From 10686290e79fc565d3c53670a967b3027f997d88 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@yahoo.fr>
Date: Fri, 7 Aug 2020 11:03:28 +0200
Subject: [PATCH] Use opaque ID of a user for signing keys

OCIS switched from user the user's opaque ID (UUID) everywhere,
so to keep compatible we have adjusted the signing keys endpoint
to also use the UUID when storing and generating the keys.
---
 changelog/unreleased/signing-keys-opaqueid |  8 ++++++++
 pkg/service/v0/users.go                    | 14 +++++++-------
 2 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 changelog/unreleased/signing-keys-opaqueid

diff --git a/changelog/unreleased/signing-keys-opaqueid b/changelog/unreleased/signing-keys-opaqueid
new file mode 100644
index 0000000000..6f8b3b70cf
--- /dev/null
+++ b/changelog/unreleased/signing-keys-opaqueid
@@ -0,0 +1,8 @@
+Bugfix: Use opaque ID of a user for signing keys
+
+OCIS switched from user the user's opaque ID (UUID) everywhere,
+so to keep compatible we have adjusted the signing keys endpoint
+to also use the UUID when storing and generating the keys.
+
+https://github.com/owncloud/ocis/issues/436
+https://github.com/owncloud/ocis-ocs/pull/32
diff --git a/pkg/service/v0/users.go b/pkg/service/v0/users.go
index 0a71607cbb..aef9ae5b7b 100644
--- a/pkg/service/v0/users.go
+++ b/pkg/service/v0/users.go
@@ -261,17 +261,20 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// use the user's UUID
+	userID := u.Id.OpaqueId
+
 	c := storepb.NewStoreService("com.owncloud.api.store", grpc.NewClient())
 	res, err := c.Read(r.Context(), &storepb.ReadRequest{
 		Options: &storepb.ReadOptions{
 			Database: "proxy",
 			Table:    "signing-keys",
 		},
-		Key: u.Username,
+		Key: userID,
 	})
 	if err == nil && len(res.Records) > 0 {
 		render.Render(w, r, response.DataRender(&data.SigningKey{
-			User:       u.Username,
+			User:       userID,
 			SigningKey: string(res.Records[0].Value),
 		}))
 		return
@@ -279,10 +282,8 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		e := merrors.Parse(err.Error())
 		if e.Code == http.StatusNotFound {
-			//o.logger.Debug().Str("username", u.Username).Msg("signing key not found")
 			// not found is ok, so we can continue and generate the key on the fly
 		} else {
-			//o.logger.Err(err).Msg("error reading from store")
 			render.Render(w, r, response.ErrRender(data.MetaServerError.StatusCode, "error reading from store"))
 			return
 		}
@@ -292,7 +293,6 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 	key := make([]byte, 64)
 	_, err = rand.Read(key[:])
 	if err != nil {
-		//o.logger.Error().Err(err).Msg("could not generate signing key")
 		render.Render(w, r, response.ErrRender(data.MetaServerError.StatusCode, "could not generate signing key"))
 		return
 	}
@@ -304,7 +304,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 			Table:    "signing-keys",
 		},
 		Record: &storepb.Record{
-			Key:   u.Username,
+			Key:   userID,
 			Value: []byte(signingKey),
 			// TODO Expiry?
 		},
@@ -317,7 +317,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 	}
 
 	render.Render(w, r, response.DataRender(&data.SigningKey{
-		User:       u.Username,
+		User:       userID,
 		SigningKey: signingKey,
 	}))
 }