Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use UidNumber and GidNumber fields in User objects #1573

Merged
merged 5 commits into from
Jun 14, 2021
Merged

Use UidNumber and GidNumber fields in User objects #1573

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ab4282c
Use UidNumber and GidNumber fields in User objects (#1516)
sudo-sturbia Mar 19, 2021
b5464e1
eosfs: update getUser to check uid and gid
sudo-sturbia Mar 19, 2021
5e99c22
Update test case for JSON user provider integration test
sudo-sturbia Mar 22, 2021
468b2b1
Avoid nil pointer dereference in assertGetUserByClaimResponses
sudo-sturbia Mar 23, 2021
1db79ca
Minor fixes
ishank011 Jun 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions changelog/unreleased/use-uid-gid-fields.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
Enhancement: use UidNumber and GidNumber fields in User objects

Update instances where CS3API's `User` objects are created and used to use `GidNumber`,
and `UidNumber` fields instead of storing them in `Opaque` map.

https://github.com/cs3org/reva/issues/1516
4 changes: 4 additions & 0 deletions pkg/auth/manager/json/json.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ type Credentials struct {
DisplayName string `mapstructure:"display_name" json:"display_name"`
Secret string `mapstructure:"secret" json:"secret"`
Groups []string `mapstructure:"groups" json:"groups"`
UIDNumber int64 `mapstructure:"uid_number" json:"uid_number"`
GIDNumber int64 `mapstructure:"gid_number" json:"gid_number"`
Opaque *typespb.Opaque `mapstructure:"opaque" json:"opaque"`
}

Expand Down Expand Up @@ -118,6 +120,8 @@ func (m *manager) Authenticate(ctx context.Context, username string, secret stri
MailVerified: c.MailVerified,
DisplayName: c.DisplayName,
Groups: c.Groups,
UidNumber: c.UIDNumber,
GidNumber: c.GIDNumber,
Opaque: c.Opaque,
// TODO add arbitrary keys as opaque data
}, scope, nil
Expand Down
25 changes: 11 additions & 14 deletions pkg/auth/manager/ldap/ldap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,12 @@ import (
"context"
"crypto/tls"
"fmt"
"strconv"
"strings"

authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/pkg/appctx"
"github.com/cs3org/reva/pkg/auth"
"github.com/cs3org/reva/pkg/auth/manager/registry"
Expand Down Expand Up @@ -184,7 +184,14 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
if getGroupsResp.Status.Code != rpc.Code_CODE_OK {
return nil, nil, errors.Wrap(err, "ldap: grpc getting user groups failed")
}

gidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.GIDNumber), 10, 64)
if err != nil {
return nil, nil, err
}
uidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.UIDNumber), 10, 64)
if err != nil {
return nil, nil, err
}
u := &user.User{
Id: userID,
// TODO add more claims from the StandardClaims, eg EmailVerified
Expand All @@ -193,18 +200,8 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
Groups: getGroupsResp.Groups,
Mail: sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.Mail),
DisplayName: sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.DisplayName),
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": {
Decoder: "plain",
Value: []byte(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.UIDNumber)),
},
"gid": {
Decoder: "plain",
Value: []byte(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.GIDNumber)),
},
},
},
UidNumber: uidNumber,
GidNumber: gidNumber,
}

scope, err := scope.GetOwnerScope()
Expand Down
24 changes: 5 additions & 19 deletions pkg/auth/manager/oidc/oidc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ import (
authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/pkg/auth"
"github.com/cs3org/reva/pkg/auth/manager/registry"
"github.com/cs3org/reva/pkg/auth/scope"
Expand Down Expand Up @@ -131,26 +130,12 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
return nil, nil, fmt.Errorf("no \"preferred_username\" or \"name\" attribute found in userinfo: maybe the client did not request the oidc \"profile\"-scope")
}

opaqueObj := &types.Opaque{
Map: map[string]*types.OpaqueEntry{},
}
var uid, gid float64
if am.c.UIDClaim != "" {
uid, ok := claims[am.c.UIDClaim]
if ok {
opaqueObj.Map["uid"] = &types.OpaqueEntry{
Decoder: "plain",
Value: []byte(fmt.Sprintf("%0.f", uid)),
}
}
uid, _ = claims[am.c.UIDClaim].(float64)
}
if am.c.GIDClaim != "" {
gid, ok := claims[am.c.GIDClaim]
if ok {
opaqueObj.Map["gid"] = &types.OpaqueEntry{
Decoder: "plain",
Value: []byte(fmt.Sprintf("%0.f", gid)),
}
}
gid, _ = claims[am.c.GIDClaim].(float64)
}

