From 2491087264d4e698e0ddb3a975bd91b8c96516a3 Mon Sep 17 00:00:00 2001 From: David Christofas Date: Wed, 24 Jun 2020 17:27:00 +0200 Subject: [PATCH] autoprovision new users on login Signed-off-by: David Christofas --- .../unreleased/auto_provision_accounts.md | 6 ++++ pkg/middleware/account_uuid.go | 31 +++++++++++++++++-- 2 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 changelog/unreleased/auto_provision_accounts.md diff --git a/changelog/unreleased/auto_provision_accounts.md b/changelog/unreleased/auto_provision_accounts.md new file mode 100644 index 00000000000..d2c0b2f3d37 --- /dev/null +++ b/changelog/unreleased/auto_provision_accounts.md @@ -0,0 +1,6 @@ +Enhancement: create account if it doesn't exist in ocis-accounts + +The accounts_uuid middleware tries to get the account from ocis-accounts. +If it doens't exist there yet the proxy creates the account using the ocis-account api. + +https://github.com/owncloud/ocis-proxy/issues/55 diff --git a/pkg/middleware/account_uuid.go b/pkg/middleware/account_uuid.go index 071af181ac0..7eed9eaf0a5 100644 --- a/pkg/middleware/account_uuid.go +++ b/pkg/middleware/account_uuid.go @@ -61,6 +61,25 @@ func getAccount(l log.Logger, claims *oidc.StandardClaims, ac acc.AccountsServic return } +func createAccount(l log.Logger, claims *oidc.StandardClaims, ac acc.AccountsService) (*acc.Account, int) { + // TODO check if fields are missing. + req := &acc.CreateAccountRequest{ + Account: &acc.Account{ + DisplayName: claims.DisplayName, + PreferredName: claims.PreferredUsername, + Mail: claims.Email, + CreationType: "LocalAccount", + }, + } + created, err := ac.CreateAccount(context.Background(), req) + if err != nil { + l.Error().Err(err).Interface("account", req.Account).Msg("could not create account") + return nil, http.StatusInternalServerError + } + + return created, 0 +} + // AccountUUID provides a middleware which mints a jwt and adds it to the proxied request based // on the oidc-claims func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { @@ -89,8 +108,16 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { account, status := getAccount(l, claims, opt.AccountsClient) if status != 0 { - w.WriteHeader(status) - return + if status == http.StatusNotFound { + account, status = createAccount(l, claims, opt.AccountsClient) + if status != 0 { + w.WriteHeader(status) + return + } + } else { + w.WriteHeader(status) + return + } } if !account.AccountEnabled { l.Debug().Interface("account", account).Msg("account is disabled")