diff --git a/CHANGELOG.md b/CHANGELOG.md index 07a410488c..73b5c00bcc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ The following sections list the changes in ocis-ocs unreleased. ## Summary * Bugfix - Fix file descriptor leak: [#79](https://github.com/owncloud/ocis-accounts/issues/79) +* Bugfix - Use opaque ID of a user for signing keys: [#436](https://github.com/owncloud/ocis/issues/436) +* Enhancement - Add option to create user with uidnumber and gidnumber: [#34](https://github.com/owncloud/ocis-ocs/pull/34) * Enhancement - Add Group management for OCS Povisioning API: [#25](https://github.com/owncloud/ocis-ocs/pull/25) * Enhancement - Basic Support for the User Provisioning API: [#23](https://github.com/owncloud/ocis-ocs/pull/23) @@ -21,6 +23,22 @@ The following sections list the changes in ocis-ocs unreleased. https://github.com/owncloud/ocis-ocs/pull/29 +* Bugfix - Use opaque ID of a user for signing keys: [#436](https://github.com/owncloud/ocis/issues/436) + + OCIS switched from user the user's opaque ID (UUID) everywhere, so to keep compatible we have + adjusted the signing keys endpoint to also use the UUID when storing and generating the keys. + + https://github.com/owncloud/ocis/issues/436 + https://github.com/owncloud/ocis-ocs/pull/32 + + +* Enhancement - Add option to create user with uidnumber and gidnumber: [#34](https://github.com/owncloud/ocis-ocs/pull/34) + + We have added an option to pass uidnumber and gidnumber to the ocis api while creating a new user + + https://github.com/owncloud/ocis-ocs/pull/34 + + * Enhancement - Add Group management for OCS Povisioning API: [#25](https://github.com/owncloud/ocis-ocs/pull/25) We added support for the group management related set of API calls of the provisioning API. diff --git a/changelog/unreleased/add-uid-gid.md b/changelog/unreleased/add-uid-gid.md new file mode 100644 index 0000000000..cab2b7c8f6 --- /dev/null +++ b/changelog/unreleased/add-uid-gid.md @@ -0,0 +1,5 @@ +Enhancement: Add option to create user with uidnumber and gidnumber + +We have added an option to pass uidnumber and gidnumber to the ocis api while creating a new user + +https://github.com/owncloud/ocis-ocs/pull/34 diff --git a/changelog/unreleased/signing-keys-opaqueid b/changelog/unreleased/signing-keys-opaqueid new file mode 100644 index 0000000000..6f8b3b70cf --- /dev/null +++ b/changelog/unreleased/signing-keys-opaqueid @@ -0,0 +1,8 @@ +Bugfix: Use opaque ID of a user for signing keys + +OCIS switched from user the user's opaque ID (UUID) everywhere, +so to keep compatible we have adjusted the signing keys endpoint +to also use the UUID when storing and generating the keys. + +https://github.com/owncloud/ocis/issues/436 +https://github.com/owncloud/ocis-ocs/pull/32 diff --git a/pkg/service/v0/data/user.go b/pkg/service/v0/data/user.go index c43cc9cf5f..6181352202 100644 --- a/pkg/service/v0/data/user.go +++ b/pkg/service/v0/data/user.go @@ -14,6 +14,8 @@ type User struct { DisplayName string `json:"displayname" xml:"displayname"` Email string `json:"email" xml:"email"` Quota *Quota `json:"quota" xml:"quota"` + UIDNumber int64 `json:"uidnumber" xml:"uidnumber"` + GIDNumber int64 `json:"gidnumber" xml:"gidnumber"` } // Quota holds quota information diff --git a/pkg/service/v0/users.go b/pkg/service/v0/users.go index 42b87f38ee..aef9ae5b7b 100644 --- a/pkg/service/v0/users.go +++ b/pkg/service/v0/users.go @@ -5,6 +5,7 @@ import ( "encoding/hex" "fmt" "net/http" + "strconv" "strings" "github.com/cs3org/reva/pkg/user" @@ -60,6 +61,8 @@ func (o Ocs) GetUser(w http.ResponseWriter, r *http.Request) { Username: account.PreferredName, DisplayName: account.DisplayName, Email: account.Mail, + UIDNumber: account.UidNumber, + GIDNumber: account.GidNumber, Enabled: account.AccountEnabled, // FIXME only return quota for users/{userid} endpoint (not /user) // TODO query storage registry for free space? of home storage, maybe... @@ -81,6 +84,28 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) { username := r.PostFormValue("username") displayname := r.PostFormValue("displayname") email := r.PostFormValue("email") + uid := r.PostFormValue("uidnumber") + gid := r.PostFormValue("gidnumber") + + var uidNumber, gidNumber int64 + var err error + + if uid != "" { + uidNumber, err = strconv.ParseInt(uid, 10, 64) + if err != nil { + render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the uidnumber provided")) + o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the uidnumber provided") + return + } + } + if gid != "" { + gidNumber, err = strconv.ParseInt(gid, 10, 64) + if err != nil { + render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the gidnumber provided")) + o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the gidnumber provided") + return + } + } // fallbacks /* TODO decide if we want to make these fallbacks. Keep in mind: @@ -94,18 +119,28 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) { } */ - account, err := o.getAccountService().CreateAccount(r.Context(), &accounts.CreateAccountRequest{ - Account: &accounts.Account{ - DisplayName: displayname, - PreferredName: username, - OnPremisesSamAccountName: username, - PasswordProfile: &accounts.PasswordProfile{ - Password: password, - }, - Id: userid, - Mail: email, - AccountEnabled: true, + newAccount := &accounts.Account{ + DisplayName: displayname, + PreferredName: username, + OnPremisesSamAccountName: username, + PasswordProfile: &accounts.PasswordProfile{ + Password: password, }, + Id: userid, + Mail: email, + AccountEnabled: true, + } + + if uidNumber != 0 { + newAccount.UidNumber = uidNumber + } + + if gidNumber != 0 { + newAccount.GidNumber = gidNumber + } + + account, err := o.getAccountService().CreateAccount(r.Context(), &accounts.CreateAccountRequest{ + Account: newAccount, }) if err != nil { merr := merrors.FromError(err) @@ -130,6 +165,8 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) { Username: account.PreferredName, DisplayName: account.DisplayName, Email: account.Mail, + UIDNumber: account.UidNumber, + GIDNumber: account.UidNumber, Enabled: account.AccountEnabled, })) } @@ -224,17 +261,20 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { return } + // use the user's UUID + userID := u.Id.OpaqueId + c := storepb.NewStoreService("com.owncloud.api.store", grpc.NewClient()) res, err := c.Read(r.Context(), &storepb.ReadRequest{ Options: &storepb.ReadOptions{ Database: "proxy", Table: "signing-keys", }, - Key: u.Username, + Key: userID, }) if err == nil && len(res.Records) > 0 { render.Render(w, r, response.DataRender(&data.SigningKey{ - User: u.Username, + User: userID, SigningKey: string(res.Records[0].Value), })) return @@ -242,10 +282,8 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { if err != nil { e := merrors.Parse(err.Error()) if e.Code == http.StatusNotFound { - //o.logger.Debug().Str("username", u.Username).Msg("signing key not found") // not found is ok, so we can continue and generate the key on the fly } else { - //o.logger.Err(err).Msg("error reading from store") render.Render(w, r, response.ErrRender(data.MetaServerError.StatusCode, "error reading from store")) return } @@ -255,7 +293,6 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { key := make([]byte, 64) _, err = rand.Read(key[:]) if err != nil { - //o.logger.Error().Err(err).Msg("could not generate signing key") render.Render(w, r, response.ErrRender(data.MetaServerError.StatusCode, "could not generate signing key")) return } @@ -267,7 +304,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { Table: "signing-keys", }, Record: &storepb.Record{ - Key: u.Username, + Key: userID, Value: []byte(signingKey), // TODO Expiry? }, @@ -280,7 +317,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { } render.Render(w, r, response.DataRender(&data.SigningKey{ - User: u.Username, + User: userID, SigningKey: signingKey, })) }