ishank011 · dependabot · Mar 19, 2021 · Mar 19, 2021 · Mar 22, 2021 · Mar 23, 2021
diff --git a/changelog/unreleased/use-uid-gid-fields.md b/changelog/unreleased/use-uid-gid-fields.md
@@ -0,0 +1,6 @@
+Enhancement: use UidNumber and GidNumber fields in User objects
+
+Update instances where CS3API's `User` objects are created and used to use `GidNumber`,
+and `UidNumber` fields instead of storing them in `Opaque` map.
+
+https://github.com/cs3org/reva/issues/1516
diff --git a/go.mod b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/pkg/xattr v0.4.3
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
 	github.com/rs/cors v1.7.0
-	github.com/rs/zerolog v1.21.0
+	github.com/rs/zerolog v1.22.0
 	github.com/sciencemesh/meshdirectory-web v1.0.4
 	github.com/stretchr/testify v1.7.0
 	github.com/studio-b12/gowebdav v0.0.0-20200303150724-9380631c29a1

diff --git a/go.sum b/go.sum
@@ -937,8 +937,8 @@ github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
-github.com/rs/zerolog v1.21.0 h1:Q3vdXlfLNT+OftyBHsU0Y445MD+8m8axjKgf2si0QcM=
-github.com/rs/zerolog v1.21.0/go.mod h1:ZPhntP/xmq1nnND05hhpAh2QMhSsA4UN3MGZ6O2J3hM=
+github.com/rs/zerolog v1.22.0 h1:XrVUjV4K+izZpKXZHlPrYQiDtmdGiCylnT4i43AAWxg=
+github.com/rs/zerolog v1.22.0/go.mod h1:ZPhntP/xmq1nnND05hhpAh2QMhSsA4UN3MGZ6O2J3hM=
 github.com/rubenv/sql-migrate v0.0.0-20190212093014-1007f53448d7/go.mod h1:WS0rl9eEliYI8DPnr3TOwz4439pay+qNgzJoVya/DmY=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=

diff --git a/pkg/auth/manager/json/json.go b/pkg/auth/manager/json/json.go
@@ -45,6 +45,8 @@ type Credentials struct {
 	DisplayName  string          `mapstructure:"display_name" json:"display_name"`
 	Secret       string          `mapstructure:"secret" json:"secret"`
 	Groups       []string        `mapstructure:"groups" json:"groups"`
+	UIDNumber    int64           `mapstructure:"uid_number" json:"uid_number"`
+	GIDNumber    int64           `mapstructure:"gid_number" json:"gid_number"`
 	Opaque       *typespb.Opaque `mapstructure:"opaque" json:"opaque"`
 }
 
@@ -111,6 +113,8 @@ func (m *manager) Authenticate(ctx context.Context, username string, secret stri
 				MailVerified: c.MailVerified,
 				DisplayName:  c.DisplayName,
 				Groups:       c.Groups,
+				UidNumber:    c.UIDNumber,
+				GidNumber:    c.GIDNumber,
 				Opaque:       c.Opaque,
 				// TODO add arbitrary keys as opaque data
 			}, nil

diff --git a/pkg/auth/manager/ldap/ldap.go b/pkg/auth/manager/ldap/ldap.go
@@ -22,11 +22,11 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"strconv"
 	"strings"
 
 	user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/appctx"
 	"github.com/cs3org/reva/pkg/auth"
 	"github.com/cs3org/reva/pkg/auth/manager/registry"
@@ -182,7 +182,14 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 	if getGroupsResp.Status.Code != rpc.Code_CODE_OK {
 		return nil, errors.Wrap(err, "ldap: grpc getting user groups failed")
 	}
-
+	gidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.GIDNumber), 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	uidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.UIDNumber), 10, 64)
+	if err != nil {
+		return nil, err
+	}
 	u := &user.User{
 		Id: userID,
 		// TODO add more claims from the StandardClaims, eg EmailVerified
@@ -191,18 +198,8 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 		Groups:      getGroupsResp.Groups,
 		Mail:        sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.Mail),
 		DisplayName: sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.DisplayName),
-		Opaque: &types.Opaque{
-			Map: map[string]*types.OpaqueEntry{
-				"uid": {
-					Decoder: "plain",
-					Value:   []byte(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.UIDNumber)),
-				},
-				"gid": {
-					Decoder: "plain",
-					Value:   []byte(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.GIDNumber)),
-				},
-			},
-		},
+		UidNumber:   uidNumber,
+		GidNumber:   gidNumber,
 	}
 	log.Debug().Interface("entry", sr.Entries[0]).Interface("user", u).Msg("authenticated user")
 

