Merge branch 'master' into release-0.2.0

CHANGELOG.md

@@ -7,6 +7,8 @@ The following sections list the changes in ocis-ocs unreleased.
 ## Summary
 
 * Bugfix - Fix file descriptor leak: [#79](https://github.com/owncloud/ocis-accounts/issues/79)
+* Bugfix - Use opaque ID of a user for signing keys: [#436](https://github.com/owncloud/ocis/issues/436)
+* Enhancement - Add option to create user with uidnumber and gidnumber: [#34](https://github.com/owncloud/ocis-ocs/pull/34)
 * Enhancement - Add Group management for OCS Povisioning API: [#25](https://github.com/owncloud/ocis-ocs/pull/25)
 * Enhancement - Basic Support for the User Provisioning API: [#23](https://github.com/owncloud/ocis-ocs/pull/23)
 
@@ -21,6 +23,22 @@ The following sections list the changes in ocis-ocs unreleased.
    https://github.com/owncloud/ocis-ocs/pull/29
 
 
+* Bugfix - Use opaque ID of a user for signing keys: [#436](https://github.com/owncloud/ocis/issues/436)
+
+   OCIS switched from user the user's opaque ID (UUID) everywhere, so to keep compatible we have
+   adjusted the signing keys endpoint to also use the UUID when storing and generating the keys.
+
+   https://github.com/owncloud/ocis/issues/436
+   https://github.com/owncloud/ocis-ocs/pull/32
+
+
+* Enhancement - Add option to create user with uidnumber and gidnumber: [#34](https://github.com/owncloud/ocis-ocs/pull/34)
+
+   We have added an option to pass uidnumber and gidnumber to the ocis api while creating a new user
+
+   https://github.com/owncloud/ocis-ocs/pull/34
+
+
 * Enhancement - Add Group management for OCS Povisioning API: [#25](https://github.com/owncloud/ocis-ocs/pull/25)
 
    We added support for the group management related set of API calls of the provisioning API.

changelog/unreleased/add-uid-gid.md

@@ -0,0 +1,5 @@
+Enhancement: Add option to create user with uidnumber and gidnumber
+
+We have added an option to pass uidnumber and gidnumber to the ocis api while creating a new user
+
+https://github.com/owncloud/ocis-ocs/pull/34

changelog/unreleased/signing-keys-opaqueid

@@ -0,0 +1,8 @@
+Bugfix: Use opaque ID of a user for signing keys
+
+OCIS switched from user the user's opaque ID (UUID) everywhere,
+so to keep compatible we have adjusted the signing keys endpoint
+to also use the UUID when storing and generating the keys.
+
+https://github.com/owncloud/ocis/issues/436
+https://github.com/owncloud/ocis-ocs/pull/32

pkg/service/v0/data/user.go

@@ -14,6 +14,8 @@ type User struct {
 	DisplayName string `json:"displayname" xml:"displayname"`
 	Email       string `json:"email" xml:"email"`
 	Quota       *Quota `json:"quota" xml:"quota"`
+	UIDNumber   int64  `json:"uidnumber" xml:"uidnumber"`
+	GIDNumber   int64  `json:"gidnumber" xml:"gidnumber"`
 }
 
 // Quota holds quota information

pkg/service/v0/users.go

@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"net/http"
+	"strconv"
 	"strings"
 
 	"github.com/cs3org/reva/pkg/user"
@@ -60,6 +61,8 @@ func (o Ocs) GetUser(w http.ResponseWriter, r *http.Request) {
 		Username:    account.PreferredName,
 		DisplayName: account.DisplayName,
 		Email:       account.Mail,
+		UIDNumber:   account.UidNumber,
+		GIDNumber:   account.GidNumber,
 		Enabled:     account.AccountEnabled,
 		// FIXME only return quota for users/{userid} endpoint (not /user)
 		// TODO query storage registry for free space? of home storage, maybe...
@@ -81,6 +84,28 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) {
 	username := r.PostFormValue("username")
 	displayname := r.PostFormValue("displayname")
 	email := r.PostFormValue("email")
+	uid := r.PostFormValue("uidnumber")
+	gid := r.PostFormValue("gidnumber")
+
+	var uidNumber, gidNumber int64
+	var err error
+
+	if uid != "" {
+		uidNumber, err = strconv.ParseInt(uid, 10, 64)
+		if err != nil {
+			render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the uidnumber provided"))
+			o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the uidnumber provided")
+			return
+		}
+	}
+	if gid != "" {
+		gidNumber, err = strconv.ParseInt(gid, 10, 64)
+		if err != nil {
+			render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the gidnumber provided"))
+			o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the gidnumber provided")
+			return
+		}
+	}
 