userID := &user.UserId{
Expand Down Expand Up @@ -182,7 +167,8 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
Mail: claims["email"].(string),
MailVerified: claims["email_verified"].(bool),
DisplayName: claims["name"].(string),
Opaque: opaqueObj,
UidNumber: int64(uid),
GidNumber: int64(gid),
}

scope, err := scope.GetOwnerScope()
Expand Down
44 changes: 12 additions & 32 deletions pkg/cbox/user/rest/rest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ import (
"fmt"
"net/url"
"regexp"
"strconv"
"strings"

userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/pkg/appctx"
utils "github.com/cs3org/reva/pkg/cbox/utils"
"github.com/cs3org/reva/pkg/user"
Expand Down Expand Up @@ -169,6 +169,8 @@ func (m *manager) parseAndCacheUser(ctx context.Context, userData map[string]int
upn, _ := userData["upn"].(string)
mail, _ := userData["primaryAccountEmail"].(string)
name, _ := userData["displayName"].(string)
uidNumber, _ := userData["uid"].(float64)
gidNumber, _ := userData["gid"].(float64)

userID := &userpb.UserId{
OpaqueId: upn,
Expand All @@ -179,18 +181,8 @@ func (m *manager) parseAndCacheUser(ctx context.Context, userData map[string]int
Username: upn,
Mail: mail,
DisplayName: name,
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": &types.OpaqueEntry{
Decoder: "plain",
Value: []byte(fmt.Sprintf("%0.f", userData["uid"])),
},
"gid": &types.OpaqueEntry{
Decoder: "plain",
Value: []byte(fmt.Sprintf("%0.f", userData["gid"])),
},
},
},
UidNumber: int64(uidNumber),
GidNumber: int64(gidNumber),
}

if err := m.cacheUserDetails(u); err != nil {
Expand Down Expand Up @@ -273,6 +265,8 @@ func (m *manager) findUsersByFilter(ctx context.Context, url string, users map[s
upn, _ := usrInfo["upn"].(string)
mail, _ := usrInfo["primaryAccountEmail"].(string)
name, _ := usrInfo["displayName"].(string)
uidNumber, _ := usrInfo["uid"].(float64)
gidNumber, _ := usrInfo["gid"].(float64)

uid := &userpb.UserId{
OpaqueId: upn,
Expand All @@ -283,18 +277,8 @@ func (m *manager) findUsersByFilter(ctx context.Context, url string, users map[s
Username: upn,
Mail: mail,
DisplayName: name,
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": &types.OpaqueEntry{
Decoder: "plain",
Value: []byte(fmt.Sprintf("%0.f", usrInfo["uid"])),
},
"gid": &types.OpaqueEntry{
Decoder: "plain",
Value: []byte(fmt.Sprintf("%0.f", usrInfo["gid"])),
},
},
},
UidNumber: int64(uidNumber),
GidNumber: int64(gidNumber),
}
}

Expand Down Expand Up @@ -385,12 +369,8 @@ func (m *manager) IsInGroup(ctx context.Context, uid *userpb.UserId, group strin
}

func extractUID(u *userpb.User) (string, error) {
if u.Opaque != nil && u.Opaque.Map != nil {
if uidObj, ok := u.Opaque.Map["uid"]; ok {
if uidObj.Decoder == "plain" {
return string(uidObj.Value), nil
}
}
if u.UidNumber == 0 {
return "", errors.New("rest: could not retrieve UID from user")
}
return "", errors.New("rest: could not retrieve UID from user")
return strconv.FormatInt(u.UidNumber, 10), nil
}
26 changes: 11 additions & 15 deletions pkg/storage/utils/eosfs/eosfs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,12 @@ func getUser(ctx context.Context) (*userpb.User, error) {
err := errors.Wrap(errtypes.UserRequired(""), "eos: error getting user from ctx")
return nil, err
}
if u.UidNumber == 0 {
return nil, errors.New("eos: invalid user id")
}
if u.GidNumber == 0 {
return nil, errors.New("eos: invalid group id")
}
return u, nil
}