diff --git a/pkg/auth/manager/oidc/oidc.go b/pkg/auth/manager/oidc/oidc.go
@@ -28,7 +28,6 @@ import (
 	oidc "github.com/coreos/go-oidc"
 	user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/auth"
 	"github.com/cs3org/reva/pkg/auth/manager/registry"
 	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
@@ -129,26 +128,12 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 		return nil, fmt.Errorf("no \"preferred_username\" or \"name\" attribute found in userinfo: maybe the client did not request the oidc \"profile\"-scope")
 	}
 
-	opaqueObj := &types.Opaque{
-		Map: map[string]*types.OpaqueEntry{},
-	}
+	var uid, gid int64
 	if am.c.UIDClaim != "" {
-		uid, ok := claims[am.c.UIDClaim]
-		if ok {
-			opaqueObj.Map["uid"] = &types.OpaqueEntry{
-				Decoder: "plain",
-				Value:   []byte(fmt.Sprintf("%0.f", uid)),
-			}
-		}
+		uid, _ = claims[am.c.UIDClaim].(int64)
 	}
 	if am.c.GIDClaim != "" {
-		gid, ok := claims[am.c.GIDClaim]
-		if ok {
-			opaqueObj.Map["gid"] = &types.OpaqueEntry{
-				Decoder: "plain",
-				Value:   []byte(fmt.Sprintf("%0.f", gid)),
-			}
-		}
+		gid, _ = claims[am.c.GIDClaim].(int64)
 	}
 
 	userID := &user.UserId{
@@ -180,7 +165,8 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 		Mail:         claims["email"].(string),
 		MailVerified: claims["email_verified"].(bool),
 		DisplayName:  claims["name"].(string),
-		Opaque:       opaqueObj,
+		UidNumber:    uid,
+		GidNumber:    gid,
 	}
 
 	return u, nil

diff --git a/pkg/cbox/user/rest/rest.go b/pkg/cbox/user/rest/rest.go
@@ -27,7 +27,6 @@ import (
 	"strings"
 
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/appctx"
 	utils "github.com/cs3org/reva/pkg/cbox/utils"
 	"github.com/cs3org/reva/pkg/user"
@@ -169,6 +168,8 @@ func (m *manager) parseAndCacheUser(ctx context.Context, userData map[string]int
 	upn, _ := userData["upn"].(string)
 	mail, _ := userData["primaryAccountEmail"].(string)
 	name, _ := userData["displayName"].(string)
+	uidNumber, _ := userData["uid"].(int64)
+	gidNumber, _ := userData["gid"].(int64)
 
 	userID := &userpb.UserId{
 		OpaqueId: upn,
@@ -179,18 +180,8 @@ func (m *manager) parseAndCacheUser(ctx context.Context, userData map[string]int
 		Username:    upn,
 		Mail:        mail,
 		DisplayName: name,
-		Opaque: &types.Opaque{
-			Map: map[string]*types.OpaqueEntry{
-				"uid": &types.OpaqueEntry{
-					Decoder: "plain",
-					Value:   []byte(fmt.Sprintf("%0.f", userData["uid"])),
-				},
-				"gid": &types.OpaqueEntry{
-					Decoder: "plain",
-					Value:   []byte(fmt.Sprintf("%0.f", userData["gid"])),
-				},
-			},
-		},
+		UidNumber:   uidNumber,
+		GidNumber:   gidNumber,
 	}
 
