diff --git a/changelog/unreleased/ext-users.md b/changelog/unreleased/ext-users.md new file mode 100644 index 0000000000..430ff0dedc --- /dev/null +++ b/changelog/unreleased/ext-users.md @@ -0,0 +1,7 @@ +Enhancement: better display name in apps for all user types + +This includes a `FirstName FamilyName (domain)` format for non-primary accounts, +and a sanitization of the email address claim for such non-primary accounts. + +https://github.com/cs3org/reva/pull/2986 +https://github.com/cs3org/reva/pull/3280 diff --git a/pkg/app/provider/wopi/wopi.go b/pkg/app/provider/wopi/wopi.go index 0b79e1d439..bec75f63a3 100644 --- a/pkg/app/provider/wopi/wopi.go +++ b/pkg/app/provider/wopi/wopi.go @@ -144,32 +144,24 @@ func (p *wopiProvider) GetAppURL(ctx context.Context, resource *provider.Resourc q.Add("fileid", resource.GetId().OpaqueId) q.Add("endpoint", resource.GetId().StorageId) q.Add("viewmode", viewMode.String()) + q.Add("appname", p.conf.AppName) u, ok := ctxpkg.ContextGetUser(ctx) - if ok { // else defaults to "Guest xyz" - var isPublicShare bool - if u.Opaque != nil { - if _, ok := u.Opaque.Map["public-share-role"]; ok { - isPublicShare = true - } - } - + if ok { // else username defaults to "Guest xyz" if u.Id.Type == userpb.UserType_USER_TYPE_LIGHTWEIGHT || u.Id.Type == userpb.UserType_USER_TYPE_FEDERATED { q.Add("userid", resource.Owner.OpaqueId+"@"+resource.Owner.Idp) - if !isPublicShare { - // for visual display, federated/external accounts are shown with their email but act on behalf of the owner - q.Add("username", u.Mail) - } } else { q.Add("userid", u.Id.OpaqueId+"@"+u.Id.Idp) - if !isPublicShare { - q.Add("username", u.Username) + } + + q.Add("username", u.DisplayName) + if u.Opaque != nil { + if _, ok := u.Opaque.Map["public-share-role"]; ok { + q.Del("username") // on public shares default to "Guest xyz" } } } - q.Add("appname", p.conf.AppName) - var viewAppURL string if viewAppURLs, ok := p.appURLs["view"]; ok { if viewAppURL, ok = viewAppURLs[ext]; ok { diff --git a/pkg/auth/manager/oidc/oidc.go b/pkg/auth/manager/oidc/oidc.go index 9d9a6e8f16..7352850b60 100644 --- a/pkg/auth/manager/oidc/oidc.go +++ b/pkg/auth/manager/oidc/oidc.go @@ -247,6 +247,10 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string) if err != nil { return nil, nil, err } + // strip the `guest:` prefix if present in the email claim (appears to come from LDAP at CERN?) + u.Mail = strings.Replace(u.Mail, "guest: ", "", 1) + // and decorate the display name with the email domain to make it different from a primary account + u.DisplayName = u.DisplayName + " (" + strings.Split(u.Mail, "@")[1] + ")" } else { scopes, err = scope.AddOwnerScope(nil) if err != nil {