Site account extensions (#2008)

cs3org · Aug 20, 2021 · 18b230c · 18b230c
1 parent 39aa910
commit 18b230c
Show file tree

Hide file tree

Showing 49 changed files with 3,875 additions and 1,027 deletions.
diff --git a/changelog/unreleased/siteacc-ext.md b/changelog/unreleased/siteacc-ext.md
@@ -0,0 +1,11 @@
+Enhancement: Site account extensions
+
+This PR heavily extends the site accounts service:
+* Extended the accounts information (not just email and name)
+* Accounts now have a password
+* Users can now "log in" to their accounts and edit it
+* Ability to grant access to the GOCDB
+
+Furthermore, these accounts can now be used to authenticate for logging in to our customized GOCDB. More use cases for these accounts are also planned.
+
+https://github.com/cs3org/reva/pull/2008
diff --git a/docs/content/en/docs/config/http/services/siteacc/_index.md b/docs/content/en/docs/config/http/services/siteacc/_index.md
@@ -19,68 +19,85 @@ prefix = "/siteacc"
 {{< /highlight >}}
 {{% /dir %}}
 
-{{% dir name="enable_registration_form" type="string" default="false" %}}
-If set to true, the service will expose a simple form for account registration.
+## GOCDB settings
+{{% dir name="url" type="string" default="" %}}
+The external URL of the central GOCDB instance.
+{{< highlight toml >}}
+[http.services.siteacc.gocdb]
+url = "https://www.sciencemesh.eu/gocdb/"
+{{< /highlight >}}
+{{% /dir %}}
 
+{{% dir name="write_url" type="string" default="" %}}
+The external URL of the GOCDB Write API.
 {{< highlight toml >}}
-[http.services.siteacc]
-enable_registration_form = true
+[http.services.siteacc.gocdb]
+write_url = "https://www.sciencemesh.eu/gocdbpi/"
+{{< /highlight >}}
+{{% /dir %}}
+
+{{% dir name="apikey" type="string" default="" %}}
+The API key for the GOCDB.
+{{< highlight toml >}}
+[http.services.siteacc.gocdb]
+apikey = "verysecret"
 {{< /highlight >}}
 {{% /dir %}}
 
+## Email settings
 {{% dir name="notifications_mail" type="string" default="" %}}
 An email address where all notifications are sent to.
 {{< highlight toml >}}
-[http.services.siteacc]
+[http.services.siteacc.email]
 notifications_mail = "notify@example.com"
 {{< /highlight >}}
 {{% /dir %}}
 
-## SMTP settings
+### SMTP settings
 {{% dir name="sender_mail" type="string" default="" %}}
 An email address from which all emails are sent.
 {{< highlight toml >}}
-[http.services.siteacc.smtp]
+[http.services.siteacc.email.smtp]
 sender_mail = "notify@example.com"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="sender_login" type="string" default="" %}}
 The login name.
 {{< highlight toml >}}
-[http.services.siteacc.smtp]
+[http.services.siteacc.email.smtp]
 sender_login = "hans"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="sender_password" type="string" default="" %}}
 The password for the login.
 {{< highlight toml >}}
-[http.services.siteacc.smtp]
+[http.services.siteacc.email.smtp]
 password = "secret"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="smtp_server" type="string" default="" %}}
 The SMTP server to use.
 {{< highlight toml >}}
-[http.services.siteacc.smtp]
+[http.services.siteacc.email.smtp]
 smtp_server = "smtp.example.com"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="smtp_port" type="int" default="25" %}}
 The SMTP server port to use.
 {{< highlight toml >}}
-[http.services.siteacc.smtp]
+[http.services.siteacc.email.smtp]
 smtp_port = 25
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="disable_auth" type="bool" default="false" %}}
 Whether to disable authentication.
 {{< highlight toml >}}
-[http.services.siteacc.smtp]
+[http.services.siteacc.email.smtp]
 disable_auth = true
 {{< /highlight >}}
 {{% /dir %}}
@@ -111,3 +128,36 @@ The registration service URL.
 url = "https://iop.example.com/sitereg"
 {{< /highlight >}}
 {{% /dir %}}
+
+## Webserver settings
+{{% dir name="url" type="string" default="" %}}
+The external URL of the site accounts service.
+{{< highlight toml >}}
+[http.services.siteacc.webserver]
+url = "https://www.sciencemesh.eu/accounts/"
+{{< /highlight >}}
+{{% /dir %}}
+
+{{% dir name="session_timeout" type="int" default="300" %}}
+The session timeout in seconds.
+{{< highlight toml >}}
+[http.services.siteacc.webserver]
+session_timeout = 600
+{{< /highlight >}}
+{{% /dir %}}
+
+{{% dir name="verify_remote_address" type="bool" default="false" %}}
+If true, sessions are only valid if they belong to the same IP. This can cause problems behind proxy servers.
+{{< highlight toml >}}
+[http.services.siteacc.webserver]
+verify_remote_address = true
+{{< /highlight >}}
+{{% /dir %}}
+
+{{% dir name="log_sessions" type="bool" default="false" %}}
+If enabled, debug information about sessions will be printed.
+{{< highlight toml >}}
+[http.services.siteacc.webserver]
+log_sessions = true
+{{< /highlight >}}
+{{% /dir %}}
diff --git a/examples/siteacc/siteacc.toml b/examples/siteacc/siteacc.toml
@@ -1,21 +1,29 @@
 [http]
 address = "0.0.0.0:9600"
 