 	if err := m.cacheUserDetails(u); err != nil {
@@ -274,6 +265,8 @@ func (m *manager) findUsersByFilter(ctx context.Context, url string, users map[s
 		upn, _ := usrInfo["upn"].(string)
 		mail, _ := usrInfo["primaryAccountEmail"].(string)
 		name, _ := usrInfo["displayName"].(string)
+		uidNumber, _ := usrInfo["uid"].(int64)
+		gidNumber, _ := usrInfo["gid"].(int64)
 
 		uid := &userpb.UserId{
 			OpaqueId: upn,
@@ -284,18 +277,8 @@ func (m *manager) findUsersByFilter(ctx context.Context, url string, users map[s
 			Username:    upn,
 			Mail:        mail,
 			DisplayName: name,
-			Opaque: &types.Opaque{
-				Map: map[string]*types.OpaqueEntry{
-					"uid": &types.OpaqueEntry{
-						Decoder: "plain",
-						Value:   []byte(fmt.Sprintf("%0.f", usrInfo["uid"])),
-					},
-					"gid": &types.OpaqueEntry{
-						Decoder: "plain",
-						Value:   []byte(fmt.Sprintf("%0.f", usrInfo["gid"])),
-					},
-				},
-			},
+			UidNumber:   uidNumber,
+			GidNumber:   gidNumber,
 		}
 	}
 
@@ -386,12 +369,8 @@ func (m *manager) IsInGroup(ctx context.Context, uid *userpb.UserId, group strin
 }
 
 func extractUID(u *userpb.User) (string, error) {
-	if u.Opaque != nil && u.Opaque.Map != nil {
-		if uidObj, ok := u.Opaque.Map["uid"]; ok {
-			if uidObj.Decoder == "plain" {
-				return string(uidObj.Value), nil
-			}
-		}
+	if u.UidNumber == 0 {
+		return "", errors.New("rest: could not retrieve UID from user")
 	}
-	return "", errors.New("rest: could not retrieve UID from user")
+	return fmt.Sprintf("%v", u.UidNumber), nil
 }
diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go
@@ -195,6 +195,12 @@ func getUser(ctx context.Context) (*userpb.User, error) {
 		err := errors.Wrap(errtypes.UserRequired(""), "eos: error getting user from ctx")
 		return nil, err
 	}
+	if u.UidNumber == 0 {
+		return nil, errors.New("eos: invalid user id")
+	}
+	if u.GidNumber == 0 {
+		return nil, errors.New("eos: invalid group id")
+	}
 	return u, nil
 }
 
@@ -1459,23 +1465,13 @@ func getResourceType(isDir bool) provider.ResourceType {
 }
 
 func (fs *eosfs) extractUIDAndGID(u *userpb.User) (string, string, error) {
-	var uid, gid string
-	if u.Opaque != nil && u.Opaque.Map != nil {
-		if uidObj, ok := u.Opaque.Map["uid"]; ok {
-			if uidObj.Decoder == "plain" {
-				uid = string(uidObj.Value)
-			}
-		}
-		if gidObj, ok := u.Opaque.Map["gid"]; ok {
-			if gidObj.Decoder == "plain" {
-				gid = string(gidObj.Value)
-			}
-		}
+	if u.UidNumber == 0 {
+		return "", "", errors.New("eos: uid missing for user")
 	}
-	if uid == "" || gid == "" {
-		return "", "", errors.New("eos: uid or gid missing for user")
+	if u.GidNumber == 0 {
+		return "", "", errors.New("eos: gid missing for user")
 	}
-	return uid, gid, nil
+	return fmt.Sprintf("%v", u.UidNumber), fmt.Sprintf("%v", u.GidNumber), nil
 }
 
 func (fs *eosfs) getUIDGateway(ctx context.Context, u *userpb.UserId) (string, string, error) {

diff --git a/pkg/user/manager/demo/demo.go b/pkg/user/manager/demo/demo.go
@@ -21,10 +21,10 @@ package demo
 import (
 	"context"
 	"errors"
+	"fmt"
 	"strings"
 