Expand Down Expand Up @@ -1528,23 +1534,13 @@ func getResourceType(isDir bool) provider.ResourceType {
}

func (fs *eosfs) extractUIDAndGID(u *userpb.User) (string, string, error) {
var uid, gid string
if u.Opaque != nil && u.Opaque.Map != nil {
if uidObj, ok := u.Opaque.Map["uid"]; ok {
if uidObj.Decoder == "plain" {
uid = string(uidObj.Value)
}
}
if gidObj, ok := u.Opaque.Map["gid"]; ok {
if gidObj.Decoder == "plain" {
gid = string(gidObj.Value)
}
}
if u.UidNumber == 0 {
return "", "", errors.New("eos: uid missing for user")
}
if uid == "" || gid == "" {
return "", "", errors.New("eos: uid or gid missing for user")
if u.GidNumber == 0 {
sudo-sturbia marked this conversation as resolved.
Show resolved Hide resolved
return "", "", errors.New("eos: gid missing for user")
}
return uid, gid, nil
return strconv.FormatInt(u.UidNumber, 10), strconv.FormatInt(u.GidNumber, 10), nil
}

func (fs *eosfs) getUIDGateway(ctx context.Context, u *userpb.UserId) (string, string, error) {
Expand Down
38 changes: 7 additions & 31 deletions pkg/user/manager/demo/demo.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@ package demo
import (
"context"
"errors"
"strconv"
"strings"

userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/pkg/errtypes"
"github.com/cs3org/reva/pkg/user"
"github.com/cs3org/reva/pkg/user/manager/registry"
Expand Down Expand Up @@ -69,12 +69,8 @@ func extractClaim(u *userpb.User, claim string) (string, error) {
case "username":
return u.Username, nil
case "uid":
if u.Opaque != nil && u.Opaque.Map != nil {
if uidObj, ok := u.Opaque.Map["uid"]; ok {
if uidObj.Decoder == "plain" {
return string(uidObj.Value), nil
}
}
if u.UidNumber != 0 {
return strconv.FormatInt(u.UidNumber, 10), nil
}
}
return "", errors.New("demo: invalid field")
Expand Down Expand Up @@ -114,18 +110,8 @@ func getUsers() map[string]*userpb.User {
Groups: []string{"sailing-lovers", "violin-haters", "physics-lovers"},
Mail: "einstein@example.org",
DisplayName: "Albert Einstein",
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": &types.OpaqueEntry{
Decoder: "plain",
Value: []byte("123"),
},
"gid": &types.OpaqueEntry{
Decoder: "plain",
Value: []byte("987"),
},
},
},
UidNumber: 123,
GidNumber: 987,
},
"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c": &userpb.User{
Id: &userpb.UserId{
Expand All @@ -136,18 +122,8 @@ func getUsers() map[string]*userpb.User {
Groups: []string{"radium-lovers", "polonium-lovers", "physics-lovers"},
Mail: "marie@example.org",
DisplayName: "Marie Curie",
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": &types.OpaqueEntry{
Decoder: "plain",
Value: []byte("456"),
},
"gid": &types.OpaqueEntry{
Decoder: "plain",
Value: []byte("987"),
},
},
},
UidNumber: 456,
GidNumber: 987,
},
"932b4540-8d16-481e-8ef4-588e4b6b151c": &userpb.User{
Id: &userpb.UserId{
Expand Down
9 changes: 2 additions & 7 deletions pkg/user/manager/demo/demo_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import (
"testing"

userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/pkg/errtypes"
)

Expand All @@ -42,12 +41,8 @@ func TestUserManager(t *testing.T) {
Groups: []string{"sailing-lovers", "violin-haters", "physics-lovers"},
Mail: "einstein@example.org",
DisplayName: "Albert Einstein",
Opaque: &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"uid": &types.OpaqueEntry{Decoder: "plain", Value: []byte("123")},
"gid": &types.OpaqueEntry{Decoder: "plain", Value: []byte("987")},
},
},
UidNumber: 123,
GidNumber: 987,
}
uidFake := &userpb.UserId{Idp: "nonesense", OpaqueId: "fakeUser"}
groupsEinstein := []string{"sailing-lovers", "violin-haters", "physics-lovers"}
Expand Down
9 changes: 3 additions & 6 deletions pkg/user/manager/json/json.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"context"
"encoding/json"
"io/ioutil"
"strconv"
"strings"

"github.com/cs3org/reva/pkg/user"
Expand Down Expand Up @@ -111,12 +112,8 @@ func extractClaim(u *userpb.User, claim string) (string, error) {
case "username":
return u.Username, nil
case "uid":
if u.Opaque != nil && u.Opaque.Map != nil {
if uidObj, ok := u.Opaque.Map["uid"]; ok {
if uidObj.Decoder == "plain" {
return string(uidObj.Value), nil
}
}
if u.UidNumber != 0 {
return strconv.FormatInt(u.UidNumber, 10), nil
}
}
return "", errors.New("json: invalid field")
Expand Down
Loading