 	// fallbacks
 	/* TODO decide if we want to make these fallbacks. Keep in mind:
@@ -94,18 +119,28 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) {
 	}
 	*/
 
-	account, err := o.getAccountService().CreateAccount(r.Context(), &accounts.CreateAccountRequest{
-		Account: &accounts.Account{
-			DisplayName:              displayname,
-			PreferredName:            username,
-			OnPremisesSamAccountName: username,
-			PasswordProfile: &accounts.PasswordProfile{
-				Password: password,
-			},
-			Id:             userid,
-			Mail:           email,
-			AccountEnabled: true,
+	newAccount := &accounts.Account{
+		DisplayName:              displayname,
+		PreferredName:            username,
+		OnPremisesSamAccountName: username,
+		PasswordProfile: &accounts.PasswordProfile{
+			Password: password,
 		},
+		Id:             userid,
+		Mail:           email,
+		AccountEnabled: true,
+	}
+
+	if uidNumber != 0 {
+		newAccount.UidNumber = uidNumber
+	}
+
+	if gidNumber != 0 {
+		newAccount.GidNumber = gidNumber
+	}
+
+	account, err := o.getAccountService().CreateAccount(r.Context(), &accounts.CreateAccountRequest{
+		Account: newAccount,
 	})
 	if err != nil {
 		merr := merrors.FromError(err)
@@ -130,6 +165,8 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) {
 		Username:    account.PreferredName,
 		DisplayName: account.DisplayName,
 		Email:       account.Mail,
+		UIDNumber:   account.UidNumber,
+		GIDNumber:   account.UidNumber,
 		Enabled:     account.AccountEnabled,
 	}))
 }
@@ -224,17 +261,20 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// use the user's UUID
+	userID := u.Id.OpaqueId
+
 	c := storepb.NewStoreService("com.owncloud.api.store", grpc.NewClient())
 	res, err := c.Read(r.Context(), &storepb.ReadRequest{
 		Options: &storepb.ReadOptions{
 			Database: "proxy",
 			Table:    "signing-keys",
 		},
-		Key: u.Username,
+		Key: userID,
 	})
 	if err == nil && len(res.Records) > 0 {
 		render.Render(w, r, response.DataRender(&data.SigningKey{
-			User:       u.Username,
+			User:       userID,
 			SigningKey: string(res.Records[0].Value),
 		}))
 		return
@@ -242,10 +282,8 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		e := merrors.Parse(err.Error())
 		if e.Code == http.StatusNotFound {
-			//o.logger.Debug().Str("username", u.Username).Msg("signing key not found")
 			// not found is ok, so we can continue and generate the key on the fly
 		} else {
-			//o.logger.Err(err).Msg("error reading from store")
 			render.Render(w, r, response.ErrRender(data.MetaServerError.StatusCode, "error reading from store"))
 			return
 		}
@@ -255,7 +293,6 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 	key := make([]byte, 64)
 	_, err = rand.Read(key[:])
 	if err != nil {
-		//o.logger.Error().Err(err).Msg("could not generate signing key")
 		render.Render(w, r, response.ErrRender(data.MetaServerError.StatusCode, "could not generate signing key"))
 		return
 	}
@@ -267,7 +304,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 			Table:    "signing-keys",
 		},
 		Record: &storepb.Record{
-			Key:   u.Username,
+			Key:   userID,
 			Value: []byte(signingKey),
 			// TODO Expiry?
 		},
@@ -280,7 +317,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
 	}
 
 	render.Render(w, r, response.DataRender(&data.SigningKey{
-		User:       u.Username,
+		User:       userID,
 		SigningKey: signingKey,
 	}))
 }