Skip to content

Commit

Permalink
(fix)graph: Always set UserType in /users responses
Browse files Browse the repository at this point in the history
LDAP users without a UserType attribute get the UserType "Member"
by default. Federated users get the UserType "Federated".

Related #9702
  • Loading branch information
rhafer committed Aug 12, 2024
1 parent 847d168 commit 80e8a2e
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 3 deletions.
24 changes: 22 additions & 2 deletions services/graph/pkg/identity/backend.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ var (
ErrNotFound = errorcode.New(errorcode.ItemNotFound, "not found")
)

const (
UserTypeMember = "Member"
UserTypeGuest = "Guest"
UserTypeFederated = "Federated"
)

// Backend defines the Interface for an IdentityBackend implementation
type Backend interface {
// CreateUser creates a given user in the identity backend.
Expand Down Expand Up @@ -106,26 +112,40 @@ type EducationBackend interface {

// CreateUserModelFromCS3 converts a cs3 User object into a libregraph.User
func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User {
if u.Id == nil {
if u.GetId() == nil {
u.Id = &cs3user.UserId{}
}
userType := cs3UserTypeToGraph(u.GetId().GetType())
return &libregraph.User{
Identities: []libregraph.ObjectIdentity{
{
Issuer: &u.GetId().Idp,
IssuerAssignedId: &u.GetId().OpaqueId,
},
},
UserType: &userType,
DisplayName: &u.DisplayName,
Mail: &u.Mail,
OnPremisesSamAccountName: &u.Username,
Id: &u.Id.OpaqueId,
}
}

func cs3UserTypeToGraph(cs3type cs3user.UserType) string {
switch cs3type {
case cs3user.UserType_USER_TYPE_PRIMARY:
return UserTypeMember
case cs3user.UserType_USER_TYPE_FEDERATED:
return UserTypeFederated
case cs3user.UserType_USER_TYPE_GUEST:
return UserTypeGuest
}
return "unknown"
}

// CreateGroupModelFromCS3 converts a cs3 Group object into a libregraph.Group
func CreateGroupModelFromCS3(g *cs3group.Group) *libregraph.Group {
if g.Id == nil {
if g.GetId() == nil {
g.Id = &cs3group.GroupId{}
}
return &libregraph.Group{
Expand Down
7 changes: 6 additions & 1 deletion services/graph/pkg/identity/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -810,9 +810,14 @@ func (i *LDAP) createUserModelFromLDAP(e *ldap.Entry) *libregraph.User {
Id: &id,
GivenName: pointerOrNil(e.GetEqualFoldAttributeValue(i.userAttributeMap.givenName)),
Surname: &surname,
UserType: pointerOrNil(e.GetEqualFoldAttributeValue(i.userAttributeMap.userType)),
AccountEnabled: booleanOrNil(e.GetEqualFoldAttributeValue(i.userAttributeMap.accountEnabled)),
}

userType := e.GetEqualFoldAttributeValue(i.userAttributeMap.userType)
if userType == "" {
userType = UserTypeMember
}
user.SetUserType(userType)
var identities []libregraph.ObjectIdentity
for _, identityStr := range e.GetEqualFoldAttributeValues(i.userAttributeMap.identities) {
parts := strings.SplitN(identityStr, "$", 3)
Expand Down
6 changes: 6 additions & 0 deletions services/graph/pkg/identity/ldap_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,7 @@ func TestUpdateUser(t *testing.T) {
displayName: "testUser",
onPremisesSamAccountName: "testUser",
accountEnabled: nil,
userType: &memberType,
},
assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
return assert.Nil(t, err, args...)
Expand Down Expand Up @@ -526,6 +527,7 @@ func TestUpdateUser(t *testing.T) {
displayName: "newName",
onPremisesSamAccountName: "testUser",
accountEnabled: nil,
userType: &memberType,
},
assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
return assert.Nil(t, err, args...)
Expand Down Expand Up @@ -655,6 +657,7 @@ func TestUpdateUser(t *testing.T) {
displayName: "newName",
onPremisesSamAccountName: "newName",
accountEnabled: nil,
userType: &memberType,
},
assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
return assert.Nil(t, err, args...)
Expand Down Expand Up @@ -844,6 +847,7 @@ func TestUpdateUser(t *testing.T) {
displayName: "testUser",
onPremisesSamAccountName: "testUser",
accountEnabled: &falseBool,
userType: &memberType,
},
assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
return assert.Nil(t, err, args...)
Expand Down Expand Up @@ -974,6 +978,7 @@ func TestUpdateUser(t *testing.T) {
displayName: "testUser",
onPremisesSamAccountName: "testUser",
accountEnabled: &falseBool,
userType: &memberType,
},
assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
return assert.Nil(t, err, args...)
Expand Down Expand Up @@ -1140,6 +1145,7 @@ func TestUpdateUser(t *testing.T) {
displayName: "testUser",
onPremisesSamAccountName: "testUser",
accountEnabled: &trueBool,
userType: &memberType,
},
assertion: func(t assert.TestingT, err error, args ...interface{}) bool {
return assert.Nil(t, err, args...)
Expand Down

0 comments on commit 80e8a2e

Please sign in to comment.