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/errtypes"
 	"github.com/cs3org/reva/pkg/user"
 	"github.com/cs3org/reva/pkg/user/manager/registry"
@@ -69,12 +69,8 @@ func extractClaim(u *userpb.User, claim string) (string, error) {
 	case "username":
 		return u.Username, nil
 	case "uid":
-		if u.Opaque != nil && u.Opaque.Map != nil {
-			if uidObj, ok := u.Opaque.Map["uid"]; ok {
-				if uidObj.Decoder == "plain" {
-					return string(uidObj.Value), nil
-				}
-			}
+		if u.UidNumber != 0 {
+			return fmt.Sprintf("%v", u.UidNumber), nil
 		}
 	}
 	return "", errors.New("demo: invalid field")
@@ -114,18 +110,8 @@ func getUsers() map[string]*userpb.User {
 			Groups:      []string{"sailing-lovers", "violin-haters", "physics-lovers"},
 			Mail:        "einstein@example.org",
 			DisplayName: "Albert Einstein",
-			Opaque: &types.Opaque{
-				Map: map[string]*types.OpaqueEntry{
-					"uid": &types.OpaqueEntry{
-						Decoder: "plain",
-						Value:   []byte("123"),
-					},
-					"gid": &types.OpaqueEntry{
-						Decoder: "plain",
-						Value:   []byte("987"),
-					},
-				},
-			},
+			UidNumber:   123,
+			GidNumber:   987,
 		},
 		"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c": &userpb.User{
 			Id: &userpb.UserId{
@@ -136,18 +122,8 @@ func getUsers() map[string]*userpb.User {
 			Groups:      []string{"radium-lovers", "polonium-lovers", "physics-lovers"},
 			Mail:        "marie@example.org",
 			DisplayName: "Marie Curie",
-			Opaque: &types.Opaque{
-				Map: map[string]*types.OpaqueEntry{
-					"uid": &types.OpaqueEntry{
-						Decoder: "plain",
-						Value:   []byte("456"),
-					},
-					"gid": &types.OpaqueEntry{
-						Decoder: "plain",
-						Value:   []byte("987"),
-					},
-				},
-			},
+			UidNumber:   456,
+			GidNumber:   987,
 		},
 		"932b4540-8d16-481e-8ef4-588e4b6b151c": &userpb.User{
 			Id: &userpb.UserId{

diff --git a/pkg/user/manager/demo/demo_test.go b/pkg/user/manager/demo/demo_test.go
@@ -24,7 +24,6 @@ import (
 	"testing"
 
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/errtypes"
 )
 
@@ -42,12 +41,8 @@ func TestUserManager(t *testing.T) {
 		Groups:      []string{"sailing-lovers", "violin-haters", "physics-lovers"},
 		Mail:        "einstein@example.org",
 		DisplayName: "Albert Einstein",
-		Opaque: &types.Opaque{
-			Map: map[string]*types.OpaqueEntry{
-				"uid": &types.OpaqueEntry{Decoder: "plain", Value: []byte("123")},
-				"gid": &types.OpaqueEntry{Decoder: "plain", Value: []byte("987")},
-			},
-		},
+		UidNumber:   123,
+		GidNumber:   987,
 	}
 	uidFake := &userpb.UserId{Idp: "nonesense", OpaqueId: "fakeUser"}
 	groupsEinstein := []string{"sailing-lovers", "violin-haters", "physics-lovers"}

diff --git a/pkg/user/manager/json/json.go b/pkg/user/manager/json/json.go
@@ -21,6 +21,7 @@ package json
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"strings"
 
@@ -111,12 +112,8 @@ func extractClaim(u *userpb.User, claim string) (string, error) {
 	case "username":
 		return u.Username, nil
 	case "uid":
-		if u.Opaque != nil && u.Opaque.Map != nil {
-			if uidObj, ok := u.Opaque.Map["uid"]; ok {
-				if uidObj.Decoder == "plain" {
-					return string(uidObj.Value), nil
-				}
-			}
+		if u.UidNumber != 0 {
+			return fmt.Sprintf("%v", u.UidNumber), nil
 		}
 	}
 	return "", errors.New("json: invalid field")