("shareWith")
-	if shareWith == "" {
-		WriteError(w, r, APIErrorInvalidParameter, "missing shareWith", nil)
+	shareWithUser := r.FormValue("shareWithUser")
+	shareWithProvider := r.FormValue("shareWithProvider")
+
+	if shareWithUser == "" || shareWithProvider == "" {
+		WriteError(w, r, APIErrorInvalidParameter, "missing shareWith parameters", nil)
 		return
 	}
 
 	userRes, err := gatewayClient.GetUser(ctx, &userpb.GetUserRequest{
-		UserId: &userpb.UserId{OpaqueId: shareWith},
+		UserId: &userpb.UserId{OpaqueId: shareWithUser, Idp: shareWithProvider},
 	})
 
+	log.Info().Msg(fmt.Sprintf("userRes %+v", userRes))
+
 	if err != nil {
 		WriteError(w, r, APIErrorInvalidParameter, "error searching recipient", err)
 		return
diff --git a/pkg/user/manager/json/json.go b/pkg/user/manager/json/json.go
index 0cdd105dc9..f4f1eedcdc 100644
--- a/pkg/user/manager/json/json.go
+++ b/pkg/user/manager/json/json.go
@@ -81,8 +81,7 @@ func New(m map[string]interface{}) (user.Manager, error) {
 
 func (m *manager) GetUser(ctx context.Context, uid *userpb.UserId) (*userpb.User, error) {
 	for _, u := range m.users {
-		// TODO(jfd) we should also compare idp / iss? labkode: yes we should
-		if u.Id.GetOpaqueId() == uid.OpaqueId || u.Username == uid.OpaqueId {
+		if (u.Id.GetOpaqueId() == uid.OpaqueId || u.Username == uid.OpaqueId) && (uid.Idp == "" || uid.Idp == u.Id.GetIdp()) {
 			return u, nil
 		}
 	}