-[http.services.siteacc]
-# If this is set to true, the service will expose a simple form for account registration
-enable_registration_form = true
-# All notification emails are sent to this email
-notifications_mail = "science.mesh@example.com"
+[http.services.siteacc.gocdb]
+url = "https://sciencemesh-test.uni-muenster.de/gocdb/"
+write_url = "https://sciencemesh-test.uni-muenster.de/gocdbpi/"
+apikey = "verysecret"
 
 # Set up the storage driver
 [http.services.siteacc.storage]
 driver = "file"
 [http.services.siteacc.storage.file]
 file = "/var/revad/accounts.json"
 
+# Email related settings
+[http.services.siteacc.email]
+notifications_mail = "science.mesh@example.com"
+
 # The SMTP server used for sending emails
-[http.services.siteacc.smtp]
+[http.services.siteacc.email.smtp]
 sender_mail = "science.mesh@example.com"
 smtp_server = "mail.example.com"
 smtp_port = 25
 disable_auth = true
+
+# The webserver section defines various webserver-related settings
+[http.services.siteacc.webserver]
+url = "https://sciencemesh-test.uni-muenster.de/api/accounts/"
+session_timeout = 60
diff --git a/internal/grpc/services/publicstorageprovider/publicstorageprovider.go b/internal/grpc/services/publicstorageprovider/publicstorageprovider.go
@@ -80,7 +80,7 @@ func parseConfig(m map[string]interface{}) (*config, error) {
 	return c, nil
 }
 
-// New creates a new Public Storage Provider service.
+// New creates a new IsPublic Storage Provider service.
 func New(m map[string]interface{}, ss *grpc.Server) (rgrpc.Service, error) {
 	c, err := parseConfig(m)
 	if err != nil {

diff --git a/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go b/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go
@@ -128,7 +128,7 @@ func (h *Handler) Init(c *config.Config) {
 		h.c.Capabilities.FilesSharing.Public = &data.CapabilitiesFilesSharingPublic{}
 	}
 
-	// h.c.Capabilities.FilesSharing.Public.Enabled is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.Enabled is boolean
 	h.c.Capabilities.FilesSharing.Public.Enabled = true
 
 	if h.c.Capabilities.FilesSharing.Public.Password == nil {
@@ -139,22 +139,22 @@ func (h *Handler) Init(c *config.Config) {
 		h.c.Capabilities.FilesSharing.Public.Password.EnforcedFor = &data.CapabilitiesFilesSharingPublicPasswordEnforcedFor{}
 	}
 
-	// h.c.Capabilities.FilesSharing.Public.Password.EnforcedFor.ReadOnly is boolean
-	// h.c.Capabilities.FilesSharing.Public.Password.EnforcedFor.ReadWrite is boolean
-	// h.c.Capabilities.FilesSharing.Public.Password.EnforcedFor.UploadOnly is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.Password.EnforcedFor.ReadOnly is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.Password.EnforcedFor.ReadWrite is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.Password.EnforcedFor.UploadOnly is boolean
 
-	// h.c.Capabilities.FilesSharing.Public.Password.Enforced is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.Password.Enforced is boolean
 
 	if h.c.Capabilities.FilesSharing.Public.ExpireDate == nil {
 		h.c.Capabilities.FilesSharing.Public.ExpireDate = &data.CapabilitiesFilesSharingPublicExpireDate{}
 	}
-	// h.c.Capabilities.FilesSharing.Public.ExpireDate.Enabled is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.ExpireDate.Enabled is boolean
 
-	// h.c.Capabilities.FilesSharing.Public.SendMail is boolean
-	// h.c.Capabilities.FilesSharing.Public.SocialShare is boolean
-	// h.c.Capabilities.FilesSharing.Public.Upload is boolean
-	// h.c.Capabilities.FilesSharing.Public.Multiple is boolean
-	// h.c.Capabilities.FilesSharing.Public.SupportsUploadOnly is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.SendMail is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.SocialShare is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.Upload is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.Multiple is boolean
+	// h.c.Capabilities.FilesSharing.IsPublic.SupportsUploadOnly is boolean
 
 	if h.c.Capabilities.FilesSharing.User == nil {
 		h.c.Capabilities.FilesSharing.User = &data.CapabilitiesFilesSharingUser{}

diff --git a/internal/http/services/siteacc/data/account.go b/internal/http/services/siteacc/data/account.go